HostedRotation

class aws_cdk.aws_secretsmanager.HostedRotation(*args: Any, **kwargs)

Bases: object

A hosted rotation.

ExampleMetadata:

infused

Example:

secret = secretsmanager.Secret(self, "Secret")

secret.add_rotation_schedule("RotationSchedule",
    hosted_rotation=secretsmanager.HostedRotation.mysql_single_user()
)

Methods

bind(secret, scope)

Binds this hosted rotation to a secret.

Parameters:
Return type:

HostedRotationLambdaProperty

Attributes

connections

Security group connections for this hosted rotation.

Static Methods

classmethod maria_db_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MariaDB Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod maria_db_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MariaDB Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod mongo_db_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MongoDB Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod mongo_db_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MongoDB Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod mysql_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MySQL Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod mysql_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

MySQL Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod oracle_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

Oracle Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod oracle_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

Oracle Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod postgre_sql_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

PostgreSQL Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod postgre_sql_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

PostgreSQL Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod redshift_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

Redshift Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod redshift_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

Redshift Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod sql_server_multi_user(*, master_secret, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

SQL Server Multi User.

Parameters:

  • master_secret (ISecret) – The master secret for a multi user rotation scheme.

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation

classmethod sql_server_single_user(*, exclude_characters=None, function_name=None, security_groups=None, vpc=None, vpc_subnets=None)

SQL Server Single User.

Parameters:

  • exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password. Default: the same exclude characters as the ones used for the secret or “ %+~`#$&*()|[]{}:;<>?!’/@”"

  • function_name (Optional[str]) – A name for the Lambda created to rotate the secret. Default: - a CloudFormation generated name

  • security_groups (Optional[Sequence[ISecurityGroup]]) – A list of security groups for the Lambda created to rotate the secret. Default: - a new security group is created

  • vpc (Optional[IVpc]) – The VPC where the Lambda rotation function will run. Default: - the Lambda is not deployed in a VPC

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets in the VPC where the Lambda rotation function will run. Default: - the Vpc default strategy if not specified.

Return type:

HostedRotation