Credentials
- class aws_cdk.aws_rds.Credentials
Bases:
object
Username and password combination.
- ExampleMetadata:
infused
Example:
# Build a data source for AppSync to access the database. # api: appsync.GraphqlApi # Create username and password secret for DB Cluster secret = rds.DatabaseSecret(self, "AuroraSecret", username="clusteradmin" ) # The VPC to place the cluster in vpc = ec2.Vpc(self, "AuroraVpc") # Create the serverless cluster, provide all values needed to customise the database. cluster = rds.ServerlessCluster(self, "AuroraCluster", engine=rds.DatabaseClusterEngine.AURORA_MYSQL, vpc=vpc, credentials={"username": "clusteradmin"}, cluster_identifier="db-endpoint-test", default_database_name="demos" ) rds_dS = api.add_rds_data_source("rds", cluster, secret, "demos") # Set up a resolver for an RDS query. rds_dS.create_resolver( type_name="Query", field_name="getDemosRds", request_mapping_template=appsync.MappingTemplate.from_string(""" { "version": "2018-05-29", "statements": [ "SELECT * FROM demos" ] } """), response_mapping_template=appsync.MappingTemplate.from_string(""" $utils.toJson($utils.rds.toJsonObject($ctx.result)[0]) """) ) # Set up a resolver for an RDS mutation. rds_dS.create_resolver( type_name="Mutation", field_name="addDemoRds", request_mapping_template=appsync.MappingTemplate.from_string(""" { "version": "2018-05-29", "statements": [ "INSERT INTO demos VALUES (:id, :version)", "SELECT * WHERE id = :id" ], "variableMap": { ":id": $util.toJson($util.autoId()), ":version": $util.toJson($ctx.args.version) } } """), response_mapping_template=appsync.MappingTemplate.from_string(""" $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0]) """) )
Attributes
- encryption_key
KMS encryption key to encrypt the generated secret.
- Default:
default master key
- exclude_characters
The characters to exclude from the generated password.
Only used if {@link password} has not been set.
- Default:
the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/
:: “")
- password
Password.
Do not put passwords in your CDK code directly.
- Default:
a Secrets Manager generated password
- replica_regions
A list of regions where to replicate the generated secret.
- Default:
Secret is not replicated
- secret
Secret used to instantiate this Login.
- Default:
none
- secret_name
The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.
- Default:
A name is generated by CloudFormation.
- username
Username.
- username_as_string
Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.
- Default:
false
Static Methods
- classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None, replica_regions=None, secret_name=None)
Creates Credentials with a password generated and stored in Secrets Manager.
- Parameters:
username (
str
) –encryption_key (
Optional
[IKey
]) – KMS encryption key to encrypt the generated secret. Default: - default master keyexclude_characters (
Optional
[str
]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/replica_regions (
Optional
[Sequence
[Union
[ReplicaRegion
,Dict
[str
,Any
]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicatedsecret_name (
Optional
[str
]) – The name of the secret. Default: - A name is generated by CloudFormation.
- Return type:
- classmethod from_password(username, password)
Creates Credentials from a password.
Do not put passwords in your CDK code directly.
- Parameters:
username (
str
) –password (
SecretValue
) –
- Return type:
- classmethod from_secret(secret, username=None)
Creates Credentials from an existing Secrets Manager
Secret
(orDatabaseSecret
).The Secret must be a JSON string with a
username
andpassword
field:{ ... "username": <required: username>, "password": <required: password>, }
- Parameters:
secret (
ISecret
) – The secret where the credentials are stored.username (
Optional
[str
]) – The username defined in the secret. If specified the username will be referenced as a string and not a dynamic reference to the username field in the secret. This allows to replace the secret without replacing the instance or cluster.
- Return type:
- classmethod from_username(username, *, password=None, encryption_key=None, exclude_characters=None, replica_regions=None, secret_name=None)
Creates Credentials for the given username, and optional password and key.
If no password is provided, one will be generated and stored in Secrets Manager.
- Parameters:
username (
str
) –password (
Optional
[SecretValue
]) – Password. Do not put passwords in your CDK code directly. Default: - a Secrets Manager generated passwordencryption_key (
Optional
[IKey
]) – KMS encryption key to encrypt the generated secret. Default: - default master keyexclude_characters (
Optional
[str
]) – The characters to exclude from the generated password. Has no effect if {@link password} has been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/replica_regions (
Optional
[Sequence
[Union
[ReplicaRegion
,Dict
[str
,Any
]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicatedsecret_name (
Optional
[str
]) – The name of the secret. Default: - A name is generated by CloudFormation.
- Return type: