AWS::SecretsManager::RotationSchedule HostedRotationLambda - AWS CloudFormation

AWS::SecretsManager::RotationSchedule HostedRotationLambda

Specifies that you want to create a hosted Lambda rotation function.

To use these values, you must specify Transform: AWS::SecretsManager-2020-07-23 at the beginning of the CloudFormation template.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "KmsKeyArn" : String, "MasterSecretArn" : String, "MasterSecretKmsKeyArn" : String, "RotationLambdaName" : String, "RotationType" : String, "VpcSecurityGroupIds" : String, "VpcSubnetIds" : String }

Properties

KmsKeyArn

The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

Required: No

Type: String

Update requires: No interruption

MasterSecretArn

The ARN of the secret that contains elevated credentials. The Lambda rotation function uses this secret for the Alternating users rotation strategy.

Required: No

Type: String

Update requires: No interruption

MasterSecretKmsKeyArn

The ARN of the KMS key that Secrets Manager uses to encrypt the elevated secret if you use the alternating users strategy. If you don't specify this value and you use the alternating users strategy, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

Required: No

Type: String

Update requires: No interruption

RotationLambdaName

The name of the Lambda rotation function.

Required: No

Type: String

Update requires: No interruption

RotationType

The type of rotation template to use. For more information, see Secrets Manager rotation function templates.

You can specify one of the following RotationTypes:

  • MySQLSingleUser

  • MySQLMultiUser

  • PostgreSQLSingleUser

  • PostgreSQLMultiUser

  • OracleSingleUser

  • OracleMultiUser

  • MariaDBSingleUser

  • MariaDBMultiUser

  • SQLServerSingleUser

  • SQLServerMultiUser

  • RedshiftSingleUser

  • RedshiftMultiUser

  • MongoDBSingleUser

  • MongoDBMultiUser

Required: Yes

Type: String

Update requires: No interruption

VpcSecurityGroupIds

A comma-separated list of security group IDs applied to the target database.

The templates applies the same security groups as on the Lambda rotation function that is created as part of this stack.

Required: No

Type: String

Update requires: No interruption

VpcSubnetIds

A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.

Required: No

Type: String

Update requires: No interruption