Amazon Secrets Manager 数据库凭证密钥的 JSON 结构 - Amazon Secrets Manager
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

Amazon Secrets Manager 数据库凭证密钥的 JSON 结构

如果要在 Secret Manager 中为某个数据库凭证密钥启用自动轮换,则该密钥必须为正确的 JSON 结构。在轮替期间,Secrets Manager 会使用密钥中的信息连接到数据库并更新其中的凭证。当您使用 Amazon CLI 或者某个 SDK 来存储某个密钥时,该密钥必须为以下结构中的一种。当您使用控制台来存储某个数据库密钥时,Secrets Manager 会自动以正确的 JSON 结构创建该密钥。

您可以向数据库密钥添加更多的键值对,以包含(例如)其他区域中副本数据库的连接信息。

Amazon RDS MariaDB 密钥结构

{ "engine": "mariadb", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 3306>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon RDS MySQL 密钥结构

{ "engine": "mysql", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 3306>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon RDS Oracle 密钥结构

{ "engine": "oracle", "host": "<required: instance host name/resolvable DNS name>", "username": "<required: username>", "password": "<required: password>", "dbname": "<required: database name>", "port": "<optional: TCP port number. If not specified, defaults to 1521>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon RDS PostgreSQL 密钥结构

{ "engine": "postgres", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'postgres'>", "port": "<TCP port number. If not specified, defaults to 5432>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon RDS Microsoft SQLServer 密钥结构

{ "engine": "sqlserver", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to 'master'>", "port": "<TCP port number. If not specified, defaults to 1433>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon DocumentDB 密钥结构

{ "engine": "mongo", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 27017>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"

Amazon Redshift 密钥结构

{ "engine": "redshift", "host": "<instance host name/resolvable DNS name>", "username": "<username>", "password": "<password>", "dbname": "<database name. If not specified, defaults to None>", "port": "<TCP port number. If not specified, defaults to 5439>" }

要使用 轮换策略:交替用户,则还需要包含名称-值对:

"masterarn": "<the ARN of the elevated secret>"