class SnapshotCredentials
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.RDS.SnapshotCredentials |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsrds#SnapshotCredentials |
![]() | software.amazon.awscdk.services.rds.SnapshotCredentials |
![]() | aws_cdk.aws_rds.SnapshotCredentials |
![]() | aws-cdk-lib » aws_rds » SnapshotCredentials |
Credentials to update the password for a DatabaseInstanceFromSnapshot
.
Example
declare const vpc: ec2.Vpc;
const engine = rds.DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_16_3 });
const myKey = new kms.Key(this, 'MyKey');
new rds.DatabaseInstanceFromSnapshot(this, 'InstanceFromSnapshotWithCustomizedSecret', {
engine,
vpc,
snapshotIdentifier: 'mySnapshot',
credentials: rds.SnapshotCredentials.fromGeneratedSecret('username', {
encryptionKey: myKey,
excludeCharacters: '!&*^#@()',
replicaRegions: [{ region: 'eu-west-1' }, { region: 'eu-west-2' }],
}),
});
Initializer
new SnapshotCredentials()
Properties
Name | Type | Description |
---|---|---|
generate | boolean | Whether a new password should be generated. |
encryption | IKey | KMS encryption key to encrypt the generated secret. |
exclude | string | The characters to exclude from the generated password. |
password? | Secret | The master user password. |
replace | boolean | Whether to replace the generated secret when the criteria for the password change. |
replica | Replica [] | A list of regions where to replicate the generated secret. |
secret? | ISecret | Secret used to instantiate this Login. |
username? | string | The master user name. |
generatePassword
Type:
boolean
Whether a new password should be generated.
encryptionKey?
Type:
IKey
(optional, default: default master key)
KMS encryption key to encrypt the generated secret.
excludeCharacters?
Type:
string
(optional, default: the DatabaseSecret default exclude character set (" %+~`#$&()|[]{}:;<>?!'/@"\"))*
The characters to exclude from the generated password.
Only used if generatePassword
if true.
password?
Type:
Secret
(optional, default: the existing password from the snapshot)
The master user password.
Do not put passwords in your CDK code directly.
replaceOnPasswordCriteriaChanges?
Type:
boolean
(optional, default: false)
Whether to replace the generated secret when the criteria for the password change.
replicaRegions?
Type:
Replica
[]
(optional, default: Secret is not replicated)
A list of regions where to replicate the generated secret.
secret?
Type:
ISecret
(optional, default: none)
Secret used to instantiate this Login.
username?
Type:
string
(optional, default: the existing username from the snapshot)
The master user name.
Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.
Methods
Name | Description |
---|---|
static from | Generate a new password for the snapshot, using the existing username and an optional encryption key. |
static from | Generate a new password for the snapshot, using the existing username and an optional encryption key. |
static from | Update the snapshot login with an existing password. |
static from | Update the snapshot login with an existing password from a Secret. |
static fromGeneratedPassword(username, options?)
public static fromGeneratedPassword(username: string, options?: SnapshotCredentialsFromGeneratedPasswordOptions): SnapshotCredentials
Parameters
- username
string
- options
Snapshot
Credentials From Generated Password Options
Returns
Generate a new password for the snapshot, using the existing username and an optional encryption key.
Note - The username must match the existing master username of the snapshot.
NOTE: use fromGeneratedSecret()
for new Clusters and Instances. Switching from
fromGeneratedPassword()
to fromGeneratedSecret()
for already deployed Clusters
or Instances will update their master password.
static fromGeneratedSecret(username, options?)
public static fromGeneratedSecret(username: string, options?: SnapshotCredentialsFromGeneratedPasswordOptions): SnapshotCredentials
Parameters
- username
string
- options
Snapshot
Credentials From Generated Password Options
Returns
Generate a new password for the snapshot, using the existing username and an optional encryption key.
The new credentials are stored in Secrets Manager.
Note - The username must match the existing master username of the snapshot.
static fromPassword(password)
public static fromPassword(password: SecretValue): SnapshotCredentials
Parameters
- password
Secret
Value
Returns
Update the snapshot login with an existing password.
static fromSecret(secret)
public static fromSecret(secret: ISecret): SnapshotCredentials
Parameters
- secret
ISecret
Returns
Update the snapshot login with an existing password from a Secret.
The Secret must be a JSON string with a password
field:
{
...
"password": <required: password>,
}