Class CfnRotationScheduleProps
Properties for defining a CfnRotationSchedule.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.SecretsManager
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnRotationScheduleProps : ICfnRotationSchedulePropsSyntax (vb)
Public Class CfnRotationScheduleProps Implements ICfnRotationSchedulePropsRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SecretsManager;
var cfnRotationScheduleProps = new CfnRotationScheduleProps {
SecretId = "secretId",
// the properties below are optional
HostedRotationLambda = new HostedRotationLambdaProperty {
RotationType = "rotationType",
// the properties below are optional
ExcludeCharacters = "excludeCharacters",
KmsKeyArn = "kmsKeyArn",
MasterSecretArn = "masterSecretArn",
MasterSecretKmsKeyArn = "masterSecretKmsKeyArn",
RotationLambdaName = "rotationLambdaName",
Runtime = "runtime",
SuperuserSecretArn = "superuserSecretArn",
SuperuserSecretKmsKeyArn = "superuserSecretKmsKeyArn",
VpcSecurityGroupIds = "vpcSecurityGroupIds",
VpcSubnetIds = "vpcSubnetIds"
},
RotateImmediatelyOnUpdate = false,
RotationLambdaArn = "rotationLambdaArn",
RotationRules = new RotationRulesProperty {
AutomaticallyAfterDays = 123,
Duration = "duration",
ScheduleExpression = "scheduleExpression"
}
};Synopsis
Constructors
| CfnRotationScheduleProps() | Properties for defining a |
Properties
| HostedRotationLambda | Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates . To use a rotation function that already exists, specify |
| RotateImmediatelyOnUpdate | Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated. |
| RotationLambdaArn | The ARN of an existing Lambda rotation function. |
| RotationRules | A structure that defines the rotation configuration for this secret. |
| SecretId | The ARN or name of the secret to rotate. This is unique for each rotation schedule definition. |
Constructors
CfnRotationScheduleProps()
Properties for defining a CfnRotationSchedule.
public CfnRotationScheduleProps()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SecretsManager;
var cfnRotationScheduleProps = new CfnRotationScheduleProps {
SecretId = "secretId",
// the properties below are optional
HostedRotationLambda = new HostedRotationLambdaProperty {
RotationType = "rotationType",
// the properties below are optional
ExcludeCharacters = "excludeCharacters",
KmsKeyArn = "kmsKeyArn",
MasterSecretArn = "masterSecretArn",
MasterSecretKmsKeyArn = "masterSecretKmsKeyArn",
RotationLambdaName = "rotationLambdaName",
Runtime = "runtime",
SuperuserSecretArn = "superuserSecretArn",
SuperuserSecretKmsKeyArn = "superuserSecretKmsKeyArn",
VpcSecurityGroupIds = "vpcSecurityGroupIds",
VpcSubnetIds = "vpcSubnetIds"
},
RotateImmediatelyOnUpdate = false,
RotationLambdaArn = "rotationLambdaArn",
RotationRules = new RotationRulesProperty {
AutomaticallyAfterDays = 123,
Duration = "duration",
ScheduleExpression = "scheduleExpression"
}
};Properties
HostedRotationLambda
Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates . To use a rotation function that already exists, specify RotationLambdaARN instead.
public object? HostedRotationLambda { get; set; }Property Value
Remarks
You must specify Transform: AWS::SecretsManager-2024-09-16 at the beginning of the CloudFormation template. Transforms are macros hosted by AWS CloudFormation that help you create and manage complex infrastructure. The Transform: AWS::SecretsManager-2024-09-16 transform automatically extends the CloudFormation stack to include a nested stack (of type AWS::CloudFormation::Stack ), which then creates and updates on your behalf during subsequent stack operations, the appropriate rotation Lambda function for your database or service. For general information on transforms, see the AWS CloudFormation documentation.
For Amazon RDS master user credentials, see AWS::RDS::DBCluster MasterUserSecret .
For Amazon Redshift admin user credentials, see AWS::Redshift::Cluster .
RotateImmediatelyOnUpdate
Determines whether to rotate the secret immediately or wait until the next scheduled rotation window when the rotation schedule is updated.
public object? RotateImmediatelyOnUpdate { get; set; }Property Value
Remarks
The rotation schedule is defined in RotationRules .
The default for RotateImmediatelyOnUpdate is true . If you don't specify this value, Secrets Manager rotates the secret immediately.
If you set RotateImmediatelyOnUpdate to false , Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. This test creates an AWSPENDING version of the secret and then removes it.
When changing an existing rotation schedule and setting <code>RotateImmediatelyOnUpdate</code> to <code>false</code> :
Rotation is an asynchronous process. For more information, see How rotation works .
RotationLambdaArn
The ARN of an existing Lambda rotation function.
public string? RotationLambdaArn { get; set; }Property Value
Remarks
To specify a rotation function that is also defined in this template, use the Ref function.
For Amazon RDS master user credentials, see AWS::RDS::DBCluster MasterUserSecret .
For Amazon Redshift admin user credentials, see AWS::Redshift::Cluster .
To create a new rotation function based on one of the Secrets Manager rotation function templates , specify HostedRotationLambda instead.
RotationRules
A structure that defines the rotation configuration for this secret.
public object? RotationRules { get; set; }Property Value
Remarks
SecretId
The ARN or name of the secret to rotate. This is unique for each rotation schedule definition.
public string SecretId { get; set; }Property Value
Remarks
To reference a secret also created in this template, use the Ref function with the secret's logical ID.