DatabaseSecretProps
- class aws_cdk.aws_rds.DatabaseSecretProps(*, username, dbname=None, encryption_key=None, exclude_characters=None, master_secret=None, replace_on_password_criteria_changes=None, replica_regions=None, secret_name=None)
Bases:
object
Construction properties for a DatabaseSecret.
- Parameters:
username (
str
) – The username.dbname (
Optional
[str
]) – The database name, if not using the default one. Default: - whatever the secret generates after the attach method is runencryption_key (
Optional
[IKey
]) – The KMS key to use to encrypt the secret. Default: default master keyexclude_characters (
Optional
[str
]) – Characters to not include in the generated password. Default: “ %+~`#$&*()|[]{}:;<>?!’/@”"master_secret (
Optional
[ISecret
]) – The master secret which will be used to rotate this secret. Default: - no master secret information will be includedreplace_on_password_criteria_changes (
Optional
[bool
]) – Whether to replace this secret when the criteria for the password change. This is achieved by overriding the logical id of the AWS::SecretsManager::Secret with a hash of the options that influence the password generation. This way a new secret will be created when the password is regenerated and the cluster or instance consuming this secret will have its credentials updated. Default: falsereplica_regions (
Optional
[Sequence
[Union
[ReplicaRegion
,Dict
[str
,Any
]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicatedsecret_name (
Optional
[str
]) – A name for the secret. Default: - A name is generated by CloudFormation.
- ExampleMetadata:
infused
Example:
# Build a data source for AppSync to access the database. # api: appsync.GraphqlApi # Create username and password secret for DB Cluster secret = rds.DatabaseSecret(self, "AuroraSecret", username="clusteradmin" ) # The VPC to place the cluster in vpc = ec2.Vpc(self, "AuroraVpc") # Create the serverless cluster, provide all values needed to customise the database. cluster = rds.ServerlessCluster(self, "AuroraCluster", engine=rds.DatabaseClusterEngine.AURORA_MYSQL, vpc=vpc, credentials={"username": "clusteradmin"}, cluster_identifier="db-endpoint-test", default_database_name="demos" ) rds_dS = api.add_rds_data_source("rds", cluster, secret, "demos") # Set up a resolver for an RDS query. rds_dS.create_resolver("QueryGetDemosRdsResolver", type_name="Query", field_name="getDemosRds", request_mapping_template=appsync.MappingTemplate.from_string(""" { "version": "2018-05-29", "statements": [ "SELECT * FROM demos" ] } """), response_mapping_template=appsync.MappingTemplate.from_string(""" $utils.toJson($utils.rds.toJsonObject($ctx.result)[0]) """) ) # Set up a resolver for an RDS mutation. rds_dS.create_resolver("MutationAddDemoRdsResolver", type_name="Mutation", field_name="addDemoRds", request_mapping_template=appsync.MappingTemplate.from_string(""" { "version": "2018-05-29", "statements": [ "INSERT INTO demos VALUES (:id, :version)", "SELECT * WHERE id = :id" ], "variableMap": { ":id": $util.toJson($util.autoId()), ":version": $util.toJson($ctx.args.version) } } """), response_mapping_template=appsync.MappingTemplate.from_string(""" $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0]) """) )
Attributes
- dbname
The database name, if not using the default one.
- Default:
whatever the secret generates after the attach method is run
- encryption_key
The KMS key to use to encrypt the secret.
- Default:
default master key
- exclude_characters
Characters to not include in the generated password.
- Default:
“ %+~`#$&*()|[]{}:;<>?!’/@”"
- master_secret
The master secret which will be used to rotate this secret.
- Default:
no master secret information will be included
- replace_on_password_criteria_changes
Whether to replace this secret when the criteria for the password change.
This is achieved by overriding the logical id of the AWS::SecretsManager::Secret with a hash of the options that influence the password generation. This way a new secret will be created when the password is regenerated and the cluster or instance consuming this secret will have its credentials updated.
- Default:
false
- replica_regions
A list of regions where to replicate this secret.
- Default:
Secret is not replicated
- secret_name
A name for the secret.
- Default:
A name is generated by CloudFormation.
- username
The username.