CLI tool for automating RDS encryption to meet SOC2/CMMC compliance.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for iYasha from gravatar.com iYasha

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License)
  • Author: iYasha
  • Tags aws , rds , encryptor , SOC2 , CMMC
  • Requires: Python >=3.11
  • Provides-Extra: docs
Classifiers
Report project as malware

Project description

RDS Encryptor

Overview

RDS Encryptor is a CLI tool that automates the encryption of Amazon RDS instances for SOC2 and CMMC compliance. The tool performs the following steps:

  1. Creates a snapshot of the existing RDS instance.
  2. Encrypts the snapshot using a specified AWS KMS key.
  3. Restores a new RDS instance from the encrypted snapshot.
  4. Configures DMS (AWS Database Migration Service) to migrate data.
  5. Sets up and executes replication tasks to transfer data from the source to the encrypted instance.

Features

  • Automated RDS Encryption: Encrypts an RDS instance with a KMS key.
  • DMS Integration: Uses AWS DMS for seamless data migration.
  • Replication Support: Maintains database consistency during migration.
  • Parameter Group Management: Ensures correct settings for logical replication.

Installation

pip install rds-encryptor

Requirements

Usage

Run the tool using the CLI:

rds-encryptor \
    --rds-instance-name my-rds-instance \
    --master-password mypassword \
    --kms-key-arn my-kms-key \
    --dms-replication-instance-arn my-dms-replication \
    --databases db1 db2 \
    --new-instance-identifier new-encrypted-instance

CLI Arguments

Argument Short Description
--rds-instance-name -r Source RDS instance ID
--master-password -p Master password for authentication
--kms-key-arn -k KMS key ARN for encryption
--dms-replication-instance-arn -i DMS replication instance ARN
--databases -d List of databases to encrypt and migrate
--new-instance-identifier -n Identifier for the new encrypted instance

Workflow

1. Validate Database Connections

Ensures the tool can connect to the source RDS instance before starting encryption.

2. Create Encrypted RDS Instance

  • Takes a snapshot of the existing instance.
  • Encrypts it using the specified KMS key.
  • Creates a new RDS instance from the encrypted snapshot.

3. Configure Parameter Groups

  • Adjusts wal_sender_timeout.
  • Enables pglogical in shared_preload_libraries.
  • Ensures rds.logical_replication is enabled.

4. Setup Database Migration

  • Configures DMS endpoints.
  • Creates replication tasks for each database.
  • Truncates the target database before migration.

5. Execute Migration

  • Runs the DMS replication tasks.
  • Ensures sequences and IDs are correctly migrated.

Logging

Logs are generated throughout the process, helping track the migration progress and any potential issues.

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for iYasha from gravatar.com iYasha

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache License)
  • Author: iYasha
  • Tags aws , rds , encryptor , SOC2 , CMMC
  • Requires: Python >=3.11
  • Provides-Extra: docs
Classifiers

Release history Release notifications | RSS feed

1.0.2

This version

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rds_encryptor-1.0.1.tar.gz (26.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

rds_encryptor-1.0.1-py3-none-any.whl (29.6 kB view details)

Uploaded Python 3

File details

Details for the file rds_encryptor-1.0.1.tar.gz.

File metadata

  • Download URL: rds_encryptor-1.0.1.tar.gz
  • Upload date:
  • Size: 26.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for rds_encryptor-1.0.1.tar.gz
Algorithm Hash digest
SHA256 db2cefde3361756a0a79a1239d802e42491f16c4c53bfbabd305ecb1381a3765
MD5 3b7f06df0e670e90338cc99ce4dbe818
BLAKE2b-256 e1a550a75c7935bb79ce6ad15a104f977cc7780530799158ca4d2dd7b43fb592

See more details on using hashes here.

Provenance

The following attestation bundles were made for rds_encryptor-1.0.1.tar.gz:

Publisher: publish-package.yml on iYasha/aws-rds-encryptor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file rds_encryptor-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: rds_encryptor-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 29.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for rds_encryptor-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 43d582eca5eaba9db8fcb70bf1cda85963b124f726b2a8a15be1ff0504a4b115
MD5 64ebe99d2481670aa1015f90f87d2c3b
BLAKE2b-256 6285708e95cace0e7b619bfd798a27b879a9d429d54224f79a560ac73d2ea38f

See more details on using hashes here.

Provenance

The following attestation bundles were made for rds_encryptor-1.0.1-py3-none-any.whl:

Publisher: publish-package.yml on iYasha/aws-rds-encryptor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page