Amazon Secrets Manager 密钥的 JSON 结构 - Amazon Secrets Manager
Amazon RDS MariaDB 密钥结构Amazon RDS MySQL 密钥结构Amazon RDS Oracle 密钥结构Amazon RDS PostgreSQL 密钥结构Amazon RDS Microsoft SQLServer 密钥结构Amazon DocumentDB 密钥结构Amazon Redshift 密钥结构Amazon ElastiCache 密钥结构
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon Secrets Manager 密钥的 JSON 结构

如果要为 Secrets Manager 密钥启用自动轮换,则它必须使用正确的 JSON 结构。在轮替期间,Secrets Manager 会使用密钥中的信息连接到凭证源并更新其中的凭证。

请注意,当您使用控制台来存储某个数据库密钥时,Secrets Manager 会自动以正确的 JSON 结构创建该密钥。

您可以向密钥添加更多键值对(例如在数据库密钥中),以包含其他区域中副本数据库的连接信息。

Amazon RDS MariaDB 密钥结构

{
    "engine": "mariadb",
    "host": "<instance host name/resolvable DNS name>",
    "username": "<username>",
    "password": "<password>",
    "dbname": "<database name. If not specified, defaults to None>",
    "port": "<TCP port number. If not specified, defaults to 3306>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon RDS MySQL 密钥结构

{
  "engine": "mysql",
  "host": "<instance host name/resolvable DNS name>",
  "username": "<username>",
  "password": "<password>",
  "dbname": "<database name. If not specified, defaults to None>",
  "port": "<TCP port number. If not specified, defaults to 3306>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon RDS Oracle 密钥结构

{
  "engine": "oracle",
  "host": "<required: instance host name/resolvable DNS name>",
  "username": "<required: username>",
  "password": "<required: password>",
  "dbname": "<required: database name>",
  "port": "<optional: TCP port number. If not specified, defaults to 1521>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon RDS PostgreSQL 密钥结构

{
  "engine": "postgres",
  "host": "<instance host name/resolvable DNS name>",
  "username": "<username>",
  "password": "<password>",
  "dbname": "<database name. If not specified, defaults to 'postgres'>",
  "port": "<TCP port number. If not specified, defaults to 5432>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon RDS Microsoft SQLServer 密钥结构

{
  "engine": "sqlserver",
  "host": "<instance host name/resolvable DNS name>",
  "username": "<username>",
  "password": "<password>",
  "dbname": "<database name. If not specified, defaults to 'master'>",
  "port": "<TCP port number. If not specified, defaults to 1433>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon DocumentDB 密钥结构

{
  "engine": "mongo",
  "host": "<instance host name/resolvable DNS name>",
  "username": "<username>",
  "password": "<password>",
  "dbname": "<database name. If not specified, defaults to None>",
  "port": "<TCP port number. If not specified, defaults to 27017>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon Redshift 密钥结构

{
  "engine": "redshift",
  "host": "<instance host name/resolvable DNS name>",
  "username": "<username>",
  "password": "<password>",
  "dbname": "<database name. If not specified, defaults to None>",
  "port": "<TCP port number. If not specified, defaults to 5439>"
}

要使用 轮换策略:交替用户,则还需要包含名称-值对:

    "masterarn": "<the ARN of the elevated secret>"

Amazon ElastiCache 密钥结构

{
  "password": "<password>",
  "username": "<username>" 
  "user_arn": "ARN of the Amazon EC2 user"
}

有关更多信息,请参阅《Amazon ElastiCache 用户指南》中的为用户自动轮换密码