awscdkawsredshiftalpha

package module
v2.0.0-rc.24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 13, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

README

Amazon Redshift Construct Library

All classes with the Cfn prefix in this module (CFN Resources) are always stable and safe to use.

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Starting a Redshift Cluster Database

To set up a Redshift cluster, define a Cluster. It will be launched in a VPC. You can specify a VPC, otherwise one will be created. The nodes are always launched in private subnets and are encrypted by default.

import * as ec2 from '@aws-cdk/aws-ec2';

const vpc = new ec2.Vpc(this, 'Vpc');
const cluster = new Cluster(this, 'Redshift', {
  masterUser: {
    masterUsername: 'admin',
  },
  vpc
});

By default, the master password will be generated and stored in AWS Secrets Manager.

A default database named default_db will be created in the cluster. To change the name of this database set the defaultDatabaseName attribute in the constructor properties.

By default, the cluster will not be publicly accessible. Depending on your use case, you can make the cluster publicly accessible with the publiclyAccessible property.

Connecting

To control who can access the cluster, use the .connections attribute. Redshift Clusters have a default port, so you don't need to specify the port:

cluster.connections.allowDefaultPortFromAnyIpv4('Open to the world');

The endpoint to access your database cluster will be available as the .clusterEndpoint attribute:

cluster.clusterEndpoint.socketAddress;   // "HOSTNAME:PORT"

Rotating credentials

When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:

cluster.addRotationSingleUser(); // Will rotate automatically after 30 days

The multi user rotation scheme is also available:

import * as secretsmanager from '@aws-cdk/aws-secretsmanager';

cluster.addRotationMultiUser('MyUser', {
  secret: secretsmanager.Secret.fromSecretNameV2(this, 'Imported Secret', 'my-secret'),
});

Database Resources

This module allows for the creation of non-CloudFormation database resources such as users and tables. This allows you to manage identities, permissions, and stateful resources within your Redshift cluster from your CDK application.

Because these resources are not available in CloudFormation, this library leverages custom resources to manage them. In addition to the IAM permissions required to make Redshift service calls, the execution role for the custom resource handler requires database credentials to create resources within the cluster.

These database credentials can be supplied explicitly through the adminUser properties of the various database resource constructs. Alternatively, the credentials can be automatically pulled from the Redshift cluster's default administrator credentials. However, this option is only available if the password for the credentials was generated by the CDK application (ie., no value vas provided for the masterPassword property of Cluster.masterUser).

Creating Users

Create a user within a Redshift cluster database by instantiating a User construct. This will generate a username and password, store the credentials in a AWS Secrets Manager Secret, and make a query to the Redshift cluster to create a new database user with the credentials.

new User(this, 'User', {
  cluster: cluster,
  databaseName: 'databaseName',
});

By default, the user credentials are encrypted with your AWS account's default Secrets Manager encryption key. You can specify the encryption key used for this purpose by supplying a key in the encryptionKey property.

import * as kms from '@aws-cdk/aws-kms';

const encryptionKey = new kms.Key(this, 'Key');
new User(this, 'User', {
  encryptionKey: encryptionKey,
  cluster: cluster,
  databaseName: 'databaseName',
});

By default, a username is automatically generated from the user construct ID and its path in the construct tree. You can specify a particular username by providing a value for the username property. Usernames must be valid identifiers; see: Names and identifiers in the Amazon Redshift Database Developer Guide.

new User(this, 'User', {
  username: 'myuser',
  cluster: cluster,
  databaseName: 'databaseName',
});

The user password is generated by AWS Secrets Manager using the default configuration found in secretsmanager.SecretStringGenerator, except with password length 30 and some SQL-incompliant characters excluded. The plaintext for the password will never be present in the CDK application; instead, a CloudFormation Dynamic Reference will be used wherever the password value is required.

Creating Tables

Create a table within a Redshift cluster database by instantiating a Table construct. This will make a query to the Redshift cluster to create a new database table with the supplied schema.

new Table(this, 'Table', {
  tableColumns: [{ name: 'col1', dataType: 'varchar(4)' }, { name: 'col2', dataType: 'float' }],
  cluster: cluster,
  databaseName: 'databaseName',
});
Granting Privileges

You can give a user privileges to perform certain actions on a table by using the Table.grant() method.

const user = new User(this, 'User', {
  cluster: cluster,
  databaseName: 'databaseName',
});
const table = new Table(this, 'Table', {
  tableColumns: [{ name: 'col1', dataType: 'varchar(4)' }, { name: 'col2', dataType: 'float' }],
  cluster: cluster,
  databaseName: 'databaseName',
});

table.grant(user, TableAction.DROP, TableAction.SELECT);

Take care when managing privileges via the CDK, as attempting to manage a user's privileges on the same table in multiple CDK applications could lead to accidentally overriding these permissions. Consider the following two CDK applications which both refer to the same user and table. In application 1, the resources are created and the user is given INSERT permissions on the table:

const databaseName = 'databaseName';
const username = 'myuser'
const tableName = 'mytable'

const user = new User(this, 'User', {
  username: username,
  cluster: cluster,
  databaseName: databaseName,
});
const table = new Table(this, 'Table', {
  tableColumns: [{ name: 'col1', dataType: 'varchar(4)' }, { name: 'col2', dataType: 'float' }],
  cluster: cluster,
  databaseName: databaseName,
});
table.grant(user, TableAction.INSERT);

In application 2, the resources are imported and the user is given INSERT permissions on the table:

const databaseName = 'databaseName';
const username = 'myuser'
const tableName = 'mytable'

const user = User.fromUserAttributes(this, 'User', {
  username: username,
  password: SecretValue.plainText('NOT_FOR_PRODUCTION'),
  cluster: cluster,
  databaseName: databaseName,
});
const table = Table.fromTableAttributes(this, 'Table', {
  tableName: tableName,
  tableColumns: [{ name: 'col1', dataType: 'varchar(4)' }, { name: 'col2', dataType: 'float' }],
  cluster: cluster,
  databaseName: 'databaseName',
});
table.grant(user, TableAction.INSERT);

Both applications attempt to grant the user the appropriate privilege on the table by submitting a GRANT USER SQL query to the Redshift cluster. Note that the latter of these two calls will have no effect since the user has already been granted the privilege.

Now, if application 1 were to remove the call to grant, a REVOKE USER SQL query is submitted to the Redshift cluster. In general, application 1 does not know that application 2 has also granted this permission and thus cannot decide not to issue the revocation. This leads to the undesirable state where application 2 still contains the call to grant but the user does not have the specified permission.

Note that this does not occur when duplicate privileges are granted within the same application, as such privileges are de-duplicated before any SQL query is submitted.

Documentation

Overview

The CDK Construct Library for AWS::Redshift

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClusterParameterGroup_IsConstruct 

func ClusterParameterGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func ClusterParameterGroup_IsResource 

func ClusterParameterGroup_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func ClusterSubnetGroup_IsConstruct 

func ClusterSubnetGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func ClusterSubnetGroup_IsResource 

func ClusterSubnetGroup_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Cluster_IsConstruct 

func Cluster_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func Cluster_IsResource 

func Cluster_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func DatabaseSecret_FromSecretAttributes 

func DatabaseSecret_FromSecretAttributes(scope constructs.Construct, id *string, attrs *awssecretsmanager.SecretAttributes) awssecretsmanager.ISecret

Import an existing secret into the Stack. Experimental.

func DatabaseSecret_FromSecretCompleteArn 

func DatabaseSecret_FromSecretCompleteArn(scope constructs.Construct, id *string, secretCompleteArn *string) awssecretsmanager.ISecret

Imports a secret by complete ARN.

The complete ARN is the ARN with the Secrets Manager-supplied suffix. Experimental.

func DatabaseSecret_FromSecretNameV2 

func DatabaseSecret_FromSecretNameV2(scope constructs.Construct, id *string, secretName *string) awssecretsmanager.ISecret

Imports a secret by secret name.

A secret with this name must exist in the same account & region. Replaces the deprecated `fromSecretName`. Experimental.

func DatabaseSecret_FromSecretPartialArn 

func DatabaseSecret_FromSecretPartialArn(scope constructs.Construct, id *string, secretPartialArn *string) awssecretsmanager.ISecret

Imports a secret by partial ARN.

The partial ARN is the ARN without the Secrets Manager-supplied suffix. Experimental.

func DatabaseSecret_IsConstruct 

func DatabaseSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func DatabaseSecret_IsResource 

func DatabaseSecret_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewClusterParameterGroup_Override 

func NewClusterParameterGroup_Override(c ClusterParameterGroup, scope constructs.Construct, id *string, props *ClusterParameterGroupProps)

Experimental.

func NewClusterSubnetGroup_Override 

func NewClusterSubnetGroup_Override(c ClusterSubnetGroup, scope constructs.Construct, id *string, props *ClusterSubnetGroupProps)

Experimental.

func NewCluster_Override 

func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)

Experimental.

func NewDatabaseSecret_Override 

func NewDatabaseSecret_Override(d DatabaseSecret, scope constructs.Construct, id *string, props *DatabaseSecretProps)

Experimental.

func NewEndpoint_Override 

func NewEndpoint_Override(e Endpoint, address *string, port *float64)

Experimental.

func NewTable_Override 

func NewTable_Override(t Table, scope constructs.Construct, id *string, props *TableProps)

Experimental.

func NewUser_Override 

func NewUser_Override(u User, scope constructs.Construct, id *string, props *UserProps)

Experimental.

func Table_IsConstruct 

func Table_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func User_IsConstruct 

func User_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

Types

type Cluster 

type Cluster interface {
	awscdk.Resource
	ICluster
	ClusterEndpoint() Endpoint
	ClusterName() *string
	Connections() awsec2.Connections
	Env() *awscdk.ResourceEnvironment
	Node() constructs.Node
	PhysicalName() *string
	Secret() awssecretsmanager.ISecret
	Stack() awscdk.Stack
	AddRotationMultiUser(id *string, options *RotationMultiUserOptions) awssecretsmanager.SecretRotation
	AddRotationSingleUser(automaticallyAfter awscdk.Duration) awssecretsmanager.SecretRotation
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	AsSecretAttachmentTarget() *awssecretsmanager.SecretAttachmentTargetProps
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	ToString() *string
}

Create a Redshift cluster a given number of nodes. Experimental.

func NewCluster 

func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster

Experimental.

type ClusterAttributes 

type ClusterAttributes struct {
	// Cluster endpoint address.
	// Experimental.
	ClusterEndpointAddress *string `json:"clusterEndpointAddress"`
	// Cluster endpoint port.
	// Experimental.
	ClusterEndpointPort *float64 `json:"clusterEndpointPort"`
	// Identifier for the cluster.
	// Experimental.
	ClusterName *string `json:"clusterName"`
	// The security groups of the redshift cluster.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"`
}

Properties that describe an existing cluster instance. Experimental.

type ClusterParameterGroup 

type ClusterParameterGroup interface {
	awscdk.Resource
	IClusterParameterGroup
	ClusterParameterGroupName() *string
	Env() *awscdk.ResourceEnvironment
	Node() constructs.Node
	PhysicalName() *string
	Stack() awscdk.Stack
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	ToString() *string
}

A cluster parameter group. Experimental.

func NewClusterParameterGroup 

func NewClusterParameterGroup(scope constructs.Construct, id *string, props *ClusterParameterGroupProps) ClusterParameterGroup

Experimental.

type ClusterParameterGroupProps 

type ClusterParameterGroupProps struct {
	// The parameters in this parameter group.
	// Experimental.
	Parameters *map[string]*string `json:"parameters"`
	// Description for this parameter group.
	// Experimental.
	Description *string `json:"description"`
}

Properties for a parameter group. Experimental.

type ClusterProps 

type ClusterProps struct {
	// Username and password for the administrative user.
	// Experimental.
	MasterUser *Login `json:"masterUser"`
	// The VPC to place the cluster in.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// An optional identifier for the cluster.
	// Experimental.
	ClusterName *string `json:"clusterName"`
	// Settings for the individual instances that are launched.
	// Experimental.
	ClusterType ClusterType `json:"clusterType"`
	// Name of a database which is automatically created inside the cluster.
	// Experimental.
	DefaultDatabaseName *string `json:"defaultDatabaseName"`
	// Whether to enable encryption of data at rest in the cluster.
	// Experimental.
	Encrypted *bool `json:"encrypted"`
	// The KMS key to use for encryption of data at rest.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// Bucket to send logs to.
	//
	// Logging information includes queries and connection attempts, for the specified Amazon Redshift cluster.
	// Experimental.
	LoggingBucket awss3.IBucket `json:"loggingBucket"`
	// Prefix used for logging.
	// Experimental.
	LoggingKeyPrefix *string `json:"loggingKeyPrefix"`
	// The node type to be provisioned for the cluster.
	// Experimental.
	NodeType NodeType `json:"nodeType"`
	// Number of compute nodes in the cluster. Only specify this property for multi-node clusters.
	//
	// Value must be at least 2 and no more than 100.
	// Experimental.
	NumberOfNodes *float64 `json:"numberOfNodes"`
	// Additional parameters to pass to the database engine https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html.
	// Experimental.
	ParameterGroup IClusterParameterGroup `json:"parameterGroup"`
	// What port to listen on.
	// Experimental.
	Port *float64 `json:"port"`
	// A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC).
	//
	// Example: 'Sun:23:45-Mon:00:15'
	// See: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
	//
	// Experimental.
	PreferredMaintenanceWindow *string `json:"preferredMaintenanceWindow"`
	// Whether to make cluster publicly accessible.
	// Experimental.
	PubliclyAccessible *bool `json:"publiclyAccessible"`
	// The removal policy to apply when the cluster and its instances are removed from the stack or replaced during an update.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// A list of AWS Identity and Access Management (IAM) role that can be used by the cluster to access other AWS services.
	//
	// Specify a maximum of 10 roles.
	// Experimental.
	Roles *[]awsiam.IRole `json:"roles"`
	// Security group.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"`
	// A cluster subnet group to use with this cluster.
	// Experimental.
	SubnetGroup IClusterSubnetGroup `json:"subnetGroup"`
	// Where to place the instances within the VPC.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
}

Properties for a new database cluster. Experimental.

type ClusterSubnetGroup 

type ClusterSubnetGroup interface {
	awscdk.Resource
	IClusterSubnetGroup
	ClusterSubnetGroupName() *string
	Env() *awscdk.ResourceEnvironment
	Node() constructs.Node
	PhysicalName() *string
	Stack() awscdk.Stack
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	ToString() *string
}

Class for creating a Redshift cluster subnet group. Experimental.

func NewClusterSubnetGroup 

func NewClusterSubnetGroup(scope constructs.Construct, id *string, props *ClusterSubnetGroupProps) ClusterSubnetGroup

Experimental.

type ClusterSubnetGroupProps 

type ClusterSubnetGroupProps struct {
	// Description of the subnet group.
	// Experimental.
	Description *string `json:"description"`
	// The VPC to place the subnet group in.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// The removal policy to apply when the subnet group are removed from the stack or replaced during an update.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// Which subnets within the VPC to associate with this group.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
}

Properties for creating a ClusterSubnetGroup. Experimental.

type ClusterType 

type ClusterType string

What cluster type to use.

Used by {@link ClusterProps.clusterType} Experimental. 

const (
	ClusterType_SINGLE_NODE ClusterType = "SINGLE_NODE"
	ClusterType_MULTI_NODE  ClusterType = "MULTI_NODE"
)

type Column 

type Column struct {
	// The data type of the column.
	// Experimental.
	DataType *string `json:"dataType"`
	// The name of the column.
	// Experimental.
	Name *string `json:"name"`
}

A column in a Redshift table. Experimental.

type DatabaseOptions 

type DatabaseOptions struct {
	// The cluster containing the database.
	// Experimental.
	Cluster ICluster `json:"cluster"`
	// The name of the database.
	// Experimental.
	DatabaseName *string `json:"databaseName"`
	// The secret containing credentials to a Redshift user with administrator privileges.
	//
	// Secret JSON schema: `{ username: string; password: string }`.
	// Experimental.
	AdminUser awssecretsmanager.ISecret `json:"adminUser"`
}

Properties for accessing a Redshift database. Experimental.

type DatabaseSecret 

type DatabaseSecret interface {
	awssecretsmanager.Secret
	ArnForPolicies() *string
	AutoCreatePolicy() *bool
	EncryptionKey() awskms.IKey
	Env() *awscdk.ResourceEnvironment
	Node() constructs.Node
	PhysicalName() *string
	SecretArn() *string
	SecretFullArn() *string
	SecretName() *string
	SecretValue() awscdk.SecretValue
	Stack() awscdk.Stack
	AddReplicaRegion(region *string, encryptionKey awskms.IKey)
	AddRotationSchedule(id *string, options *awssecretsmanager.RotationScheduleOptions) awssecretsmanager.RotationSchedule
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	Attach(target awssecretsmanager.ISecretAttachmentTarget) awssecretsmanager.ISecret
	DenyAccountRootDelete()
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	SecretValueFromJson(jsonField *string) awscdk.SecretValue
	ToString() *string
}

A database secret. Experimental.

func NewDatabaseSecret 

func NewDatabaseSecret(scope constructs.Construct, id *string, props *DatabaseSecretProps) DatabaseSecret

Experimental.

type DatabaseSecretProps 

type DatabaseSecretProps struct {
	// The username.
	// Experimental.
	Username *string `json:"username"`
	// The KMS key to use to encrypt the secret.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
}

Construction properties for a DatabaseSecret. Experimental.

type Endpoint 

type Endpoint interface {
	Hostname() *string
	Port() *float64
	SocketAddress() *string
}

Connection endpoint of a redshift cluster.

Consists of a combination of hostname and port. Experimental.

func NewEndpoint 

func NewEndpoint(address *string, port *float64) Endpoint

Experimental.

type ICluster 

type ICluster interface {
	awsec2.IConnectable
	awscdk.IResource
	awssecretsmanager.ISecretAttachmentTarget
	// The endpoint to use for read/write operations.
	// Experimental.
	ClusterEndpoint() Endpoint
	// Name of the cluster.
	// Experimental.
	ClusterName() *string
}

Create a Redshift Cluster with a given number of nodes.

Implemented by {@link Cluster} via {@link ClusterBase}. Experimental.

func Cluster_FromClusterAttributes 

func Cluster_FromClusterAttributes(scope constructs.Construct, id *string, attrs *ClusterAttributes) ICluster

Import an existing DatabaseCluster from properties. Experimental.

type IClusterParameterGroup 

type IClusterParameterGroup interface {
	awscdk.IResource
	// The name of this parameter group.
	// Experimental.
	ClusterParameterGroupName() *string
}

A parameter group. Experimental.

func ClusterParameterGroup_FromClusterParameterGroupName 

func ClusterParameterGroup_FromClusterParameterGroupName(scope constructs.Construct, id *string, clusterParameterGroupName *string) IClusterParameterGroup

Imports a parameter group. Experimental.

type IClusterSubnetGroup 

type IClusterSubnetGroup interface {
	awscdk.IResource
	// The name of the cluster subnet group.
	// Experimental.
	ClusterSubnetGroupName() *string
}

Interface for a cluster subnet group. Experimental.

func ClusterSubnetGroup_FromClusterSubnetGroupName 

func ClusterSubnetGroup_FromClusterSubnetGroupName(scope constructs.Construct, id *string, clusterSubnetGroupName *string) IClusterSubnetGroup

Imports an existing subnet group by name. Experimental.

type ITable 

type ITable interface {
	constructs.IConstruct
	// Grant a user privilege to access this table.
	// Experimental.
	Grant(user IUser, actions ...TableAction)
	// The cluster where the table is located.
	// Experimental.
	Cluster() ICluster
	// The name of the database where the table is located.
	// Experimental.
	DatabaseName() *string
	// The columns of the table.
	// Experimental.
	TableColumns() *[]*Column
	// Name of the table.
	// Experimental.
	TableName() *string
}

Represents a table in a Redshift database. Experimental.

func Table_FromTableAttributes 

func Table_FromTableAttributes(scope constructs.Construct, id *string, attrs *TableAttributes) ITable

Specify a Redshift table using a table name and schema that already exists. Experimental.

type IUser 

type IUser interface {
	constructs.IConstruct
	// Grant this user privilege to access a table.
	// Experimental.
	AddTablePrivileges(table ITable, actions ...TableAction)
	// The cluster where the table is located.
	// Experimental.
	Cluster() ICluster
	// The name of the database where the table is located.
	// Experimental.
	DatabaseName() *string
	// The password of the user.
	// Experimental.
	Password() awscdk.SecretValue
	// The name of the user.
	// Experimental.
	Username() *string
}

Represents a user in a Redshift database. Experimental.

func User_FromUserAttributes 

func User_FromUserAttributes(scope constructs.Construct, id *string, attrs *UserAttributes) IUser

Specify a Redshift user using credentials that already exist. Experimental.

type Login 

type Login struct {
	// Username.
	// Experimental.
	MasterUsername *string `json:"masterUsername"`
	// KMS encryption key to encrypt the generated secret.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// Password.
	//
	// Do not put passwords in your CDK code directly.
	// Experimental.
	MasterPassword awscdk.SecretValue `json:"masterPassword"`
}

Username and password combination. Experimental.

type NodeType 

type NodeType string

Possible Node Types to use in the cluster used for defining {@link ClusterProps.nodeType}. Experimental. 

const (
	NodeType_DS2_XLARGE   NodeType = "DS2_XLARGE"
	NodeType_DS2_8XLARGE  NodeType = "DS2_8XLARGE"
	NodeType_DC1_LARGE    NodeType = "DC1_LARGE"
	NodeType_DC1_8XLARGE  NodeType = "DC1_8XLARGE"
	NodeType_DC2_LARGE    NodeType = "DC2_LARGE"
	NodeType_DC2_8XLARGE  NodeType = "DC2_8XLARGE"
	NodeType_RA3_XLPLUS   NodeType = "RA3_XLPLUS"
	NodeType_RA3_4XLARGE  NodeType = "RA3_4XLARGE"
	NodeType_RA3_16XLARGE NodeType = "RA3_16XLARGE"
)

type RotationMultiUserOptions 

type RotationMultiUserOptions struct {
	// The secret to rotate.
	//
	// It must be a JSON string with the following format:
	// “`
	// {
	//    "engine": <required: database engine>,
	//    "host": <required: instance host name>,
	//    "username": <required: username>,
	//    "password": <required: password>,
	//    "dbname": <optional: database name>,
	//    "port": <optional: if not specified, default port will be used>,
	//    "masterarn": <required: the arn of the master secret which will be used to create users/change passwords>
	// }
	// “`
	// Experimental.
	Secret awssecretsmanager.ISecret `json:"secret"`
	// Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
	// Experimental.
	AutomaticallyAfter awscdk.Duration `json:"automaticallyAfter"`
}

Options to add the multi user rotation. Experimental.

type Table 

type Table interface {
	constructs.Construct
	ITable
	Cluster() ICluster
	DatabaseName() *string
	Node() constructs.Node
	TableColumns() *[]*Column
	TableName() *string
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	Grant(user IUser, actions ...TableAction)
	ToString() *string
}

A table in a Redshift cluster. Experimental.

func NewTable 

func NewTable(scope constructs.Construct, id *string, props *TableProps) Table

Experimental.

type TableAction 

type TableAction string

An action that a Redshift user can be granted privilege to perform on a table. Experimental. 

const (
	TableAction_SELECT     TableAction = "SELECT"
	TableAction_INSERT     TableAction = "INSERT"
	TableAction_UPDATE     TableAction = "UPDATE"
	TableAction_DELETE     TableAction = "DELETE"
	TableAction_DROP       TableAction = "DROP"
	TableAction_REFERENCES TableAction = "REFERENCES"
	TableAction_ALL        TableAction = "ALL"
)

type TableAttributes 

type TableAttributes struct {
	// The cluster where the table is located.
	// Experimental.
	Cluster ICluster `json:"cluster"`
	// The name of the database where the table is located.
	// Experimental.
	DatabaseName *string `json:"databaseName"`
	// The columns of the table.
	// Experimental.
	TableColumns *[]*Column `json:"tableColumns"`
	// Name of the table.
	// Experimental.
	TableName *string `json:"tableName"`
}

A full specification of a Redshift table that can be used to import it fluently into the CDK application. Experimental.

type TableProps 

type TableProps struct {
	// The cluster containing the database.
	// Experimental.
	Cluster ICluster `json:"cluster"`
	// The name of the database.
	// Experimental.
	DatabaseName *string `json:"databaseName"`
	// The secret containing credentials to a Redshift user with administrator privileges.
	//
	// Secret JSON schema: `{ username: string; password: string }`.
	// Experimental.
	AdminUser awssecretsmanager.ISecret `json:"adminUser"`
	// The columns of the table.
	// Experimental.
	TableColumns *[]*Column `json:"tableColumns"`
	// The policy to apply when this resource is removed from the application.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// The name of the table.
	// Experimental.
	TableName *string `json:"tableName"`
}

Properties for configuring a Redshift table. Experimental.

type User 

type User interface {
	constructs.Construct
	IUser
	Cluster() ICluster
	DatabaseName() *string
	DatabaseProps() *DatabaseOptions
	SetDatabaseProps(val *DatabaseOptions)
	Node() constructs.Node
	Password() awscdk.SecretValue
	Username() *string
	AddTablePrivileges(table ITable, actions ...TableAction)
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ToString() *string
}

A user in a Redshift cluster. Experimental.

func NewUser 

func NewUser(scope constructs.Construct, id *string, props *UserProps) User

Experimental.

type UserAttributes 

type UserAttributes struct {
	// The cluster containing the database.
	// Experimental.
	Cluster ICluster `json:"cluster"`
	// The name of the database.
	// Experimental.
	DatabaseName *string `json:"databaseName"`
	// The secret containing credentials to a Redshift user with administrator privileges.
	//
	// Secret JSON schema: `{ username: string; password: string }`.
	// Experimental.
	AdminUser awssecretsmanager.ISecret `json:"adminUser"`
	// The password of the user.
	//
	// Do not put passwords in CDK code directly.
	// Experimental.
	Password awscdk.SecretValue `json:"password"`
	// The name of the user.
	// Experimental.
	Username *string `json:"username"`
}

A full specification of a Redshift user that can be used to import it fluently into the CDK application. Experimental.

type UserProps 

type UserProps struct {
	// The cluster containing the database.
	// Experimental.
	Cluster ICluster `json:"cluster"`
	// The name of the database.
	// Experimental.
	DatabaseName *string `json:"databaseName"`
	// The secret containing credentials to a Redshift user with administrator privileges.
	//
	// Secret JSON schema: `{ username: string; password: string }`.
	// Experimental.
	AdminUser awssecretsmanager.ISecret `json:"adminUser"`
	// KMS key to encrypt the generated secret.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// The policy to apply when this resource is removed from the application.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// The name of the user.
	//
	// For valid values, see: https://docs.aws.amazon.com/redshift/latest/dg/r_names.html
	// Experimental.
	Username *string `json:"username"`
}

Properties for configuring a Redshift user. Experimental.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.