SnapshotCredentials

class aws_cdk.aws_rds.SnapshotCredentials

Bases: object

Credentials to update the password for a DatabaseInstanceFromSnapshot.

Attributes

encryption_key

KMS encryption key to encrypt the generated secret.

Default
  • default master key

Return type

Optional[IKey]

exclude_characters

The characters to exclude from the generated password.

Only used if {@link generatePassword} if true.

Default
  • the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

:: “")

Return type

Optional[str]

generate_password

Whether a new password should be generated.

Return type

bool

password

The master user password.

Do not put passwords in your CDK code directly.

Default
  • the existing password from the snapshot

Return type

Optional[SecretValue]

replace_on_password_criteria_changes

Whether to replace the generated secret when the criteria for the password change.

Default

false

Return type

Optional[bool]

secret

Secret used to instantiate this Login.

Default
  • none

Return type

Optional[Secret]

username

The master user name.

Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.

Default
  • the existing username from the snapshot

Return type

Optional[str]

Static Methods

classmethod from_generated_password(username, *, encryption_key=None, exclude_characters=None)

(deprecated) Generate a new password for the snapshot, using the existing username and an optional encryption key.

Note - The username must match the existing master username of the snapshot.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

Deprecated

use fromGeneratedSecret() for new Clusters and Instances. Note that switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

Stability

deprecated

Return type

SnapshotCredentials

classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

The new credentials are stored in Secrets Manager.

Note - The username must match the existing master username of the snapshot.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

Return type

SnapshotCredentials

classmethod from_password(password)

Update the snapshot login with an existing password.

Parameters

password (SecretValue) –

Return type

SnapshotCredentials

classmethod from_secret(secret)

Update the snapshot login with an existing password from a Secret.

The Secret must be a JSON string with a password field:

{
   ...
   "password": <required: password>,
}
Parameters

secret (Secret) –

Return type

SnapshotCredentials