Class SecretTargetAttachment
An attached secret.
Inherited Members
Namespace: Amazon.CDK.AWS.SecretsManager
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class SecretTargetAttachment : Resource, ISecretTargetAttachment, ISecret, IResource
Syntax (vb)
Public Class SecretTargetAttachment
Inherits Resource
Implements ISecretTargetAttachment, ISecret, IResource
Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SecretsManager;
Secret secret;
ISecretAttachmentTarget secretAttachmentTarget;
var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
Secret = secret,
Target = secretAttachmentTarget
});
Synopsis
Constructors
SecretTargetAttachment(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
SecretTargetAttachment(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
SecretTargetAttachment(Construct, String, ISecretTargetAttachmentProps) |
Properties
ArnForPolicies | Provides an identifier for this secret for use in IAM policies. |
AutoCreatePolicy | |
EncryptionKey | The customer-managed encryption key that is used to encrypt this secret, if any. |
SecretArn | The ARN of the secret in AWS Secrets Manager. |
SecretFullArn | The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix. |
SecretName | The name of the secret. |
SecretTargetAttachmentSecretArn | Same as |
SecretValue | Retrieve the value of the stored secret as a |
Methods
AddRotationSchedule(String, IRotationScheduleOptions) | Adds a rotation schedule to the secret. |
AddToResourcePolicy(PolicyStatement) | Forward any additions to the resource policy to the original secret. |
Attach(ISecretAttachmentTarget) | Attach a target to this secret. |
DenyAccountRootDelete() | Denies the |
FromSecretTargetAttachmentSecretArn(Construct, String, String) | |
GrantRead(IGrantable, String[]) | Grants reading the secret value to some role. |
GrantWrite(IGrantable) | Grants writing and updating the secret value to some role. |
SecretValueFromJson(String) | Interpret the secret as a JSON object and return a field's value from it as a |
Constructors
SecretTargetAttachment(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected SecretTargetAttachment(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
SecretTargetAttachment(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected SecretTargetAttachment(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
SecretTargetAttachment(Construct, String, ISecretTargetAttachmentProps)
public SecretTargetAttachment(Construct scope, string id, ISecretTargetAttachmentProps props)
Parameters
- scope Constructs.Construct
- id System.String
- props ISecretTargetAttachmentProps
Properties
ArnForPolicies
Provides an identifier for this secret for use in IAM policies.
protected virtual string ArnForPolicies { get; }
Property Value
System.String
Remarks
If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.
AutoCreatePolicy
protected virtual bool AutoCreatePolicy { get; }
Property Value
System.Boolean
EncryptionKey
The customer-managed encryption key that is used to encrypt this secret, if any.
public virtual IKey EncryptionKey { get; }
Property Value
Remarks
When not specified, the default KMS key for the account and region is being used.
SecretArn
The ARN of the secret in AWS Secrets Manager.
public virtual string SecretArn { get; }
Property Value
System.String
Remarks
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated fromSecretName
, it will return the secretName
.
SecretFullArn
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
public virtual string SecretFullArn { get; }
Property Value
System.String
Remarks
This is equal to secretArn
in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
SecretName
The name of the secret.
public virtual string SecretName { get; }
Property Value
System.String
Remarks
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
SecretTargetAttachmentSecretArn
Same as secretArn
.
public virtual string SecretTargetAttachmentSecretArn { get; }
Property Value
System.String
Remarks
Attribute: true
SecretValue
Retrieve the value of the stored secret as a SecretValue
.
public virtual SecretValue SecretValue { get; }
Property Value
Methods
AddRotationSchedule(String, IRotationScheduleOptions)
Adds a rotation schedule to the secret.
public virtual RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)
Parameters
- id System.String
- options IRotationScheduleOptions
Returns
AddToResourcePolicy(PolicyStatement)
Forward any additions to the resource policy to the original secret.
public virtual IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)
Parameters
- statement PolicyStatement
Returns
Remarks
This is required because a secret can only have a single resource policy. If we do not forward policy additions, a new policy resource is created using the secret attachment ARN. This ends up being rejected by CloudFormation.
Attach(ISecretAttachmentTarget)
Attach a target to this secret.
public virtual ISecret Attach(ISecretAttachmentTarget target)
Parameters
- target ISecretAttachmentTarget
The target to attach.
Returns
An attached secret
DenyAccountRootDelete()
Denies the DeleteSecret
action to all principals within the current account.
public virtual void DenyAccountRootDelete()
FromSecretTargetAttachmentSecretArn(Construct, String, String)
public static ISecretTargetAttachment FromSecretTargetAttachmentSecretArn(Construct scope, string id, string secretTargetAttachmentSecretArn)
Parameters
- scope Constructs.Construct
- id System.String
- secretTargetAttachmentSecretArn System.String
Returns
GrantRead(IGrantable, String[])
Grants reading the secret value to some role.
public virtual Grant GrantRead(IGrantable grantee, string[] versionStages = null)
Parameters
- grantee IGrantable
- versionStages System.String[]
Returns
GrantWrite(IGrantable)
Grants writing and updating the secret value to some role.
public virtual Grant GrantWrite(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
SecretValueFromJson(String)
Interpret the secret as a JSON object and return a field's value from it as a SecretValue
.
public virtual SecretValue SecretValueFromJson(string jsonField)
Parameters
- jsonField System.String
Returns