AWS::SecretsManager::RotationSchedule HostedRotationLambda - AWS CloudFormation

AWS::SecretsManager::RotationSchedule HostedRotationLambda

Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates.

You must specify Transform: AWS::SecretsManager-2020-07-23 at the beginning of the CloudFormation template.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "ExcludeCharacters" : String, "KmsKeyArn" : String, "MasterSecretArn" : String, "MasterSecretKmsKeyArn" : String, "RotationLambdaName" : String, "RotationType" : String, "SuperuserSecretArn" : String, "SuperuserSecretKmsKeyArn" : String, "VpcSecurityGroupIds" : String, "VpcSubnetIds" : String }

Properties

ExcludeCharacters

A string of the characters that you don't want in the password.

Required: No

Type: String

Update requires: No interruption

KmsKeyArn

The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

Required: No

Type: String

Update requires: No interruption

MasterSecretArn

The ARN of the secret that contains elevated credentials. You must create the elevated secret before you can set this property. The Lambda rotation function uses this secret for the Alternating users rotation strategy.

You can specify MasterSecretArn or SuperuserSecretArn but not both. They represent the same superuser secret.

Required: No

Type: String

Update requires: No interruption

MasterSecretKmsKeyArn

The ARN of the KMS key that Secrets Manager uses to encrypt the elevated secret if you use the alternating users strategy. If you don't specify this value and you use the alternating users strategy, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

You can specify MasterSecretKmsKeyArn or SuperuserSecretKmsKeyArn but not both. They represent the same superuser secret KMS key.

Required: No

Type: String

Update requires: No interruption

RotationLambdaName

The name of the Lambda rotation function.

Required: No

Type: String

Update requires: No interruption

RotationType

The rotation template to base the rotation function on, one of the following:

Required: Yes

Type: String

Update requires: No interruption

SuperuserSecretArn

The ARN of the secret that contains elevated credentials. You must create the superuser secret before you can set this property. The Lambda rotation function uses this secret for the Alternating users rotation strategy.

You can specify MasterSecretArn or SuperuserSecretArn but not both. They represent the same superuser secret.

Required: No

Type: String

Update requires: No interruption

SuperuserSecretKmsKeyArn

The ARN of the KMS key that Secrets Manager uses to encrypt the elevated secret if you use the alternating users strategy. If you don't specify this value and you use the alternating users strategy, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

You can specify MasterSecretKmsKeyArn or SuperuserSecretKmsKeyArn but not both. They represent the same superuser secret KMS key.

Required: No

Type: String

Update requires: No interruption

VpcSecurityGroupIds

A comma-separated list of security group IDs applied to the target database.

The templates applies the same security groups as on the Lambda rotation function that is created as part of this stack.

Required: No

Type: String

Update requires: No interruption

VpcSubnetIds

A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.

Required: No

Type: String

Update requires: No interruption