aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
206 lines (205 loc) • 7.64 kB
TypeScript
import { Construct } from 'constructs';
import { ISecret } from './secret';
import { CfnRotationSchedule } from './secretsmanager.generated';
import * as ec2 from '../../aws-ec2';
import * as lambda from '../../aws-lambda';
import { Duration, Resource } from '../../core';
/**
* Options to add a rotation schedule to a secret.
*/
export interface RotationScheduleOptions {
/**
* A Lambda function that can rotate the secret.
*
* @default - either `rotationLambda` or `hostedRotation` must be specified
*/
readonly rotationLambda?: lambda.IFunction;
/**
* Hosted rotation
*
* @default - either `rotationLambda` or `hostedRotation` must be specified
*/
readonly hostedRotation?: HostedRotation;
/**
* Specifies the number of days after the previous rotation before
* Secrets Manager triggers the next automatic rotation.
*
* The minimum value is 4 hours.
* The maximum value is 1000 days.
*
* A value of zero (`Duration.days(0)`) will not create RotationRules.
*
* @default Duration.days(30)
*/
readonly automaticallyAfter?: Duration;
/**
* Specifies whether to rotate the secret immediately or wait until the next
* scheduled rotation window.
*
* @default true
*/
readonly rotateImmediatelyOnUpdate?: boolean;
}
/**
* Construction properties for a RotationSchedule.
*/
export interface RotationScheduleProps extends RotationScheduleOptions {
/**
* The secret to rotate.
*
* If hosted rotation is used, this must be a JSON string with the following format:
*
* ```
* {
* "engine": <required: database engine>,
* "host": <required: instance host name>,
* "username": <required: username>,
* "password": <required: password>,
* "dbname": <optional: database name>,
* "port": <optional: if not specified, default port will be used>,
* "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
* }
* ```
*
* This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment`
* or an `ISecret` returned by the `attach()` method of `Secret`.
*/
readonly secret: ISecret;
}
/**
* A rotation schedule.
*/
export declare class RotationSchedule extends Resource {
constructor(scope: Construct, id: string, props: RotationScheduleProps);
}
/**
* Single user hosted rotation options
*/
export interface SingleUserHostedRotationOptions {
/**
* A name for the Lambda created to rotate the secret
*
* @default - a CloudFormation generated name
*/
readonly functionName?: string;
/**
* A list of security groups for the Lambda created to rotate the secret
*
* @default - a new security group is created
*/
readonly securityGroups?: ec2.ISecurityGroup[];
/**
* The VPC where the Lambda rotation function will run.
*
* @default - the Lambda is not deployed in a VPC
*/
readonly vpc?: ec2.IVpc;
/**
* The type of subnets in the VPC where the Lambda rotation function will run.
*
* @default - the Vpc default strategy if not specified.
*/
readonly vpcSubnets?: ec2.SubnetSelection;
/**
* A string of the characters that you don't want in the password
*
* @default the same exclude characters as the ones used for the
* secret or " %+~`#$&*()|[]{}:;<>?!'/@\"\\"
*/
readonly excludeCharacters?: string;
}
/**
* Multi user hosted rotation options
*/
export interface MultiUserHostedRotationOptions extends SingleUserHostedRotationOptions {
/**
* The master secret for a multi user rotation scheme
*/
readonly masterSecret: ISecret;
}
/**
* A hosted rotation
*/
export declare class HostedRotation implements ec2.IConnectable {
private readonly type;
private readonly props;
private readonly masterSecret?;
/** MySQL Single User */
static mysqlSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** MySQL Multi User */
static mysqlMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** PostgreSQL Single User */
static postgreSqlSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** PostgreSQL Multi User */
static postgreSqlMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** Oracle Single User */
static oracleSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** Oracle Multi User */
static oracleMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** MariaDB Single User */
static mariaDbSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** MariaDB Multi User */
static mariaDbMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** SQL Server Single User */
static sqlServerSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** SQL Server Multi User */
static sqlServerMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** Redshift Single User */
static redshiftSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** Redshift Multi User */
static redshiftMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
/** MongoDB Single User */
static mongoDbSingleUser(options?: SingleUserHostedRotationOptions): HostedRotation;
/** MongoDB Multi User */
static mongoDbMultiUser(options: MultiUserHostedRotationOptions): HostedRotation;
private _connections?;
private constructor();
/**
* Binds this hosted rotation to a secret
*/
bind(secret: ISecret, scope: Construct): CfnRotationSchedule.HostedRotationLambdaProperty;
/**
* Security group connections for this hosted rotation
*/
get connections(): ec2.Connections;
}
/**
* Hosted rotation type
*/
export declare class HostedRotationType {
readonly name: string;
readonly isMultiUser?: boolean | undefined;
/** MySQL Single User */
static readonly MYSQL_SINGLE_USER: HostedRotationType;
/** MySQL Multi User */
static readonly MYSQL_MULTI_USER: HostedRotationType;
/** PostgreSQL Single User */
static readonly POSTGRESQL_SINGLE_USER: HostedRotationType;
/** PostgreSQL Multi User */
static readonly POSTGRESQL_MULTI_USER: HostedRotationType;
/** Oracle Single User */
static readonly ORACLE_SINGLE_USER: HostedRotationType;
/** Oracle Multi User */
static readonly ORACLE_MULTI_USER: HostedRotationType;
/** MariaDB Single User */
static readonly MARIADB_SINGLE_USER: HostedRotationType;
/** MariaDB Multi User */
static readonly MARIADB_MULTI_USER: HostedRotationType;
/** SQL Server Single User */
static readonly SQLSERVER_SINGLE_USER: HostedRotationType;
/** SQL Server Multi User */
static readonly SQLSERVER_MULTI_USER: HostedRotationType;
/** Redshift Single User */
static readonly REDSHIFT_SINGLE_USER: HostedRotationType;
/** Redshift Multi User */
static readonly REDSHIFT_MULTI_USER: HostedRotationType;
/** MongoDB Single User */
static readonly MONGODB_SINGLE_USER: HostedRotationType;
/** MongoDB Multi User */
static readonly MONGODB_MULTI_USER: HostedRotationType;
/**
* @param name The type of rotation
* @param isMultiUser Whether the rotation uses the mutli user scheme
*/
private constructor();
}