Credentials

class aws_cdk.aws_rds.Credentials

Bases: object

Username and password combination.

ExampleMetadata

infused

Example:

# Build a data source for AppSync to access the database.
# api: appsync.GraphqlApi
# Create username and password secret for DB Cluster
secret = rds.DatabaseSecret(self, "AuroraSecret",
    username="clusteradmin"
)

# The VPC to place the cluster in
vpc = ec2.Vpc(self, "AuroraVpc")

# Create the serverless cluster, provide all values needed to customise the database.
cluster = rds.ServerlessCluster(self, "AuroraCluster",
    engine=rds.DatabaseClusterEngine.AURORA_MYSQL,
    vpc=vpc,
    credentials={"username": "clusteradmin"},
    cluster_identifier="db-endpoint-test",
    default_database_name="demos"
)
rds_dS = api.add_rds_data_source("rds", cluster, secret, "demos")

# Set up a resolver for an RDS query.
rds_dS.create_resolver(
    type_name="Query",
    field_name="getDemosRds",
    request_mapping_template=appsync.MappingTemplate.from_string("""
          {
            "version": "2018-05-29",
            "statements": [
              "SELECT * FROM demos"
            ]
          }
          """),
    response_mapping_template=appsync.MappingTemplate.from_string("""
            $utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
          """)
)

# Set up a resolver for an RDS mutation.
rds_dS.create_resolver(
    type_name="Mutation",
    field_name="addDemoRds",
    request_mapping_template=appsync.MappingTemplate.from_string("""
          {
            "version": "2018-05-29",
            "statements": [
              "INSERT INTO demos VALUES (:id, :version)",
              "SELECT * WHERE id = :id"
            ],
            "variableMap": {
              ":id": $util.toJson($util.autoId()),
              ":version": $util.toJson($ctx.args.version)
            }
          }
          """),
    response_mapping_template=appsync.MappingTemplate.from_string("""
            $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
          """)
)

Attributes

encryption_key

KMS encryption key to encrypt the generated secret.

Default
  • default master key

Return type

Optional[IKey]

exclude_characters

The characters to exclude from the generated password.

Only used if {@link password} has not been set.

Default
  • the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

:: “")

Return type

Optional[str]

password

Password.

Do not put passwords in your CDK code directly.

Default
  • a Secrets Manager generated password

Return type

Optional[SecretValue]

replica_regions

A list of regions where to replicate the generated secret.

Default
  • Secret is not replicated

Return type

Optional[List[ReplicaRegion]]

secret

Secret used to instantiate this Login.

Default
  • none

Return type

Optional[ISecret]

secret_name

The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.

Default
  • A name is generated by CloudFormation.

Return type

Optional[str]

username

Username.

Return type

str

username_as_string

Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

Default

false

Return type

Optional[bool]

Static Methods

classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None, replica_regions=None, secret_name=None)

Creates Credentials with a password generated and stored in Secrets Manager.

Parameters
  • username (str) –

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

  • replica_regions (Optional[Sequence[ReplicaRegion]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated

  • secret_name (Optional[str]) – The name of the secret. Default: - A name is generated by CloudFormation.

Return type

Credentials

classmethod from_password(username, password)

Creates Credentials from a password.

Do not put passwords in your CDK code directly.

Parameters
Return type

Credentials

classmethod from_secret(secret, username=None)

Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

The Secret must be a JSON string with a username and password field:

{
   ...
   "username": <required: username>,
   "password": <required: password>,
}
Parameters
  • secret (ISecret) – The secret where the credentials are stored.

  • username (Optional[str]) – The username defined in the secret. If specified the username will be referenced as a string and not a dynamic reference to the username field in the secret. This allows to replace the secret without replacing the instance or cluster.

Return type

Credentials

classmethod from_username(username, *, password=None, encryption_key=None, exclude_characters=None, replica_regions=None, secret_name=None)

Creates Credentials for the given username, and optional password and key.

If no password is provided, one will be generated and stored in Secrets Manager.

Parameters
  • username (str) –

  • password (Optional[SecretValue]) – Password. Do not put passwords in your CDK code directly. Default: - a Secrets Manager generated password

  • encryption_key (Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master key

  • exclude_characters (Optional[str]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/

  • replica_regions (Optional[Sequence[ReplicaRegion]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated

  • secret_name (Optional[str]) – The name of the secret. Default: - A name is generated by CloudFormation.

Return type

Credentials