awssecretsmanager

package
v1.130.0-devpreview Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2021 License: Apache-2.0 Imports: 10 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME

func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string

func CfnResourcePolicy_IsCfnElement

func CfnResourcePolicy_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnResourcePolicy_IsCfnResource

func CfnResourcePolicy_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnResourcePolicy_IsConstruct

func CfnResourcePolicy_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnRotationSchedule_CFN_RESOURCE_TYPE_NAME

func CfnRotationSchedule_CFN_RESOURCE_TYPE_NAME() *string

func CfnRotationSchedule_IsCfnElement

func CfnRotationSchedule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnRotationSchedule_IsCfnResource

func CfnRotationSchedule_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnRotationSchedule_IsConstruct

func CfnRotationSchedule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnSecretTargetAttachment_CFN_RESOURCE_TYPE_NAME

func CfnSecretTargetAttachment_CFN_RESOURCE_TYPE_NAME() *string

func CfnSecretTargetAttachment_IsCfnElement

func CfnSecretTargetAttachment_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnSecretTargetAttachment_IsCfnResource

func CfnSecretTargetAttachment_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnSecretTargetAttachment_IsConstruct

func CfnSecretTargetAttachment_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnSecret_CFN_RESOURCE_TYPE_NAME

func CfnSecret_CFN_RESOURCE_TYPE_NAME() *string

func CfnSecret_IsCfnElement

func CfnSecret_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnSecret_IsCfnResource

func CfnSecret_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnSecret_IsConstruct

func CfnSecret_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func NewCfnResourcePolicy_Override

func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope awscdk.Construct, id *string, props *CfnResourcePolicyProps)

Create a new `AWS::SecretsManager::ResourcePolicy`.

func NewCfnRotationSchedule_Override

func NewCfnRotationSchedule_Override(c CfnRotationSchedule, scope awscdk.Construct, id *string, props *CfnRotationScheduleProps)

Create a new `AWS::SecretsManager::RotationSchedule`.

func NewCfnSecretTargetAttachment_Override

func NewCfnSecretTargetAttachment_Override(c CfnSecretTargetAttachment, scope awscdk.Construct, id *string, props *CfnSecretTargetAttachmentProps)

Create a new `AWS::SecretsManager::SecretTargetAttachment`.

func NewCfnSecret_Override

func NewCfnSecret_Override(c CfnSecret, scope awscdk.Construct, id *string, props *CfnSecretProps)

Create a new `AWS::SecretsManager::Secret`.

func NewResourcePolicy_Override

func NewResourcePolicy_Override(r ResourcePolicy, scope constructs.Construct, id *string, props *ResourcePolicyProps)

Experimental.

func NewRotationSchedule_Override

func NewRotationSchedule_Override(r RotationSchedule, scope constructs.Construct, id *string, props *RotationScheduleProps)

Experimental.

func NewSecretRotationApplication_Override

func NewSecretRotationApplication_Override(s SecretRotationApplication, applicationId *string, semanticVersion *string, options *SecretRotationApplicationOptions)

Experimental.

func NewSecretRotation_Override

func NewSecretRotation_Override(s SecretRotation, scope constructs.Construct, id *string, props *SecretRotationProps)

Experimental.

func NewSecretTargetAttachment_Override

func NewSecretTargetAttachment_Override(s SecretTargetAttachment, scope constructs.Construct, id *string, props *SecretTargetAttachmentProps)

Experimental.

func NewSecret_Override

func NewSecret_Override(s Secret, scope constructs.Construct, id *string, props *SecretProps)

Experimental.

func ResourcePolicy_IsConstruct

func ResourcePolicy_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func ResourcePolicy_IsResource

func ResourcePolicy_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func RotationSchedule_IsConstruct

func RotationSchedule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func RotationSchedule_IsResource

func RotationSchedule_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func SecretRotation_IsConstruct

func SecretRotation_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func SecretTargetAttachment_IsConstruct

func SecretTargetAttachment_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func SecretTargetAttachment_IsResource

func SecretTargetAttachment_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Secret_IsConstruct

func Secret_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func Secret_IsResource

func Secret_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

Types

type AttachedSecretOptions

type AttachedSecretOptions struct {
	// The target to attach the secret to.
	// Deprecated: use `secret.attach()` instead
	Target ISecretAttachmentTarget `json:"target"`
}

Options to add a secret attachment to a secret. Deprecated: use `secret.attach()` instead

type AttachmentTargetType

type AttachmentTargetType string

The type of service or database that's being associated with the secret. Experimental.

const (
	AttachmentTargetType_INSTANCE          AttachmentTargetType = "INSTANCE"
	AttachmentTargetType_CLUSTER           AttachmentTargetType = "CLUSTER"
	AttachmentTargetType_RDS_DB_PROXY      AttachmentTargetType = "RDS_DB_PROXY"
	AttachmentTargetType_REDSHIFT_CLUSTER  AttachmentTargetType = "REDSHIFT_CLUSTER"
	AttachmentTargetType_DOCDB_DB_INSTANCE AttachmentTargetType = "DOCDB_DB_INSTANCE"
	AttachmentTargetType_DOCDB_DB_CLUSTER  AttachmentTargetType = "DOCDB_DB_CLUSTER"
)

type CfnResourcePolicy

type CfnResourcePolicy interface {
	awscdk.CfnResource
	awscdk.IInspectable
	BlockPublicPolicy() interface{}
	SetBlockPublicPolicy(val interface{})
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	LogicalId() *string
	Node() awscdk.ConstructNode
	Ref() *string
	ResourcePolicy() interface{}
	SetResourcePolicy(val interface{})
	SecretId() *string
	SetSecretId(val *string)
	Stack() awscdk.Stack
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::SecretsManager::ResourcePolicy`.

func NewCfnResourcePolicy

func NewCfnResourcePolicy(scope awscdk.Construct, id *string, props *CfnResourcePolicyProps) CfnResourcePolicy

Create a new `AWS::SecretsManager::ResourcePolicy`.

type CfnResourcePolicyProps

type CfnResourcePolicyProps struct {
	// `AWS::SecretsManager::ResourcePolicy.ResourcePolicy`.
	ResourcePolicy interface{} `json:"resourcePolicy"`
	// `AWS::SecretsManager::ResourcePolicy.SecretId`.
	SecretId *string `json:"secretId"`
	// `AWS::SecretsManager::ResourcePolicy.BlockPublicPolicy`.
	BlockPublicPolicy interface{} `json:"blockPublicPolicy"`
}

Properties for defining a `AWS::SecretsManager::ResourcePolicy`.

type CfnRotationSchedule

type CfnRotationSchedule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	HostedRotationLambda() interface{}
	SetHostedRotationLambda(val interface{})
	LogicalId() *string
	Node() awscdk.ConstructNode
	Ref() *string
	RotationLambdaArn() *string
	SetRotationLambdaArn(val *string)
	RotationRules() interface{}
	SetRotationRules(val interface{})
	SecretId() *string
	SetSecretId(val *string)
	Stack() awscdk.Stack
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::SecretsManager::RotationSchedule`.

func NewCfnRotationSchedule

func NewCfnRotationSchedule(scope awscdk.Construct, id *string, props *CfnRotationScheduleProps) CfnRotationSchedule

Create a new `AWS::SecretsManager::RotationSchedule`.

type CfnRotationScheduleProps

type CfnRotationScheduleProps struct {
	// `AWS::SecretsManager::RotationSchedule.SecretId`.
	SecretId *string `json:"secretId"`
	// `AWS::SecretsManager::RotationSchedule.HostedRotationLambda`.
	HostedRotationLambda interface{} `json:"hostedRotationLambda"`
	// `AWS::SecretsManager::RotationSchedule.RotationLambdaARN`.
	RotationLambdaArn *string `json:"rotationLambdaArn"`
	// `AWS::SecretsManager::RotationSchedule.RotationRules`.
	RotationRules interface{} `json:"rotationRules"`
}

Properties for defining a `AWS::SecretsManager::RotationSchedule`.

type CfnRotationSchedule_HostedRotationLambdaProperty

type CfnRotationSchedule_HostedRotationLambdaProperty struct {
	// `CfnRotationSchedule.HostedRotationLambdaProperty.RotationType`.
	RotationType *string `json:"rotationType"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.KmsKeyArn`.
	KmsKeyArn *string `json:"kmsKeyArn"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.MasterSecretArn`.
	MasterSecretArn *string `json:"masterSecretArn"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.MasterSecretKmsKeyArn`.
	MasterSecretKmsKeyArn *string `json:"masterSecretKmsKeyArn"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.RotationLambdaName`.
	RotationLambdaName *string `json:"rotationLambdaName"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.VpcSecurityGroupIds`.
	VpcSecurityGroupIds *string `json:"vpcSecurityGroupIds"`
	// `CfnRotationSchedule.HostedRotationLambdaProperty.VpcSubnetIds`.
	VpcSubnetIds *string `json:"vpcSubnetIds"`
}

type CfnRotationSchedule_RotationRulesProperty

type CfnRotationSchedule_RotationRulesProperty struct {
	// `CfnRotationSchedule.RotationRulesProperty.AutomaticallyAfterDays`.
	AutomaticallyAfterDays *float64 `json:"automaticallyAfterDays"`
}

type CfnSecret

type CfnSecret interface {
	awscdk.CfnResource
	awscdk.IInspectable
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	Description() *string
	SetDescription(val *string)
	GenerateSecretString() interface{}
	SetGenerateSecretString(val interface{})
	KmsKeyId() *string
	SetKmsKeyId(val *string)
	LogicalId() *string
	Name() *string
	SetName(val *string)
	Node() awscdk.ConstructNode
	Ref() *string
	ReplicaRegions() interface{}
	SetReplicaRegions(val interface{})
	SecretString() *string
	SetSecretString(val *string)
	Stack() awscdk.Stack
	Tags() awscdk.TagManager
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::SecretsManager::Secret`.

func NewCfnSecret

func NewCfnSecret(scope awscdk.Construct, id *string, props *CfnSecretProps) CfnSecret

Create a new `AWS::SecretsManager::Secret`.

type CfnSecretProps

type CfnSecretProps struct {
	// `AWS::SecretsManager::Secret.Description`.
	Description *string `json:"description"`
	// `AWS::SecretsManager::Secret.GenerateSecretString`.
	GenerateSecretString interface{} `json:"generateSecretString"`
	// `AWS::SecretsManager::Secret.KmsKeyId`.
	KmsKeyId *string `json:"kmsKeyId"`
	// `AWS::SecretsManager::Secret.Name`.
	Name *string `json:"name"`
	// `AWS::SecretsManager::Secret.ReplicaRegions`.
	ReplicaRegions interface{} `json:"replicaRegions"`
	// `AWS::SecretsManager::Secret.SecretString`.
	SecretString *string `json:"secretString"`
	// `AWS::SecretsManager::Secret.Tags`.
	Tags *[]*awscdk.CfnTag `json:"tags"`
}

Properties for defining a `AWS::SecretsManager::Secret`.

type CfnSecretTargetAttachment

type CfnSecretTargetAttachment interface {
	awscdk.CfnResource
	awscdk.IInspectable
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	LogicalId() *string
	Node() awscdk.ConstructNode
	Ref() *string
	SecretId() *string
	SetSecretId(val *string)
	Stack() awscdk.Stack
	TargetId() *string
	SetTargetId(val *string)
	TargetType() *string
	SetTargetType(val *string)
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::SecretsManager::SecretTargetAttachment`.

func NewCfnSecretTargetAttachment

func NewCfnSecretTargetAttachment(scope awscdk.Construct, id *string, props *CfnSecretTargetAttachmentProps) CfnSecretTargetAttachment

Create a new `AWS::SecretsManager::SecretTargetAttachment`.

type CfnSecretTargetAttachmentProps

type CfnSecretTargetAttachmentProps struct {
	// `AWS::SecretsManager::SecretTargetAttachment.SecretId`.
	SecretId *string `json:"secretId"`
	// `AWS::SecretsManager::SecretTargetAttachment.TargetId`.
	TargetId *string `json:"targetId"`
	// `AWS::SecretsManager::SecretTargetAttachment.TargetType`.
	TargetType *string `json:"targetType"`
}

Properties for defining a `AWS::SecretsManager::SecretTargetAttachment`.

type CfnSecret_GenerateSecretStringProperty

type CfnSecret_GenerateSecretStringProperty struct {
	// `CfnSecret.GenerateSecretStringProperty.ExcludeCharacters`.
	ExcludeCharacters *string `json:"excludeCharacters"`
	// `CfnSecret.GenerateSecretStringProperty.ExcludeLowercase`.
	ExcludeLowercase interface{} `json:"excludeLowercase"`
	// `CfnSecret.GenerateSecretStringProperty.ExcludeNumbers`.
	ExcludeNumbers interface{} `json:"excludeNumbers"`
	// `CfnSecret.GenerateSecretStringProperty.ExcludePunctuation`.
	ExcludePunctuation interface{} `json:"excludePunctuation"`
	// `CfnSecret.GenerateSecretStringProperty.ExcludeUppercase`.
	ExcludeUppercase interface{} `json:"excludeUppercase"`
	// `CfnSecret.GenerateSecretStringProperty.GenerateStringKey`.
	GenerateStringKey *string `json:"generateStringKey"`
	// `CfnSecret.GenerateSecretStringProperty.IncludeSpace`.
	IncludeSpace interface{} `json:"includeSpace"`
	// `CfnSecret.GenerateSecretStringProperty.PasswordLength`.
	PasswordLength *float64 `json:"passwordLength"`
	// `CfnSecret.GenerateSecretStringProperty.RequireEachIncludedType`.
	RequireEachIncludedType interface{} `json:"requireEachIncludedType"`
	// `CfnSecret.GenerateSecretStringProperty.SecretStringTemplate`.
	SecretStringTemplate *string `json:"secretStringTemplate"`
}

type CfnSecret_ReplicaRegionProperty

type CfnSecret_ReplicaRegionProperty struct {
	// `CfnSecret.ReplicaRegionProperty.Region`.
	Region *string `json:"region"`
	// `CfnSecret.ReplicaRegionProperty.KmsKeyId`.
	KmsKeyId *string `json:"kmsKeyId"`
}

type HostedRotation

type HostedRotation interface {
	awsec2.IConnectable
	Connections() awsec2.Connections
	Bind(secret ISecret, scope constructs.Construct) *CfnRotationSchedule_HostedRotationLambdaProperty
}

A hosted rotation. Experimental.

func HostedRotation_MariaDbMultiUser

func HostedRotation_MariaDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

MariaDB Multi User. Experimental.

func HostedRotation_MariaDbSingleUser

func HostedRotation_MariaDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

MariaDB Single User. Experimental.

func HostedRotation_MongoDbMultiUser

func HostedRotation_MongoDbMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

MongoDB Multi User. Experimental.

func HostedRotation_MongoDbSingleUser

func HostedRotation_MongoDbSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

MongoDB Single User. Experimental.

func HostedRotation_MysqlMultiUser

func HostedRotation_MysqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

MySQL Multi User. Experimental.

func HostedRotation_MysqlSingleUser

func HostedRotation_MysqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

MySQL Single User. Experimental.

func HostedRotation_OracleMultiUser

func HostedRotation_OracleMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

Oracle Multi User. Experimental.

func HostedRotation_OracleSingleUser

func HostedRotation_OracleSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

Oracle Single User. Experimental.

func HostedRotation_PostgreSqlMultiUser

func HostedRotation_PostgreSqlMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

PostgreSQL Multi User. Experimental.

func HostedRotation_PostgreSqlSingleUser

func HostedRotation_PostgreSqlSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

PostgreSQL Single User. Experimental.

func HostedRotation_RedshiftMultiUser

func HostedRotation_RedshiftMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

Redshift Multi User. Experimental.

func HostedRotation_RedshiftSingleUser

func HostedRotation_RedshiftSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

Redshift Single User. Experimental.

func HostedRotation_SqlServerMultiUser

func HostedRotation_SqlServerMultiUser(options *MultiUserHostedRotationOptions) HostedRotation

SQL Server Multi User. Experimental.

func HostedRotation_SqlServerSingleUser

func HostedRotation_SqlServerSingleUser(options *SingleUserHostedRotationOptions) HostedRotation

SQL Server Single User. Experimental.

type HostedRotationType

type HostedRotationType interface {
	IsMultiUser() *bool
	Name() *string
}

Hosted rotation type. Experimental.

func HostedRotationType_MARIADB_MULTI_USER

func HostedRotationType_MARIADB_MULTI_USER() HostedRotationType

func HostedRotationType_MARIADB_SINGLE_USER

func HostedRotationType_MARIADB_SINGLE_USER() HostedRotationType

func HostedRotationType_MONGODB_MULTI_USER

func HostedRotationType_MONGODB_MULTI_USER() HostedRotationType

func HostedRotationType_MONGODB_SINGLE_USER

func HostedRotationType_MONGODB_SINGLE_USER() HostedRotationType

func HostedRotationType_MYSQL_MULTI_USER

func HostedRotationType_MYSQL_MULTI_USER() HostedRotationType

func HostedRotationType_MYSQL_SINGLE_USER

func HostedRotationType_MYSQL_SINGLE_USER() HostedRotationType

func HostedRotationType_ORACLE_MULTI_USER

func HostedRotationType_ORACLE_MULTI_USER() HostedRotationType

func HostedRotationType_ORACLE_SINGLE_USER

func HostedRotationType_ORACLE_SINGLE_USER() HostedRotationType

func HostedRotationType_POSTGRESQL_MULTI_USER

func HostedRotationType_POSTGRESQL_MULTI_USER() HostedRotationType

func HostedRotationType_POSTGRESQL_SINGLE_USER

func HostedRotationType_POSTGRESQL_SINGLE_USER() HostedRotationType

func HostedRotationType_REDSHIFT_MULTI_USER

func HostedRotationType_REDSHIFT_MULTI_USER() HostedRotationType

func HostedRotationType_REDSHIFT_SINGLE_USER

func HostedRotationType_REDSHIFT_SINGLE_USER() HostedRotationType

func HostedRotationType_SQLSERVER_MULTI_USER

func HostedRotationType_SQLSERVER_MULTI_USER() HostedRotationType

func HostedRotationType_SQLSERVER_SINGLE_USER

func HostedRotationType_SQLSERVER_SINGLE_USER() HostedRotationType

type ISecret

type ISecret interface {
	awscdk.IResource
	// Adds a rotation schedule to the secret.
	// Experimental.
	AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule
	// Adds a statement to the IAM resource policy associated with this secret.
	//
	// If this secret was created in this stack, a resource policy will be
	// automatically created upon the first call to `addToResourcePolicy`. If
	// the secret is imported, then this is a no-op.
	// Experimental.
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Attach a target to this secret.
	//
	// Returns: An attached secret
	// Experimental.
	Attach(target ISecretAttachmentTarget) ISecret
	// Denies the `DeleteSecret` action to all principals within the current account.
	// Experimental.
	DenyAccountRootDelete()
	// Grants reading the secret value to some role.
	// Experimental.
	GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant
	// Grants writing and updating the secret value to some role.
	// Experimental.
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	// Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.
	// Experimental.
	SecretValueFromJson(key *string) awscdk.SecretValue
	// The customer-managed encryption key that is used to encrypt this secret, if any.
	//
	// When not specified, the default
	// KMS key for the account and region is being used.
	// Experimental.
	EncryptionKey() awskms.IKey
	// The ARN of the secret in AWS Secrets Manager.
	//
	// Will return the full ARN if available, otherwise a partial arn.
	// For secrets imported by the deprecated `fromSecretName`, it will return the `secretName`.
	// Experimental.
	SecretArn() *string
	// The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
	//
	// This is equal to `secretArn` in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
	// Experimental.
	SecretFullArn() *string
	// The name of the secret.
	//
	// For "owned" secrets, this will be the full resource name (secret name + suffix), unless the
	// '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
	// Experimental.
	SecretName() *string
	// Retrieve the value of the stored secret as a `SecretValue`.
	// Experimental.
	SecretValue() awscdk.SecretValue
}

A secret in AWS Secrets Manager. Experimental.

func Secret_FromSecretArn deprecated

func Secret_FromSecretArn(scope constructs.Construct, id *string, secretArn *string) ISecret

Deprecated: use `fromSecretCompleteArn` or `fromSecretPartialArn`

func Secret_FromSecretAttributes

func Secret_FromSecretAttributes(scope constructs.Construct, id *string, attrs *SecretAttributes) ISecret

Import an existing secret into the Stack. Experimental.

func Secret_FromSecretCompleteArn

func Secret_FromSecretCompleteArn(scope constructs.Construct, id *string, secretCompleteArn *string) ISecret

Imports a secret by complete ARN.

The complete ARN is the ARN with the Secrets Manager-supplied suffix. Experimental.

func Secret_FromSecretName

func Secret_FromSecretName(scope constructs.Construct, id *string, secretName *string) ISecret

Imports a secret by secret name;

the ARN of the Secret will be set to the secret name. A secret with this name must exist in the same account & region. Deprecated: use `fromSecretNameV2`

func Secret_FromSecretNameV2

func Secret_FromSecretNameV2(scope constructs.Construct, id *string, secretName *string) ISecret

Imports a secret by secret name.

A secret with this name must exist in the same account & region. Replaces the deprecated `fromSecretName`. Experimental.

func Secret_FromSecretPartialArn

func Secret_FromSecretPartialArn(scope constructs.Construct, id *string, secretPartialArn *string) ISecret

Imports a secret by partial ARN.

The partial ARN is the ARN without the Secrets Manager-supplied suffix. Experimental.

type ISecretAttachmentTarget

type ISecretAttachmentTarget interface {
	// Renders the target specifications.
	// Experimental.
	AsSecretAttachmentTarget() *SecretAttachmentTargetProps
}

A secret attachment target. Experimental.

type ISecretTargetAttachment

type ISecretTargetAttachment interface {
	ISecret
	// Same as `secretArn`.
	// Experimental.
	SecretTargetAttachmentSecretArn() *string
}

Experimental.

func SecretTargetAttachment_FromSecretTargetAttachmentSecretArn

func SecretTargetAttachment_FromSecretTargetAttachmentSecretArn(scope constructs.Construct, id *string, secretTargetAttachmentSecretArn *string) ISecretTargetAttachment

Experimental.

type MultiUserHostedRotationOptions

type MultiUserHostedRotationOptions struct {
	// A name for the Lambda created to rotate the secret.
	// Experimental.
	FunctionName *string `json:"functionName"`
	// A list of security groups for the Lambda created to rotate the secret.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"`
	// The VPC where the Lambda rotation function will run.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// The type of subnets in the VPC where the Lambda rotation function will run.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
	// The master secret for a multi user rotation scheme.
	// Experimental.
	MasterSecret ISecret `json:"masterSecret"`
}

Multi user hosted rotation options. Experimental.

type ReplicaRegion

type ReplicaRegion struct {
	// The name of the region.
	// Experimental.
	Region *string `json:"region"`
	// The customer-managed encryption key to use for encrypting the secret value.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
}

Secret replica region. Experimental.

type ResourcePolicy

type ResourcePolicy interface {
	awscdk.Resource
	Document() awsiam.PolicyDocument
	Env() *awscdk.ResourceEnvironment
	Node() awscdk.ConstructNode
	PhysicalName() *string
	Stack() awscdk.Stack
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Secret Resource Policy. Experimental.

func NewResourcePolicy

func NewResourcePolicy(scope constructs.Construct, id *string, props *ResourcePolicyProps) ResourcePolicy

Experimental.

type ResourcePolicyProps

type ResourcePolicyProps struct {
	// The secret to attach a resource-based permissions policy.
	// Experimental.
	Secret ISecret `json:"secret"`
}

Construction properties for a ResourcePolicy. Experimental.

type RotationSchedule

type RotationSchedule interface {
	awscdk.Resource
	Env() *awscdk.ResourceEnvironment
	Node() awscdk.ConstructNode
	PhysicalName() *string
	Stack() awscdk.Stack
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

A rotation schedule. Experimental.

func NewRotationSchedule

func NewRotationSchedule(scope constructs.Construct, id *string, props *RotationScheduleProps) RotationSchedule

Experimental.

type RotationScheduleOptions

type RotationScheduleOptions struct {
	// Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
	// Experimental.
	AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"`
	// Hosted rotation.
	// Experimental.
	HostedRotation HostedRotation `json:"hostedRotation"`
	// A Lambda function that can rotate the secret.
	// Experimental.
	RotationLambda awslambda.IFunction `json:"rotationLambda"`
}

Options to add a rotation schedule to a secret. Experimental.

type RotationScheduleProps

type RotationScheduleProps struct {
	// Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
	// Experimental.
	AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"`
	// Hosted rotation.
	// Experimental.
	HostedRotation HostedRotation `json:"hostedRotation"`
	// A Lambda function that can rotate the secret.
	// Experimental.
	RotationLambda awslambda.IFunction `json:"rotationLambda"`
	// The secret to rotate.
	//
	// If hosted rotation is used, this must be a JSON string with the following format:
	//
	// “`
	// {
	//    "engine": <required: database engine>,
	//    "host": <required: instance host name>,
	//    "username": <required: username>,
	//    "password": <required: password>,
	//    "dbname": <optional: database name>,
	//    "port": <optional: if not specified, default port will be used>,
	//    "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
	// }
	// “`
	//
	// This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment`
	// or an `ISecret` returned by the `attach()` method of `Secret`.
	// Experimental.
	Secret ISecret `json:"secret"`
}

Construction properties for a RotationSchedule. Experimental.

type Secret

type Secret interface {
	awscdk.Resource
	ISecret
	ArnForPolicies() *string
	AutoCreatePolicy() *bool
	EncryptionKey() awskms.IKey
	Env() *awscdk.ResourceEnvironment
	Node() awscdk.ConstructNode
	PhysicalName() *string
	SecretArn() *string
	SecretFullArn() *string
	SecretName() *string
	SecretValue() awscdk.SecretValue
	Stack() awscdk.Stack
	AddReplicaRegion(region *string, encryptionKey awskms.IKey)
	AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule
	AddTargetAttachment(id *string, options *AttachedSecretOptions) SecretTargetAttachment
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	Attach(target ISecretAttachmentTarget) ISecret
	DenyAccountRootDelete()
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	SecretValueFromJson(jsonField *string) awscdk.SecretValue
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Creates a new secret in AWS SecretsManager. Experimental.

func NewSecret

func NewSecret(scope constructs.Construct, id *string, props *SecretProps) Secret

Experimental.

type SecretAttachmentTargetProps

type SecretAttachmentTargetProps struct {
	// The id of the target to attach the secret to.
	// Experimental.
	TargetId *string `json:"targetId"`
	// The type of the target to attach the secret to.
	// Experimental.
	TargetType AttachmentTargetType `json:"targetType"`
}

Attachment target specifications. Experimental.

type SecretAttributes

type SecretAttributes struct {
	// The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// The ARN of the secret in SecretsManager.
	//
	// Cannot be used with `secretCompleteArn` or `secretPartialArn`.
	// Deprecated: use `secretCompleteArn` or `secretPartialArn` instead.
	SecretArn *string `json:"secretArn"`
	// The complete ARN of the secret in SecretsManager.
	//
	// This is the ARN including the Secrets Manager 6-character suffix.
	// Cannot be used with `secretArn` or `secretPartialArn`.
	// Experimental.
	SecretCompleteArn *string `json:"secretCompleteArn"`
	// The partial ARN of the secret in SecretsManager.
	//
	// This is the ARN without the Secrets Manager 6-character suffix.
	// Cannot be used with `secretArn` or `secretCompleteArn`.
	// Experimental.
	SecretPartialArn *string `json:"secretPartialArn"`
}

Attributes required to import an existing secret into the Stack.

One ARN format (`secretArn`, `secretCompleteArn`, `secretPartialArn`) must be provided. Experimental.

type SecretProps

type SecretProps struct {
	// An optional, human-friendly description of the secret.
	// Experimental.
	Description *string `json:"description"`
	// The customer-managed encryption key to use for encrypting the secret value.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// Configuration for how to generate a secret value.
	// Experimental.
	GenerateSecretString *SecretStringGenerator `json:"generateSecretString"`
	// Policy to apply when the secret is removed from this stack.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// A list of regions where to replicate this secret.
	// Experimental.
	ReplicaRegions *[]*ReplicaRegion `json:"replicaRegions"`
	// A name for the secret.
	//
	// Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to
	// 30 days blackout period. During that period, it is not possible to create another secret that shares the same name.
	// Experimental.
	SecretName *string `json:"secretName"`
}

The properties required to create a new secret in AWS Secrets Manager. Experimental.

type SecretRotation

type SecretRotation interface {
	awscdk.Construct
	Node() awscdk.ConstructNode
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Secret rotation for a service or database. Experimental.

func NewSecretRotation

func NewSecretRotation(scope constructs.Construct, id *string, props *SecretRotationProps) SecretRotation

Experimental.

type SecretRotationApplication

type SecretRotationApplication interface {
	ApplicationId() *string
	IsMultiUser() *bool
	SemanticVersion() *string
	ApplicationArnForPartition(partition *string) *string
	SemanticVersionForPartition(partition *string) *string
}

A secret rotation serverless application. Experimental.

func NewSecretRotationApplication

func NewSecretRotationApplication(applicationId *string, semanticVersion *string, options *SecretRotationApplicationOptions) SecretRotationApplication

Experimental.

func SecretRotationApplication_MARIADB_ROTATION_MULTI_USER

func SecretRotationApplication_MARIADB_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_MARIADB_ROTATION_SINGLE_USER

func SecretRotationApplication_MARIADB_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_MONGODB_ROTATION_MULTI_USER

func SecretRotationApplication_MONGODB_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_MONGODB_ROTATION_SINGLE_USER

func SecretRotationApplication_MONGODB_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_MYSQL_ROTATION_MULTI_USER

func SecretRotationApplication_MYSQL_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_MYSQL_ROTATION_SINGLE_USER

func SecretRotationApplication_MYSQL_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_ORACLE_ROTATION_MULTI_USER

func SecretRotationApplication_ORACLE_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_ORACLE_ROTATION_SINGLE_USER

func SecretRotationApplication_ORACLE_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_POSTGRES_ROTATION_MULTI_USER

func SecretRotationApplication_POSTGRES_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_POSTGRES_ROTATION_SINGLE_USER

func SecretRotationApplication_POSTGRES_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_REDSHIFT_ROTATION_MULTI_USER

func SecretRotationApplication_REDSHIFT_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_REDSHIFT_ROTATION_SINGLE_USER

func SecretRotationApplication_REDSHIFT_ROTATION_SINGLE_USER() SecretRotationApplication

func SecretRotationApplication_SQLSERVER_ROTATION_MULTI_USER

func SecretRotationApplication_SQLSERVER_ROTATION_MULTI_USER() SecretRotationApplication

func SecretRotationApplication_SQLSERVER_ROTATION_SINGLE_USER

func SecretRotationApplication_SQLSERVER_ROTATION_SINGLE_USER() SecretRotationApplication

type SecretRotationApplicationOptions

type SecretRotationApplicationOptions struct {
	// Whether the rotation application uses the mutli user scheme.
	// Experimental.
	IsMultiUser *bool `json:"isMultiUser"`
}

Options for a SecretRotationApplication. Experimental.

type SecretRotationProps

type SecretRotationProps struct {
	// The serverless application for the rotation.
	// Experimental.
	Application SecretRotationApplication `json:"application"`
	// The secret to rotate. It must be a JSON string with the following format:.
	//
	// “`
	// {
	//    "engine": <required: database engine>,
	//    "host": <required: instance host name>,
	//    "username": <required: username>,
	//    "password": <required: password>,
	//    "dbname": <optional: database name>,
	//    "port": <optional: if not specified, default port will be used>,
	//    "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
	// }
	// “`
	//
	// This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment`
	// or an `ISecret` returned by the `attach()` method of `Secret`.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html
	//
	// Experimental.
	Secret ISecret `json:"secret"`
	// The target service or database.
	// Experimental.
	Target awsec2.IConnectable `json:"target"`
	// The VPC where the Lambda rotation function will run.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
	// Experimental.
	AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"`
	// Characters which should not appear in the generated password.
	// Experimental.
	ExcludeCharacters *string `json:"excludeCharacters"`
	// The master secret for a multi user rotation scheme.
	// Experimental.
	MasterSecret ISecret `json:"masterSecret"`
	// The security group for the Lambda rotation function.
	// Experimental.
	SecurityGroup awsec2.ISecurityGroup `json:"securityGroup"`
	// The type of subnets in the VPC where the Lambda rotation function will run.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
}

Construction properties for a SecretRotation. Experimental.

type SecretStringGenerator

type SecretStringGenerator struct {
	// A string that includes characters that shouldn't be included in the generated password.
	//
	// The string can be a minimum
	// of “0“ and a maximum of “4096“ characters long.
	// Experimental.
	ExcludeCharacters *string `json:"excludeCharacters"`
	// Specifies that the generated password shouldn't include lowercase letters.
	// Experimental.
	ExcludeLowercase *bool `json:"excludeLowercase"`
	// Specifies that the generated password shouldn't include digits.
	// Experimental.
	ExcludeNumbers *bool `json:"excludeNumbers"`
	// Specifies that the generated password shouldn't include punctuation characters.
	// Experimental.
	ExcludePunctuation *bool `json:"excludePunctuation"`
	// Specifies that the generated password shouldn't include uppercase letters.
	// Experimental.
	ExcludeUppercase *bool `json:"excludeUppercase"`
	// The JSON key name that's used to add the generated password to the JSON structure specified by the “secretStringTemplate“ parameter.
	//
	// If you specify “generateStringKey“ then “secretStringTemplate“
	// must be also be specified.
	// Experimental.
	GenerateStringKey *string `json:"generateStringKey"`
	// Specifies that the generated password can include the space character.
	// Experimental.
	IncludeSpace *bool `json:"includeSpace"`
	// The desired length of the generated password.
	// Experimental.
	PasswordLength *float64 `json:"passwordLength"`
	// Specifies whether the generated password must include at least one of every allowed character type.
	// Experimental.
	RequireEachIncludedType *bool `json:"requireEachIncludedType"`
	// A properly structured JSON string that the generated password can be added to.
	//
	// The “generateStringKey“ is
	// combined with the generated random string and inserted into the JSON structure that's specified by this parameter.
	// The merged JSON string is returned as the completed SecretString of the secret. If you specify “secretStringTemplate“
	// then “generateStringKey“ must be also be specified.
	// Experimental.
	SecretStringTemplate *string `json:"secretStringTemplate"`
}

Configuration to generate secrets such as passwords automatically. Experimental.

type SecretTargetAttachment

type SecretTargetAttachment interface {
	awscdk.Resource
	ISecret
	ISecretTargetAttachment
	ArnForPolicies() *string
	AutoCreatePolicy() *bool
	EncryptionKey() awskms.IKey
	Env() *awscdk.ResourceEnvironment
	Node() awscdk.ConstructNode
	PhysicalName() *string
	SecretArn() *string
	SecretFullArn() *string
	SecretName() *string
	SecretTargetAttachmentSecretArn() *string
	SecretValue() awscdk.SecretValue
	Stack() awscdk.Stack
	AddRotationSchedule(id *string, options *RotationScheduleOptions) RotationSchedule
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	Attach(target ISecretAttachmentTarget) ISecret
	DenyAccountRootDelete()
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	SecretValueFromJson(jsonField *string) awscdk.SecretValue
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

An attached secret. Experimental.

func NewSecretTargetAttachment

func NewSecretTargetAttachment(scope constructs.Construct, id *string, props *SecretTargetAttachmentProps) SecretTargetAttachment

Experimental.

type SecretTargetAttachmentProps

type SecretTargetAttachmentProps struct {
	// The target to attach the secret to.
	// Deprecated.
	Target ISecretAttachmentTarget `json:"target"`
	// The secret to attach to the target.
	// Experimental.
	Secret ISecret `json:"secret"`
}

Construction properties for an AttachedSecret. Experimental.

type SingleUserHostedRotationOptions

type SingleUserHostedRotationOptions struct {
	// A name for the Lambda created to rotate the secret.
	// Experimental.
	FunctionName *string `json:"functionName"`
	// A list of security groups for the Lambda created to rotate the secret.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"`
	// The VPC where the Lambda rotation function will run.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// The type of subnets in the VPC where the Lambda rotation function will run.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
}

Single user hosted rotation options. Experimental.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL