Skip to content

Feat/prm#5

Open
willgarcia wants to merge 3 commits into
datamasque:mainfrom
willgarcia:feat/prm
Open

Feat/prm#5
willgarcia wants to merge 3 commits into
datamasque:mainfrom
willgarcia:feat/prm

Conversation

@willgarcia

@willgarcia willgarcia commented Apr 23, 2026
edited
Loading

Copy link
Copy Markdown

PRM Tagging Support

This fork adds AWS Partner Revenue Measurement (PRM) tag propagation to the DataMasque RDS masking blueprint.

What changed

A new ApplyPRMTags Lambda and Step Functions state are inserted into the workflow after masking completes and before the masked snapshot is created. All resources are tagged with aws-apn-id and User Agent attribution is enabled on all RDS API calls.

Workflow (before)

┌─────────────────┐    ┌──────────────────┐    ┌──────────────────────┐
│ Describe DB     │───>│ Describe DB      │───>│ Restore DB from      │
│ Snapshots       │    │ Instances        │    │ Snapshot             │
└─────────────────┘    └──────────────────┘    └──────────┬───────────┘
                                                          │
                                                          v
┌─────────────────┐    ┌──────────────────┐    ┌──────────────────────┐
│ Delete Staging  │<───│ Create Masked    │<───│ DataMasque API       │
│ DB              │    │ Snapshot         │    │ Run                  │
└────────┬────────┘    └──────────────────┘    └──────────────────────┘
         │
         v
┌─────────────────┐
│ Output Masked   │
│ Snapshot ARN    │
└─────────────────┘

Workflow (after — with PRM tagging)

┌─────────────────┐    ┌──────────────────┐    ┌──────────────────────┐
│ Describe DB     │───>│ Describe DB      │───>│ Restore DB from      │
│ Snapshots       │    │ Instances        │    │ Snapshot             │
└─────────────────┘    └──────────────────┘    └──────────┬───────────┘
                                                          │
                                                          v
                       ┌──────────────────┐    ┌──────────────────────┐
                       │ DataMasque API   │<───│ Check DB             │
                       │ Run              │    │ Availability         │
                       └────────┬─────────┘    └──────────────────────┘
                                │
                                v
                  ┌─────────────────────────┐
                  │   *** ApplyPRMTags ***  │  <-- NEW STEP
                  │                         │
                  │  1. AddTagsToResource   │
                  │     aws-apn-id =        │
                  │     pc:<product-code>   │
                  │                         │
                  │  2. ModifyDBInstance    │
                  │     CopyTagsToSnapshot │
                  │     = true             │
                  └────────────┬────────────┘
                               │
                               v
┌─────────────────┐    ┌──────────────────┐
│ Delete Staging  │<───│ Create Masked    │
│ DB              │    │ Snapshot         │
└────────┬────────┘    │                  │
         │             │ (PRM tag auto-   │
         v             │  copied via      │
┌─────────────────┐    │  CopyTagsTo-    │
│ Output Masked   │    │  Snapshot)       │
│ Snapshot ARN    │    └──────────────────┘
└─────────────────┘

Tag propagation chain

Staging DB Instance          Masked Snapshot           Downstream Dev/Test DB
┌─────────────────┐         ┌─────────────────┐       ┌─────────────────┐
│ aws-apn-id =    │ ──────> │ aws-apn-id =    │ ────> │ aws-apn-id =    │
│ pc:<code>       │  Copy   │ pc:<code>       │ Restore│ pc:<code>       │
│                 │  Tags   │                 │  from  │                 │
│ CopyTagsTo-    │  To     │ (inherited)     │ Snap-  │ (inherited)     │
│ Snapshot=true  │  Snap   │                 │  shot  │                 │
└─────────────────┘         └─────────────────┘       └─────────────────┘
      ^                                                      ^
      │                                                      │
  ApplyPRMTags                                    Customer restores from
  Lambda sets this                                masked snapshot — tag
  after masking                                   propagates automatically

PRM attribution coverage

┌──────────────────────────────────────────────────────────────┐
│                     PRM Attribution Map                      │
├──────────────────────┬───────────────┬───────────────────────┤
│ Resource             │ Method        │ How                   │
├──────────────────────┼───────────────┼───────────────────────┤
│ Production RDS       │ User Agent    │ AWS_SDK_UA_APP_ID     │
│ Production snapshot  │ User Agent    │ AWS_SDK_UA_APP_ID     │
│ Staging RDS instance │ Resource Tag  │ ApplyPRMTags Lambda   │
│ Masked snapshot      │ Resource Tag  │ CopyTagsToSnapshot    │
│ Dev/test instances   │ Resource Tag  │ Inherited on restore  │
│ Lambda functions     │ Resource Tag  │ SAM template Tags:    │
│ Step Functions       │ Resource Tag  │ SAM template Tags:    │
└──────────────────────┴───────────────┴───────────────────────┘

Configuration

Set the PRMTagValue parameter to your Marketplace product code:

sam deploy --guided \
  --parameter-overrides PRMTagValue=pc:YOUR_PRODUCT_CODE ...

@willgarcia
Add Lambda function for PRM tagging
6f371e6 
Implement a Lambda function to apply PRM tags to RDS resources and enable CopyTagsToSnapshot.
@willgarcia
Update state machine to apply PRM tags before snapshot
8d31a35
@willgarcia
Add PRMTagValue parameter and update functions
b6e32ad 
Added PRMTagValue parameter and updated functions to use it for tagging.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@willgarcia