StopReplicationToReplica
Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.
You must call this operation from the Region in which you want to promote the replica to a primary secret.
Required permissions:
secretsmanager:StopReplicationToReplica
.
For more information, see
IAM policy actions for Secrets Manager and Authentication
and access control in Secrets Manager.
Request Syntax
{
"SecretId": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- SecretId
-
The ARN of the primary secret.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: Yes
Response Syntax
{
"ARN": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ARN
-
The ARN of the promoted secret. The ARN is the same as the original primary secret except the Region is changed.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalServiceError
-
An error occurred on the server side.
HTTP Status Code: 500
- InvalidParameterException
-
The parameter name or value is invalid.
HTTP Status Code: 400
- InvalidRequestException
-
A parameter value is not valid for the current state of the resource.
Possible causes:
-
The secret is scheduled for deletion.
-
You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.
HTTP Status Code: 400
-
- ResourceNotFoundException
-
Secrets Manager can't find the resource that you asked for.
HTTP Status Code: 400
Examples
Example
The following example is intended for a primary secret in us-west-2
that has a replica in ap-south-1
. The example removes the replica from the
primary secret and promotes it to a primary secret in ap-south-1
.
Sample Request
POST / HTTP/1.1
Host: secretsmanager.region.domain
Accept-Encoding: identity
X-Amz-Target: secretsmanager.StopReplicationToReplica
Content-Type: application/x-amz-json-1.1
User-Agent: <user-agent-string>
X-Amz-Date: <date>
Authorization: AWS4-HMAC-SHA256 Credential=<credentials>,SignedHeaders=<headers>, Signature=<signature>
Content-Length: <payload-size-bytes>
{
"SecretId": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyExampleSecret-a1b2c3"
}
Sample Response
HTTP/1.1 200 OK
Date: <date>
Content-Type: application/x-amz-json-1.1
Content-Length: <response-size-bytes>
Connection: keep-alive
x-amzn-RequestId: <request-id-guid>
{
{
"ARN":"arn:aws:secretsmanager:ap-south-1:123456789012:secret:MyExampleSecret-a1b2c3",
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: