AWS::SecretsManager::RotationSchedule HostedRotationLambda - AWS CloudFormation

AWS::SecretsManager::RotationSchedule HostedRotationLambda

Specifies that you want to create a hosted rotation lambda.

To use these values, you must specify Transform: AWS::SecretsManager-2020-07-23 at the beginning of the CloudFormation template.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "KmsKeyArn" : String, "MasterSecretArn" : String, "MasterSecretKmsKeyArn" : String, "RotationLambdaName" : String, "RotationType" : String, "VpcSecurityGroupIds" : String, "VpcSubnetIds" : String }

Properties

KmsKeyArn

Specifies the ARN of the KMS key.

Required: No

Type: String

Update requires: No interruption

MasterSecretArn

Specifies the ARN of the MasterSecret that contains a privileged user’s credentials. The Lambda uses this secret to rotate the current secret. See Permissions Required to Automatically Rotate Secrets.

Required: No

Type: String

Update requires: No interruption

MasterSecretKmsKeyArn

Specifies the ARN of the KMS key used to encrypt the master secret. You only need this property if you use a master secret to rotate the current secret, and you encrypt the master secret with a custom CMK.

Required: No

Type: String

Update requires: No interruption

RotationLambdaName

Specifies the name of the Lambda created to rotate your secret.

Required: No

Type: String

Update requires: No interruption

RotationType

Specifies the type of Rotation Schedule used by Secrets Manager. You can specify one of the following RotationTypes:

  • MySQLSingleUser

  • MySQLMultiUser

  • PostgreSQLSingleUser

  • PostgreSQLMultiUser

  • OracleSingleUser

  • OracleMultiUser

  • MariaDBSingleUser

  • MariaDBMultiUser

  • SQLServerSingleUser

  • SQLServerMultiUser

  • RedshiftSingleUser

  • RedshiftMultiUser

  • MongoDBSingleUser

  • MongoDBMultiUser

The rotation type uses a combination of the target database and the rotation strategy. For more information on single user and multi user rotation, see Rotating Secrets in the AWS Secrets Manager User’s Guide.

Required: Yes

Type: String

Update requires: No interruption

VpcSecurityGroupIds

Specifies the comma-separated list of security group IDs applied on the target with a secret in rotation.

The templates applies the same security groups as on the rotation Lambda created as part of this stack.

Required: No

Type: String

Update requires: No interruption

VpcSubnetIds

Specifies the comma separated list of VPC subnet IDs of the target database network. The rotation Lambda resides in the same subnet group.

Required: No

Type: String

Update requires: No interruption