ReplicateSecretToRegions - AWS Secrets Manager

ReplicateSecretToRegions

Converts an existing secret to a multi-Region secret and begins replication the secret to a list of new regions.

Request Syntax

{ "AddReplicaRegions": [ { "KmsKeyId": "string", "Region": "string" } ], "ForceOverwriteReplicaSecret": boolean, "SecretId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AddReplicaRegions

Add Regions to replicate the secret.

Type: Array of ReplicaRegionType objects

Array Members: Minimum number of 1 item.

Required: Yes

ForceOverwriteReplicaSecret

(Optional) If set, Secrets Manager replication overwrites a secret with the same name in the destination region.

Type: Boolean

Required: No

SecretId

Use the Secret Id to replicate a secret to regions.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

Response Syntax

{ "ARN": "string", "ReplicationStatus": [ { "KmsKeyId": "string", "LastAccessedDate": number, "Region": "string", "Status": "string", "StatusMessage": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ARN

Replicate a secret based on the ReplicaRegionType> consisting of a Region(required) and a KMSKeyId (optional) which can be the ARN, KeyID, or Alias.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

ReplicationStatus

Describes the secret replication status as PENDING, SUCCESS or FAIL.

Type: Array of ReplicationStatusType objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServiceError

An error occurred on the server side.

HTTP Status Code: 500

InvalidParameterException

You provided an invalid value for a parameter.

HTTP Status Code: 400

InvalidRequestException

You provided a parameter value that is not valid for the current state of the resource.

Possible causes:

  • You tried to perform the operation on a secret that's currently marked deleted.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

HTTP Status Code: 400

ResourceNotFoundException

We can't find the resource that you asked for.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: