interface RotationMultiUserOptions

Language	Type name
.NET	`Amazon.CDK.AWS.RDS.RotationMultiUserOptions`
Java	`software.amazon.awscdk.services.rds.RotationMultiUserOptions`
Python	`aws_cdk.aws_rds.RotationMultiUserOptions`
TypeScript (source)	`@aws-cdk/aws-rds` » `RotationMultiUserOptions`

Options to add the multi user rotation.

Example

declare const instance: rds.DatabaseInstance;
declare const myImportedSecret: rds.DatabaseSecret;
instance.addRotationMultiUser('MyUser', {
  secret: myImportedSecret, // This secret must have the `masterarn` key
});

Properties

Name	Type	Description
secret	`ISecret`	The secret to rotate.
automaticallyAfter?	`Duration`	Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
endpoint?	`IInterfaceVpcEndpoint`	The VPC interface endpoint to use for the Secrets Manager API.
excludeCharacters?	`string`	Specifies characters to not include in generated passwords.
vpcSubnets?	`SubnetSelection`	Where to place the rotation Lambda function.

secret

Type: ISecret

The secret to rotate.

It must be a JSON string with the following format:

{
   "engine": <required: database engine>,
   "host": <required: instance host name>,
   "username": <required: username>,
   "password": <required: password>,
   "dbname": <optional: database name>,
   "port": <optional: if not specified, default port will be used>,
   "masterarn": <required: the arn of the master secret which will be used to create users/change passwords>
}

automaticallyAfter?

Type: Duration (optional, default: 30 days)

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

endpoint?

Type: IInterfaceVpcEndpoint (optional, default: https://secretsmanager..amazonaws.com)

The VPC interface endpoint to use for the Secrets Manager API.

If you enable private DNS hostnames for your VPC private endpoint (the default), you don't need to specify an endpoint. The standard Secrets Manager DNS hostname the Secrets Manager CLI and SDKs use by default (https://secretsmanager..amazonaws.com) automatically resolves to your VPC endpoint.

excludeCharacters?

Type: string (optional, default: " %+~`#$&()|[]{}:;<>?!'/)*

Specifies characters to not include in generated passwords.

vpcSubnets?

Type: SubnetSelection (optional, default: same placement as instance or cluster)

Where to place the rotation Lambda function.