RotationScheduleProps

class aws_cdk.aws_secretsmanager.RotationScheduleProps(*, automatically_after=None, hosted_rotation=None, rotation_lambda=None, secret)

Bases: aws_cdk.aws_secretsmanager.RotationScheduleOptions

Construction properties for a RotationSchedule.

Parameters
  • automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. Default: Duration.days(30)

  • hosted_rotation (Optional[HostedRotation]) – Hosted rotation. Default: - either rotationLambda or hostedRotation must be specified

  • rotation_lambda (Optional[IFunction]) – A Lambda function that can rotate the secret. Default: - either rotationLambda or hostedRotation must be specified

  • secret (ISecret) – The secret to rotate. If hosted rotation is used, this must be a JSON string with the following format:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

Attributes

automatically_after

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

Default

Duration.days(30)

Return type

Optional[Duration]

hosted_rotation

Hosted rotation.

Default
  • either rotationLambda or hostedRotation must be specified

Return type

Optional[HostedRotation]

rotation_lambda

A Lambda function that can rotate the secret.

Default
  • either rotationLambda or hostedRotation must be specified

Return type

Optional[IFunction]

secret

The secret to rotate.

If hosted rotation is used, this must be a JSON string with the following format:

{
   "engine": <required: database engine>,
   "host": <required: instance host name>,
   "username": <required: username>,
   "password": <required: password>,
   "dbname": <optional: database name>,
   "port": <optional: if not specified, default port will be used>,
   "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

Return type

ISecret