Amazon Secrets Manager 数据库凭证密钥的 JSON 结构
如果要在 Secret Manager 中为某个数据库凭证密钥启用自动轮换,则该密钥必须为正确的 JSON 结构。在轮替期间,Secrets Manager 会使用密钥中的信息连接到数据库并更新其中的凭证。当您使用 Amazon CLI 或者某个 SDK 来存储某个密钥时,该密钥必须为以下结构中的一种。当您使用控制台来存储某个数据库密钥时,Secrets Manager 会自动以正确的 JSON 结构创建该密钥。
主题
Amazon RDS MariaDB 密钥结构
{ "engine": "mariadb", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port": "<TCP port number. If not specified, defaults to 3306>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon RDS MySQL 密钥结构
{ "engine": "mysql", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port": "<TCP port number. If not specified, defaults to 3306>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon RDS Oracle 密钥结构
{ "engine": "oracle", "host": "
<required: instance host name/resolvable DNS name>
", "username": "<required: username>
", "password": "<required: password>
", "dbname": "<required: database name>
", "port": "<optional: TCP port number. If not specified, defaults to 1521>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon RDS PostgreSQL 密钥结构
{ "engine": "postgres", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'postgres'>
", "port": "<TCP port number. If not specified, defaults to 5432>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon RDS Microsoft SQLServer 密钥结构
{ "engine": "sqlserver", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to 'master'>
", "port": "<TCP port number. If not specified, defaults to 1433>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon DocumentDB 密钥结构
{ "engine": "mongo", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port": "<TCP port number. If not specified, defaults to 27017>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"
Amazon Redshift 密钥结构
{ "engine": "redshift", "host": "
<instance host name/resolvable DNS name>
", "username": "<username>
", "password": "<password>
", "dbname": "<database name. If not specified, defaults to None>
", "port": "<TCP port number. If not specified, defaults to 5439>
" }
要使用 交替用户轮换策略,则还需要包含名称-值对:
"masterarn": "
<the ARN of the elevated secret>
"