class Credentials

Language	Type name
.NET	`Amazon.CDK.AWS.RDS.Credentials`
Java	`software.amazon.awscdk.services.rds.Credentials`
Python	`aws_cdk.aws_rds.Credentials`
TypeScript (source)	`@aws-cdk/aws-rds` » `Credentials`

Username and password combination.

Example

// Create username and password secret for DB Cluster
const secret = new rds.DatabaseSecret(this, 'AuroraSecret', {
  username: 'clusteradmin',
});

// The VPC to place the cluster in
const vpc = new ec2.Vpc(this, 'AuroraVpc');

// Create the serverless cluster, provide all values needed to customise the database.
const cluster = new rds.ServerlessCluster(this, 'AuroraCluster', {
  engine: rds.DatabaseClusterEngine.AURORA_MYSQL,
  vpc,
  credentials: { username: 'clusteradmin' },
  clusterIdentifier: 'db-endpoint-test',
  defaultDatabaseName: 'demos',
});

// Build a data source for AppSync to access the database.
declare const api: appsync.GraphqlApi;
const rdsDS = api.addRdsDataSource('rds', cluster, secret, 'demos');

// Set up a resolver for an RDS query.
rdsDS.createResolver({
  typeName: 'Query',
  fieldName: 'getDemosRds',
  requestMappingTemplate: appsync.MappingTemplate.fromString(`
  {
    "version": "2018-05-29",
    "statements": [
      "SELECT * FROM demos"
    ]
  }
  `),
  responseMappingTemplate: appsync.MappingTemplate.fromString(`
    $utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
  `),
});

// Set up a resolver for an RDS mutation.
rdsDS.createResolver({
  typeName: 'Mutation',
  fieldName: 'addDemoRds',
  requestMappingTemplate: appsync.MappingTemplate.fromString(`
  {
    "version": "2018-05-29",
    "statements": [
      "INSERT INTO demos VALUES (:id, :version)",
      "SELECT * WHERE id = :id"
    ],
    "variableMap": {
      ":id": $util.toJson($util.autoId()),
      ":version": $util.toJson($ctx.args.version)
    }
  }
  `),
  responseMappingTemplate: appsync.MappingTemplate.fromString(`
    $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
  `),
});

Initializer

new Credentials()

Properties

Name	Type	Description
username	`string`	Username.
encryptionKey?	`IKey`	KMS encryption key to encrypt the generated secret.
excludeCharacters?	`string`	The characters to exclude from the generated password.
password?	`SecretValue`	Password.
replicaRegions?	`ReplicaRegion[]`	A list of regions where to replicate the generated secret.
secret?	`ISecret`	Secret used to instantiate this Login.
secretName?	`string`	The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.
usernameAsString?	`boolean`	Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

username

Type: string

Username.

encryptionKey?

Type: IKey (optional, default: default master key)

KMS encryption key to encrypt the generated secret.

excludeCharacters?

Type: string (optional, default: the DatabaseSecret default exclude character set (" %+~`#$&()|[]{}:;<>?!'/)*

The characters to exclude from the generated password.

Only used if {@link password} has not been set.

password?

Type: SecretValue (optional, default: a Secrets Manager generated password)

Password.

Do not put passwords in your CDK code directly.

replicaRegions?

Type: ReplicaRegion[] (optional, default: Secret is not replicated)

A list of regions where to replicate the generated secret.

secret?

Type: ISecret (optional, default: none)

Secret used to instantiate this Login.

secretName?

Type: string (optional, default: A name is generated by CloudFormation.)

The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.

usernameAsString?

Type: boolean (optional, default: false)

Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

Methods

Name	Description
static fromGeneratedSecret(username, options?)	Creates Credentials with a password generated and stored in Secrets Manager.
static fromPassword(username, password)	Creates Credentials from a password.
static fromSecret(secret, username?)	Creates Credentials from an existing Secrets Manager `Secret` (or `DatabaseSecret`).
static fromUsername(username, options?)	Creates Credentials for the given username, and optional password and key.

static fromGeneratedSecret(username, options?)

public static fromGeneratedSecret(username: string, options?: CredentialsBaseOptions): Credentials

Parameters

username string
options CredentialsBaseOptions

Returns

Credentials

Creates Credentials with a password generated and stored in Secrets Manager.

static fromPassword(username, password)

public static fromPassword(username: string, password: SecretValue): Credentials

Parameters

username string
password SecretValue

Returns

Credentials

Creates Credentials from a password.

Do not put passwords in your CDK code directly.

static fromSecret(secret, username?)

public static fromSecret(secret: ISecret, username?: string): Credentials

Parameters

secret ISecret — The secret where the credentials are stored.
username string — The username defined in the secret.

Returns

Credentials

Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

The Secret must be a JSON string with a username and password field:

{
   ...
   "username": <required: username>,
   "password": <required: password>,
}

static fromUsername(username, options?)

public static fromUsername(username: string, options?: CredentialsFromUsernameOptions): Credentials

Parameters

username string
options CredentialsFromUsernameOptions

Returns

Credentials

Creates Credentials for the given username, and optional password and key.

If no password is provided, one will be generated and stored in Secrets Manager.