Class SecretRotationProps
Construction properties for a SecretRotation.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.SecretsManager
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class SecretRotationProps : Object, ISecretRotationProps
Syntax (vb)
Public Class SecretRotationProps
Inherits Object
Implements ISecretRotationProps
Remarks
ExampleMetadata: infused
Examples
Secret myUserSecret;
Secret myMasterSecret;
IConnectable myDatabase;
Vpc myVpc;
new SecretRotation(this, "SecretRotation", new SecretRotationProps {
Application = SecretRotationApplication.MYSQL_ROTATION_MULTI_USER,
Secret = myUserSecret, // The secret that will be rotated
MasterSecret = myMasterSecret, // The secret used for the rotation
Target = myDatabase,
Vpc = myVpc
});
Synopsis
Constructors
SecretRotationProps() |
Properties
Application | The serverless application for the rotation. |
AutomaticallyAfter | Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. |
Endpoint | |
ExcludeCharacters | Characters which should not appear in the generated password. |
MasterSecret | The master secret for a multi user rotation scheme. |
RotateImmediatelyOnUpdate | Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. |
Secret | The secret to rotate. It must be a JSON string with the following format:. |
SecurityGroup | The security group for the Lambda rotation function. |
Target | The target service or database. |
Vpc | The VPC where the Lambda rotation function will run. |
VpcSubnets | The type of subnets in the VPC where the Lambda rotation function will run. |
Constructors
SecretRotationProps()
public SecretRotationProps()
Properties
Application
The serverless application for the rotation.
public SecretRotationApplication Application { get; set; }
Property Value
AutomaticallyAfter
Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
public Duration AutomaticallyAfter { get; set; }
Property Value
Remarks
Default: Duration.days(30)
Endpoint
ExcludeCharacters
Characters which should not appear in the generated password.
public string ExcludeCharacters { get; set; }
Property Value
System.String
Remarks
Default: - no additional characters are explicitly excluded
MasterSecret
The master secret for a multi user rotation scheme.
public ISecret MasterSecret { get; set; }
Property Value
Remarks
Default: - single user rotation scheme
RotateImmediatelyOnUpdate
Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
public Nullable<bool> RotateImmediatelyOnUpdate { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
Secret
The secret to rotate. It must be a JSON string with the following format:.
public ISecret Secret { get; set; }
Property Value
Remarks
{
"engine": <required: database engine>,
"host": <required: instance host name>,
"username": <required: username>,
"password": <required: password>,
"dbname": <optional: database name>,
"port": <optional: if not specified, default port will be used>,
"masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}
This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment
or an ISecret
returned by the attach()
method of Secret
.
SecurityGroup
The security group for the Lambda rotation function.
public ISecurityGroup SecurityGroup { get; set; }
Property Value
Remarks
Default: - a new security group is created
Target
The target service or database.
public IConnectable Target { get; set; }
Property Value
Vpc
The VPC where the Lambda rotation function will run.
public IVpc Vpc { get; set; }
Property Value
VpcSubnets
The type of subnets in the VPC where the Lambda rotation function will run.
public ISubnetSelection VpcSubnets { get; set; }
Property Value
Remarks
Default: - the Vpc default strategy if not specified.