class Credentials
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.RDS.Credentials |
Go | github.com/aws/aws-cdk-go/awscdk/v2/awsrds#Credentials |
Java | software.amazon.awscdk.services.rds.Credentials |
Python | aws_cdk.aws_rds.Credentials |
TypeScript (source) | aws-cdk-lib » aws_rds » Credentials |
Username and password combination.
Example
// Create username and password secret for DB Cluster
const secret = new rds.DatabaseSecret(this, 'AuroraSecret', {
username: 'clusteradmin',
});
// The VPC to place the cluster in
const vpc = new ec2.Vpc(this, 'AuroraVpc');
// Create the serverless cluster, provide all values needed to customise the database.
const cluster = new rds.DatabaseCluster(this, 'AuroraClusterV2', {
engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_15_5 }),
credentials: { username: 'clusteradmin' },
clusterIdentifier: 'db-endpoint-test',
writer: rds.ClusterInstance.serverlessV2('writer'),
serverlessV2MinCapacity: 2,
serverlessV2MaxCapacity: 10,
vpc,
defaultDatabaseName: 'demos',
enableDataApi: true, // has to be set to true to enable Data API as not enable by default
});
// Build a data source for AppSync to access the database.
declare const api: appsync.GraphqlApi;
const rdsDS = api.addRdsDataSourceV2('rds', cluster, secret, 'demos');
// Set up a resolver for an RDS query.
rdsDS.createResolver('QueryGetDemosRdsResolver', {
typeName: 'Query',
fieldName: 'getDemosRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"SELECT * FROM demos"
]
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
`),
});
// Set up a resolver for an RDS mutation.
rdsDS.createResolver('MutationAddDemoRdsResolver', {
typeName: 'Mutation',
fieldName: 'addDemoRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"INSERT INTO demos VALUES (:id, :version)",
"SELECT * WHERE id = :id"
],
"variableMap": {
":id": $util.toJson($util.autoId()),
":version": $util.toJson($ctx.args.version)
}
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
`),
});
Initializer
new Credentials()
Properties
Name | Type | Description |
---|---|---|
username | string | Username. |
encryption | IKey | KMS encryption key to encrypt the generated secret. |
exclude | string | The characters to exclude from the generated password. |
password? | Secret | Password. |
replica | Replica [] | A list of regions where to replicate the generated secret. |
secret? | ISecret | Secret used to instantiate this Login. |
secret | string | The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials. |
username | boolean | Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret. |
username
Type:
string
Username.
encryptionKey?
Type:
IKey
(optional, default: default master key)
KMS encryption key to encrypt the generated secret.
excludeCharacters?
Type:
string
(optional, default: the DatabaseSecret default exclude character set (" %+~`#$&()|[]{}:;<>?!'/@"\"))*
The characters to exclude from the generated password.
Only used if password
has not been set.
password?
Type:
Secret
(optional, default: a Secrets Manager generated password)
Password.
Do not put passwords in your CDK code directly.
replicaRegions?
Type:
Replica
[]
(optional, default: Secret is not replicated)
A list of regions where to replicate the generated secret.
secret?
Type:
ISecret
(optional, default: none)
Secret used to instantiate this Login.
secretName?
Type:
string
(optional, default: A name is generated by CloudFormation.)
The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.
usernameAsString?
Type:
boolean
(optional, default: false)
Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.
Methods
Name | Description |
---|---|
static from | Creates Credentials with a password generated and stored in Secrets Manager. |
static from | Creates Credentials from a password. |
static from | Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret ). |
static from | Creates Credentials for the given username, and optional password and key. |
GeneratedSecret(username, options?)
static frompublic static fromGeneratedSecret(username: string, options?: CredentialsBaseOptions): Credentials
Parameters
- username
string
- options
Credentials
Base Options
Returns
Creates Credentials with a password generated and stored in Secrets Manager.
Password(username, password)
static frompublic static fromPassword(username: string, password: SecretValue): Credentials
Parameters
- username
string
- password
Secret
Value
Returns
Creates Credentials from a password.
Do not put passwords in your CDK code directly.
Secret(secret, username?)
static frompublic static fromSecret(secret: ISecret, username?: string): Credentials
Parameters
- secret
ISecret
— The secret where the credentials are stored. - username
string
— The username defined in the secret.
Returns
Creates Credentials from an existing Secrets Manager Secret
(or DatabaseSecret
).
The Secret must be a JSON string with a username
and password
field:
{
...
"username": <required: username>,
"password": <required: password>,
}
Username(username, options?)
static frompublic static fromUsername(username: string, options?: CredentialsFromUsernameOptions): Credentials
Parameters
- username
string
- options
Credentials
From Username Options
Returns
Creates Credentials for the given username, and optional password and key.
If no password is provided, one will be generated and stored in Secrets Manager.