Class SecretTargetAttachment
- Namespace
- Amazon.CDK.AWS.SecretsManager
- Assembly
- Amazon.CDK.AWS.SecretsManager.dll
An attached secret.
public class SecretTargetAttachment : Resource, ISecretTargetAttachment, ISecret, IResource, IConstruct, IConstruct, IDependable- Inheritance
-
SecretTargetAttachment
- Implements
-
IResourceIConstructIConstructIDependable
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SecretsManager;
Secret secret;
ISecretAttachmentTarget secretAttachmentTarget;
var secretTargetAttachment = new SecretTargetAttachment(this, "MySecretTargetAttachment", new SecretTargetAttachmentProps {
Secret = secret,
Target = secretAttachmentTarget
});Remarks
ExampleMetadata: fixture=_generated
Constructors
SecretTargetAttachment(Construct, string, ISecretTargetAttachmentProps)
public SecretTargetAttachment(Construct scope, string id, ISecretTargetAttachmentProps props)Parameters
scopeConstructidstringpropsISecretTargetAttachmentProps
Properties
ArnForPolicies
Provides an identifier for this secret for use in IAM policies.
protected virtual string ArnForPolicies { get; }Property Value
Remarks
If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.
AutoCreatePolicy
protected virtual bool AutoCreatePolicy { get; }Property Value
EncryptionKey
The customer-managed encryption key that is used to encrypt this secret, if any.
public virtual IKey? EncryptionKey { get; }Property Value
- IKey
Remarks
When not specified, the default KMS key for the account and region is being used.
SecretArn
The ARN of the secret in AWS Secrets Manager.
public virtual string SecretArn { get; }Property Value
Remarks
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated fromSecretName, it will return the secretName.
SecretFullArn
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
public virtual string? SecretFullArn { get; }Property Value
Remarks
This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
SecretName
The name of the secret.
public virtual string SecretName { get; }Property Value
Remarks
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
SecretTargetAttachmentSecretArn
Same as secretArn.
public virtual string SecretTargetAttachmentSecretArn { get; }Property Value
Remarks
Attribute: true
SecretValue
Retrieve the value of the stored secret as a SecretValue.
public virtual SecretValue SecretValue { get; }Property Value
- SecretValue
Methods
AddRotationSchedule(string, IRotationScheduleOptions)
Adds a rotation schedule to the secret.
public virtual RotationSchedule AddRotationSchedule(string id, IRotationScheduleOptions options)Parameters
idstringoptionsIRotationScheduleOptions
Returns
AddToResourcePolicy(PolicyStatement)
Adds a statement to the IAM resource policy associated with this secret.
public virtual IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement)Parameters
statementPolicyStatement
Returns
- IAddToResourcePolicyResult
Remarks
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to addToResourcePolicy. If
the secret is imported, then this is a no-op.
Attach(ISecretAttachmentTarget)
Attach a target to this secret.
public virtual ISecret Attach(ISecretAttachmentTarget target)Parameters
targetISecretAttachmentTargetThe target to attach.
Returns
- ISecret
An attached secret
DenyAccountRootDelete()
Denies the DeleteSecret action to all principals within the current account.
public virtual void DenyAccountRootDelete()FromSecretTargetAttachmentSecretArn(Construct, string, string)
public static ISecretTargetAttachment FromSecretTargetAttachmentSecretArn(Construct scope, string id, string secretTargetAttachmentSecretArn)Parameters
Returns
GrantRead(IGrantable, string[]?)
Grants reading the secret value to some role.
public virtual Grant GrantRead(IGrantable grantee, string[]? versionStages = null)Parameters
granteeIGrantableversionStagesstring[]
Returns
- Grant
GrantWrite(IGrantable)
Grants writing and updating the secret value to some role.
public virtual Grant GrantWrite(IGrantable grantee)Parameters
granteeIGrantable
Returns
- Grant
SecretValueFromJson(string)
Interpret the secret as a JSON object and return a field's value from it as a SecretValue.
public virtual SecretValue SecretValueFromJson(string jsonField)Parameters
jsonFieldstring
Returns
- SecretValue
Validate()
Validate the current construct.
protected override string[] Validate()Returns
- string[]
Remarks
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.