SecretRotationProps¶
-
class
aws_cdk.aws_secretsmanager.
SecretRotationProps
(*, application, secret, target, vpc, automatically_after=None, exclude_characters=None, master_secret=None, security_group=None, vpc_subnets=None)¶ Bases:
object
Construction properties for a SecretRotation.
- Parameters
application (
SecretRotationApplication
) – The serverless application for the rotation.secret (
ISecret
) – The secret to rotate. It must be a JSON string with the following format:. Example:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from anAWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.target (
IConnectable
) – The target service or database.vpc (
IVpc
) – The VPC where the Lambda rotation function will run.automatically_after (
Optional
[Duration
]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. Default: Duration.days(30)exclude_characters (
Optional
[str
]) – Characters which should not appear in the generated password. Default: - no additional characters are explicitly excludedmaster_secret (
Optional
[ISecret
]) – The master secret for a multi user rotation scheme. Default: - single user rotation schemesecurity_group (
Optional
[ISecurityGroup
]) – The security group for the Lambda rotation function. Default: - a new security group is createdvpc_subnets (
Optional
[SubnetSelection
]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.
Attributes
-
application
¶ The serverless application for the rotation.
- Return type
-
automatically_after
¶ Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
- Default
Duration.days(30)
- Return type
Optional
[Duration
]
-
exclude_characters
¶ Characters which should not appear in the generated password.
- Default
no additional characters are explicitly excluded
- Return type
Optional
[str
]
-
master_secret
¶ The master secret for a multi user rotation scheme.
- Default
single user rotation scheme
- Return type
Optional
[ISecret
]
-
secret
¶ .
Example:
{ "engine": <required: database engine>, "host": <required: instance host name>, "username": <required: username>, "password": <required: password>, "dbname": <optional: database name>, "port": <optional: if not specified, default port will be used>, "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> }
This is typically the case for a secret referenced from an
AWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.- See
- Type
The secret to rotate. It must be a JSON string with the following format
- Return type
-
security_group
¶ The security group for the Lambda rotation function.
- Default
a new security group is created
- Return type
Optional
[ISecurityGroup
]
-
target
¶ The target service or database.
- Return type
-
vpc_subnets
¶ The type of subnets in the VPC where the Lambda rotation function will run.
- Default
the Vpc default strategy if not specified.
- Return type
Optional
[SubnetSelection
]