RotationScheduleProps

class aws_cdk.aws_secretsmanager.RotationScheduleProps(*, automatically_after=None, hosted_rotation=None, rotation_lambda=None, secret)

Bases: RotationScheduleOptions

Construction properties for a RotationSchedule.

Parameters:

  • automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. A value of zero will disable automatic rotation - Duration.days(0). Default: Duration.days(30)

  • hosted_rotation (Optional[HostedRotation]) – Hosted rotation. Default: - either rotationLambda or hostedRotation must be specified

  • rotation_lambda (Optional[IFunction]) – A Lambda function that can rotate the secret. Default: - either rotationLambda or hostedRotation must be specified

  • secret (ISecret) – The secret to rotate. If hosted rotation is used, this must be a JSON string with the following format:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_lambda as lambda_
import aws_cdk.aws_secretsmanager as secretsmanager
import aws_cdk.core as cdk

# function_: lambda.Function
# hosted_rotation: secretsmanager.HostedRotation
# secret: secretsmanager.Secret

rotation_schedule_props = secretsmanager.RotationScheduleProps(
    secret=secret,

    # the properties below are optional
    automatically_after=cdk.Duration.minutes(30),
    hosted_rotation=hosted_rotation,
    rotation_lambda=function_
)

Attributes

automatically_after

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

A value of zero will disable automatic rotation - Duration.days(0).

Default:

Duration.days(30)

hosted_rotation

Hosted rotation.

Default:

  • either rotationLambda or hostedRotation must be specified

rotation_lambda

A Lambda function that can rotate the secret.

Default:

  • either rotationLambda or hostedRotation must be specified

secret

The secret to rotate.

If hosted rotation is used, this must be a JSON string with the following format:

{
   "engine": <required: database engine>,
   "host": <required: instance host name>,
   "username": <required: username>,
   "password": <required: password>,
   "dbname": <optional: database name>,
   "port": <optional: if not specified, default port will be used>,
   "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.