Automatically Execute Bulk Operation for RDS Service
Description
This playbook will help you to execute different operations over the RDS service
The Supported operations are:
1. deletion-protection
2. SecurityGroup - delete
3. Vpc - create_flow_log
It uses the exact AWS Authentication fallback mechanism.
If there is no profile, use the credentials for AWS from the environment variable.
If the AWS credentials not exists in the environment variables, use the current ./~aws configuration
After authentication via AWS API, the script execution will run on the same AWS account of those credentials defined in fallbacks 1-3 (see above)
In addition to administrative actions, this playbook is particularly helpful for teams managing diverse RDS data types, streamlining compliance and automation.
By leveraging native AWS capabilities such as the RDS data API, it supports secure, low-latency operations without provisioning full database connections.
This is ideal for serverless environments or microservice architectures requiring on-demand data access.
The script simplifies bulk execution across regions, assets, and configurations, allowing DevOps and security teams to enforce policy at scale.
Playbook Steps
2. Some actions may require specific additional parameters that will be delivered as the
actionParams property to the script. Prerequisites
2. Python v3.6 and above with the
boto3 package installed
(Install using: pip install boto3) Script Help Page
___
( ) .-.
| |_ .---. ___ .-. .-. ___ .-. .--. .--. ___ .-. ( __) .--.
( __) / .-, \ ( ) ' \ ( ) \ / \ / \ ( ) \ (''") / \
| | (__) ; | | .-. .-. ; | .-. . | .-. ; | .-. ; | .-. . | | | .-. ;
| | ___ .'` | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| |( ) / .'| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| ' | | ; | ; | | | | | | | | | | | | ' | | | ' | | | | | | .-. | | | ' | |
' `-' ; ' `-' | | | | | | | | | | | ' `-' / ' `-' / | | | | ( ) | | ' `-' /
`.__. `.__.'_. (___)(___)(___)(___)(___) `.__.' `.__.' (___)(___) `-' (___) `.__.'
Welcome To Tamnoon RDSActions Helper - The script that will help you with your RDSActions Service Actions
Dependencies
Authentication:
The script supports the fallback mechanism used by the AWS CLI:
-
profile– Send the AWS profile as an input parameter
-
awsAccessKeyandawsSecret– Send key and secret directly as input parameters
Supported Actions
1. RDSActions – Deletion protection
The script is based on AWS API and documentation:
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/rds.html
Parameter Usage
-
logLevel:The logging level (optional). Default =Info
-
profile(optional): The AWS profile to use to execute this script
-
awsAccessKey(optional): The AWS access key
-
awsSecret(optional): The AWS secret key
-
regions(optional): AWS region(s) to target (us-west-1, us-east-1, etc., orAll)
-
type: The AWS EC2 asset type, e.g.,instance,snapshot,security-group
-
action: The EC2 action to execute, e.g.,snapshot-delete,sg-delete
-
actionParams(optional): A JSON dictionary of parameters (escaped quotes) Example:{ \"key1\":\"val1\" }
-
assetIds(optional): Comma-separated list of asset IDs
-
dryRun(optional): Flag to simulate execution
-
file(optional): Path to a YAML file with CLI execution parameters
Frequently Asked Questions
What RDS operations are supported by this playbook?
The playbook supports automated actions for RDS services, including enabling or disabling deletion protection, deleting Security Groups, and creating VPC flow logs. These operations are designed to help manage infrastructure securely and efficiently, especially when dealing with a range of RDS data types.
How does the script handle AWS authentication and credential fallbacks?
~/.aws configuration. This ensures that operations on RDS instances, including those using the RDS data API or working with different RDS data types, are securely authenticated.
Can I use the playbook to manage different RDS data types across multiple regions?
regions parameter, you can manage diverse RDS data types in bulk, making it effective for distributed environments using the RDS data API for data interaction.
What is the purpose of the actionParams field and how should it be formatted?
actionParams field and how should it be formatted? actionParams field allows you to pass key-value configurations required by specific actions. It should be formatted as an escaped JSON dictionary, such as { \"key\":\"value\" }. This enables precise control over operations involving various RDS data types or integration with the RDS data API.
Does the script support the AWS RDS Data API for interacting with databases?
Yes, the script aligns with AWS API standards and is compatible with the RDS data API, making it suitable for serverless applications. It complements direct interaction with RDS data types by automating infrastructure-level tasks.
Is it possible to perform a dry run to validate actions before execution?
dryRun flag that simulates actions without making actual changes. This is especially helpful when planning operations on sensitive RDS data types or validating configurations before using the RDS data API
What permissions are required for using this playbook effectively?
To use the playbook, your AWS credentials must include permissions to manage Security Groups and other relevant RDS settings. This is crucial for secure interaction with all supported RDS data types, especially when using the RDS data API for extended database access.
How does the playbook ensure safe deletion of RDS-related assets like security groups?
By allowing precise targeting of asset IDs and supporting dry-run execution, the playbook ensures that destructive actions—such as deleting Security Groups—are executed with caution. This safeguards configurations tied to specific RDS data types and ensures compatibility with RDS data API usage patterns.
