RotationScheduleProps¶
-
class
aws_cdk.aws_secretsmanager.
RotationScheduleProps
(*, automatically_after=None, hosted_rotation=None, rotation_lambda=None, secret)¶ Bases:
aws_cdk.aws_secretsmanager.RotationScheduleOptions
Construction properties for a RotationSchedule.
- Parameters
automatically_after (
Optional
[Duration
]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. A value of zero will disable automatic rotation -Duration.days(0)
. Default: Duration.days(30)hosted_rotation (
Optional
[HostedRotation
]) – Hosted rotation. Default: - eitherrotationLambda
orhostedRotation
must be specifiedrotation_lambda (
Optional
[IFunction
]) – A Lambda function that can rotate the secret. Default: - eitherrotationLambda
orhostedRotation
must be specifiedsecret (
ISecret
) – The secret to rotate. If hosted rotation is used, this must be a JSON string with the following format:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from anAWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_lambda as lambda_ import aws_cdk.aws_secretsmanager as secretsmanager import aws_cdk.core as cdk # function_: lambda.Function # hosted_rotation: secretsmanager.HostedRotation # secret: secretsmanager.Secret rotation_schedule_props = secretsmanager.RotationScheduleProps( secret=secret, # the properties below are optional automatically_after=cdk.Duration.minutes(30), hosted_rotation=hosted_rotation, rotation_lambda=function_ )
Attributes
-
automatically_after
¶ Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
A value of zero will disable automatic rotation -
Duration.days(0)
.- Default
Duration.days(30)
- Return type
Optional
[Duration
]
-
hosted_rotation
¶ Hosted rotation.
- Default
either
rotationLambda
orhostedRotation
must be specified
- Return type
Optional
[HostedRotation
]
-
rotation_lambda
¶ A Lambda function that can rotate the secret.
- Default
either
rotationLambda
orhostedRotation
must be specified
- Return type
Optional
[IFunction
]
-
secret
¶ The secret to rotate.
If hosted rotation is used, this must be a JSON string with the following format:
{ "engine": <required: database engine>, "host": <required: instance host name>, "username": <required: username>, "password": <required: password>, "dbname": <optional: database name>, "port": <optional: if not specified, default port will be used>, "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> }
This is typically the case for a secret referenced from an
AWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.- Return type