interface DatabaseSecretProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.RDS.DatabaseSecretProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsrds#DatabaseSecretProps |
 Java | software.amazon.awscdk.services.rds.DatabaseSecretProps |
 Python | aws_cdk.aws_rds.DatabaseSecretProps |
 TypeScript (source) | aws-cdk-lib » aws_rds » DatabaseSecretProps |
Construction properties for a DatabaseSecret.
Example
// Create username and password secret for DB Cluster
const secret = new rds.DatabaseSecret(this, 'AuroraSecret', {
username: 'clusteradmin',
});
// The VPC to place the cluster in
const vpc = new ec2.Vpc(this, 'AuroraVpc');
// Create the serverless cluster, provide all values needed to customise the database.
const cluster = new rds.ServerlessCluster(this, 'AuroraCluster', {
engine: rds.DatabaseClusterEngine.AURORA_MYSQL,
vpc,
credentials: { username: 'clusteradmin' },
clusterIdentifier: 'db-endpoint-test',
defaultDatabaseName: 'demos',
});
// Build a data source for AppSync to access the database.
declare const api: appsync.GraphqlApi;
const rdsDS = api.addRdsDataSource('rds', cluster, secret, 'demos');
// Set up a resolver for an RDS query.
rdsDS.createResolver('QueryGetDemosRdsResolver', {
typeName: 'Query',
fieldName: 'getDemosRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"SELECT * FROM demos"
]
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
`),
});
// Set up a resolver for an RDS mutation.
rdsDS.createResolver('MutationAddDemoRdsResolver', {
typeName: 'Mutation',
fieldName: 'addDemoRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"INSERT INTO demos VALUES (:id, :version)",
"SELECT * WHERE id = :id"
],
"variableMap": {
":id": $util.toJson($util.autoId()),
":version": $util.toJson($ctx.args.version)
}
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
`),
});
Properties
| Name | Type | Description |
|---|---|---|
| username | string | The username. |
| dbname? | string | The database name, if not using the default one. |
| encryption | IKey | The KMS key to use to encrypt the secret. |
| exclude | string | Characters to not include in the generated password. |
| master | ISecret | The master secret which will be used to rotate this secret. |
| replace | boolean | Whether to replace this secret when the criteria for the password change. |
| replica | Replica[] | A list of regions where to replicate this secret. |
| secret | string | A name for the secret. |
username
Type:
string
The username.
dbname?
Type:
string
(optional, default: whatever the secret generates after the attach method is run)
The database name, if not using the default one.
encryptionKey?
Type:
IKey
(optional, default: default master key)
The KMS key to use to encrypt the secret.
excludeCharacters?
Type:
string
(optional, default: " %+~`#$&()|[]{}:;<>?!'/@"\")*
Characters to not include in the generated password.
masterSecret?
Type:
ISecret
(optional, default: no master secret information will be included)
The master secret which will be used to rotate this secret.
replaceOnPasswordCriteriaChanges?
Type:
boolean
(optional, default: false)
Whether to replace this secret when the criteria for the password change.
This is achieved by overriding the logical id of the AWS::SecretsManager::Secret with a hash of the options that influence the password generation. This way a new secret will be created when the password is regenerated and the cluster or instance consuming this secret will have its credentials updated.
replicaRegions?
Type:
Replica[]
(optional, default: Secret is not replicated)
A list of regions where to replicate this secret.
secretName?
Type:
string
(optional, default: A name is generated by CloudFormation.)
A name for the secret.