secretsmanager

package
v1.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type LookupResourcePolicyArgs added in v0.12.0 

type LookupResourcePolicyArgs struct {
	// The Arn of the secret.
	Id string `pulumi:"id"`
}

type LookupResourcePolicyOutputArgs added in v0.12.0 

type LookupResourcePolicyOutputArgs struct {
	// The Arn of the secret.
	Id pulumi.StringInput `pulumi:"id"`
}

func (LookupResourcePolicyOutputArgs) ElementType added in v0.12.0 

func (LookupResourcePolicyOutputArgs) ElementType() reflect.Type

type LookupResourcePolicyResult added in v0.12.0 

type LookupResourcePolicyResult struct {
	// The Arn of the secret.
	Id *string `pulumi:"id"`
	// A JSON-formatted string for an AWS resource-based policy.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SecretsManager::ResourcePolicy` for more information about the expected schema for this property.
	ResourcePolicy interface{} `pulumi:"resourcePolicy"`
}

func LookupResourcePolicy added in v0.12.0 

func LookupResourcePolicy(ctx *pulumi.Context, args *LookupResourcePolicyArgs, opts ...pulumi.InvokeOption) (*LookupResourcePolicyResult, error)

Resource Type definition for AWS::SecretsManager::ResourcePolicy

type LookupResourcePolicyResultOutput added in v0.12.0 

type LookupResourcePolicyResultOutput struct{ *pulumi.OutputState }

func LookupResourcePolicyOutput added in v0.12.0 

func LookupResourcePolicyOutput(ctx *pulumi.Context, args LookupResourcePolicyOutputArgs, opts ...pulumi.InvokeOption) LookupResourcePolicyResultOutput

func (LookupResourcePolicyResultOutput) ElementType added in v0.12.0 

func (LookupResourcePolicyResultOutput) ElementType() reflect.Type

func (LookupResourcePolicyResultOutput) Id added in v0.12.0 

func (o LookupResourcePolicyResultOutput) Id() pulumi.StringPtrOutput

The Arn of the secret.

func (LookupResourcePolicyResultOutput) ResourcePolicy added in v0.12.0 

func (o LookupResourcePolicyResultOutput) ResourcePolicy() pulumi.AnyOutput

A JSON-formatted string for an AWS resource-based policy.

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SecretsManager::ResourcePolicy` for more information about the expected schema for this property.

func (LookupResourcePolicyResultOutput) ToLookupResourcePolicyResultOutput added in v0.12.0 

func (o LookupResourcePolicyResultOutput) ToLookupResourcePolicyResultOutput() LookupResourcePolicyResultOutput

func (LookupResourcePolicyResultOutput) ToLookupResourcePolicyResultOutputWithContext added in v0.12.0 

func (o LookupResourcePolicyResultOutput) ToLookupResourcePolicyResultOutputWithContext(ctx context.Context) LookupResourcePolicyResultOutput

type LookupRotationScheduleArgs added in v0.12.0 

type LookupRotationScheduleArgs struct {
	// The ARN of the secret.
	Id string `pulumi:"id"`
}

type LookupRotationScheduleOutputArgs added in v0.12.0 

type LookupRotationScheduleOutputArgs struct {
	// The ARN of the secret.
	Id pulumi.StringInput `pulumi:"id"`
}

func (LookupRotationScheduleOutputArgs) ElementType added in v0.12.0 

func (LookupRotationScheduleOutputArgs) ElementType() reflect.Type

type LookupRotationScheduleResult added in v0.12.0 

type LookupRotationScheduleResult struct {
	// The ARN of the secret.
	Id *string `pulumi:"id"`
	// The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.
	RotationLambdaArn *string `pulumi:"rotationLambdaArn"`
	// A structure that defines the rotation configuration for this secret.
	RotationRules *RotationScheduleRotationRules `pulumi:"rotationRules"`
}

func LookupRotationSchedule added in v0.12.0 

func LookupRotationSchedule(ctx *pulumi.Context, args *LookupRotationScheduleArgs, opts ...pulumi.InvokeOption) (*LookupRotationScheduleResult, error)

Resource Type definition for AWS::SecretsManager::RotationSchedule

type LookupRotationScheduleResultOutput added in v0.12.0 

type LookupRotationScheduleResultOutput struct{ *pulumi.OutputState }

func LookupRotationScheduleOutput added in v0.12.0 

func LookupRotationScheduleOutput(ctx *pulumi.Context, args LookupRotationScheduleOutputArgs, opts ...pulumi.InvokeOption) LookupRotationScheduleResultOutput

func (LookupRotationScheduleResultOutput) ElementType added in v0.12.0 

func (LookupRotationScheduleResultOutput) ElementType() reflect.Type

func (LookupRotationScheduleResultOutput) Id added in v0.12.0 

func (o LookupRotationScheduleResultOutput) Id() pulumi.StringPtrOutput

The ARN of the secret.

func (LookupRotationScheduleResultOutput) RotationLambdaArn added in v0.72.0 

func (o LookupRotationScheduleResultOutput) RotationLambdaArn() pulumi.StringPtrOutput

The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.

func (LookupRotationScheduleResultOutput) RotationRules added in v0.12.0 

func (o LookupRotationScheduleResultOutput) RotationRules() RotationScheduleRotationRulesPtrOutput

A structure that defines the rotation configuration for this secret.

func (LookupRotationScheduleResultOutput) ToLookupRotationScheduleResultOutput added in v0.12.0 

func (o LookupRotationScheduleResultOutput) ToLookupRotationScheduleResultOutput() LookupRotationScheduleResultOutput

func (LookupRotationScheduleResultOutput) ToLookupRotationScheduleResultOutputWithContext added in v0.12.0 

func (o LookupRotationScheduleResultOutput) ToLookupRotationScheduleResultOutputWithContext(ctx context.Context) LookupRotationScheduleResultOutput

type LookupSecretArgs added in v0.12.0 

type LookupSecretArgs struct {
	// The ARN of the secret.
	Id string `pulumi:"id"`
}

type LookupSecretOutputArgs added in v0.12.0 

type LookupSecretOutputArgs struct {
	// The ARN of the secret.
	Id pulumi.StringInput `pulumi:"id"`
}

func (LookupSecretOutputArgs) ElementType added in v0.12.0 

func (LookupSecretOutputArgs) ElementType() reflect.Type

type LookupSecretResult added in v0.12.0 

type LookupSecretResult struct {
	// The description of the secret.
	Description *string `pulumi:"description"`
	// The ARN of the secret.
	Id *string `pulumi:"id"`
	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by “alias/“, for example “alias/aws/secretsmanager“. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
	//  To use a KMS key in a different account, use the key ARN or the alias ARN.
	//  If you don't specify this value, then Secrets Manager uses the key “aws/secretsmanager“. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
	//  If the secret is in a different AWS account from the credentials calling the API, then you can't use “aws/secretsmanager“ to encrypt the secret, and you must create and use a customer managed KMS key.
	KmsKeyId *string `pulumi:"kmsKeyId"`
	// A custom type that specifies a “Region“ and the “KmsKeyId“ for a replica secret.
	ReplicaRegions []SecretReplicaRegion `pulumi:"replicaRegions"`
	// A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:
	//   “[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]“
	//  Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
	//  Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
	//  If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an “Access Denied“ error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
	//  For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
	//  The following restrictions apply to tags:
	//   +  Maximum number of tags per secret: 50
	//   +  Maximum key length: 127 Unicode characters in UTF-8
	//   +  Maximum value length: 255 Unicode characters in UTF-8
	//   +  Tag keys and values are case sensitive.
	//   +  Do not use the “aws:“ prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
	//   +  If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
	Tags []aws.Tag `pulumi:"tags"`
}

func LookupSecret added in v0.12.0 

func LookupSecret(ctx *pulumi.Context, args *LookupSecretArgs, opts ...pulumi.InvokeOption) (*LookupSecretResult, error)

Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. 

For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html).
For RS admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html).
To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html).
For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html).
For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).

type LookupSecretResultOutput added in v0.12.0 

type LookupSecretResultOutput struct{ *pulumi.OutputState }

func LookupSecretOutput added in v0.12.0 

func LookupSecretOutput(ctx *pulumi.Context, args LookupSecretOutputArgs, opts ...pulumi.InvokeOption) LookupSecretResultOutput

func (LookupSecretResultOutput) Description added in v0.12.0 

func (o LookupSecretResultOutput) Description() pulumi.StringPtrOutput

The description of the secret.

func (LookupSecretResultOutput) ElementType added in v0.12.0 

func (LookupSecretResultOutput) ElementType() reflect.Type

func (LookupSecretResultOutput) Id added in v0.12.0 

func (o LookupSecretResultOutput) Id() pulumi.StringPtrOutput

The ARN of the secret.

func (LookupSecretResultOutput) KmsKeyId added in v0.12.0 

func (o LookupSecretResultOutput) KmsKeyId() pulumi.StringPtrOutput

The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by “alias/“, for example “alias/aws/secretsmanager“. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). 

To use a KMS key in a different account, use the key ARN or the alias ARN.
If you don't specify this value, then Secrets Manager uses the key ``aws/secretsmanager``. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
If the secret is in a different AWS account from the credentials calling the API, then you can't use ``aws/secretsmanager`` to encrypt the secret, and you must create and use a customer managed KMS key.

func (LookupSecretResultOutput) ReplicaRegions added in v0.12.0 

func (o LookupSecretResultOutput) ReplicaRegions() SecretReplicaRegionArrayOutput

A custom type that specifies a “Region“ and the “KmsKeyId“ for a replica secret.

func (LookupSecretResultOutput) Tags added in v0.12.0 

func (o LookupSecretResultOutput) Tags() aws.TagArrayOutput

A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example: 

 ``[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]``
Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an ``Access Denied`` error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
The following restrictions apply to tags:
 +  Maximum number of tags per secret: 50
 +  Maximum key length: 127 Unicode characters in UTF-8
 +  Maximum value length: 255 Unicode characters in UTF-8
 +  Tag keys and values are case sensitive.
 +  Do not use the ``aws:`` prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
 +  If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

func (LookupSecretResultOutput) ToLookupSecretResultOutput added in v0.12.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutput() LookupSecretResultOutput

func (LookupSecretResultOutput) ToLookupSecretResultOutputWithContext added in v0.12.0 

func (o LookupSecretResultOutput) ToLookupSecretResultOutputWithContext(ctx context.Context) LookupSecretResultOutput

type LookupSecretTargetAttachmentArgs added in v0.12.0 

type LookupSecretTargetAttachmentArgs struct {
	Id string `pulumi:"id"`
}

type LookupSecretTargetAttachmentOutputArgs added in v0.12.0 

type LookupSecretTargetAttachmentOutputArgs struct {
	Id pulumi.StringInput `pulumi:"id"`
}

func (LookupSecretTargetAttachmentOutputArgs) ElementType added in v0.12.0 

func (LookupSecretTargetAttachmentOutputArgs) ElementType() reflect.Type

type LookupSecretTargetAttachmentResult added in v0.12.0 

type LookupSecretTargetAttachmentResult struct {
	Id *string `pulumi:"id"`
	// The ID of the database or cluster.
	TargetId *string `pulumi:"targetId"`
	// A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:
	//
	// - AWS::RDS::DBInstance
	// - AWS::RDS::DBCluster
	// - AWS::Redshift::Cluster
	// - AWS::RedshiftServerless::Namespace
	// - AWS::DocDB::DBInstance
	// - AWS::DocDB::DBCluster
	// - AWS::DocDBElastic::Cluster
	TargetType *string `pulumi:"targetType"`
}

func LookupSecretTargetAttachment added in v0.12.0 

func LookupSecretTargetAttachment(ctx *pulumi.Context, args *LookupSecretTargetAttachmentArgs, opts ...pulumi.InvokeOption) (*LookupSecretTargetAttachmentResult, error)

Resource Type definition for AWS::SecretsManager::SecretTargetAttachment

type LookupSecretTargetAttachmentResultOutput added in v0.12.0 

type LookupSecretTargetAttachmentResultOutput struct{ *pulumi.OutputState }

func LookupSecretTargetAttachmentOutput added in v0.12.0 

func LookupSecretTargetAttachmentOutput(ctx *pulumi.Context, args LookupSecretTargetAttachmentOutputArgs, opts ...pulumi.InvokeOption) LookupSecretTargetAttachmentResultOutput

func (LookupSecretTargetAttachmentResultOutput) ElementType added in v0.12.0 

func (LookupSecretTargetAttachmentResultOutput) ElementType() reflect.Type

func (LookupSecretTargetAttachmentResultOutput) Id added in v0.12.0 

func (o LookupSecretTargetAttachmentResultOutput) Id() pulumi.StringPtrOutput

func (LookupSecretTargetAttachmentResultOutput) TargetId added in v0.12.0 

func (o LookupSecretTargetAttachmentResultOutput) TargetId() pulumi.StringPtrOutput

The ID of the database or cluster.

func (LookupSecretTargetAttachmentResultOutput) TargetType added in v0.12.0 

func (o LookupSecretTargetAttachmentResultOutput) TargetType() pulumi.StringPtrOutput

A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:

- AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster

func (LookupSecretTargetAttachmentResultOutput) ToLookupSecretTargetAttachmentResultOutput added in v0.12.0 

func (o LookupSecretTargetAttachmentResultOutput) ToLookupSecretTargetAttachmentResultOutput() LookupSecretTargetAttachmentResultOutput

func (LookupSecretTargetAttachmentResultOutput) ToLookupSecretTargetAttachmentResultOutputWithContext added in v0.12.0 

func (o LookupSecretTargetAttachmentResultOutput) ToLookupSecretTargetAttachmentResultOutputWithContext(ctx context.Context) LookupSecretTargetAttachmentResultOutput

type ResourcePolicy 

type ResourcePolicy struct {
	pulumi.CustomResourceState

	// The Arn of the secret.
	AwsId pulumi.StringOutput `pulumi:"awsId"`
	// Specifies whether to block resource-based policies that allow broad access to the secret.
	BlockPublicPolicy pulumi.BoolPtrOutput `pulumi:"blockPublicPolicy"`
	// A JSON-formatted string for an AWS resource-based policy.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SecretsManager::ResourcePolicy` for more information about the expected schema for this property.
	ResourcePolicy pulumi.AnyOutput `pulumi:"resourcePolicy"`
	// The ARN or name of the secret to attach the resource-based policy.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
}

Resource Type definition for AWS::SecretsManager::ResourcePolicy

func GetResourcePolicy 

func GetResourcePolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ResourcePolicyState, opts ...pulumi.ResourceOption) (*ResourcePolicy, error)

GetResourcePolicy gets an existing ResourcePolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewResourcePolicy 

func NewResourcePolicy(ctx *pulumi.Context,
	name string, args *ResourcePolicyArgs, opts ...pulumi.ResourceOption) (*ResourcePolicy, error)

NewResourcePolicy registers a new resource with the given unique name, arguments, and options.

func (*ResourcePolicy) ElementType 

func (*ResourcePolicy) ElementType() reflect.Type

func (*ResourcePolicy) ToResourcePolicyOutput 

func (i *ResourcePolicy) ToResourcePolicyOutput() ResourcePolicyOutput

func (*ResourcePolicy) ToResourcePolicyOutputWithContext 

func (i *ResourcePolicy) ToResourcePolicyOutputWithContext(ctx context.Context) ResourcePolicyOutput

type ResourcePolicyArgs 

type ResourcePolicyArgs struct {
	// Specifies whether to block resource-based policies that allow broad access to the secret.
	BlockPublicPolicy pulumi.BoolPtrInput
	// A JSON-formatted string for an AWS resource-based policy.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SecretsManager::ResourcePolicy` for more information about the expected schema for this property.
	ResourcePolicy pulumi.Input
	// The ARN or name of the secret to attach the resource-based policy.
	SecretId pulumi.StringInput
}

The set of arguments for constructing a ResourcePolicy resource.

func (ResourcePolicyArgs) ElementType 

func (ResourcePolicyArgs) ElementType() reflect.Type

type ResourcePolicyInput 

type ResourcePolicyInput interface {
	pulumi.Input

	ToResourcePolicyOutput() ResourcePolicyOutput
	ToResourcePolicyOutputWithContext(ctx context.Context) ResourcePolicyOutput
}

type ResourcePolicyOutput 

type ResourcePolicyOutput struct{ *pulumi.OutputState }

func (ResourcePolicyOutput) AwsId added in v0.112.0 

func (o ResourcePolicyOutput) AwsId() pulumi.StringOutput

The Arn of the secret.

func (ResourcePolicyOutput) BlockPublicPolicy added in v0.17.0 

func (o ResourcePolicyOutput) BlockPublicPolicy() pulumi.BoolPtrOutput

Specifies whether to block resource-based policies that allow broad access to the secret.

func (ResourcePolicyOutput) ElementType 

func (ResourcePolicyOutput) ElementType() reflect.Type

func (ResourcePolicyOutput) ResourcePolicy added in v0.17.0 

func (o ResourcePolicyOutput) ResourcePolicy() pulumi.AnyOutput

A JSON-formatted string for an AWS resource-based policy.

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SecretsManager::ResourcePolicy` for more information about the expected schema for this property.

func (ResourcePolicyOutput) SecretId added in v0.17.0 

func (o ResourcePolicyOutput) SecretId() pulumi.StringOutput

The ARN or name of the secret to attach the resource-based policy.

func (ResourcePolicyOutput) ToResourcePolicyOutput 

func (o ResourcePolicyOutput) ToResourcePolicyOutput() ResourcePolicyOutput

func (ResourcePolicyOutput) ToResourcePolicyOutputWithContext 

func (o ResourcePolicyOutput) ToResourcePolicyOutputWithContext(ctx context.Context) ResourcePolicyOutput

type ResourcePolicyState 

type ResourcePolicyState struct {
}

func (ResourcePolicyState) ElementType 

func (ResourcePolicyState) ElementType() reflect.Type

type RotationSchedule 

type RotationSchedule struct {
	pulumi.CustomResourceState

	// The ARN of the secret.
	AwsId pulumi.StringOutput `pulumi:"awsId"`
	// Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead.
	HostedRotationLambda RotationScheduleHostedRotationLambdaPtrOutput `pulumi:"hostedRotationLambda"`
	// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
	RotateImmediatelyOnUpdate pulumi.BoolPtrOutput `pulumi:"rotateImmediatelyOnUpdate"`
	// The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.
	RotationLambdaArn pulumi.StringPtrOutput `pulumi:"rotationLambdaArn"`
	// A structure that defines the rotation configuration for this secret.
	RotationRules RotationScheduleRotationRulesPtrOutput `pulumi:"rotationRules"`
	// The ARN or name of the secret to rotate.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
}

Resource Type definition for AWS::SecretsManager::RotationSchedule

func GetRotationSchedule 

func GetRotationSchedule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RotationScheduleState, opts ...pulumi.ResourceOption) (*RotationSchedule, error)

GetRotationSchedule gets an existing RotationSchedule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRotationSchedule 

func NewRotationSchedule(ctx *pulumi.Context,
	name string, args *RotationScheduleArgs, opts ...pulumi.ResourceOption) (*RotationSchedule, error)

NewRotationSchedule registers a new resource with the given unique name, arguments, and options.

func (*RotationSchedule) ElementType 

func (*RotationSchedule) ElementType() reflect.Type

func (*RotationSchedule) ToRotationScheduleOutput 

func (i *RotationSchedule) ToRotationScheduleOutput() RotationScheduleOutput

func (*RotationSchedule) ToRotationScheduleOutputWithContext 

func (i *RotationSchedule) ToRotationScheduleOutputWithContext(ctx context.Context) RotationScheduleOutput

type RotationScheduleArgs 

type RotationScheduleArgs struct {
	// Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead.
	HostedRotationLambda RotationScheduleHostedRotationLambdaPtrInput
	// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
	RotateImmediatelyOnUpdate pulumi.BoolPtrInput
	// The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.
	RotationLambdaArn pulumi.StringPtrInput
	// A structure that defines the rotation configuration for this secret.
	RotationRules RotationScheduleRotationRulesPtrInput
	// The ARN or name of the secret to rotate.
	SecretId pulumi.StringInput
}

The set of arguments for constructing a RotationSchedule resource.

func (RotationScheduleArgs) ElementType 

func (RotationScheduleArgs) ElementType() reflect.Type

type RotationScheduleHostedRotationLambda 

type RotationScheduleHostedRotationLambda struct {
	// A string of the characters that you don't want in the password.
	ExcludeCharacters *string `pulumi:"excludeCharacters"`
	// The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
	KmsKeyArn *string `pulumi:"kmsKeyArn"`
	// The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.
	MasterSecretArn *string `pulumi:"masterSecretArn"`
	// The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.
	MasterSecretKmsKeyArn *string `pulumi:"masterSecretKmsKeyArn"`
	// The name of the Lambda rotation function.
	RotationLambdaName *string `pulumi:"rotationLambdaName"`
	// The type of rotation template to use
	RotationType string `pulumi:"rotationType"`
	// The python runtime associated with the Lambda function
	Runtime *string `pulumi:"runtime"`
	// The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.
	SuperuserSecretArn *string `pulumi:"superuserSecretArn"`
	// The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.
	SuperuserSecretKmsKeyArn *string `pulumi:"superuserSecretKmsKeyArn"`
	// A comma-separated list of security group IDs applied to the target database.
	VpcSecurityGroupIds *string `pulumi:"vpcSecurityGroupIds"`
	// A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.
	VpcSubnetIds *string `pulumi:"vpcSubnetIds"`
}

type RotationScheduleHostedRotationLambdaArgs 

type RotationScheduleHostedRotationLambdaArgs struct {
	// A string of the characters that you don't want in the password.
	ExcludeCharacters pulumi.StringPtrInput `pulumi:"excludeCharacters"`
	// The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
	KmsKeyArn pulumi.StringPtrInput `pulumi:"kmsKeyArn"`
	// The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.
	MasterSecretArn pulumi.StringPtrInput `pulumi:"masterSecretArn"`
	// The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.
	MasterSecretKmsKeyArn pulumi.StringPtrInput `pulumi:"masterSecretKmsKeyArn"`
	// The name of the Lambda rotation function.
	RotationLambdaName pulumi.StringPtrInput `pulumi:"rotationLambdaName"`
	// The type of rotation template to use
	RotationType pulumi.StringInput `pulumi:"rotationType"`
	// The python runtime associated with the Lambda function
	Runtime pulumi.StringPtrInput `pulumi:"runtime"`
	// The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.
	SuperuserSecretArn pulumi.StringPtrInput `pulumi:"superuserSecretArn"`
	// The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.
	SuperuserSecretKmsKeyArn pulumi.StringPtrInput `pulumi:"superuserSecretKmsKeyArn"`
	// A comma-separated list of security group IDs applied to the target database.
	VpcSecurityGroupIds pulumi.StringPtrInput `pulumi:"vpcSecurityGroupIds"`
	// A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.
	VpcSubnetIds pulumi.StringPtrInput `pulumi:"vpcSubnetIds"`
}

func (RotationScheduleHostedRotationLambdaArgs) ElementType 

func (RotationScheduleHostedRotationLambdaArgs) ElementType() reflect.Type

func (RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaOutput 

func (i RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaOutput() RotationScheduleHostedRotationLambdaOutput

func (RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaOutputWithContext 

func (i RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaOutputWithContext(ctx context.Context) RotationScheduleHostedRotationLambdaOutput

func (RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaPtrOutput 

func (i RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaPtrOutput() RotationScheduleHostedRotationLambdaPtrOutput

func (RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext 

func (i RotationScheduleHostedRotationLambdaArgs) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext(ctx context.Context) RotationScheduleHostedRotationLambdaPtrOutput

type RotationScheduleHostedRotationLambdaInput 

type RotationScheduleHostedRotationLambdaInput interface {
	pulumi.Input

	ToRotationScheduleHostedRotationLambdaOutput() RotationScheduleHostedRotationLambdaOutput
	ToRotationScheduleHostedRotationLambdaOutputWithContext(context.Context) RotationScheduleHostedRotationLambdaOutput
}

RotationScheduleHostedRotationLambdaInput is an input type that accepts RotationScheduleHostedRotationLambdaArgs and RotationScheduleHostedRotationLambdaOutput values. You can construct a concrete instance of `RotationScheduleHostedRotationLambdaInput` via: 

RotationScheduleHostedRotationLambdaArgs{...}

type RotationScheduleHostedRotationLambdaOutput 

type RotationScheduleHostedRotationLambdaOutput struct{ *pulumi.OutputState }

func (RotationScheduleHostedRotationLambdaOutput) ElementType 

func (RotationScheduleHostedRotationLambdaOutput) ElementType() reflect.Type

func (RotationScheduleHostedRotationLambdaOutput) ExcludeCharacters added in v0.17.0 

func (o RotationScheduleHostedRotationLambdaOutput) ExcludeCharacters() pulumi.StringPtrOutput

A string of the characters that you don't want in the password.

func (RotationScheduleHostedRotationLambdaOutput) KmsKeyArn 

func (o RotationScheduleHostedRotationLambdaOutput) KmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

func (RotationScheduleHostedRotationLambdaOutput) MasterSecretArn 

func (o RotationScheduleHostedRotationLambdaOutput) MasterSecretArn() pulumi.StringPtrOutput

The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.

func (RotationScheduleHostedRotationLambdaOutput) MasterSecretKmsKeyArn 

func (o RotationScheduleHostedRotationLambdaOutput) MasterSecretKmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.

func (RotationScheduleHostedRotationLambdaOutput) RotationLambdaName 

func (o RotationScheduleHostedRotationLambdaOutput) RotationLambdaName() pulumi.StringPtrOutput

The name of the Lambda rotation function.

func (RotationScheduleHostedRotationLambdaOutput) RotationType 

func (o RotationScheduleHostedRotationLambdaOutput) RotationType() pulumi.StringOutput

The type of rotation template to use

func (RotationScheduleHostedRotationLambdaOutput) Runtime added in v0.52.0 

func (o RotationScheduleHostedRotationLambdaOutput) Runtime() pulumi.StringPtrOutput

The python runtime associated with the Lambda function

func (RotationScheduleHostedRotationLambdaOutput) SuperuserSecretArn added in v0.5.0 

func (o RotationScheduleHostedRotationLambdaOutput) SuperuserSecretArn() pulumi.StringPtrOutput

The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.

func (RotationScheduleHostedRotationLambdaOutput) SuperuserSecretKmsKeyArn added in v0.5.0 

func (o RotationScheduleHostedRotationLambdaOutput) SuperuserSecretKmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.

func (RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaOutput 

func (o RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaOutput() RotationScheduleHostedRotationLambdaOutput

func (RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaOutputWithContext 

func (o RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaOutputWithContext(ctx context.Context) RotationScheduleHostedRotationLambdaOutput

func (RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaPtrOutput 

func (o RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaPtrOutput() RotationScheduleHostedRotationLambdaPtrOutput

func (RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext 

func (o RotationScheduleHostedRotationLambdaOutput) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext(ctx context.Context) RotationScheduleHostedRotationLambdaPtrOutput

func (RotationScheduleHostedRotationLambdaOutput) VpcSecurityGroupIds 

func (o RotationScheduleHostedRotationLambdaOutput) VpcSecurityGroupIds() pulumi.StringPtrOutput

A comma-separated list of security group IDs applied to the target database.

func (RotationScheduleHostedRotationLambdaOutput) VpcSubnetIds 

func (o RotationScheduleHostedRotationLambdaOutput) VpcSubnetIds() pulumi.StringPtrOutput

A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.

type RotationScheduleHostedRotationLambdaPtrInput 

type RotationScheduleHostedRotationLambdaPtrInput interface {
	pulumi.Input

	ToRotationScheduleHostedRotationLambdaPtrOutput() RotationScheduleHostedRotationLambdaPtrOutput
	ToRotationScheduleHostedRotationLambdaPtrOutputWithContext(context.Context) RotationScheduleHostedRotationLambdaPtrOutput
}

RotationScheduleHostedRotationLambdaPtrInput is an input type that accepts RotationScheduleHostedRotationLambdaArgs, RotationScheduleHostedRotationLambdaPtr and RotationScheduleHostedRotationLambdaPtrOutput values. You can construct a concrete instance of `RotationScheduleHostedRotationLambdaPtrInput` via: 

        RotationScheduleHostedRotationLambdaArgs{...}

or:

        nil

func RotationScheduleHostedRotationLambdaPtr 

func RotationScheduleHostedRotationLambdaPtr(v *RotationScheduleHostedRotationLambdaArgs) RotationScheduleHostedRotationLambdaPtrInput

type RotationScheduleHostedRotationLambdaPtrOutput 

type RotationScheduleHostedRotationLambdaPtrOutput struct{ *pulumi.OutputState }

func (RotationScheduleHostedRotationLambdaPtrOutput) Elem 

func (o RotationScheduleHostedRotationLambdaPtrOutput) Elem() RotationScheduleHostedRotationLambdaOutput

func (RotationScheduleHostedRotationLambdaPtrOutput) ElementType 

func (RotationScheduleHostedRotationLambdaPtrOutput) ElementType() reflect.Type

func (RotationScheduleHostedRotationLambdaPtrOutput) ExcludeCharacters added in v0.17.0 

func (o RotationScheduleHostedRotationLambdaPtrOutput) ExcludeCharacters() pulumi.StringPtrOutput

A string of the characters that you don't want in the password.

func (RotationScheduleHostedRotationLambdaPtrOutput) KmsKeyArn 

func (o RotationScheduleHostedRotationLambdaPtrOutput) KmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager uses to encrypt the secret. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If aws/secretsmanager doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.

func (RotationScheduleHostedRotationLambdaPtrOutput) MasterSecretArn 

func (o RotationScheduleHostedRotationLambdaPtrOutput) MasterSecretArn() pulumi.StringPtrOutput

The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.

func (RotationScheduleHostedRotationLambdaPtrOutput) MasterSecretKmsKeyArn 

func (o RotationScheduleHostedRotationLambdaPtrOutput) MasterSecretKmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.

func (RotationScheduleHostedRotationLambdaPtrOutput) RotationLambdaName 

func (o RotationScheduleHostedRotationLambdaPtrOutput) RotationLambdaName() pulumi.StringPtrOutput

The name of the Lambda rotation function.

func (RotationScheduleHostedRotationLambdaPtrOutput) RotationType 

func (o RotationScheduleHostedRotationLambdaPtrOutput) RotationType() pulumi.StringPtrOutput

The type of rotation template to use

func (RotationScheduleHostedRotationLambdaPtrOutput) Runtime added in v0.52.0 

func (o RotationScheduleHostedRotationLambdaPtrOutput) Runtime() pulumi.StringPtrOutput

The python runtime associated with the Lambda function

func (RotationScheduleHostedRotationLambdaPtrOutput) SuperuserSecretArn added in v0.5.0 

func (o RotationScheduleHostedRotationLambdaPtrOutput) SuperuserSecretArn() pulumi.StringPtrOutput

The ARN of the secret that contains superuser credentials, if you use the alternating users rotation strategy. CloudFormation grants the execution role for the Lambda rotation function GetSecretValue permission to the secret in this property.

func (RotationScheduleHostedRotationLambdaPtrOutput) SuperuserSecretKmsKeyArn added in v0.5.0 

func (o RotationScheduleHostedRotationLambdaPtrOutput) SuperuserSecretKmsKeyArn() pulumi.StringPtrOutput

The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the alternating users strategy and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key aws/secretsmanager. CloudFormation grants the execution role for the Lambda rotation function Decrypt, DescribeKey, and GenerateDataKey permission to the key in this property.

func (RotationScheduleHostedRotationLambdaPtrOutput) ToRotationScheduleHostedRotationLambdaPtrOutput 

func (o RotationScheduleHostedRotationLambdaPtrOutput) ToRotationScheduleHostedRotationLambdaPtrOutput() RotationScheduleHostedRotationLambdaPtrOutput

func (RotationScheduleHostedRotationLambdaPtrOutput) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext 

func (o RotationScheduleHostedRotationLambdaPtrOutput) ToRotationScheduleHostedRotationLambdaPtrOutputWithContext(ctx context.Context) RotationScheduleHostedRotationLambdaPtrOutput

func (RotationScheduleHostedRotationLambdaPtrOutput) VpcSecurityGroupIds 

func (o RotationScheduleHostedRotationLambdaPtrOutput) VpcSecurityGroupIds() pulumi.StringPtrOutput

A comma-separated list of security group IDs applied to the target database.

func (RotationScheduleHostedRotationLambdaPtrOutput) VpcSubnetIds 

func (o RotationScheduleHostedRotationLambdaPtrOutput) VpcSubnetIds() pulumi.StringPtrOutput

A comma separated list of VPC subnet IDs of the target database network. The Lambda rotation function is in the same subnet group.

type RotationScheduleInput 

type RotationScheduleInput interface {
	pulumi.Input

	ToRotationScheduleOutput() RotationScheduleOutput
	ToRotationScheduleOutputWithContext(ctx context.Context) RotationScheduleOutput
}

type RotationScheduleOutput 

type RotationScheduleOutput struct{ *pulumi.OutputState }

func (RotationScheduleOutput) AwsId added in v1.5.0 

func (o RotationScheduleOutput) AwsId() pulumi.StringOutput

The ARN of the secret.

func (RotationScheduleOutput) ElementType 

func (RotationScheduleOutput) ElementType() reflect.Type

func (RotationScheduleOutput) HostedRotationLambda added in v0.17.0 

func (o RotationScheduleOutput) HostedRotationLambda() RotationScheduleHostedRotationLambdaPtrOutput

Creates a new Lambda rotation function based on one of the Secrets Manager rotation function templates. To use a rotation function that already exists, specify RotationLambdaARN instead.

func (RotationScheduleOutput) RotateImmediatelyOnUpdate added in v0.17.0 

func (o RotationScheduleOutput) RotateImmediatelyOnUpdate() pulumi.BoolPtrOutput

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.

func (RotationScheduleOutput) RotationLambdaArn added in v0.72.0 

func (o RotationScheduleOutput) RotationLambdaArn() pulumi.StringPtrOutput

The ARN of an existing Lambda rotation function. To specify a rotation function that is also defined in this template, use the Ref function.

func (RotationScheduleOutput) RotationRules added in v0.17.0 

func (o RotationScheduleOutput) RotationRules() RotationScheduleRotationRulesPtrOutput

A structure that defines the rotation configuration for this secret.

func (RotationScheduleOutput) SecretId added in v0.17.0 

func (o RotationScheduleOutput) SecretId() pulumi.StringOutput

The ARN or name of the secret to rotate.

func (RotationScheduleOutput) ToRotationScheduleOutput 

func (o RotationScheduleOutput) ToRotationScheduleOutput() RotationScheduleOutput

func (RotationScheduleOutput) ToRotationScheduleOutputWithContext 

func (o RotationScheduleOutput) ToRotationScheduleOutputWithContext(ctx context.Context) RotationScheduleOutput

type RotationScheduleRotationRules 

type RotationScheduleRotationRules struct {
	// The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.
	AutomaticallyAfterDays *int `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day.
	Duration *string `pulumi:"duration"`
	// A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.
	ScheduleExpression *string `pulumi:"scheduleExpression"`
}

type RotationScheduleRotationRulesArgs 

type RotationScheduleRotationRulesArgs struct {
	// The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.
	AutomaticallyAfterDays pulumi.IntPtrInput `pulumi:"automaticallyAfterDays"`
	// The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day.
	Duration pulumi.StringPtrInput `pulumi:"duration"`
	// A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.
	ScheduleExpression pulumi.StringPtrInput `pulumi:"scheduleExpression"`
}

func (RotationScheduleRotationRulesArgs) ElementType 

func (RotationScheduleRotationRulesArgs) ElementType() reflect.Type

func (RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesOutput 

func (i RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesOutput() RotationScheduleRotationRulesOutput

func (RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesOutputWithContext 

func (i RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesOutputWithContext(ctx context.Context) RotationScheduleRotationRulesOutput

func (RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesPtrOutput 

func (i RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesPtrOutput() RotationScheduleRotationRulesPtrOutput

func (RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesPtrOutputWithContext 

func (i RotationScheduleRotationRulesArgs) ToRotationScheduleRotationRulesPtrOutputWithContext(ctx context.Context) RotationScheduleRotationRulesPtrOutput

type RotationScheduleRotationRulesInput 

type RotationScheduleRotationRulesInput interface {
	pulumi.Input

	ToRotationScheduleRotationRulesOutput() RotationScheduleRotationRulesOutput
	ToRotationScheduleRotationRulesOutputWithContext(context.Context) RotationScheduleRotationRulesOutput
}

RotationScheduleRotationRulesInput is an input type that accepts RotationScheduleRotationRulesArgs and RotationScheduleRotationRulesOutput values. You can construct a concrete instance of `RotationScheduleRotationRulesInput` via: 

RotationScheduleRotationRulesArgs{...}

type RotationScheduleRotationRulesOutput 

type RotationScheduleRotationRulesOutput struct{ *pulumi.OutputState }

func (RotationScheduleRotationRulesOutput) AutomaticallyAfterDays 

func (o RotationScheduleRotationRulesOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.

func (RotationScheduleRotationRulesOutput) Duration added in v0.12.0 

func (o RotationScheduleRotationRulesOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day.

func (RotationScheduleRotationRulesOutput) ElementType 

func (RotationScheduleRotationRulesOutput) ElementType() reflect.Type

func (RotationScheduleRotationRulesOutput) ScheduleExpression added in v0.12.0 

func (o RotationScheduleRotationRulesOutput) ScheduleExpression() pulumi.StringPtrOutput

A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.

func (RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesOutput 

func (o RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesOutput() RotationScheduleRotationRulesOutput

func (RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesOutputWithContext 

func (o RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesOutputWithContext(ctx context.Context) RotationScheduleRotationRulesOutput

func (RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesPtrOutput 

func (o RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesPtrOutput() RotationScheduleRotationRulesPtrOutput

func (RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesPtrOutputWithContext 

func (o RotationScheduleRotationRulesOutput) ToRotationScheduleRotationRulesPtrOutputWithContext(ctx context.Context) RotationScheduleRotationRulesPtrOutput

type RotationScheduleRotationRulesPtrInput 

type RotationScheduleRotationRulesPtrInput interface {
	pulumi.Input

	ToRotationScheduleRotationRulesPtrOutput() RotationScheduleRotationRulesPtrOutput
	ToRotationScheduleRotationRulesPtrOutputWithContext(context.Context) RotationScheduleRotationRulesPtrOutput
}

RotationScheduleRotationRulesPtrInput is an input type that accepts RotationScheduleRotationRulesArgs, RotationScheduleRotationRulesPtr and RotationScheduleRotationRulesPtrOutput values. You can construct a concrete instance of `RotationScheduleRotationRulesPtrInput` via: 

        RotationScheduleRotationRulesArgs{...}

or:

        nil

func RotationScheduleRotationRulesPtr 

func RotationScheduleRotationRulesPtr(v *RotationScheduleRotationRulesArgs) RotationScheduleRotationRulesPtrInput

type RotationScheduleRotationRulesPtrOutput 

type RotationScheduleRotationRulesPtrOutput struct{ *pulumi.OutputState }

func (RotationScheduleRotationRulesPtrOutput) AutomaticallyAfterDays 

func (o RotationScheduleRotationRulesPtrOutput) AutomaticallyAfterDays() pulumi.IntPtrOutput

The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.

func (RotationScheduleRotationRulesPtrOutput) Duration added in v0.12.0 

func (o RotationScheduleRotationRulesPtrOutput) Duration() pulumi.StringPtrOutput

The length of the rotation window in hours, for example 3h for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration, for a ScheduleExpression in hours, the window automatically closes after one hour. For a ScheduleExpression in days, the window automatically closes at the end of the UTC day.

func (RotationScheduleRotationRulesPtrOutput) Elem 

func (o RotationScheduleRotationRulesPtrOutput) Elem() RotationScheduleRotationRulesOutput

func (RotationScheduleRotationRulesPtrOutput) ElementType 

func (RotationScheduleRotationRulesPtrOutput) ElementType() reflect.Type

func (RotationScheduleRotationRulesPtrOutput) ScheduleExpression added in v0.12.0 

func (o RotationScheduleRotationRulesPtrOutput) ScheduleExpression() pulumi.StringPtrOutput

A cron() or rate() expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone.

func (RotationScheduleRotationRulesPtrOutput) ToRotationScheduleRotationRulesPtrOutput 

func (o RotationScheduleRotationRulesPtrOutput) ToRotationScheduleRotationRulesPtrOutput() RotationScheduleRotationRulesPtrOutput

func (RotationScheduleRotationRulesPtrOutput) ToRotationScheduleRotationRulesPtrOutputWithContext 

func (o RotationScheduleRotationRulesPtrOutput) ToRotationScheduleRotationRulesPtrOutputWithContext(ctx context.Context) RotationScheduleRotationRulesPtrOutput

type RotationScheduleState 

type RotationScheduleState struct {
}

func (RotationScheduleState) ElementType 

func (RotationScheduleState) ElementType() reflect.Type

type Secret 

type Secret struct {
	pulumi.CustomResourceState

	// The ARN of the secret.
	AwsId pulumi.StringOutput `pulumi:"awsId"`
	// The description of the secret.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use “SecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created.
	//  We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
	GenerateSecretString SecretGenerateSecretStringPtrOutput `pulumi:"generateSecretString"`
	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by “alias/“, for example “alias/aws/secretsmanager“. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
	//  To use a KMS key in a different account, use the key ARN or the alias ARN.
	//  If you don't specify this value, then Secrets Manager uses the key “aws/secretsmanager“. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
	//  If the secret is in a different AWS account from the credentials calling the API, then you can't use “aws/secretsmanager“ to encrypt the secret, and you must create and use a customer managed KMS key.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// The name of the new secret.
	//  The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-
	//  Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.
	Name pulumi.StringPtrOutput `pulumi:"name"`
	// A custom type that specifies a “Region“ and the “KmsKeyId“ for a replica secret.
	ReplicaRegions SecretReplicaRegionArrayOutput `pulumi:"replicaRegions"`
	// The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value. To generate a random password, use “GenerateSecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created.
	SecretString pulumi.StringPtrOutput `pulumi:"secretString"`
	// A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:
	//   “[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]“
	//  Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
	//  Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
	//  If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an “Access Denied“ error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
	//  For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
	//  The following restrictions apply to tags:
	//   +  Maximum number of tags per secret: 50
	//   +  Maximum key length: 127 Unicode characters in UTF-8
	//   +  Maximum value length: 255 Unicode characters in UTF-8
	//   +  Tag keys and values are case sensitive.
	//   +  Do not use the “aws:“ prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
	//   +  If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
	Tags aws.TagArrayOutput `pulumi:"tags"`
}

Creates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. 

For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html).
For RS admin user credentials, see [AWS::Redshift::Cluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html).
To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html).
For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html).
For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).

## Example Usage ### Example

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/redshift"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myRedshiftSecret, err := secretsmanager.NewSecret(ctx, "myRedshiftSecret", &secretsmanager.SecretArgs{
			Description: pulumi.String("This is a Secrets Manager secret for a Redshift cluster"),
			GenerateSecretString: &secretsmanager.SecretGenerateSecretStringArgs{
				SecretStringTemplate: pulumi.String("{\"username\": \"admin\"}"),
				GenerateStringKey:    pulumi.String("password"),
				PasswordLength:       pulumi.Int(16),
				ExcludeCharacters:    pulumi.String("\"'@/\\"),
			},
		})
		if err != nil {
			return err
		}
		myRedshiftCluster, err := redshift.NewCluster(ctx, "myRedshiftCluster", &redshift.ClusterArgs{
			DbName: pulumi.String("myjsondb"),
			MasterUsername: myRedshiftSecret.ID().ApplyT(func(id string) (string, error) {
				return fmt.Sprintf("{{resolve:secretsmanager:%v::username}}", id), nil
			}).(pulumi.StringOutput),
			MasterUserPassword: myRedshiftSecret.ID().ApplyT(func(id string) (string, error) {
				return fmt.Sprintf("{{resolve:secretsmanager:%v::password}}", id), nil
			}).(pulumi.StringOutput),
			NodeType:    pulumi.String("ds2.xlarge"),
			ClusterType: pulumi.String("single-node"),
		})
		if err != nil {
			return err
		}
		_, err = secretsmanager.NewSecretTargetAttachment(ctx, "secretRedshiftAttachment", &secretsmanager.SecretTargetAttachmentArgs{
			SecretId:   myRedshiftSecret.ID(),
			TargetId:   myRedshiftCluster.ID(),
			TargetType: pulumi.String("AWS::Redshift::Cluster"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/redshift"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/secretsmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myRedshiftSecret, err := secretsmanager.NewSecret(ctx, "myRedshiftSecret", &secretsmanager.SecretArgs{
			Description: pulumi.String("This is a Secrets Manager secret for a Redshift cluster"),
			GenerateSecretString: &secretsmanager.SecretGenerateSecretStringArgs{
				SecretStringTemplate: pulumi.String("{\"username\": \"admin\"}"),
				GenerateStringKey:    pulumi.String("password"),
				PasswordLength:       pulumi.Int(16),
				ExcludeCharacters:    pulumi.String("\"'@/\\"),
			},
		})
		if err != nil {
			return err
		}
		myRedshiftCluster, err := redshift.NewCluster(ctx, "myRedshiftCluster", &redshift.ClusterArgs{
			DbName: pulumi.String("myjsondb"),
			MasterUsername: myRedshiftSecret.ID().ApplyT(func(id string) (string, error) {
				return fmt.Sprintf("{{resolve:secretsmanager:%v::username}}", id), nil
			}).(pulumi.StringOutput),
			MasterUserPassword: myRedshiftSecret.ID().ApplyT(func(id string) (string, error) {
				return fmt.Sprintf("{{resolve:secretsmanager:%v::password}}", id), nil
			}).(pulumi.StringOutput),
			NodeType:    pulumi.String("ds2.xlarge"),
			ClusterType: pulumi.String("single-node"),
		})
		if err != nil {
			return err
		}
		_, err = secretsmanager.NewSecretTargetAttachment(ctx, "secretRedshiftAttachment", &secretsmanager.SecretTargetAttachmentArgs{
			SecretId:   myRedshiftSecret.ID(),
			TargetId:   myRedshiftCluster.ID(),
			TargetType: pulumi.String("AWS::Redshift::Cluster"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetSecret 

func GetSecret(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error)

GetSecret gets an existing Secret resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecret 

func NewSecret(ctx *pulumi.Context,
	name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error)

NewSecret registers a new resource with the given unique name, arguments, and options.

func (*Secret) ElementType 

func (*Secret) ElementType() reflect.Type

func (*Secret) ToSecretOutput 

func (i *Secret) ToSecretOutput() SecretOutput

func (*Secret) ToSecretOutputWithContext 

func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretArgs 

type SecretArgs struct {
	// The description of the secret.
	Description pulumi.StringPtrInput
	// A structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use “SecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created.
	//  We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
	GenerateSecretString SecretGenerateSecretStringPtrInput
	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by “alias/“, for example “alias/aws/secretsmanager“. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
	//  To use a KMS key in a different account, use the key ARN or the alias ARN.
	//  If you don't specify this value, then Secrets Manager uses the key “aws/secretsmanager“. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
	//  If the secret is in a different AWS account from the credentials calling the API, then you can't use “aws/secretsmanager“ to encrypt the secret, and you must create and use a customer managed KMS key.
	KmsKeyId pulumi.StringPtrInput
	// The name of the new secret.
	//  The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-
	//  Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.
	Name pulumi.StringPtrInput
	// A custom type that specifies a “Region“ and the “KmsKeyId“ for a replica secret.
	ReplicaRegions SecretReplicaRegionArrayInput
	// The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value. To generate a random password, use “GenerateSecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created.
	SecretString pulumi.StringPtrInput
	// A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:
	//   “[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]“
	//  Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
	//  Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
	//  If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an “Access Denied“ error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
	//  For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
	//  The following restrictions apply to tags:
	//   +  Maximum number of tags per secret: 50
	//   +  Maximum key length: 127 Unicode characters in UTF-8
	//   +  Maximum value length: 255 Unicode characters in UTF-8
	//   +  Tag keys and values are case sensitive.
	//   +  Do not use the “aws:“ prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
	//   +  If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
	Tags aws.TagArrayInput
}

The set of arguments for constructing a Secret resource.

func (SecretArgs) ElementType 

func (SecretArgs) ElementType() reflect.Type

type SecretGenerateSecretString 

type SecretGenerateSecretString struct {
	// A string of the characters that you don't want in the password.
	ExcludeCharacters *string `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.
	ExcludeLowercase *bool `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.
	ExcludeNumbers *bool `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~“. If you don't include this switch, the password can contain punctuation.
	ExcludePunctuation *bool `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.
	ExcludeUppercase *bool `pulumi:"excludeUppercase"`
	// The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the “SecretStringTemplate“ parameter. If you specify this parameter, then you must also specify “SecretStringTemplate“.
	GenerateStringKey *string `pulumi:"generateStringKey"`
	// Specifies whether to include the space character. If you include this switch, the password can contain space characters.
	IncludeSpace *bool `pulumi:"includeSpace"`
	// The length of the password. If you don't include this parameter, the default length is 32 characters.
	PasswordLength *int `pulumi:"passwordLength"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.
	RequireEachIncludedType *bool `pulumi:"requireEachIncludedType"`
	// A template that the generated string must match. When you make a change to this property, a new secret version is created.
	SecretStringTemplate *string `pulumi:"secretStringTemplate"`
}

Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support. 

*Required permissions:* ``secretsmanager:GetRandomPassword``. For more information, see [IAM policy actions for Secrets Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions) and [Authentication and access control in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

type SecretGenerateSecretStringArgs 

type SecretGenerateSecretStringArgs struct {
	// A string of the characters that you don't want in the password.
	ExcludeCharacters pulumi.StringPtrInput `pulumi:"excludeCharacters"`
	// Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.
	ExcludeLowercase pulumi.BoolPtrInput `pulumi:"excludeLowercase"`
	// Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.
	ExcludeNumbers pulumi.BoolPtrInput `pulumi:"excludeNumbers"`
	// Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~“. If you don't include this switch, the password can contain punctuation.
	ExcludePunctuation pulumi.BoolPtrInput `pulumi:"excludePunctuation"`
	// Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.
	ExcludeUppercase pulumi.BoolPtrInput `pulumi:"excludeUppercase"`
	// The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the “SecretStringTemplate“ parameter. If you specify this parameter, then you must also specify “SecretStringTemplate“.
	GenerateStringKey pulumi.StringPtrInput `pulumi:"generateStringKey"`
	// Specifies whether to include the space character. If you include this switch, the password can contain space characters.
	IncludeSpace pulumi.BoolPtrInput `pulumi:"includeSpace"`
	// The length of the password. If you don't include this parameter, the default length is 32 characters.
	PasswordLength pulumi.IntPtrInput `pulumi:"passwordLength"`
	// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.
	RequireEachIncludedType pulumi.BoolPtrInput `pulumi:"requireEachIncludedType"`
	// A template that the generated string must match. When you make a change to this property, a new secret version is created.
	SecretStringTemplate pulumi.StringPtrInput `pulumi:"secretStringTemplate"`
}

Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support. 

*Required permissions:* ``secretsmanager:GetRandomPassword``. For more information, see [IAM policy actions for Secrets Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions) and [Authentication and access control in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

func (SecretGenerateSecretStringArgs) ElementType 

func (SecretGenerateSecretStringArgs) ElementType() reflect.Type

func (SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringOutput 

func (i SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringOutput() SecretGenerateSecretStringOutput

func (SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringOutputWithContext 

func (i SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringOutputWithContext(ctx context.Context) SecretGenerateSecretStringOutput

func (SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringPtrOutput 

func (i SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringPtrOutput() SecretGenerateSecretStringPtrOutput

func (SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringPtrOutputWithContext 

func (i SecretGenerateSecretStringArgs) ToSecretGenerateSecretStringPtrOutputWithContext(ctx context.Context) SecretGenerateSecretStringPtrOutput

type SecretGenerateSecretStringInput 

type SecretGenerateSecretStringInput interface {
	pulumi.Input

	ToSecretGenerateSecretStringOutput() SecretGenerateSecretStringOutput
	ToSecretGenerateSecretStringOutputWithContext(context.Context) SecretGenerateSecretStringOutput
}

SecretGenerateSecretStringInput is an input type that accepts SecretGenerateSecretStringArgs and SecretGenerateSecretStringOutput values. You can construct a concrete instance of `SecretGenerateSecretStringInput` via: 

SecretGenerateSecretStringArgs{...}

type SecretGenerateSecretStringOutput 

type SecretGenerateSecretStringOutput struct{ *pulumi.OutputState }

Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support. 

*Required permissions:* ``secretsmanager:GetRandomPassword``. For more information, see [IAM policy actions for Secrets Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions) and [Authentication and access control in Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

func (SecretGenerateSecretStringOutput) ElementType 

func (SecretGenerateSecretStringOutput) ElementType() reflect.Type

func (SecretGenerateSecretStringOutput) ExcludeCharacters 

func (o SecretGenerateSecretStringOutput) ExcludeCharacters() pulumi.StringPtrOutput

A string of the characters that you don't want in the password.

func (SecretGenerateSecretStringOutput) ExcludeLowercase 

func (o SecretGenerateSecretStringOutput) ExcludeLowercase() pulumi.BoolPtrOutput

Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.

func (SecretGenerateSecretStringOutput) ExcludeNumbers 

func (o SecretGenerateSecretStringOutput) ExcludeNumbers() pulumi.BoolPtrOutput

Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.

func (SecretGenerateSecretStringOutput) ExcludePunctuation 

func (o SecretGenerateSecretStringOutput) ExcludePunctuation() pulumi.BoolPtrOutput

Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~“. If you don't include this switch, the password can contain punctuation.

func (SecretGenerateSecretStringOutput) ExcludeUppercase 

func (o SecretGenerateSecretStringOutput) ExcludeUppercase() pulumi.BoolPtrOutput

Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.

func (SecretGenerateSecretStringOutput) GenerateStringKey 

func (o SecretGenerateSecretStringOutput) GenerateStringKey() pulumi.StringPtrOutput

The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the “SecretStringTemplate“ parameter. If you specify this parameter, then you must also specify “SecretStringTemplate“.

func (SecretGenerateSecretStringOutput) IncludeSpace 

func (o SecretGenerateSecretStringOutput) IncludeSpace() pulumi.BoolPtrOutput

Specifies whether to include the space character. If you include this switch, the password can contain space characters.

func (SecretGenerateSecretStringOutput) PasswordLength 

func (o SecretGenerateSecretStringOutput) PasswordLength() pulumi.IntPtrOutput

The length of the password. If you don't include this parameter, the default length is 32 characters.

func (SecretGenerateSecretStringOutput) RequireEachIncludedType 

func (o SecretGenerateSecretStringOutput) RequireEachIncludedType() pulumi.BoolPtrOutput

Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.

func (SecretGenerateSecretStringOutput) SecretStringTemplate 

func (o SecretGenerateSecretStringOutput) SecretStringTemplate() pulumi.StringPtrOutput

A template that the generated string must match. When you make a change to this property, a new secret version is created.

func (SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringOutput 

func (o SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringOutput() SecretGenerateSecretStringOutput

func (SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringOutputWithContext 

func (o SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringOutputWithContext(ctx context.Context) SecretGenerateSecretStringOutput

func (SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringPtrOutput 

func (o SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringPtrOutput() SecretGenerateSecretStringPtrOutput

func (SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringPtrOutputWithContext 

func (o SecretGenerateSecretStringOutput) ToSecretGenerateSecretStringPtrOutputWithContext(ctx context.Context) SecretGenerateSecretStringPtrOutput

type SecretGenerateSecretStringPtrInput 

type SecretGenerateSecretStringPtrInput interface {
	pulumi.Input

	ToSecretGenerateSecretStringPtrOutput() SecretGenerateSecretStringPtrOutput
	ToSecretGenerateSecretStringPtrOutputWithContext(context.Context) SecretGenerateSecretStringPtrOutput
}

SecretGenerateSecretStringPtrInput is an input type that accepts SecretGenerateSecretStringArgs, SecretGenerateSecretStringPtr and SecretGenerateSecretStringPtrOutput values. You can construct a concrete instance of `SecretGenerateSecretStringPtrInput` via: 

        SecretGenerateSecretStringArgs{...}

or:

        nil

func SecretGenerateSecretStringPtr 

func SecretGenerateSecretStringPtr(v *SecretGenerateSecretStringArgs) SecretGenerateSecretStringPtrInput

type SecretGenerateSecretStringPtrOutput 

type SecretGenerateSecretStringPtrOutput struct{ *pulumi.OutputState }

func (SecretGenerateSecretStringPtrOutput) Elem 

func (o SecretGenerateSecretStringPtrOutput) Elem() SecretGenerateSecretStringOutput

func (SecretGenerateSecretStringPtrOutput) ElementType 

func (SecretGenerateSecretStringPtrOutput) ElementType() reflect.Type

func (SecretGenerateSecretStringPtrOutput) ExcludeCharacters 

func (o SecretGenerateSecretStringPtrOutput) ExcludeCharacters() pulumi.StringPtrOutput

A string of the characters that you don't want in the password.

func (SecretGenerateSecretStringPtrOutput) ExcludeLowercase 

func (o SecretGenerateSecretStringPtrOutput) ExcludeLowercase() pulumi.BoolPtrOutput

Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.

func (SecretGenerateSecretStringPtrOutput) ExcludeNumbers 

func (o SecretGenerateSecretStringPtrOutput) ExcludeNumbers() pulumi.BoolPtrOutput

Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.

func (SecretGenerateSecretStringPtrOutput) ExcludePunctuation 

func (o SecretGenerateSecretStringPtrOutput) ExcludePunctuation() pulumi.BoolPtrOutput

Specifies whether to exclude the following punctuation characters from the password: “! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~“. If you don't include this switch, the password can contain punctuation.

func (SecretGenerateSecretStringPtrOutput) ExcludeUppercase 

func (o SecretGenerateSecretStringPtrOutput) ExcludeUppercase() pulumi.BoolPtrOutput

Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.

func (SecretGenerateSecretStringPtrOutput) GenerateStringKey 

func (o SecretGenerateSecretStringPtrOutput) GenerateStringKey() pulumi.StringPtrOutput

The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the “SecretStringTemplate“ parameter. If you specify this parameter, then you must also specify “SecretStringTemplate“.

func (SecretGenerateSecretStringPtrOutput) IncludeSpace 

func (o SecretGenerateSecretStringPtrOutput) IncludeSpace() pulumi.BoolPtrOutput

Specifies whether to include the space character. If you include this switch, the password can contain space characters.

func (SecretGenerateSecretStringPtrOutput) PasswordLength 

func (o SecretGenerateSecretStringPtrOutput) PasswordLength() pulumi.IntPtrOutput

The length of the password. If you don't include this parameter, the default length is 32 characters.

func (SecretGenerateSecretStringPtrOutput) RequireEachIncludedType 

func (o SecretGenerateSecretStringPtrOutput) RequireEachIncludedType() pulumi.BoolPtrOutput

Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.

func (SecretGenerateSecretStringPtrOutput) SecretStringTemplate 

func (o SecretGenerateSecretStringPtrOutput) SecretStringTemplate() pulumi.StringPtrOutput

A template that the generated string must match. When you make a change to this property, a new secret version is created.

func (SecretGenerateSecretStringPtrOutput) ToSecretGenerateSecretStringPtrOutput 

func (o SecretGenerateSecretStringPtrOutput) ToSecretGenerateSecretStringPtrOutput() SecretGenerateSecretStringPtrOutput

func (SecretGenerateSecretStringPtrOutput) ToSecretGenerateSecretStringPtrOutputWithContext 

func (o SecretGenerateSecretStringPtrOutput) ToSecretGenerateSecretStringPtrOutputWithContext(ctx context.Context) SecretGenerateSecretStringPtrOutput

type SecretInput 

type SecretInput interface {
	pulumi.Input

	ToSecretOutput() SecretOutput
	ToSecretOutputWithContext(ctx context.Context) SecretOutput
}

type SecretOutput 

type SecretOutput struct{ *pulumi.OutputState }

func (SecretOutput) AwsId added in v0.99.0 

func (o SecretOutput) AwsId() pulumi.StringOutput

The ARN of the secret.

func (SecretOutput) Description added in v0.17.0 

func (o SecretOutput) Description() pulumi.StringPtrOutput

The description of the secret.

func (SecretOutput) ElementType 

func (SecretOutput) ElementType() reflect.Type

func (SecretOutput) GenerateSecretString added in v0.17.0 

func (o SecretOutput) GenerateSecretString() SecretGenerateSecretStringPtrOutput

A structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use “SecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created. 

We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.

func (SecretOutput) KmsKeyId added in v0.17.0 

func (o SecretOutput) KmsKeyId() pulumi.StringPtrOutput

The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by “alias/“, for example “alias/aws/secretsmanager“. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). 

To use a KMS key in a different account, use the key ARN or the alias ARN.
If you don't specify this value, then Secrets Manager uses the key ``aws/secretsmanager``. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
If the secret is in a different AWS account from the credentials calling the API, then you can't use ``aws/secretsmanager`` to encrypt the secret, and you must create and use a customer managed KMS key.

func (SecretOutput) Name added in v0.17.0 

func (o SecretOutput) Name() pulumi.StringPtrOutput

The name of the new secret. 

The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-
Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.

func (SecretOutput) ReplicaRegions added in v0.17.0 

func (o SecretOutput) ReplicaRegions() SecretReplicaRegionArrayOutput

A custom type that specifies a “Region“ and the “KmsKeyId“ for a replica secret.

func (SecretOutput) SecretString added in v0.17.0 

func (o SecretOutput) SecretString() pulumi.StringPtrOutput

The text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value. To generate a random password, use “GenerateSecretString“ instead. If you omit both “GenerateSecretString“ and “SecretString“, you create an empty secret. When you make a change to this property, a new secret version is created.

func (SecretOutput) Tags added in v0.17.0 

func (o SecretOutput) Tags() aws.TagArrayOutput

A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example: 

 ``[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]``
Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an ``Access Denied`` error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
The following restrictions apply to tags:
 +  Maximum number of tags per secret: 50
 +  Maximum key length: 127 Unicode characters in UTF-8
 +  Maximum value length: 255 Unicode characters in UTF-8
 +  Tag keys and values are case sensitive.
 +  Do not use the ``aws:`` prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
 +  If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

func (SecretOutput) ToSecretOutput 

func (o SecretOutput) ToSecretOutput() SecretOutput

func (SecretOutput) ToSecretOutputWithContext 

func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput

type SecretReplicaRegion 

type SecretReplicaRegion struct {
	// The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses “aws/secretsmanager“.
	KmsKeyId *string `pulumi:"kmsKeyId"`
	// A string that represents a “Region“, for example "us-east-1".
	Region string `pulumi:"region"`
}

Specifies a “Region“ and the “KmsKeyId“ for a replica secret.

type SecretReplicaRegionArgs 

type SecretReplicaRegionArgs struct {
	// The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses “aws/secretsmanager“.
	KmsKeyId pulumi.StringPtrInput `pulumi:"kmsKeyId"`
	// A string that represents a “Region“, for example "us-east-1".
	Region pulumi.StringInput `pulumi:"region"`
}

Specifies a “Region“ and the “KmsKeyId“ for a replica secret.

func (SecretReplicaRegionArgs) ElementType 

func (SecretReplicaRegionArgs) ElementType() reflect.Type

func (SecretReplicaRegionArgs) ToSecretReplicaRegionOutput 

func (i SecretReplicaRegionArgs) ToSecretReplicaRegionOutput() SecretReplicaRegionOutput

func (SecretReplicaRegionArgs) ToSecretReplicaRegionOutputWithContext 

func (i SecretReplicaRegionArgs) ToSecretReplicaRegionOutputWithContext(ctx context.Context) SecretReplicaRegionOutput

type SecretReplicaRegionArray 

type SecretReplicaRegionArray []SecretReplicaRegionInput

func (SecretReplicaRegionArray) ElementType 

func (SecretReplicaRegionArray) ElementType() reflect.Type

func (SecretReplicaRegionArray) ToSecretReplicaRegionArrayOutput 

func (i SecretReplicaRegionArray) ToSecretReplicaRegionArrayOutput() SecretReplicaRegionArrayOutput

func (SecretReplicaRegionArray) ToSecretReplicaRegionArrayOutputWithContext 

func (i SecretReplicaRegionArray) ToSecretReplicaRegionArrayOutputWithContext(ctx context.Context) SecretReplicaRegionArrayOutput

type SecretReplicaRegionArrayInput 

type SecretReplicaRegionArrayInput interface {
	pulumi.Input

	ToSecretReplicaRegionArrayOutput() SecretReplicaRegionArrayOutput
	ToSecretReplicaRegionArrayOutputWithContext(context.Context) SecretReplicaRegionArrayOutput
}

SecretReplicaRegionArrayInput is an input type that accepts SecretReplicaRegionArray and SecretReplicaRegionArrayOutput values. You can construct a concrete instance of `SecretReplicaRegionArrayInput` via: 

SecretReplicaRegionArray{ SecretReplicaRegionArgs{...} }

type SecretReplicaRegionArrayOutput 

type SecretReplicaRegionArrayOutput struct{ *pulumi.OutputState }

func (SecretReplicaRegionArrayOutput) ElementType 

func (SecretReplicaRegionArrayOutput) ElementType() reflect.Type

func (SecretReplicaRegionArrayOutput) Index 

func (o SecretReplicaRegionArrayOutput) Index(i pulumi.IntInput) SecretReplicaRegionOutput

func (SecretReplicaRegionArrayOutput) ToSecretReplicaRegionArrayOutput 

func (o SecretReplicaRegionArrayOutput) ToSecretReplicaRegionArrayOutput() SecretReplicaRegionArrayOutput

func (SecretReplicaRegionArrayOutput) ToSecretReplicaRegionArrayOutputWithContext 

func (o SecretReplicaRegionArrayOutput) ToSecretReplicaRegionArrayOutputWithContext(ctx context.Context) SecretReplicaRegionArrayOutput

type SecretReplicaRegionInput 

type SecretReplicaRegionInput interface {
	pulumi.Input

	ToSecretReplicaRegionOutput() SecretReplicaRegionOutput
	ToSecretReplicaRegionOutputWithContext(context.Context) SecretReplicaRegionOutput
}

SecretReplicaRegionInput is an input type that accepts SecretReplicaRegionArgs and SecretReplicaRegionOutput values. You can construct a concrete instance of `SecretReplicaRegionInput` via: 

SecretReplicaRegionArgs{...}

type SecretReplicaRegionOutput 

type SecretReplicaRegionOutput struct{ *pulumi.OutputState }

Specifies a “Region“ and the “KmsKeyId“ for a replica secret.

func (SecretReplicaRegionOutput) ElementType 

func (SecretReplicaRegionOutput) ElementType() reflect.Type

func (SecretReplicaRegionOutput) KmsKeyId 

func (o SecretReplicaRegionOutput) KmsKeyId() pulumi.StringPtrOutput

The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses “aws/secretsmanager“.

func (SecretReplicaRegionOutput) Region 

func (o SecretReplicaRegionOutput) Region() pulumi.StringOutput

A string that represents a “Region“, for example "us-east-1".

func (SecretReplicaRegionOutput) ToSecretReplicaRegionOutput 

func (o SecretReplicaRegionOutput) ToSecretReplicaRegionOutput() SecretReplicaRegionOutput

func (SecretReplicaRegionOutput) ToSecretReplicaRegionOutputWithContext 

func (o SecretReplicaRegionOutput) ToSecretReplicaRegionOutputWithContext(ctx context.Context) SecretReplicaRegionOutput

type SecretState 

type SecretState struct {
}

func (SecretState) ElementType 

func (SecretState) ElementType() reflect.Type

type SecretTag 

type SecretTag struct {
	// The key identifier, or name, of the tag.
	Key string `pulumi:"key"`
	// The string value associated with the key of the tag.
	Value string `pulumi:"value"`
}

A structure that contains information about a tag.

type SecretTargetAttachment 

type SecretTargetAttachment struct {
	pulumi.CustomResourceState

	AwsId pulumi.StringOutput `pulumi:"awsId"`
	// The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition.
	SecretId pulumi.StringOutput `pulumi:"secretId"`
	// The ID of the database or cluster.
	TargetId pulumi.StringOutput `pulumi:"targetId"`
	// A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:
	//
	// - AWS::RDS::DBInstance
	// - AWS::RDS::DBCluster
	// - AWS::Redshift::Cluster
	// - AWS::RedshiftServerless::Namespace
	// - AWS::DocDB::DBInstance
	// - AWS::DocDB::DBCluster
	// - AWS::DocDBElastic::Cluster
	TargetType pulumi.StringOutput `pulumi:"targetType"`
}

Resource Type definition for AWS::SecretsManager::SecretTargetAttachment

func GetSecretTargetAttachment 

func GetSecretTargetAttachment(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretTargetAttachmentState, opts ...pulumi.ResourceOption) (*SecretTargetAttachment, error)

GetSecretTargetAttachment gets an existing SecretTargetAttachment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretTargetAttachment 

func NewSecretTargetAttachment(ctx *pulumi.Context,
	name string, args *SecretTargetAttachmentArgs, opts ...pulumi.ResourceOption) (*SecretTargetAttachment, error)

NewSecretTargetAttachment registers a new resource with the given unique name, arguments, and options.

func (*SecretTargetAttachment) ElementType 

func (*SecretTargetAttachment) ElementType() reflect.Type

func (*SecretTargetAttachment) ToSecretTargetAttachmentOutput 

func (i *SecretTargetAttachment) ToSecretTargetAttachmentOutput() SecretTargetAttachmentOutput

func (*SecretTargetAttachment) ToSecretTargetAttachmentOutputWithContext 

func (i *SecretTargetAttachment) ToSecretTargetAttachmentOutputWithContext(ctx context.Context) SecretTargetAttachmentOutput

type SecretTargetAttachmentArgs 

type SecretTargetAttachmentArgs struct {
	// The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition.
	SecretId pulumi.StringInput
	// The ID of the database or cluster.
	TargetId pulumi.StringInput
	// A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:
	//
	// - AWS::RDS::DBInstance
	// - AWS::RDS::DBCluster
	// - AWS::Redshift::Cluster
	// - AWS::RedshiftServerless::Namespace
	// - AWS::DocDB::DBInstance
	// - AWS::DocDB::DBCluster
	// - AWS::DocDBElastic::Cluster
	TargetType pulumi.StringInput
}

The set of arguments for constructing a SecretTargetAttachment resource.

func (SecretTargetAttachmentArgs) ElementType 

func (SecretTargetAttachmentArgs) ElementType() reflect.Type

type SecretTargetAttachmentInput 

type SecretTargetAttachmentInput interface {
	pulumi.Input

	ToSecretTargetAttachmentOutput() SecretTargetAttachmentOutput
	ToSecretTargetAttachmentOutputWithContext(ctx context.Context) SecretTargetAttachmentOutput
}

type SecretTargetAttachmentOutput 

type SecretTargetAttachmentOutput struct{ *pulumi.OutputState }

func (SecretTargetAttachmentOutput) AwsId added in v1.1.0 

func (o SecretTargetAttachmentOutput) AwsId() pulumi.StringOutput

func (SecretTargetAttachmentOutput) ElementType 

func (SecretTargetAttachmentOutput) ElementType() reflect.Type

func (SecretTargetAttachmentOutput) SecretId added in v0.17.0 

func (o SecretTargetAttachmentOutput) SecretId() pulumi.StringOutput

The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition.

func (SecretTargetAttachmentOutput) TargetId added in v0.17.0 

func (o SecretTargetAttachmentOutput) TargetId() pulumi.StringOutput

The ID of the database or cluster.

func (SecretTargetAttachmentOutput) TargetType added in v0.17.0 

func (o SecretTargetAttachmentOutput) TargetType() pulumi.StringOutput

A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:

- AWS::RDS::DBInstance - AWS::RDS::DBCluster - AWS::Redshift::Cluster - AWS::RedshiftServerless::Namespace - AWS::DocDB::DBInstance - AWS::DocDB::DBCluster - AWS::DocDBElastic::Cluster

func (SecretTargetAttachmentOutput) ToSecretTargetAttachmentOutput 

func (o SecretTargetAttachmentOutput) ToSecretTargetAttachmentOutput() SecretTargetAttachmentOutput

func (SecretTargetAttachmentOutput) ToSecretTargetAttachmentOutputWithContext 

func (o SecretTargetAttachmentOutput) ToSecretTargetAttachmentOutputWithContext(ctx context.Context) SecretTargetAttachmentOutput

type SecretTargetAttachmentState 

type SecretTargetAttachmentState struct {
}

func (SecretTargetAttachmentState) ElementType 

func (SecretTargetAttachmentState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.