Documentation ¶
Index ¶
- func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string
- func CfnResourcePolicy_IsCfnElement(x interface{}) *bool
- func CfnResourcePolicy_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnResourcePolicy_IsConstruct(x interface{}) *bool
- func CfnRotationSchedule_CFN_RESOURCE_TYPE_NAME() *string
- func CfnRotationSchedule_IsCfnElement(x interface{}) *bool
- func CfnRotationSchedule_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnRotationSchedule_IsConstruct(x interface{}) *bool
- func CfnSecretTargetAttachment_CFN_RESOURCE_TYPE_NAME() *string
- func CfnSecretTargetAttachment_IsCfnElement(x interface{}) *bool
- func CfnSecretTargetAttachment_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnSecretTargetAttachment_IsConstruct(x interface{}) *bool
- func CfnSecret_CFN_RESOURCE_TYPE_NAME() *string
- func CfnSecret_IsCfnElement(x interface{}) *bool
- func CfnSecret_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnSecret_IsConstruct(x interface{}) *bool
- func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope constructs.Construct, id *string, ...)
- func NewCfnRotationSchedule_Override(c CfnRotationSchedule, scope constructs.Construct, id *string, ...)
- func NewCfnSecretTargetAttachment_Override(c CfnSecretTargetAttachment, scope constructs.Construct, id *string, ...)
- func NewCfnSecret_Override(c CfnSecret, scope constructs.Construct, id *string, props *CfnSecretProps)
- func NewResourcePolicy_Override(r ResourcePolicy, scope constructs.Construct, id *string, ...)
- func NewRotationSchedule_Override(r RotationSchedule, scope constructs.Construct, id *string, ...)
- func NewSecretRotationApplication_Override(s SecretRotationApplication, applicationId *string, semanticVersion *string, ...)
- func NewSecretRotation_Override(s SecretRotation, scope constructs.Construct, id *string, ...)
- func NewSecretTargetAttachment_Override(s SecretTargetAttachment, scope constructs.Construct, id *string, ...)
- func NewSecret_Override(s Secret, scope constructs.Construct, id *string, props *SecretProps)
- func ResourcePolicy_IsConstruct(x interface{}) *bool
- func ResourcePolicy_IsResource(construct constructs.IConstruct) *bool
- func RotationSchedule_IsConstruct(x interface{}) *bool
- func RotationSchedule_IsResource(construct constructs.IConstruct) *bool
- func SecretRotation_IsConstruct(x interface{}) *bool
- func SecretTargetAttachment_IsConstruct(x interface{}) *bool
- func SecretTargetAttachment_IsResource(construct constructs.IConstruct) *bool
- func Secret_IsConstruct(x interface{}) *bool
- func Secret_IsResource(construct constructs.IConstruct) *bool
- type AttachmentTargetType
- type CfnResourcePolicy
- type CfnResourcePolicyProps
- type CfnRotationSchedule
- type CfnRotationScheduleProps
- type CfnRotationSchedule_HostedRotationLambdaProperty
- type CfnRotationSchedule_RotationRulesProperty
- type CfnSecret
- type CfnSecretProps
- type CfnSecretTargetAttachment
- type CfnSecretTargetAttachmentProps
- type CfnSecret_GenerateSecretStringProperty
- type CfnSecret_ReplicaRegionProperty
- type HostedRotation
- func HostedRotation_MariaDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_MariaDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_MongoDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_MongoDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_MysqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_MysqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_OracleMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_OracleSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_PostgreSqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_PostgreSqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_RedshiftMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_RedshiftSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- func HostedRotation_SqlServerMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
- func HostedRotation_SqlServerSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
- type HostedRotationType
- func HostedRotationType_MARIADB_MULTI_USER() HostedRotationType
- func HostedRotationType_MARIADB_SINGLE_USER() HostedRotationType
- func HostedRotationType_MONGODB_MULTI_USER() HostedRotationType
- func HostedRotationType_MONGODB_SINGLE_USER() HostedRotationType
- func HostedRotationType_MYSQL_MULTI_USER() HostedRotationType
- func HostedRotationType_MYSQL_SINGLE_USER() HostedRotationType
- func HostedRotationType_ORACLE_MULTI_USER() HostedRotationType
- func HostedRotationType_ORACLE_SINGLE_USER() HostedRotationType
- func HostedRotationType_POSTGRESQL_MULTI_USER() HostedRotationType
- func HostedRotationType_POSTGRESQL_SINGLE_USER() HostedRotationType
- func HostedRotationType_REDSHIFT_MULTI_USER() HostedRotationType
- func HostedRotationType_REDSHIFT_SINGLE_USER() HostedRotationType
- func HostedRotationType_SQLSERVER_MULTI_USER() HostedRotationType
- func HostedRotationType_SQLSERVER_SINGLE_USER() HostedRotationType
- type ISecret
- func Secret_FromSecretAttributes(scope constructs.Construct, id *string, attrs *SecretAttributes) ISecret
- func Secret_FromSecretCompleteArn(scope constructs.Construct, id *string, secretCompleteArn *string) ISecret
- func Secret_FromSecretNameV2(scope constructs.Construct, id *string, secretName *string) ISecret
- func Secret_FromSecretPartialArn(scope constructs.Construct, id *string, secretPartialArn *string) ISecret
- type ISecretAttachmentTarget
- type ISecretTargetAttachment
- type MultiUserHostedRotationOptions
- type ReplicaRegion
- type ResourcePolicy
- type ResourcePolicyProps
- type RotationSchedule
- type RotationScheduleOptions
- type RotationScheduleProps
- type Secret
- type SecretAttachmentTargetProps
- type SecretAttributes
- type SecretProps
- type SecretRotation
- type SecretRotationApplication
- func NewSecretRotationApplication(applicationId *string, semanticVersion *string, ...) SecretRotationApplication
- func SecretRotationApplication_MARIADB_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_MARIADB_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_MONGODB_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_MONGODB_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_MYSQL_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_MYSQL_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_ORACLE_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_ORACLE_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_POSTGRES_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_POSTGRES_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_REDSHIFT_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_REDSHIFT_ROTATION_SINGLE_USER() SecretRotationApplication
- func SecretRotationApplication_SQLSERVER_ROTATION_MULTI_USER() SecretRotationApplication
- func SecretRotationApplication_SQLSERVER_ROTATION_SINGLE_USER() SecretRotationApplication
- type SecretRotationApplicationOptions
- type SecretRotationProps
- type SecretStringGenerator
- type SecretTargetAttachment
- type SecretTargetAttachmentProps
- type SingleUserHostedRotationOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME ¶
func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string
func CfnResourcePolicy_IsCfnElement ¶
func CfnResourcePolicy_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnResourcePolicy_IsCfnResource ¶
func CfnResourcePolicy_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnResourcePolicy_IsConstruct ¶
func CfnResourcePolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnRotationSchedule_CFN_RESOURCE_TYPE_NAME ¶
func CfnRotationSchedule_CFN_RESOURCE_TYPE_NAME() *string
func CfnRotationSchedule_IsCfnElement ¶
func CfnRotationSchedule_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnRotationSchedule_IsCfnResource ¶
func CfnRotationSchedule_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnRotationSchedule_IsConstruct ¶
func CfnRotationSchedule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnSecretTargetAttachment_CFN_RESOURCE_TYPE_NAME ¶
func CfnSecretTargetAttachment_CFN_RESOURCE_TYPE_NAME() *string
func CfnSecretTargetAttachment_IsCfnElement ¶
func CfnSecretTargetAttachment_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnSecretTargetAttachment_IsCfnResource ¶
func CfnSecretTargetAttachment_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnSecretTargetAttachment_IsConstruct ¶
func CfnSecretTargetAttachment_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnSecret_CFN_RESOURCE_TYPE_NAME ¶
func CfnSecret_CFN_RESOURCE_TYPE_NAME() *string
func CfnSecret_IsCfnElement ¶
func CfnSecret_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnSecret_IsCfnResource ¶
func CfnSecret_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnSecret_IsConstruct ¶
func CfnSecret_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func NewCfnResourcePolicy_Override ¶
func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope constructs.Construct, id *string, props *CfnResourcePolicyProps)
Create a new `AWS::SecretsManager::ResourcePolicy`.
func NewCfnRotationSchedule_Override ¶
func NewCfnRotationSchedule_Override(c CfnRotationSchedule, scope constructs.Construct, id *string, props *CfnRotationScheduleProps)
Create a new `AWS::SecretsManager::RotationSchedule`.
func NewCfnSecretTargetAttachment_Override ¶
func NewCfnSecretTargetAttachment_Override(c CfnSecretTargetAttachment, scope constructs.Construct, id *string, props *CfnSecretTargetAttachmentProps)
Create a new `AWS::SecretsManager::SecretTargetAttachment`.
func NewCfnSecret_Override ¶
func NewCfnSecret_Override(c CfnSecret, scope constructs.Construct, id *string, props *CfnSecretProps)
Create a new `AWS::SecretsManager::Secret`.
func NewResourcePolicy_Override ¶
func NewResourcePolicy_Override(r ResourcePolicy, scope constructs.Construct, id *string, props *ResourcePolicyProps)
Experimental.
func NewRotationSchedule_Override ¶
func NewRotationSchedule_Override(r RotationSchedule, scope constructs.Construct, id *string, props *RotationScheduleProps)
Experimental.
func NewSecretRotationApplication_Override ¶
func NewSecretRotationApplication_Override(s SecretRotationApplication, applicationId *string, semanticVersion *string, options *SecretRotationApplicationOptions)
Experimental.
func NewSecretRotation_Override ¶
func NewSecretRotation_Override(s SecretRotation, scope constructs.Construct, id *string, props *SecretRotationProps)
Experimental.
func NewSecretTargetAttachment_Override ¶
func NewSecretTargetAttachment_Override(s SecretTargetAttachment, scope constructs.Construct, id *string, props *SecretTargetAttachmentProps)
Experimental.
func NewSecret_Override ¶
func NewSecret_Override(s Secret, scope constructs.Construct, id *string, props *SecretProps)
Experimental.
func ResourcePolicy_IsConstruct ¶
func ResourcePolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func ResourcePolicy_IsResource ¶
func ResourcePolicy_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func RotationSchedule_IsConstruct ¶
func RotationSchedule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func RotationSchedule_IsResource ¶
func RotationSchedule_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func SecretRotation_IsConstruct ¶
func SecretRotation_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func SecretTargetAttachment_IsConstruct ¶
func SecretTargetAttachment_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func SecretTargetAttachment_IsResource ¶
func SecretTargetAttachment_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Secret_IsConstruct ¶
func Secret_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Secret_IsResource ¶
func Secret_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
Types ¶
type AttachmentTargetType ¶
type AttachmentTargetType string
The type of service or database that's being associated with the secret. Experimental.
const ( AttachmentTargetType_INSTANCE AttachmentTargetType = "INSTANCE" AttachmentTargetType_CLUSTER AttachmentTargetType = "CLUSTER" AttachmentTargetType_RDS_DB_PROXY AttachmentTargetType = "RDS_DB_PROXY" AttachmentTargetType_REDSHIFT_CLUSTER AttachmentTargetType = "REDSHIFT_CLUSTER" AttachmentTargetType_DOCDB_DB_INSTANCE AttachmentTargetType = "DOCDB_DB_INSTANCE" AttachmentTargetType_DOCDB_DB_CLUSTER AttachmentTargetType = "DOCDB_DB_CLUSTER" )
type CfnResourcePolicy ¶
type CfnResourcePolicy interface { awscdk.CfnResource awscdk.IInspectable BlockPublicPolicy() interface{} SetBlockPublicPolicy(val interface{}) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string ResourcePolicy() interface{} SetResourcePolicy(val interface{}) SecretId() *string SetSecretId(val *string) Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::SecretsManager::ResourcePolicy`.
func NewCfnResourcePolicy ¶
func NewCfnResourcePolicy(scope constructs.Construct, id *string, props *CfnResourcePolicyProps) CfnResourcePolicy
Create a new `AWS::SecretsManager::ResourcePolicy`.
type CfnResourcePolicyProps ¶
type CfnResourcePolicyProps struct { // `AWS::SecretsManager::ResourcePolicy.ResourcePolicy`. ResourcePolicy interface{} `json:"resourcePolicy"` // `AWS::SecretsManager::ResourcePolicy.SecretId`. SecretId *string `json:"secretId"` // `AWS::SecretsManager::ResourcePolicy.BlockPublicPolicy`. BlockPublicPolicy interface{} `json:"blockPublicPolicy"` }
Properties for defining a `AWS::SecretsManager::ResourcePolicy`.
type CfnRotationSchedule ¶
type CfnRotationSchedule interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string HostedRotationLambda() interface{} SetHostedRotationLambda(val interface{}) LogicalId() *string Node() constructs.Node Ref() *string RotationLambdaArn() *string SetRotationLambdaArn(val *string) RotationRules() interface{} SetRotationRules(val interface{}) SecretId() *string SetSecretId(val *string) Stack() awscdk.Stack UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::SecretsManager::RotationSchedule`.
func NewCfnRotationSchedule ¶
func NewCfnRotationSchedule(scope constructs.Construct, id *string, props *CfnRotationScheduleProps) CfnRotationSchedule
Create a new `AWS::SecretsManager::RotationSchedule`.
type CfnRotationScheduleProps ¶
type CfnRotationScheduleProps struct { // `AWS::SecretsManager::RotationSchedule.SecretId`. SecretId *string `json:"secretId"` // `AWS::SecretsManager::RotationSchedule.HostedRotationLambda`. HostedRotationLambda interface{} `json:"hostedRotationLambda"` // `AWS::SecretsManager::RotationSchedule.RotationLambdaARN`. RotationLambdaArn *string `json:"rotationLambdaArn"` // `AWS::SecretsManager::RotationSchedule.RotationRules`. RotationRules interface{} `json:"rotationRules"` }
Properties for defining a `AWS::SecretsManager::RotationSchedule`.
type CfnRotationSchedule_HostedRotationLambdaProperty ¶
type CfnRotationSchedule_HostedRotationLambdaProperty struct { // `CfnRotationSchedule.HostedRotationLambdaProperty.RotationType`. RotationType *string `json:"rotationType"` // `CfnRotationSchedule.HostedRotationLambdaProperty.KmsKeyArn`. KmsKeyArn *string `json:"kmsKeyArn"` // `CfnRotationSchedule.HostedRotationLambdaProperty.MasterSecretArn`. MasterSecretArn *string `json:"masterSecretArn"` // `CfnRotationSchedule.HostedRotationLambdaProperty.MasterSecretKmsKeyArn`. MasterSecretKmsKeyArn *string `json:"masterSecretKmsKeyArn"` // `CfnRotationSchedule.HostedRotationLambdaProperty.RotationLambdaName`. RotationLambdaName *string `json:"rotationLambdaName"` // `CfnRotationSchedule.HostedRotationLambdaProperty.VpcSecurityGroupIds`. VpcSecurityGroupIds *string `json:"vpcSecurityGroupIds"` // `CfnRotationSchedule.HostedRotationLambdaProperty.VpcSubnetIds`. VpcSubnetIds *string `json:"vpcSubnetIds"` }
type CfnRotationSchedule_RotationRulesProperty ¶
type CfnRotationSchedule_RotationRulesProperty struct { // `CfnRotationSchedule.RotationRulesProperty.AutomaticallyAfterDays`. AutomaticallyAfterDays *float64 `json:"automaticallyAfterDays"` }
type CfnSecret ¶
type CfnSecret interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Description() *string SetDescription(val *string) GenerateSecretString() interface{} SetGenerateSecretString(val interface{}) KmsKeyId() *string SetKmsKeyId(val *string) LogicalId() *string Name() *string SetName(val *string) Node() constructs.Node Ref() *string ReplicaRegions() interface{} SetReplicaRegions(val interface{}) SecretString() *string SetSecretString(val *string) Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::SecretsManager::Secret`.
func NewCfnSecret ¶
func NewCfnSecret(scope constructs.Construct, id *string, props *CfnSecretProps) CfnSecret
Create a new `AWS::SecretsManager::Secret`.
type CfnSecretProps ¶
type CfnSecretProps struct { // `AWS::SecretsManager::Secret.Description`. Description *string `json:"description"` // `AWS::SecretsManager::Secret.GenerateSecretString`. GenerateSecretString interface{} `json:"generateSecretString"` // `AWS::SecretsManager::Secret.KmsKeyId`. KmsKeyId *string `json:"kmsKeyId"` // `AWS::SecretsManager::Secret.Name`. Name *string `json:"name"` // `AWS::SecretsManager::Secret.ReplicaRegions`. ReplicaRegions interface{} `json:"replicaRegions"` // `AWS::SecretsManager::Secret.SecretString`. SecretString *string `json:"secretString"` // `AWS::SecretsManager::Secret.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::SecretsManager::Secret`.
type CfnSecretTargetAttachment ¶
type CfnSecretTargetAttachment interface { awscdk.CfnResource awscdk.IInspectable CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string SecretId() *string SetSecretId(val *string) Stack() awscdk.Stack TargetId() *string SetTargetId(val *string) TargetType() *string SetTargetType(val *string) UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::SecretsManager::SecretTargetAttachment`.
func NewCfnSecretTargetAttachment ¶
func NewCfnSecretTargetAttachment(scope constructs.Construct, id *string, props *CfnSecretTargetAttachmentProps) CfnSecretTargetAttachment
Create a new `AWS::SecretsManager::SecretTargetAttachment`.
type CfnSecretTargetAttachmentProps ¶
type CfnSecretTargetAttachmentProps struct { // `AWS::SecretsManager::SecretTargetAttachment.SecretId`. SecretId *string `json:"secretId"` // `AWS::SecretsManager::SecretTargetAttachment.TargetId`. TargetId *string `json:"targetId"` // `AWS::SecretsManager::SecretTargetAttachment.TargetType`. TargetType *string `json:"targetType"` }
Properties for defining a `AWS::SecretsManager::SecretTargetAttachment`.
type CfnSecret_GenerateSecretStringProperty ¶
type CfnSecret_GenerateSecretStringProperty struct { // `CfnSecret.GenerateSecretStringProperty.ExcludeCharacters`. ExcludeCharacters *string `json:"excludeCharacters"` // `CfnSecret.GenerateSecretStringProperty.ExcludeLowercase`. ExcludeLowercase interface{} `json:"excludeLowercase"` // `CfnSecret.GenerateSecretStringProperty.ExcludeNumbers`. ExcludeNumbers interface{} `json:"excludeNumbers"` // `CfnSecret.GenerateSecretStringProperty.ExcludePunctuation`. ExcludePunctuation interface{} `json:"excludePunctuation"` // `CfnSecret.GenerateSecretStringProperty.ExcludeUppercase`. ExcludeUppercase interface{} `json:"excludeUppercase"` // `CfnSecret.GenerateSecretStringProperty.GenerateStringKey`. GenerateStringKey *string `json:"generateStringKey"` // `CfnSecret.GenerateSecretStringProperty.IncludeSpace`. IncludeSpace interface{} `json:"includeSpace"` // `CfnSecret.GenerateSecretStringProperty.PasswordLength`. PasswordLength *float64 `json:"passwordLength"` // `CfnSecret.GenerateSecretStringProperty.RequireEachIncludedType`. RequireEachIncludedType interface{} `json:"requireEachIncludedType"` // `CfnSecret.GenerateSecretStringProperty.SecretStringTemplate`. SecretStringTemplate *string `json:"secretStringTemplate"` }
type HostedRotation ¶
type HostedRotation interface { awsec2.IConnectable Connections() awsec2.Connections Bind(secret ISecret, scope constructs.Construct) *CfnRotationSchedule_HostedRotationLambdaProperty }
A hosted rotation. Experimental.
func HostedRotation_MariaDbMultiUser ¶
func HostedRotation_MariaDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
MariaDB Multi User. Experimental.
func HostedRotation_MariaDbSingleUser ¶
func HostedRotation_MariaDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
MariaDB Single User. Experimental.
func HostedRotation_MongoDbMultiUser ¶
func HostedRotation_MongoDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
MongoDB Multi User. Experimental.
func HostedRotation_MongoDbSingleUser ¶
func HostedRotation_MongoDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
MongoDB Single User. Experimental.
func HostedRotation_MysqlMultiUser ¶
func HostedRotation_MysqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
MySQL Multi User. Experimental.
func HostedRotation_MysqlSingleUser ¶
func HostedRotation_MysqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
MySQL Single User. Experimental.
func HostedRotation_OracleMultiUser ¶
func HostedRotation_OracleMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
Oracle Multi User. Experimental.
func HostedRotation_OracleSingleUser ¶
func HostedRotation_OracleSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
Oracle Single User. Experimental.
func HostedRotation_PostgreSqlMultiUser ¶
func HostedRotation_PostgreSqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
PostgreSQL Multi User. Experimental.
func HostedRotation_PostgreSqlSingleUser ¶
func HostedRotation_PostgreSqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
PostgreSQL Single User. Experimental.
func HostedRotation_RedshiftMultiUser ¶
func HostedRotation_RedshiftMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
Redshift Multi User. Experimental.
func HostedRotation_RedshiftSingleUser ¶
func HostedRotation_RedshiftSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
Redshift Single User. Experimental.
func HostedRotation_SqlServerMultiUser ¶
func HostedRotation_SqlServerMultiUser(options *MultiUserHostedRotationOptions) HostedRotation
SQL Server Multi User. Experimental.
func HostedRotation_SqlServerSingleUser ¶
func HostedRotation_SqlServerSingleUser(options *SingleUserHostedRotationOptions) HostedRotation
SQL Server Single User. Experimental.
type HostedRotationType ¶
Hosted rotation type. Experimental.
func HostedRotationType_MARIADB_MULTI_USER ¶
func HostedRotationType_MARIADB_MULTI_USER() HostedRotationType
func HostedRotationType_MARIADB_SINGLE_USER ¶
func HostedRotationType_MARIADB_SINGLE_USER() HostedRotationType
func HostedRotationType_MONGODB_MULTI_USER ¶
func HostedRotationType_MONGODB_MULTI_USER() HostedRotationType
func HostedRotationType_MONGODB_SINGLE_USER ¶
func HostedRotationType_MONGODB_SINGLE_USER() HostedRotationType
func HostedRotationType_MYSQL_MULTI_USER ¶
func HostedRotationType_MYSQL_MULTI_USER() HostedRotationType
func HostedRotationType_MYSQL_SINGLE_USER ¶
func HostedRotationType_MYSQL_SINGLE_USER() HostedRotationType
func HostedRotationType_ORACLE_MULTI_USER ¶
func HostedRotationType_ORACLE_MULTI_USER() HostedRotationType
func HostedRotationType_ORACLE_SINGLE_USER ¶
func HostedRotationType_ORACLE_SINGLE_USER() HostedRotationType
func HostedRotationType_POSTGRESQL_MULTI_USER ¶
func HostedRotationType_POSTGRESQL_MULTI_USER() HostedRotationType
func HostedRotationType_POSTGRESQL_SINGLE_USER ¶
func HostedRotationType_POSTGRESQL_SINGLE_USER() HostedRotationType
func HostedRotationType_REDSHIFT_MULTI_USER ¶
func HostedRotationType_REDSHIFT_MULTI_USER() HostedRotationType
func HostedRotationType_REDSHIFT_SINGLE_USER ¶
func HostedRotationType_REDSHIFT_SINGLE_USER() HostedRotationType
func HostedRotationType_SQLSERVER_MULTI_USER ¶
func HostedRotationType_SQLSERVER_MULTI_USER() HostedRotationType
func HostedRotationType_SQLSERVER_SINGLE_USER ¶
func HostedRotationType_SQLSERVER_SINGLE_USER() HostedRotationType
type ISecret ¶
type ISecret interface { awscdk.IResource // Adds a rotation schedule to the secret. // Experimental. AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule // Adds a statement to the IAM resource policy associated with this secret. // // If this secret was created in this stack, a resource policy will be // automatically created upon the first call to `addToResourcePolicy`. If // the secret is imported, then this is a no-op. // Experimental. AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult // Attach a target to this secret. // // Returns: An attached secret // Experimental. Attach(target ISecretAttachmentTarget) ISecret // Denies the `DeleteSecret` action to all principals within the current account. // Experimental. DenyAccountRootDelete() // Grants reading the secret value to some role. // Experimental. GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant // Grants writing and updating the secret value to some role. // Experimental. GrantWrite(grantee awsiam.IGrantable) awsiam.Grant // Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`. // Experimental. SecretValueFromJson(key *string) awscdk.SecretValue // The customer-managed encryption key that is used to encrypt this secret, if any. // // When not specified, the default // KMS key for the account and region is being used. // Experimental. EncryptionKey() awskms.IKey // The ARN of the secret in AWS Secrets Manager. // // Will return the full ARN if available, otherwise a partial arn. // For secrets imported by the deprecated `fromSecretName`, it will return the `secretName`. // Experimental. SecretArn() *string // The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix. // // This is equal to `secretArn` in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name). // Experimental. SecretFullArn() *string // The name of the secret. // // For "owned" secrets, this will be the full resource name (secret name + suffix), unless the // '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set. // Experimental. SecretName() *string // Retrieve the value of the stored secret as a `SecretValue`. // Experimental. SecretValue() awscdk.SecretValue }
A secret in AWS Secrets Manager. Experimental.
func Secret_FromSecretAttributes ¶
func Secret_FromSecretAttributes(scope constructs.Construct, id *string, attrs *SecretAttributes) ISecret
Import an existing secret into the Stack. Experimental.
func Secret_FromSecretCompleteArn ¶
func Secret_FromSecretCompleteArn(scope constructs.Construct, id *string, secretCompleteArn *string) ISecret
Imports a secret by complete ARN.
The complete ARN is the ARN with the Secrets Manager-supplied suffix. Experimental.
func Secret_FromSecretNameV2 ¶
Imports a secret by secret name.
A secret with this name must exist in the same account & region. Replaces the deprecated `fromSecretName`. Experimental.
func Secret_FromSecretPartialArn ¶
func Secret_FromSecretPartialArn(scope constructs.Construct, id *string, secretPartialArn *string) ISecret
Imports a secret by partial ARN.
The partial ARN is the ARN without the Secrets Manager-supplied suffix. Experimental.
type ISecretAttachmentTarget ¶
type ISecretAttachmentTarget interface { // Renders the target specifications. // Experimental. AsSecretAttachmentTarget() *SecretAttachmentTargetProps }
A secret attachment target. Experimental.
type ISecretTargetAttachment ¶
type ISecretTargetAttachment interface { ISecret // Same as `secretArn`. // Experimental. SecretTargetAttachmentSecretArn() *string }
Experimental.
func SecretTargetAttachment_FromSecretTargetAttachmentSecretArn ¶
func SecretTargetAttachment_FromSecretTargetAttachmentSecretArn(scope constructs.Construct, id *string, secretTargetAttachmentSecretArn *string) ISecretTargetAttachment
Experimental.
type MultiUserHostedRotationOptions ¶
type MultiUserHostedRotationOptions struct { // A name for the Lambda created to rotate the secret. // Experimental. FunctionName *string `json:"functionName"` // A list of security groups for the Lambda created to rotate the secret. // Experimental. SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"` // The VPC where the Lambda rotation function will run. // Experimental. Vpc awsec2.IVpc `json:"vpc"` // The type of subnets in the VPC where the Lambda rotation function will run. // Experimental. VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"` // The master secret for a multi user rotation scheme. // Experimental. MasterSecret ISecret `json:"masterSecret"` }
Multi user hosted rotation options. Experimental.
type ReplicaRegion ¶
type ReplicaRegion struct { // The name of the region. // Experimental. Region *string `json:"region"` // The customer-managed encryption key to use for encrypting the secret value. // Experimental. EncryptionKey awskms.IKey `json:"encryptionKey"` }
Secret replica region. Experimental.
type ResourcePolicy ¶
type ResourcePolicy interface { awscdk.Resource Document() awsiam.PolicyDocument Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
Secret Resource Policy. Experimental.
func NewResourcePolicy ¶
func NewResourcePolicy(scope constructs.Construct, id *string, props *ResourcePolicyProps) ResourcePolicy
Experimental.
type ResourcePolicyProps ¶
type ResourcePolicyProps struct { // The secret to attach a resource-based permissions policy. // Experimental. Secret ISecret `json:"secret"` }
Construction properties for a ResourcePolicy. Experimental.
type RotationSchedule ¶
type RotationSchedule interface { awscdk.Resource Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string Stack() awscdk.Stack ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string ToString() *string }
A rotation schedule. Experimental.
func NewRotationSchedule ¶
func NewRotationSchedule(scope constructs.Construct, id *string, props *RotationScheduleProps) RotationSchedule
Experimental.
type RotationScheduleOptions ¶
type RotationScheduleOptions struct { // Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. // Experimental. AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"` // Hosted rotation. // Experimental. HostedRotation HostedRotation `json:"hostedRotation"` // A Lambda function that can rotate the secret. // Experimental. RotationLambda awslambda.IFunction `json:"rotationLambda"` }
Options to add a rotation schedule to a secret. Experimental.
type RotationScheduleProps ¶
type RotationScheduleProps struct { // Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. // Experimental. AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"` // Hosted rotation. // Experimental. HostedRotation HostedRotation `json:"hostedRotation"` // A Lambda function that can rotate the secret. // Experimental. RotationLambda awslambda.IFunction `json:"rotationLambda"` // The secret to rotate. // // If hosted rotation is used, this must be a JSON string with the following format: // // “` // { // "engine": <required: database engine>, // "host": <required: instance host name>, // "username": <required: username>, // "password": <required: password>, // "dbname": <optional: database name>, // "port": <optional: if not specified, default port will be used>, // "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> // } // “` // // This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment` // or an `ISecret` returned by the `attach()` method of `Secret`. // Experimental. Secret ISecret `json:"secret"` }
Construction properties for a RotationSchedule. Experimental.
type Secret ¶
type Secret interface { awscdk.Resource ISecret ArnForPolicies() *string AutoCreatePolicy() *bool EncryptionKey() awskms.IKey Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string SecretArn() *string SecretFullArn() *string SecretName() *string SecretValue() awscdk.SecretValue Stack() awscdk.Stack AddReplicaRegion(region *string, encryptionKey awskms.IKey) AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) Attach(target ISecretAttachmentTarget) ISecret DenyAccountRootDelete() GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant GrantWrite(grantee awsiam.IGrantable) awsiam.Grant SecretValueFromJson(jsonField *string) awscdk.SecretValue ToString() *string }
Creates a new secret in AWS SecretsManager. Experimental.
func NewSecret ¶
func NewSecret(scope constructs.Construct, id *string, props *SecretProps) Secret
Experimental.
type SecretAttachmentTargetProps ¶
type SecretAttachmentTargetProps struct { // The id of the target to attach the secret to. // Experimental. TargetId *string `json:"targetId"` // The type of the target to attach the secret to. // Experimental. TargetType AttachmentTargetType `json:"targetType"` }
Attachment target specifications. Experimental.
type SecretAttributes ¶
type SecretAttributes struct { // The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used. // Experimental. EncryptionKey awskms.IKey `json:"encryptionKey"` // The complete ARN of the secret in SecretsManager. // // This is the ARN including the Secrets Manager 6-character suffix. // Cannot be used with `secretArn` or `secretPartialArn`. // Experimental. SecretCompleteArn *string `json:"secretCompleteArn"` // The partial ARN of the secret in SecretsManager. // // This is the ARN without the Secrets Manager 6-character suffix. // Cannot be used with `secretArn` or `secretCompleteArn`. // Experimental. SecretPartialArn *string `json:"secretPartialArn"` }
Attributes required to import an existing secret into the Stack.
One ARN format (`secretArn`, `secretCompleteArn`, `secretPartialArn`) must be provided. Experimental.
type SecretProps ¶
type SecretProps struct { // An optional, human-friendly description of the secret. // Experimental. Description *string `json:"description"` // The customer-managed encryption key to use for encrypting the secret value. // Experimental. EncryptionKey awskms.IKey `json:"encryptionKey"` // Configuration for how to generate a secret value. // Experimental. GenerateSecretString *SecretStringGenerator `json:"generateSecretString"` // Policy to apply when the secret is removed from this stack. // Experimental. RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"` // A list of regions where to replicate this secret. // Experimental. ReplicaRegions *[]*ReplicaRegion `json:"replicaRegions"` // A name for the secret. // // Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to // 30 days blackout period. During that period, it is not possible to create another secret that shares the same name. // Experimental. SecretName *string `json:"secretName"` }
The properties required to create a new secret in AWS Secrets Manager. Experimental.
type SecretRotation ¶
type SecretRotation interface { constructs.Construct Node() constructs.Node ToString() *string }
Secret rotation for a service or database. Experimental.
func NewSecretRotation ¶
func NewSecretRotation(scope constructs.Construct, id *string, props *SecretRotationProps) SecretRotation
Experimental.
type SecretRotationApplication ¶
type SecretRotationApplication interface { IsMultiUser() *bool ApplicationArnForPartition(partition *string) *string SemanticVersionForPartition(partition *string) *string }
A secret rotation serverless application. Experimental.
func NewSecretRotationApplication ¶
func NewSecretRotationApplication(applicationId *string, semanticVersion *string, options *SecretRotationApplicationOptions) SecretRotationApplication
Experimental.
func SecretRotationApplication_MARIADB_ROTATION_MULTI_USER ¶
func SecretRotationApplication_MARIADB_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_MARIADB_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_MARIADB_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_MONGODB_ROTATION_MULTI_USER ¶
func SecretRotationApplication_MONGODB_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_MONGODB_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_MONGODB_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_MYSQL_ROTATION_MULTI_USER ¶
func SecretRotationApplication_MYSQL_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_MYSQL_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_MYSQL_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_ORACLE_ROTATION_MULTI_USER ¶
func SecretRotationApplication_ORACLE_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_ORACLE_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_ORACLE_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_POSTGRES_ROTATION_MULTI_USER ¶
func SecretRotationApplication_POSTGRES_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_POSTGRES_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_POSTGRES_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_REDSHIFT_ROTATION_MULTI_USER ¶
func SecretRotationApplication_REDSHIFT_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_REDSHIFT_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_REDSHIFT_ROTATION_SINGLE_USER() SecretRotationApplication
func SecretRotationApplication_SQLSERVER_ROTATION_MULTI_USER ¶
func SecretRotationApplication_SQLSERVER_ROTATION_MULTI_USER() SecretRotationApplication
func SecretRotationApplication_SQLSERVER_ROTATION_SINGLE_USER ¶
func SecretRotationApplication_SQLSERVER_ROTATION_SINGLE_USER() SecretRotationApplication
type SecretRotationApplicationOptions ¶
type SecretRotationApplicationOptions struct { // Whether the rotation application uses the mutli user scheme. // Experimental. IsMultiUser *bool `json:"isMultiUser"` }
Options for a SecretRotationApplication. Experimental.
type SecretRotationProps ¶
type SecretRotationProps struct { // The serverless application for the rotation. // Experimental. Application SecretRotationApplication `json:"application"` // The secret to rotate. It must be a JSON string with the following format:. // // “` // { // "engine": <required: database engine>, // "host": <required: instance host name>, // "username": <required: username>, // "password": <required: password>, // "dbname": <optional: database name>, // "port": <optional: if not specified, default port will be used>, // "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> // } // “` // // This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment` // or an `ISecret` returned by the `attach()` method of `Secret`. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html // // Experimental. Secret ISecret `json:"secret"` // The target service or database. // Experimental. Target awsec2.IConnectable `json:"target"` // The VPC where the Lambda rotation function will run. // Experimental. Vpc awsec2.IVpc `json:"vpc"` // Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation. // Experimental. AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"` // Characters which should not appear in the generated password. // Experimental. ExcludeCharacters *string `json:"excludeCharacters"` // The master secret for a multi user rotation scheme. // Experimental. MasterSecret ISecret `json:"masterSecret"` // The security group for the Lambda rotation function. // Experimental. SecurityGroup awsec2.ISecurityGroup `json:"securityGroup"` // The type of subnets in the VPC where the Lambda rotation function will run. // Experimental. VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"` }
Construction properties for a SecretRotation. Experimental.
type SecretStringGenerator ¶
type SecretStringGenerator struct { // A string that includes characters that shouldn't be included in the generated password. // // The string can be a minimum // of “0“ and a maximum of “4096“ characters long. // Experimental. ExcludeCharacters *string `json:"excludeCharacters"` // Specifies that the generated password shouldn't include lowercase letters. // Experimental. ExcludeLowercase *bool `json:"excludeLowercase"` // Specifies that the generated password shouldn't include digits. // Experimental. ExcludeNumbers *bool `json:"excludeNumbers"` // Specifies that the generated password shouldn't include punctuation characters. // Experimental. ExcludePunctuation *bool `json:"excludePunctuation"` // Specifies that the generated password shouldn't include uppercase letters. // Experimental. ExcludeUppercase *bool `json:"excludeUppercase"` // The JSON key name that's used to add the generated password to the JSON structure specified by the “secretStringTemplate“ parameter. // // If you specify “generateStringKey“ then “secretStringTemplate“ // must be also be specified. // Experimental. GenerateStringKey *string `json:"generateStringKey"` // Specifies that the generated password can include the space character. // Experimental. IncludeSpace *bool `json:"includeSpace"` // The desired length of the generated password. // Experimental. PasswordLength *float64 `json:"passwordLength"` // Specifies whether the generated password must include at least one of every allowed character type. // Experimental. RequireEachIncludedType *bool `json:"requireEachIncludedType"` // A properly structured JSON string that the generated password can be added to. // // The “generateStringKey“ is // combined with the generated random string and inserted into the JSON structure that's specified by this parameter. // The merged JSON string is returned as the completed SecretString of the secret. If you specify “secretStringTemplate“ // then “generateStringKey“ must be also be specified. // Experimental. SecretStringTemplate *string `json:"secretStringTemplate"` }
Configuration to generate secrets such as passwords automatically. Experimental.
type SecretTargetAttachment ¶
type SecretTargetAttachment interface { awscdk.Resource ISecret ISecretTargetAttachment ArnForPolicies() *string AutoCreatePolicy() *bool EncryptionKey() awskms.IKey Env() *awscdk.ResourceEnvironment Node() constructs.Node PhysicalName() *string SecretArn() *string SecretFullArn() *string SecretName() *string SecretTargetAttachmentSecretArn() *string SecretValue() awscdk.SecretValue Stack() awscdk.Stack AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) Attach(target ISecretAttachmentTarget) ISecret DenyAccountRootDelete() GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant GrantWrite(grantee awsiam.IGrantable) awsiam.Grant SecretValueFromJson(jsonField *string) awscdk.SecretValue ToString() *string }
An attached secret. Experimental.
func NewSecretTargetAttachment ¶
func NewSecretTargetAttachment(scope constructs.Construct, id *string, props *SecretTargetAttachmentProps) SecretTargetAttachment
Experimental.
type SecretTargetAttachmentProps ¶
type SecretTargetAttachmentProps struct { // The secret to attach to the target. // Experimental. Secret ISecret `json:"secret"` }
Construction properties for an AttachedSecret. Experimental.
type SingleUserHostedRotationOptions ¶
type SingleUserHostedRotationOptions struct { // A name for the Lambda created to rotate the secret. // Experimental. FunctionName *string `json:"functionName"` // A list of security groups for the Lambda created to rotate the secret. // Experimental. SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"` // The VPC where the Lambda rotation function will run. // Experimental. Vpc awsec2.IVpc `json:"vpc"` // The type of subnets in the VPC where the Lambda rotation function will run. // Experimental. VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"` }
Single user hosted rotation options. Experimental.