Class SecretRotationProps
- Namespace
- Amazon.CDK.AWS.SecretsManager
- Assembly
- Amazon.CDK.AWS.SecretsManager.dll
Construction properties for a SecretRotation.
public class SecretRotationProps : ISecretRotationProps- Inheritance
-
SecretRotationProps
- Implements
- Inherited Members
Examples
Secret mySecret;
IConnectable myDatabase;
Vpc myVpc;
new SecretRotation(this, "SecretRotation", new SecretRotationProps {
Application = SecretRotationApplication.MYSQL_ROTATION_SINGLE_USER, // MySQL single user scheme
Secret = mySecret,
Target = myDatabase, // a Connectable
Vpc = myVpc, // The VPC where the secret rotation application will be deployed
ExcludeCharacters = " %+:;{}"
});Remarks
ExampleMetadata: infused
Constructors
SecretRotationProps()
public SecretRotationProps()Properties
Application
The serverless application for the rotation.
public SecretRotationApplication Application { get; set; }Property Value
AutomaticallyAfter
Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
public Duration? AutomaticallyAfter { get; set; }Property Value
- Duration
Remarks
Default: Duration.days(30)
Endpoint
public IInterfaceVpcEndpoint? Endpoint { get; set; }Property Value
- IInterfaceVpcEndpoint
ExcludeCharacters
Characters which should not appear in the generated password.
public string? ExcludeCharacters { get; set; }Property Value
Remarks
Default: - no additional characters are explicitly excluded
MasterSecret
The master secret for a multi user rotation scheme.
public ISecret? MasterSecret { get; set; }Property Value
Remarks
Default: - single user rotation scheme
Secret
The secret to rotate. It must be a JSON string with the following format:.
public ISecret Secret { get; set; }Property Value
Remarks
{
"engine": <required: database engine>,
"host": <required: instance host name>,
"username": <required: username>,
"password": <required: password>,
"dbname": <optional: database name>,
"port": <optional: if not specified, default port will be used>,
"masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment
or an ISecret returned by the attach() method of Secret.
SecurityGroup
The security group for the Lambda rotation function.
public ISecurityGroup? SecurityGroup { get; set; }Property Value
- ISecurityGroup
Remarks
Default: - a new security group is created
Target
The target service or database.
public IConnectable Target { get; set; }Property Value
- IConnectable
Vpc
The VPC where the Lambda rotation function will run.
public IVpc Vpc { get; set; }Property Value
- IVpc
VpcSubnets
The type of subnets in the VPC where the Lambda rotation function will run.
public ISubnetSelection? VpcSubnets { get; set; }Property Value
- ISubnetSelection
Remarks
Default: - the Vpc default strategy if not specified.