Disable Aurora Disk encryption configuration

aws-samples / bedrock-claude-chat

AWS-native chatbot using Bedrock + Claude (+Mistral)

MIT No Attribution

698 stars 240 forks source link

Disable Aurora Disk encryption configuration #236

Closed statefb closed 2 months ago

statefb commented 2 months ago

Issue #, if available:

Description of changes:

Changing storage encryitpion setting causes replacement

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Taikono-Himazin commented 2 months ago

Why did you remove the DB encryption settings? I think this item is necessary. Even if the RDS instance is recreated and the data is lost, it is only the VectorStore information, so the information will be recreated if you update the bot.

statefb commented 2 months ago

recreated if you update the bot.

That's true, but imagine that app has 1000 or more bots, which is too many to update it. We'd like to decide carefully. But I agree with you that encryption must be implemented. Give us time to consider. Thank you

statefb commented 2 months ago

@Taikono-Himazin Do you think you could create a migration guide? (Manually restore things if needed) It would be better to have measures in place to prevent accidental updates.

Taikono-Himazin commented 2 months ago

@statefb If there is a change in DB Encryption (if aurora is recreated), wouldn't it be better to set the sync status of all bots in DynamoDB to queued?

statefb commented 2 months ago

@Taikono-Himazin I believe that we don't need to add any change to existing DDB items.
If a more detailed discussion is needed, please feel free to contact me on LinkedIn and I will invite you to a dedicated chat room.