UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

189 lines (188 loc) 7.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
import { Construct } from 'constructs'; import { ISecret } from './secret'; import * as ec2 from '../../aws-ec2'; import { Duration } from '../../core'; /** * Options for a SecretRotationApplication */ export interface SecretRotationApplicationOptions { /** * Whether the rotation application uses the mutli user scheme * * @default false */ readonly isMultiUser?: boolean; } /** * A secret rotation serverless application. */ export declare class SecretRotationApplication { /** * Conducts an AWS SecretsManager secret rotation for RDS MariaDB using the single user rotation scheme */ static readonly MARIADB_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS MariaDB using the multi user rotation scheme */ static readonly MARIADB_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS MySQL using the single user rotation scheme */ static readonly MYSQL_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS MySQL using the multi user rotation scheme */ static readonly MYSQL_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS Oracle using the single user rotation scheme */ static readonly ORACLE_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS Oracle using the multi user rotation scheme */ static readonly ORACLE_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS PostgreSQL using the single user rotation scheme */ static readonly POSTGRES_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS PostgreSQL using the multi user rotation scheme */ static readonly POSTGRES_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS SQL Server using the single user rotation scheme */ static readonly SQLSERVER_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for RDS SQL Server using the multi user rotation scheme */ static readonly SQLSERVER_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for Amazon Redshift using the single user rotation scheme */ static readonly REDSHIFT_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for Amazon Redshift using the multi user rotation scheme */ static readonly REDSHIFT_ROTATION_MULTI_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for MongoDB using the single user rotation scheme */ static readonly MONGODB_ROTATION_SINGLE_USER: SecretRotationApplication; /** * Conducts an AWS SecretsManager secret rotation for MongoDB using the multi user rotation scheme */ static readonly MONGODB_ROTATION_MULTI_USER: SecretRotationApplication; /** * Whether the rotation application uses the mutli user scheme */ readonly isMultiUser?: boolean; /** * The application name of the rotation application */ private readonly applicationName; constructor(applicationId: string, semanticVersion: string, options?: SecretRotationApplicationOptions); /** * Returns the application ARN for the current partition. * Can be used in combination with a `CfnMapping` to automatically select the correct ARN based on the current partition. */ applicationArnForPartition(partition: string): string; /** * The semantic version of the app for the current partition. * Can be used in combination with a `CfnMapping` to automatically select the correct version based on the current partition. */ semanticVersionForPartition(partition: string): string; } /** * Construction properties for a SecretRotation. */ export interface SecretRotationProps { /** * The secret to rotate. It must be a JSON string with the following format: * * ``` * { * "engine": <required: database engine>, * "host": <required: instance host name>, * "username": <required: username>, * "password": <required: password>, * "dbname": <optional: database name>, * "port": <optional: if not specified, default port will be used>, * "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords> * } * ``` * * This is typically the case for a secret referenced from an `AWS::SecretsManager::SecretTargetAttachment` * or an `ISecret` returned by the `attach()` method of `Secret`. * * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html */ readonly secret: ISecret; /** * The master secret for a multi user rotation scheme * * @default - single user rotation scheme */ readonly masterSecret?: ISecret; /** * Specifies the number of days after the previous rotation before * Secrets Manager triggers the next automatic rotation. * * @default Duration.days(30) */ readonly automaticallyAfter?: Duration; /** * The serverless application for the rotation. */ readonly application: SecretRotationApplication; /** * The VPC where the Lambda rotation function will run. */ readonly vpc: ec2.IVpc; /** * The type of subnets in the VPC where the Lambda rotation function will run. * * @default - the Vpc default strategy if not specified. */ readonly vpcSubnets?: ec2.SubnetSelection; /** * The target service or database */ readonly target: ec2.IConnectable; /** * The security group for the Lambda rotation function * * @default - a new security group is created */ readonly securityGroup?: ec2.ISecurityGroup; /** * Characters which should not appear in the generated password * * @default - no additional characters are explicitly excluded */ readonly excludeCharacters?: string; /** * The VPC interface endpoint to use for the Secrets Manager API * * If you enable private DNS hostnames for your VPC private endpoint (the default), you don't * need to specify an endpoint. The standard Secrets Manager DNS hostname the Secrets Manager * CLI and SDKs use by default (https://secretsmanager.<region>.amazonaws.com) automatically * resolves to your VPC endpoint. * * @default https://secretsmanager.<region>.amazonaws.com */ readonly endpoint?: ec2.IInterfaceVpcEndpoint; /** * Specifies whether to rotate the secret immediately or wait until the next * scheduled rotation window. * * @default true */ readonly rotateImmediatelyOnUpdate?: boolean; } /** * Secret rotation for a service or database */ export declare class SecretRotation extends Construct { constructor(scope: Construct, id: string, props: SecretRotationProps); }