本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon Secrets Manager 密钥的 JSON 结构
您可以在 Secrets Manager 密钥中存储任何文本或二进制数据。如果要为 Secrets Manager 密钥启用自动轮换,则它必须使用正确的 JSON 结构。在轮替期间,Secrets Manager 会使用密钥中的信息连接到凭证源并更新其中的凭证。JSON 密钥名称区分大小写。
请注意,当您使用控制台来存储某个数据库密钥时,Secrets Manager 会自动以正确的 JSON 结构创建该密钥。
您可以向密钥添加更多键值对(例如在数据库密钥中),以包含其他区域中副本数据库的连接信息。
主题
Amazon RDS Db2 秘密结构
对于 Amazon RDS Db2 实例,由于用户无法更改自己的密码,因此您必须在单独的秘密中提供管理员凭证。
{ "engine": "db2", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 3306>, "masterarn": "<the ARN of the elevated secret>" }
Amazon RDS MariaDB 密钥结构
{ "engine": "mariadb", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 3306>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "mariadb", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 3306>, "masterarn": "<the ARN of the elevated secret>" }
Amazon RDS 和 Amazon Aurora MySQL 秘密结构
{ "engine": "mysql", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 3306>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "mysql", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 3306>, "masterarn": "<the ARN of the elevated secret>" }
Amazon RDS Oracle 密钥结构
{ "engine": "oracle", "host": "<required: instance host name/resolvable DNS name>", "username": "<required: username>", "password": "<required: password>", "dbname": "<required: database name>", "port":<optional: TCP port number. If not specified, defaults to 1521>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "oracle", "host": "<required: instance host name/resolvable DNS name>", "username": "<required: username>", "password": "<required: password>", "dbname": "<required: database name>", "port":<optional: TCP port number. If not specified, defaults to 1521>, "masterarn": "<the ARN of the elevated secret>" }
Amazon RDS 和 Amazon Aurora PostgreSQL 秘密结构
{ "engine": "postgres", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'postgres'>", "port":<TCP port number. If not specified, defaults to 5432>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "postgres", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'postgres'>", "port":<TCP port number. If not specified, defaults to 5432>, "masterarn": "<the ARN of the elevated secret>" }
Amazon RDS Microsoft SQLServer 密钥结构
{ "engine": "sqlserver", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'master'>", "port":<TCP port number. If not specified, defaults to 1433>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "sqlserver", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'master'>", "port":<TCP port number. If not specified, defaults to 1433>, "masterarn": "<the ARN of the elevated secret>" }
Amazon DocumentDB 密钥结构
{ "engine": "mongo", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 27017>, "ssl":<true|false. If not specified, defaults to false>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "mongo", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 27017>, "masterarn": "<the ARN of the elevated secret>", "ssl":<true|false. If not specified, defaults to false>}
Amazon Redshift 密钥结构
{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 5439>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port":<TCP port number. If not specified, defaults to 5439>, "masterarn": "<the ARN of the elevated secret>" }
亚马逊 Redshift 无服务器秘密结构
{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "namespaceName":<namespace name>, "port":<TCP port number. If not specified, defaults to 5439>}
要使用轮换策略:交替用户,您需要masterarn为包含管理员或超级用户凭据的密钥添加。
{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "namespaceName":<namespace name>, "port":<TCP port number. If not specified, defaults to 5439>, "masterarn": "<the ARN of the elevated secret>" }
亚马逊的 ElastiCache 秘密结构
{ "password": "<password>", "username": "<username>" "user_arn": "ARN of the Amazon EC2 user" }
有关更多信息,请参阅 Amazon 用户指南中的自动轮换 ElastiCache 用户密码。