Class SnapshotCredentials
Credentials to update the password for a DatabaseInstanceFromSnapshot.
Namespace: Amazon.CDK.AWS.RDS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public abstract class SnapshotCredentials : DeputyBaseSyntax (vb)
Public MustInherit Class SnapshotCredentials Inherits DeputyBaseRemarks
ExampleMetadata: infused
Examples
Vpc vpc;
var engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps { Version = PostgresEngineVersion.VER_16_3 });
var myKey = new Key(this, "MyKey");
new DatabaseInstanceFromSnapshot(this, "InstanceFromSnapshotWithCustomizedSecret", new DatabaseInstanceFromSnapshotProps {
Engine = engine,
Vpc = vpc,
SnapshotIdentifier = "mySnapshot",
Credentials = SnapshotCredentials.FromGeneratedSecret("username", new SnapshotCredentialsFromGeneratedPasswordOptions {
EncryptionKey = myKey,
ExcludeCharacters = "!&*^#@()",
ReplicaRegions = new [] { new ReplicaRegion { Region = "eu-west-1" }, new ReplicaRegion { Region = "eu-west-2" } }
})
});Synopsis
Constructors
| SnapshotCredentials() | Credentials to update the password for a |
Properties
| EncryptionKey | KMS encryption key to encrypt the generated secret. |
| ExcludeCharacters | Credentials to update the password for a |
| GeneratePassword | Whether a new password should be generated. |
| Password | The master user password. |
| ReplaceOnPasswordCriteriaChanges | Whether to replace the generated secret when the criteria for the password change. |
| ReplicaRegions | A list of regions where to replicate the generated secret. |
| Secret | Secret used to instantiate this Login. |
| Username | The master user name. |
Methods
| FromGeneratedPassword(string, ISnapshotCredentialsFromGeneratedPasswordOptions?) | Generate a new password for the snapshot, using the existing username and an optional encryption key. |
| FromGeneratedSecret(string, ISnapshotCredentialsFromGeneratedPasswordOptions?) | Generate a new password for the snapshot, using the existing username and an optional encryption key. |
| FromPassword(SecretValue) | Update the snapshot login with an existing password. |
| FromSecret(ISecret) | Update the snapshot login with an existing password from a Secret. |
Constructors
SnapshotCredentials()
Credentials to update the password for a DatabaseInstanceFromSnapshot.
protected SnapshotCredentials()Remarks
ExampleMetadata: infused
Examples
Vpc vpc;
var engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps { Version = PostgresEngineVersion.VER_16_3 });
var myKey = new Key(this, "MyKey");
new DatabaseInstanceFromSnapshot(this, "InstanceFromSnapshotWithCustomizedSecret", new DatabaseInstanceFromSnapshotProps {
Engine = engine,
Vpc = vpc,
SnapshotIdentifier = "mySnapshot",
Credentials = SnapshotCredentials.FromGeneratedSecret("username", new SnapshotCredentialsFromGeneratedPasswordOptions {
EncryptionKey = myKey,
ExcludeCharacters = "!&*^#@()",
ReplicaRegions = new [] { new ReplicaRegion { Region = "eu-west-1" }, new ReplicaRegion { Region = "eu-west-2" } }
})
});Properties
EncryptionKey
KMS encryption key to encrypt the generated secret.
public abstract IKey? EncryptionKey { get; }Property Value
Remarks
Default: - default master key
ExcludeCharacters
Credentials to update the password for a DatabaseInstanceFromSnapshot.
public abstract string? ExcludeCharacters { get; }Property Value
Remarks
ExampleMetadata: infused
Examples
Vpc vpc;
var engine = DatabaseInstanceEngine.Postgres(new PostgresInstanceEngineProps { Version = PostgresEngineVersion.VER_16_3 });
var myKey = new Key(this, "MyKey");
new DatabaseInstanceFromSnapshot(this, "InstanceFromSnapshotWithCustomizedSecret", new DatabaseInstanceFromSnapshotProps {
Engine = engine,
Vpc = vpc,
SnapshotIdentifier = "mySnapshot",
Credentials = SnapshotCredentials.FromGeneratedSecret("username", new SnapshotCredentialsFromGeneratedPasswordOptions {
EncryptionKey = myKey,
ExcludeCharacters = "!&*^#@()",
ReplicaRegions = new [] { new ReplicaRegion { Region = "eu-west-1" }, new ReplicaRegion { Region = "eu-west-2" } }
})
});GeneratePassword
Whether a new password should be generated.
public abstract bool GeneratePassword { get; }Property Value
Remarks
ExampleMetadata: infused
Password
The master user password.
public abstract SecretValue? Password { get; }Property Value
Remarks
Do not put passwords in your CDK code directly.
Default: - the existing password from the snapshot
ReplaceOnPasswordCriteriaChanges
Whether to replace the generated secret when the criteria for the password change.
public abstract bool? ReplaceOnPasswordCriteriaChanges { get; }Property Value
bool?
Remarks
Default: false
ReplicaRegions
A list of regions where to replicate the generated secret.
public abstract IReplicaRegion[]? ReplicaRegions { get; }Property Value
Remarks
Default: - Secret is not replicated
Secret
Secret used to instantiate this Login.
public abstract ISecret? Secret { get; }Property Value
Remarks
Default: - none
Username
The master user name.
public abstract string? Username { get; }Property Value
Remarks
Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.
Default: - the existing username from the snapshot
Methods
FromGeneratedPassword(string, ISnapshotCredentialsFromGeneratedPasswordOptions?)
Generate a new password for the snapshot, using the existing username and an optional encryption key.
public static SnapshotCredentials FromGeneratedPassword(string username, ISnapshotCredentialsFromGeneratedPasswordOptions? options = null)Parameters
- username string
- options ISnapshotCredentialsFromGeneratedPasswordOptions
Returns
Remarks
Note - The username must match the existing master username of the snapshot.
NOTE: use fromGeneratedSecret() for new Clusters and Instances. Switching from
fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters
or Instances will update their master password.
FromGeneratedSecret(string, ISnapshotCredentialsFromGeneratedPasswordOptions?)
Generate a new password for the snapshot, using the existing username and an optional encryption key.
public static SnapshotCredentials FromGeneratedSecret(string username, ISnapshotCredentialsFromGeneratedPasswordOptions? options = null)Parameters
- username string
- options ISnapshotCredentialsFromGeneratedPasswordOptions
Returns
Remarks
The new credentials are stored in Secrets Manager.
Note - The username must match the existing master username of the snapshot.
FromPassword(SecretValue)
Update the snapshot login with an existing password.
public static SnapshotCredentials FromPassword(SecretValue password)Parameters
- password SecretValue
Returns
Remarks
ExampleMetadata: infused
FromSecret(ISecret)
Update the snapshot login with an existing password from a Secret.
public static SnapshotCredentials FromSecret(ISecret secret)Parameters
- secret ISecret
Returns
Remarks
The Secret must be a JSON string with a password field:
{
...
"password": <required: password>,
}