RotationScheduleProps
- class aws_cdk.aws_secretsmanager.RotationScheduleProps(*, automatically_after=None, hosted_rotation=None, rotate_immediately_on_update=None, rotation_lambda=None, secret)
Bases:
RotationScheduleOptions
Construction properties for a RotationSchedule.
- Parameters:
automatically_after (
Optional
[Duration
]) – Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. The minimum value is 4 hours. The maximum value is 1000 days. A value of zero (Duration.days(0)
) will not create RotationRules. Default: Duration.days(30)hosted_rotation (
Optional
[HostedRotation
]) – Hosted rotation. Default: - eitherrotationLambda
orhostedRotation
must be specifiedrotate_immediately_on_update (
Optional
[bool
]) – Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. Default: truerotation_lambda (
Optional
[IFunction
]) – A Lambda function that can rotate the secret. Default: - eitherrotationLambda
orhostedRotation
must be specifiedsecret (
ISecret
) – The secret to rotate. If hosted rotation is used, this must be a JSON string with the following format:: { “engine”: <required: database engine>, “host”: <required: instance host name>, “username”: <required: username>, “password”: <required: password>, “dbname”: <optional: database name>, “port”: <optional: if not specified, default port will be used>, “masterarn”: <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> } This is typically the case for a secret referenced from anAWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk as cdk from aws_cdk import aws_lambda as lambda_ from aws_cdk import aws_secretsmanager as secretsmanager # function_: lambda.Function # hosted_rotation: secretsmanager.HostedRotation # secret: secretsmanager.Secret rotation_schedule_props = secretsmanager.RotationScheduleProps( secret=secret, # the properties below are optional automatically_after=cdk.Duration.minutes(30), hosted_rotation=hosted_rotation, rotate_immediately_on_update=False, rotation_lambda=function_ )
Attributes
- automatically_after
Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
The minimum value is 4 hours. The maximum value is 1000 days.
A value of zero (
Duration.days(0)
) will not create RotationRules.- Default:
Duration.days(30)
- hosted_rotation
Hosted rotation.
- Default:
either
rotationLambda
orhostedRotation
must be specified
- rotate_immediately_on_update
Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
- Default:
true
- rotation_lambda
A Lambda function that can rotate the secret.
- Default:
either
rotationLambda
orhostedRotation
must be specified
- secret
The secret to rotate.
If hosted rotation is used, this must be a JSON string with the following format:
{ "engine": <required: database engine>, "host": <required: instance host name>, "username": <required: username>, "password": <required: password>, "dbname": <optional: database name>, "port": <optional: if not specified, default port will be used>, "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> }
This is typically the case for a secret referenced from an
AWS::SecretsManager::SecretTargetAttachment
or anISecret
returned by theattach()
method ofSecret
.