本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Secrets Manager 機密資料的 JSON 結構
您可以透過 Secrets Manager 機密存放任何文字或二進位檔案。如果要為 Secrets Manager 機密開啟自動輪換,則機密必須在正確的 JSON 結構中。在輪換期間,Secrets Manager 會使用機密中的資訊連線至憑證來源,並更新其中的憑證。JSON 金鑰名稱區分大小寫。
請注意,當您使用主控台儲存資料庫機密時,Secrets Manager 會自動在正確的 JSON 結構中建立機密。
您可以將更多金鑰/值對新增至機密,例如在資料庫機密中,包含其他區域中複本資料庫的連線資訊。
主題
Amazon RDS Db2 秘密結構
對於 Amazon RDS Db2 執行個體,因為使用者無法變更自己的密碼,因此必須使用單獨的密碼來提供管理員登入資料。
{ "engine": "db2", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 3306>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon RDS MariaDB 機密結構
{ "engine": "mariadb", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 3306>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "mariadb", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 3306>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon RDS 和 Amazon Aurora MySQL 的秘密結構
{ "engine": "mysql", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 3306>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "mysql", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 3306>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon RDS Oracle 機密結構
{ "engine": "oracle", "host": "
<required: instance host name/resolvable DNS name>
", "username": "<required: username>
", "password": "<required: password>
", "dbname": "<required: database name>
", "port":<optional: TCP port number. If not specified, defaults to 1521>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "oracle", "host": "
<required: instance host name/resolvable DNS name>
", "username": "<required: username>
", "password": "<required: password>
", "dbname": "<required: database name>
", "port":<optional: TCP port number. If not specified, defaults to 1521>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon RDS 和 Amazon Aurora PostgreSQL 的秘密結構
{ "engine": "postgres", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'postgres'>
", "port":<TCP port number. If not specified, defaults to 5432>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "postgres", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'postgres'>
", "port":<TCP port number. If not specified, defaults to 5432>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon RDS Microsoft SQLServer 機密結構
{ "engine": "sqlserver", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'master'>
", "port":<TCP port number. If not specified, defaults to 1433>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "sqlserver", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'master'>
", "port":<TCP port number. If not specified, defaults to 1433>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon DocumentDB 機密結構
{ "engine": "mongo", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 27017>
, "ssl":<true|false. If not specified, defaults to false>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "mongo", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 27017>
, "masterarn": "<the ARN of the elevated secret>
", "ssl":<true|false. If not specified, defaults to false>
}
Amazon Redshift 機密結構
{ "engine": "redshift", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 5439>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "redshift", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port":<TCP port number. If not specified, defaults to 5439>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon Redshift 無服務器秘密結構
{ "engine": "redshift", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "namespaceName":<namespace name>
, "port":<TCP port number. If not specified, defaults to 5439>
}
若要使用輪換策略:交替使用者,請包含包含管理員或超級使用者認證的密碼。masterarn
{ "engine": "redshift", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "namespaceName":<namespace name>
, "port":<TCP port number. If not specified, defaults to 5439>
, "masterarn": "<the ARN of the elevated secret>
" }
Amazon ElastiCache 秘密結構
{ "password": "
<password>
", "username": "<username>
" "user_arn": "ARN of the Amazon EC2 user
" }
如需詳細資訊,請參閱 Amazon ElastiCache 使用者指南中的自動輪替使用者的密碼。
活動目錄秘密結構
AWS Directory Service 使用密碼來儲存使用中目錄認證。如需詳細資訊,請參閱管理指南中的將 Amazon EC2 Linux 執行個體無縫加入受管 AD 活動目錄。AWS Directory Service 無縫網域加入需要下列範例中的金鑰名稱。如果您不使用無縫網域加入,您可以使用環境變數來變更密碼中金鑰的名稱,如循環函數範本程式碼所述。
要旋轉活動目錄密碼,您可以使用活動目錄輪換模板。
活動目錄憑證密鑰結構
{ "awsSeamlessDomainUsername": "
<username>
", "awsSeamlessDomainPassword": "<password>
" }
如果您想要旋轉密碼,請包含網域目錄 ID。
{ "awsSeamlessDomainDirectoryId": "
d-12345abc6e
", "awsSeamlessDomainUsername": "<username>
", "awsSeamlessDomainPassword": "<password>
" }
如果密碼與包含索引鍵標籤的密碼結合使用,您可以包含金鑰標籤密碼 ARN。
{ "awsSeamlessDomainDirectoryId": "
d-12345abc6e
", "awsSeamlessDomainUsername": "<username>
", "awsSeamlessDomainPassword": "<password>
", "directoryServiceSecretVersion":1
, "schemaVersion": "1.0
", "keytabArns": [ "<ARN of child keytab secret 1>
, "<ARN of child keytab secret 2>
, "<ARN of child keytab secret 3>
, ], "lastModifiedDateTime": "2021-07-19 17:06:58
" }
活動目錄密鑰標籤密鑰結構
如需使用金鑰索引標籤檔案對 Amazon EC2 上的使用中目錄帳戶進行驗證的相關資訊,請參閱在 Amazon Linux 2 上使用 SQL Server 2017 部署和設定使用中目錄身份驗證
{ "awsSeamlessDomainDirectoryId": "
d-12345abc6e
", "schemaVersion": "1.0
", "name": "< name>
", "principals": [ "aduser@MY.EXAMPLE.COM
", "MSSQLSvc/test:1433@MY.EXAMPLE.COM
" ], "keytabContents": "<keytab>
", "parentSecretArn": "<ARN of parent secret>
", "lastModifiedDateTime": "2021-07-19 17:06:58
" "version":1
}