SnapshotCredentials

class aws_cdk.aws_rds.SnapshotCredentials

Bases: object

Credentials to update the password for a DatabaseInstanceFromSnapshot.

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_kms as kms
import aws_cdk.aws_rds as rds

# key is of type Key

snapshot_credentials = rds.SnapshotCredentials.from_generated_password("username",
    encryption_key=key,
    exclude_characters="excludeCharacters",
    replica_regions=[ReplicaRegion(
        region="region",

        # the properties below are optional
        encryption_key=key
    )]
)

Attributes

encryption_key

KMS encryption key to encrypt the generated secret.

Default
  • default master key

Return type

Optional[IKey]

exclude_characters

The characters to exclude from the generated password.

Only used if {@link generatePassword} if true.

Default
  • the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

:: “")

Return type

Optional[str]

generate_password

Whether a new password should be generated.

Return type

bool

password

The master user password.

Do not put passwords in your CDK code directly.

Default
  • the existing password from the snapshot

Return type

Optional[SecretValue]

replace_on_password_criteria_changes

Whether to replace the generated secret when the criteria for the password change.

Default

false

Return type

Optional[bool]

replica_regions

A list of regions where to replicate the generated secret.

Default
  • Secret is not replicated

Return type

Optional[List[ReplicaRegion]]

secret

Secret used to instantiate this Login.

Default
  • none

Return type

Optional[Secret]

username

The master user name.

Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.

Default
  • the existing username from the snapshot

Return type

Optional[str]

Static Methods

classmethod from_generated_password(username, *, encryption_key=None, exclude_characters=None, replica_regions=None)

(deprecated) Generate a new password for the snapshot, using the existing username and an optional encryption key.

Note - The username must match the existing master username of the snapshot.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

  • replica_regions (Optional[Sequence[ReplicaRegion]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated

Deprecated

use fromGeneratedSecret() for new Clusters and Instances. Note that switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

Stability

deprecated

Return type

SnapshotCredentials

classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None, replica_regions=None)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

The new credentials are stored in Secrets Manager.

Note - The username must match the existing master username of the snapshot.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

  • replica_regions (Optional[Sequence[ReplicaRegion]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated

Return type

SnapshotCredentials

classmethod from_password(password)

Update the snapshot login with an existing password.

Parameters

password (SecretValue) –

Return type

SnapshotCredentials

classmethod from_secret(secret)

Update the snapshot login with an existing password from a Secret.

The Secret must be a JSON string with a password field:

{
   ...
   "password": <required: password>,
}
Parameters

secret (Secret) –

Return type

SnapshotCredentials