rds-database-auto-start-preventer
v0.1.5
Published
CDK stack that stops RDS DB instances and clusters after they are auto-started by AWS (RDS-EVENT-0154 / RDS-EVENT-0153). It uses EventBridge rules and a Durable Lambda to detect auto-start events, optionally filter by tags, stop the resource if it matches
Readme
RDS Database Auto Start Preventer (AWS CDK v2)
CDK stack that stops RDS DB instances and clusters after they are auto-started by AWS (RDS-EVENT-0154 / RDS-EVENT-0153). It uses EventBridge rules and a Durable Lambda to detect auto-start events, optionally filter by tags, stop the resource if it matches, and post a notification to Slack.
Features
- EventBridge integration – Listens for RDS DB Instance (RDS-EVENT-0154) and DB Cluster (RDS-EVENT-0153) auto-start events
- Tag-based targeting – Only stops instances/clusters that match a given tag key and tag values
- Durable Lambda – Uses AWS Lambda Durable Execution for reliable, long-running workflow (polling RDS until stopped)
- Slack notifications – Sends a message to a Slack channel when an auto-started resource is stopped (via token and channel from AWS Secrets Manager)
- Optional rule toggle – EventBridge rules can be enabled or disabled via
enableRule
Installation
npm
npm install rds-database-auto-start-preventeryarn
yarn add rds-database-auto-start-preventerUsage
Use the RDSDatabaseAutoStartPreventer construct when you want to add auto-start prevention to an existing stack or compose it with other constructs.
import { Stack } from 'aws-cdk-lib';
import { RDSDatabaseAutoStartPreventer } from 'rds-database-auto-start-preventer';
const stack = new Stack(app, 'MyStack');
new RDSDatabaseAutoStartPreventer(stack, 'RDSDatabaseAutoStartPreventer', {
targetResource: {
tagKey: 'AutoStartPrevent',
tagValues: ['YES'],
},
enableRule: true, // optional, defaults to true
secrets: {
slackSecretName: 'my-app/slack',
},
});Use the RDSDatabaseAutoStartPreventStack when you want a dedicated stack that only deploys the RDS auto-start prevent resources.
import { RDSDatabaseAutoStartPreventStack } from 'rds-database-auto-start-preventer';
new RDSDatabaseAutoStartPreventStack(app, 'RDSDatabaseAutoStartPreventStack', {
stackName: 'rds-database-auto-start-prevent',
targetResource: {
tagKey: 'AutoStartPrevent',
tagValues: ['YES'],
},
enableRule: true, // optional, defaults to true
secrets: {
slackSecretName: 'my-app/slack',
},
});Slack secret (AWS Secrets Manager)
Store a JSON object in AWS Secrets Manager with the Slack Bot Token and channel ID:
| Key | Value |
|-----|-------|
| token | Slack Bot Token (e.g. xoxb-...) |
| channel | Slack channel ID (e.g. C01234ABCD) |
Example secret value:
{
"token": "xoxb-...",
"channel": "C01234ABCD"
}Options
| Option | Type | Required | Description |
|--------|------|----------|-------------|
| targetResource | TargetResource | Yes | Tag-based criteria for which RDS instances/clusters to protect. |
| targetResource.tagKey | string | Yes | Tag key to match (e.g. AutoStartPrevent, Environment). |
| targetResource.tagValues | string[] | Yes | Tag values that indicate the resource should be protected (e.g. ['YES'], ['production']). |
| enableRule | boolean | No | Whether the EventBridge rules are enabled. Defaults to true if omitted. |
| secrets | Secrets | Yes | External secrets for notifications. |
| secrets.slackSecretName | string | Yes | Name of the Secrets Manager secret containing Slack token and channel. |
Requirements
- Node.js >= 20.0.0 (for CDK app)
- AWS CDK ^2.232.0
- constructs ^10.5.1
- AWS Lambda runtime Node.js 24 (used by the Durable Lambda; managed by the construct)
License
This project is licensed under the Apache-2.0 License.