Class CfnRotationSchedule.HostedRotationLambdaProperty.Builder
- All Implemented Interfaces:
software.amazon.jsii.Builder<CfnRotationSchedule.HostedRotationLambdaProperty>
- Enclosing interface:
CfnRotationSchedule.HostedRotationLambdaProperty
CfnRotationSchedule.HostedRotationLambdaProperty
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionbuild()
Builds the configured instance.excludeCharacters
(String excludeCharacters) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getExcludeCharacters()
Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getKmsKeyArn()
masterSecretArn
(String masterSecretArn) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getMasterSecretArn()
masterSecretKmsKeyArn
(String masterSecretKmsKeyArn) rotationLambdaName
(String rotationLambdaName) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRotationLambdaName()
rotationType
(String rotationType) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRotationType()
Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRuntime()
superuserSecretArn
(String superuserSecretArn) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getSuperuserSecretArn()
superuserSecretKmsKeyArn
(String superuserSecretKmsKeyArn) vpcSecurityGroupIds
(String vpcSecurityGroupIds) vpcSubnetIds
(String vpcSubnetIds) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getVpcSubnetIds()
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
rotationType
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder rotationType(String rotationType) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRotationType()
- Parameters:
rotationType
- The rotation template to base the rotation function on, one of the following:. This parameter is required.MySQLSingleUser
to use the template SecretsManagerRDSMySQLRotationSingleUser .MySQLMultiUser
to use the template SecretsManagerRDSMySQLRotationMultiUser .PostgreSQLSingleUser
to use the template SecretsManagerRDSPostgreSQLRotationSingleUserPostgreSQLMultiUser
to use the template SecretsManagerRDSPostgreSQLRotationMultiUser .OracleSingleUser
to use the template SecretsManagerRDSOracleRotationSingleUser .OracleMultiUser
to use the template SecretsManagerRDSOracleRotationMultiUser .MariaDBSingleUser
to use the template SecretsManagerRDSMariaDBRotationSingleUser .MariaDBMultiUser
to use the template SecretsManagerRDSMariaDBRotationMultiUser .SQLServerSingleUser
to use the template SecretsManagerRDSSQLServerRotationSingleUser .SQLServerMultiUser
to use the template SecretsManagerRDSSQLServerRotationMultiUser .RedshiftSingleUser
to use the template SecretsManagerRedshiftRotationSingleUsr .RedshiftMultiUser
to use the template SecretsManagerRedshiftRotationMultiUser .MongoDBSingleUser
to use the template SecretsManagerMongoDBRotationSingleUser .MongoDBMultiUser
to use the template SecretsManagerMongoDBRotationMultiUser .
- Returns:
this
-
excludeCharacters
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder excludeCharacters(String excludeCharacters) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getExcludeCharacters()
- Parameters:
excludeCharacters
- A string of the characters that you don't want in the password.- Returns:
this
-
kmsKeyArn
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder kmsKeyArn(String kmsKeyArn) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getKmsKeyArn()
- Parameters:
kmsKeyArn
- The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the keyaws/secretsmanager
. Ifaws/secretsmanager
doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.- Returns:
this
-
masterSecretArn
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder masterSecretArn(String masterSecretArn) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getMasterSecretArn()
- Parameters:
masterSecretArn
- The ARN of the secret that contains superuser credentials, if you use the Alternating users rotation strategy . CloudFormation grants the execution role for the Lambda rotation functionGetSecretValue
permission to the secret in this property. For more information, see Lambda rotation function execution role permissions for Secrets Manager . You must create the superuser secret before you can set this property.You must also include the superuser secret ARN as a key in the JSON of the rotating secret so that the Lambda rotation function can find it. CloudFormation does not hardcode secret ARNs in the Lambda rotation function, so you can use the function to rotate multiple secrets. For more information, see JSON structure of Secrets Manager secrets .
You can specify
MasterSecretArn
orSuperuserSecretArn
but not both. They represent the same superuser secret.- Returns:
this
-
masterSecretKmsKeyArn
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder masterSecretKmsKeyArn(String masterSecretKmsKeyArn) - Parameters:
masterSecretKmsKeyArn
- The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the keyaws/secretsmanager
. CloudFormation grants the execution role for the Lambda rotation functionDecrypt
,DescribeKey
, andGenerateDataKey
permission to the key in this property. For more information, see Lambda rotation function execution role permissions for Secrets Manager . You can specifyMasterSecretKmsKeyArn
orSuperuserSecretKmsKeyArn
but not both. They represent the same superuser secret KMS key .- Returns:
this
-
rotationLambdaName
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder rotationLambdaName(String rotationLambdaName) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRotationLambdaName()
- Parameters:
rotationLambdaName
- The name of the Lambda rotation function.- Returns:
this
-
runtime
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder runtime(String runtime) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getRuntime()
- Parameters:
runtime
- By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:.- Deploy the matching version Python binaries with your rotation function.
- Set the version number in this field. For example, for Python 3.7, enter python3.7
If you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see Why did my Lambda rotation function fail with a "pg module not found" error .
- Returns:
this
-
superuserSecretArn
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder superuserSecretArn(String superuserSecretArn) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getSuperuserSecretArn()
- Parameters:
superuserSecretArn
- The ARN of the secret that contains superuser credentials, if you use the Alternating users rotation strategy . CloudFormation grants the execution role for the Lambda rotation functionGetSecretValue
permission to the secret in this property. For more information, see Lambda rotation function execution role permissions for Secrets Manager . You must create the superuser secret before you can set this property.You must also include the superuser secret ARN as a key in the JSON of the rotating secret so that the Lambda rotation function can find it. CloudFormation does not hardcode secret ARNs in the Lambda rotation function, so you can use the function to rotate multiple secrets. For more information, see JSON structure of Secrets Manager secrets .
You can specify
MasterSecretArn
orSuperuserSecretArn
but not both. They represent the same superuser secret.- Returns:
this
-
superuserSecretKmsKeyArn
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder superuserSecretKmsKeyArn(String superuserSecretKmsKeyArn) - Parameters:
superuserSecretKmsKeyArn
- The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the keyaws/secretsmanager
. CloudFormation grants the execution role for the Lambda rotation functionDecrypt
,DescribeKey
, andGenerateDataKey
permission to the key in this property. For more information, see Lambda rotation function execution role permissions for Secrets Manager . You can specifyMasterSecretKmsKeyArn
orSuperuserSecretKmsKeyArn
but not both. They represent the same superuser secret KMS key .- Returns:
this
-
vpcSecurityGroupIds
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder vpcSecurityGroupIds(String vpcSecurityGroupIds) - Parameters:
vpcSecurityGroupIds
- A comma-separated list of security group IDs applied to the target database. The template applies the same security groups as on the Lambda rotation function that is created as part of this stack.- Returns:
this
-
vpcSubnetIds
@Stability(Stable) public CfnRotationSchedule.HostedRotationLambdaProperty.Builder vpcSubnetIds(String vpcSubnetIds) Sets the value ofCfnRotationSchedule.HostedRotationLambdaProperty.getVpcSubnetIds()
- Parameters:
vpcSubnetIds
- A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.- Returns:
this
-
build
Builds the configured instance.- Specified by:
build
in interfacesoftware.amazon.jsii.Builder<CfnRotationSchedule.HostedRotationLambdaProperty>
- Returns:
- a new instance of
CfnRotationSchedule.HostedRotationLambdaProperty
- Throws:
NullPointerException
- if any required attribute was not provided
-