Package com.cloudforgeci.api.database

Class RdsFactory

java.lang.Object
com.cloudforgeci.api.database.RdsFactory
public class RdsFactory extends Object
Factory for provisioning AWS RDS database instances based on DatabaseSpec requirements.

This factory creates production-ready RDS instances with security best practices for PCI-DSS, HIPAA, SOC 2, and GDPR compliance.

Compliance Coverage

  • SOC2-C1.1: Encryption at rest (storageEncrypted)
  • SOC2-CC6.6: Network isolation (privateSubnets, publiclyAccessible=false)
  • SOC2-A1.2-MultiAZ: High availability (multiAz)
  • SOC2-A1.3: Automated backups (backupRetention)
  • HIPAA §164.312(a)(2)(iv): Encryption of ePHI at rest
  • HIPAA §164.312(a)(1): Access control (no public access)
  • HIPAA §164.310(d)(2)(iii): Data backup procedures
  • PCI-DSS Req 1.3: Prohibit direct public access to cardholder data
  • PCI-DSS Req 3.4: Render cardholder data unreadable (encryption)
  • PCI-DSS Req 8.3.1: IAM authentication for database access
  • GDPR Art. 32: Security of processing (encryption, access control)

Security Features

  • Encryption at Rest: KMS encryption for production/staging
  • Automated Backups: Configurable retention (7-30 days)
  • Multi-AZ Deployment: High availability for production
  • Secrets Manager: Automatic credential rotation
  • Private Subnets: No public accessibility
  • Deletion Protection: Enabled for production
  • Automatic Patching: Minor version upgrades for production
  • Enhanced Monitoring: Real-time OS metrics for production
  • Performance Insights: Query performance monitoring

Supported Engines

  • PostgreSQL 11, 12, 13, 14, 15, 16
  • MySQL 5.7, 8.0
  • MariaDB 10.6, 10.11
  • Aurora PostgreSQL
  • Aurora MySQL

Usage Example


 DatabaseRequirement req = DatabaseRequirement.required("postgres", "15")
     .withInstanceClass("db.t3.medium")
     .withStorage(100)
     .withDatabaseName("myapp");

 DatabaseConnection conn = RdsFactory.createDatabase(ctx, req, vpc, "myapp-db");

 // Use connection in application
 Map<String, String> env = appSpec.containerEnvironmentVariables(fqdn, true, "oidc", conn);
Since:
3.0.0
See Also:

  • Constructor Details

    • RdsFactory

      public RdsFactory()

  • Method Details

    • createDatabase

      public static DatabaseSpec.DatabaseConnection createDatabase(SystemContext ctx, DatabaseSpec.DatabaseRequirement requirement, software.amazon.awscdk.services.ec2.IVpc vpc, String instanceId)
      Create RDS database instance from DatabaseSpec requirement.

      This method provisions a fully-configured RDS instance with security settings appropriate for the deployment security profile.

      Parameters:
      ctx - System context with security profile and deployment settings
      requirement - Database requirements from ApplicationSpec (merged with DeploymentConfig)
      vpc - VPC to deploy database into
      instanceId - Logical ID for the database instance
      Returns:
      Database connection information for application configuration

    • createDatabase

      public static DatabaseSpec.DatabaseConnection createDatabase(SystemContext ctx, DatabaseSpec.DatabaseRequirement requirement, software.amazon.awscdk.services.ec2.IVpc vpc, String instanceId, Integer backupRetentionDaysOverride, Boolean multiAzOverride, Boolean enableEncryptionOverride)
      Create RDS database instance with optional DeploymentConfig overrides.
      Parameters:
      ctx - System context with security profile and deployment settings
      requirement - Database requirements (already merged with DeploymentConfig in ApplicationFactory)
      vpc - VPC to deploy database into
      instanceId - Logical ID for the database instance
      backupRetentionDaysOverride - Optional backup retention days from DeploymentConfig
      multiAzOverride - Optional Multi-AZ setting from DeploymentConfig
      enableEncryptionOverride - Optional encryption setting from DeploymentConfig
      Returns:
      Database connection information for application configuration