Class SecretRotationProps

Construction properties for a SecretRotation.

Inheritance

object

SecretRotationProps

Implements

ISecretRotationProps

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Namespace: Amazon.CDK.AWS.SecretsManager

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class SecretRotationProps : ISecretRotationProps

Syntax (vb)

Public Class SecretRotationProps Implements ISecretRotationProps

Remarks

ExampleMetadata: infused

Examples

Secret myUserSecret;
            Secret myMasterSecret;
            IConnectable myDatabase;
            Vpc myVpc;


            new SecretRotation(this, "SecretRotation", new SecretRotationProps {
                Application = SecretRotationApplication.MYSQL_ROTATION_MULTI_USER,
                Secret = myUserSecret,  // The secret that will be rotated
                MasterSecret = myMasterSecret,  // The secret used for the rotation
                Target = myDatabase,
                Vpc = myVpc
            });

Synopsis

Constructors

SecretRotationProps()

Construction properties for a SecretRotation.

Properties

Application	The serverless application for the rotation.
AutomaticallyAfter	Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
Endpoint	Construction properties for a SecretRotation.
ExcludeCharacters	Characters which should not appear in the generated password.
MasterSecret	The master secret for a multi user rotation scheme.
RotateImmediatelyOnUpdate	Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
Secret	The secret to rotate. It must be a JSON string with the following format:.
SecurityGroup	The security group for the Lambda rotation function.
Target	The target service or database.
Vpc	The VPC where the Lambda rotation function will run.
VpcSubnets	The type of subnets in the VPC where the Lambda rotation function will run.

Constructors

SecretRotationProps()

Construction properties for a SecretRotation.

public SecretRotationProps()

Remarks

ExampleMetadata: infused

Examples

Secret myUserSecret;
            Secret myMasterSecret;
            IConnectable myDatabase;
            Vpc myVpc;


            new SecretRotation(this, "SecretRotation", new SecretRotationProps {
                Application = SecretRotationApplication.MYSQL_ROTATION_MULTI_USER,
                Secret = myUserSecret,  // The secret that will be rotated
                MasterSecret = myMasterSecret,  // The secret used for the rotation
                Target = myDatabase,
                Vpc = myVpc
            });

Properties

Application

The serverless application for the rotation.

public SecretRotationApplication Application { get; set; }

Property Value

SecretRotationApplication

Remarks

ExampleMetadata: infused

AutomaticallyAfter

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

public Duration? AutomaticallyAfter { get; set; }

Property Value

Duration

Remarks

Default: Duration.days(30)

Endpoint

Construction properties for a SecretRotation.

public IInterfaceVpcEndpoint? Endpoint { get; set; }

Property Value

IInterfaceVpcEndpoint

Remarks

ExampleMetadata: infused

ExcludeCharacters

Characters which should not appear in the generated password.

public string? ExcludeCharacters { get; set; }

Property Value

string

Remarks

Default: - no additional characters are explicitly excluded

MasterSecret

The master secret for a multi user rotation scheme.

public ISecret? MasterSecret { get; set; }

Property Value

ISecret

Remarks

Default: - single user rotation scheme

RotateImmediatelyOnUpdate

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.

public bool? RotateImmediatelyOnUpdate { get; set; }

Property Value

bool?

Remarks

Default: true

Secret

The secret to rotate. It must be a JSON string with the following format:.

public ISecret Secret { get; set; }

Property Value

ISecret

Remarks

{
  "engine": <required: database engine>,
  "host": <required: instance host name>,
  "username": <required: username>,
  "password": <required: password>,
  "dbname": <optional: database name>,
  "port": <optional: if not specified, default port will be used>,
  "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html

SecurityGroup

The security group for the Lambda rotation function.

public ISecurityGroup? SecurityGroup { get; set; }

Property Value

ISecurityGroup

Remarks

Default: - a new security group is created

Target

The target service or database.

public IConnectable Target { get; set; }

Property Value

IConnectable

Remarks

ExampleMetadata: infused

Vpc

The VPC where the Lambda rotation function will run.

public IVpc Vpc { get; set; }

Property Value

IVpc

Remarks

ExampleMetadata: infused

VpcSubnets

The type of subnets in the VPC where the Lambda rotation function will run.

public ISubnetSelection? VpcSubnets { get; set; }

Property Value

ISubnetSelection

Remarks

Default: - the Vpc default strategy if not specified.

Implements

ISecretRotationProps