RotationScheduleProps

class aws_cdk.aws_secretsmanager.RotationScheduleProps(*, automatically_after=None, hosted_rotation=None, rotate_immediately_on_update=None, rotation_lambda=None, secret)

Bases: RotationScheduleOptions

Construction properties for a RotationSchedule.

Parameters:

automatically_after (Optional[Duration]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. The minimum value is 4 hours. The maximum value is 1000 days. A value of zero (Duration.days(0)) will not create RotationRules. Default: Duration.days(30)
hosted_rotation (Optional[HostedRotation]) – Hosted rotation. Default: - either rotationLambda or hostedRotation must be specified
rotate_immediately_on_update (Optional[bool]) – Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. Default: true
rotation_lambda (Optional[IFunction]) – A Lambda function that can rotate the secret. Default: - either rotationLambda or hostedRotation must be specified
secret (ISecret) – The secret to rotate. If hosted rotation is used, this must be a JSON string with the following format:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk as cdk
from aws_cdk import aws_lambda as lambda_
from aws_cdk import aws_secretsmanager as secretsmanager

# function_: lambda.Function
# hosted_rotation: secretsmanager.HostedRotation
# secret: secretsmanager.Secret

rotation_schedule_props = secretsmanager.RotationScheduleProps(
    secret=secret,

    # the properties below are optional
    automatically_after=cdk.Duration.minutes(30),
    hosted_rotation=hosted_rotation,
    rotate_immediately_on_update=False,
    rotation_lambda=function_
)

Attributes

automatically_after

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

The minimum value is 4 hours. The maximum value is 1000 days.

A value of zero (Duration.days(0)) will not create RotationRules.

Default:: Duration.days(30)

hosted_rotation

Hosted rotation.

Default:

either rotationLambda or hostedRotation must be specified

rotate_immediately_on_update

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.

Default:: true

rotation_lambda

A Lambda function that can rotate the secret.

Default:

either rotationLambda or hostedRotation must be specified

secret

The secret to rotate.

If hosted rotation is used, this must be a JSON string with the following format:

{
  "engine": <required: database engine>,
  "host": <required: instance host name>,
  "username": <required: username>,
  "password": <required: password>,
  "dbname": <optional: database name>,
  "port": <optional: if not specified, default port will be used>,
  "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.