UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

94 lines (93 loc) 3.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import * as kms from '../../aws-kms'; import * as secretsmanager from '../../aws-secretsmanager'; import { Duration, SecretValue } from '../../core'; /** * Backup configuration for DocumentDB databases * * @default - The retention period for automated backups is 1 day. * The preferred backup window will be a 30-minute window selected at random * from an 8-hour block of time for each AWS Region. * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/backup-restore.db-cluster-snapshots.html#backup-restore.backup-window */ export interface BackupProps { /** * How many days to retain the backup */ readonly retention: Duration; /** * A daily time range in 24-hours UTC format in which backups preferably execute. * * Must be at least 30 minutes long. * * Example: '01:00-02:00' * * @default - a 30-minute window selected at random from an 8-hour block of * time for each AWS Region. To see the time blocks available, see * https://docs.aws.amazon.com/documentdb/latest/developerguide/backup-restore.db-cluster-snapshots.html#backup-restore.backup-window */ readonly preferredWindow?: string; } /** * Login credentials for a database cluster */ export interface Login { /** * Username */ readonly username: string; /** * Password * * Do not put passwords in your CDK code directly. * * @default a Secrets Manager generated password */ readonly password?: SecretValue; /** * KMS encryption key to encrypt the generated secret. * * @default default master key */ readonly kmsKey?: kms.IKey; /** * Specifies characters to not include in generated passwords. * * @default "\"@/" */ readonly excludeCharacters?: string; /** * The physical name of the secret, that will be generated. * * @default Secretsmanager will generate a physical name for the secret */ readonly secretName?: string; } /** * Options to add the multi user rotation */ export interface RotationMultiUserOptions { /** * The secret to rotate. It must be a JSON string with the following format: * ``` * { * "engine": <required: must be set to 'mongo'>, * "host": <required: instance host name>, * "username": <required: username>, * "password": <required: password>, * "dbname": <optional: database name>, * "port": <optional: if not specified, default port 27017 will be used>, * "masterarn": <required: the arn of the master secret which will be used to create users/change passwords> * "ssl": <optional: if not specified, defaults to false. This must be true if being used for DocumentDB rotations * where the cluster has TLS enabled> * } * ``` */ readonly secret: secretsmanager.ISecret; /** * Specifies the number of days after the previous rotation before * Secrets Manager triggers the next automatic rotation. * * @default Duration.days(30) */ readonly automaticallyAfter?: Duration; }