Interface SecretRotationProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
SecretRotationProps.Jsii$Proxy
Example:
Secret mySecret; IConnectable myDatabase; Vpc myVpc; SecretRotation.Builder.create(this, "SecretRotation") .application(SecretRotationApplication.MYSQL_ROTATION_SINGLE_USER) // MySQL single user scheme .secret(mySecret) .target(myDatabase) // a Connectable .vpc(myVpc) // The VPC where the secret rotation application will be deployed .excludeCharacters(" %+:;{}") .build();
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forSecretRotationProps
static final class
An implementation forSecretRotationProps
-
Method Summary
Modifier and TypeMethodDescriptionstatic SecretRotationProps.Builder
builder()
The serverless application for the rotation.default Duration
Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.default IInterfaceVpcEndpoint
The VPC interface endpoint to use for the Secrets Manager API.default String
Characters which should not appear in the generated password.default ISecret
The master secret for a multi user rotation scheme.The secret to rotate.default ISecurityGroup
The security group for the Lambda rotation function.The target service or database.getVpc()
The VPC where the Lambda rotation function will run.default SubnetSelection
The type of subnets in the VPC where the Lambda rotation function will run.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getApplication
The serverless application for the rotation. -
getSecret
The secret to rotate. It must be a JSON string with the following format:.{ "engine": <required: database engine>, "host": <required: instance host name>, "username": <required: username>, "password": <required: password>, "dbname": <optional: database name>, "port": <optional: if not specified, default port will be used>, "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> }
This is typically the case for a secret referenced from an
AWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.- See Also:
-
getTarget
The target service or database. -
getVpc
The VPC where the Lambda rotation function will run. -
getAutomaticallyAfter
Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.Default: Duration.days(30)
-
getEndpoint
The VPC interface endpoint to use for the Secrets Manager API.If you enable private DNS hostnames for your VPC private endpoint (the default), you don't need to specify an endpoint. The standard Secrets Manager DNS hostname the Secrets Manager CLI and SDKs use by default (https://secretsmanager.
.amazonaws.com) automatically resolves to your VPC endpoint. Default: https://secretsmanager.
.amazonaws.com -
getExcludeCharacters
Characters which should not appear in the generated password.Default: - no additional characters are explicitly excluded
-
getMasterSecret
The master secret for a multi user rotation scheme.Default: - single user rotation scheme
-
getSecurityGroup
The security group for the Lambda rotation function.Default: - a new security group is created
-
getVpcSubnets
The type of subnets in the VPC where the Lambda rotation function will run.Default: - the Vpc default strategy if not specified.
-
builder
- Returns:
- a
SecretRotationProps.Builder
ofSecretRotationProps
-