Package software.amazon.awscdk.services.rds

Class SnapshotCredentials

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.rds.SnapshotCredentials
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)", date="2025-10-29T11:15:47.132Z") @Stability(Stable) public abstract class SnapshotCredentials extends software.amazon.jsii.JsiiObject
Credentials to update the password for a DatabaseInstanceFromSnapshot.

Example: 

 Vpc vpc;
 IInstanceEngine engine = DatabaseInstanceEngine.postgres(PostgresInstanceEngineProps.builder().version(PostgresEngineVersion.VER_16_3).build());
 Key myKey = new Key(this, "MyKey");
 DatabaseInstanceFromSnapshot.Builder.create(this, "InstanceFromSnapshotWithCustomizedSecret")
         .engine(engine)
         .vpc(vpc)
         .snapshotIdentifier("mySnapshot")
         .credentials(SnapshotCredentials.fromGeneratedSecret("username", SnapshotCredentialsFromGeneratedPasswordOptions.builder()
                 .encryptionKey(myKey)
                 .excludeCharacters("!&*^#@()")
                 .replicaRegions(List.of(ReplicaRegion.builder().region("eu-west-1").build(), ReplicaRegion.builder().region("eu-west-2").build()))
                 .build()))
         .build();

  • Constructor Details

    • SnapshotCredentials

      protected SnapshotCredentials(software.amazon.jsii.JsiiObjectRef objRef)

    • SnapshotCredentials

      protected SnapshotCredentials(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • SnapshotCredentials

      @Stability(Stable) protected SnapshotCredentials()

  • Method Details

    • fromGeneratedPassword

      @Stability(Stable) @NotNull public static SnapshotCredentials fromGeneratedPassword(@NotNull String username, @Nullable SnapshotCredentialsFromGeneratedPasswordOptions options)
      Generate a new password for the snapshot, using the existing username and an optional encryption key.

      Note - The username must match the existing master username of the snapshot.

      NOTE: use fromGeneratedSecret() for new Clusters and Instances. Switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

      Parameters:
      username - This parameter is required.
      options -

    • fromGeneratedPassword

      @Stability(Stable) @NotNull public static SnapshotCredentials fromGeneratedPassword(@NotNull String username)
      Generate a new password for the snapshot, using the existing username and an optional encryption key.

      Note - The username must match the existing master username of the snapshot.

      NOTE: use fromGeneratedSecret() for new Clusters and Instances. Switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

      Parameters:
      username - This parameter is required.

    • fromGeneratedSecret

      @Stability(Stable) @NotNull public static SnapshotCredentials fromGeneratedSecret(@NotNull String username, @Nullable SnapshotCredentialsFromGeneratedPasswordOptions options)
      Generate a new password for the snapshot, using the existing username and an optional encryption key.

      The new credentials are stored in Secrets Manager.

      Note - The username must match the existing master username of the snapshot.

      Parameters:
      username - This parameter is required.
      options -

    • fromGeneratedSecret

      @Stability(Stable) @NotNull public static SnapshotCredentials fromGeneratedSecret(@NotNull String username)
      Generate a new password for the snapshot, using the existing username and an optional encryption key.

      The new credentials are stored in Secrets Manager.

      Note - The username must match the existing master username of the snapshot.

      Parameters:
      username - This parameter is required.

    • fromPassword

      @Stability(Stable) @NotNull public static SnapshotCredentials fromPassword(@NotNull SecretValue password)
      Update the snapshot login with an existing password.

      Parameters:
      password - This parameter is required.

    • fromSecret

      @Stability(Stable) @NotNull public static SnapshotCredentials fromSecret(@NotNull ISecret secret)
      Update the snapshot login with an existing password from a Secret.

      The Secret must be a JSON string with a password field: 

       {
   ...
   "password": <required: password>,
 }

      Parameters:
      secret - This parameter is required.

    • getGeneratePassword

      @Stability(Stable) @NotNull public abstract Boolean getGeneratePassword()
      Whether a new password should be generated.

    • getEncryptionKey

      @Stability(Stable) @Nullable public abstract IKey getEncryptionKey()
      KMS encryption key to encrypt the generated secret.

      Default: - default master key

    • getExcludeCharacters

      @Stability(Stable) @Nullable public abstract String getExcludeCharacters()
      The characters to exclude from the generated password.

      Only used if generatePassword if true.

      Default: - the DatabaseSecret default exclude character set (" %+~`#$invalid input: '&'*()|[]{}:;invalid input: '<'>?!'/@\"\\")

    • getPassword

      @Stability(Stable) @Nullable public abstract SecretValue getPassword()
      The master user password.

      Do not put passwords in your CDK code directly.

      Default: - the existing password from the snapshot

    • getReplaceOnPasswordCriteriaChanges

      @Stability(Stable) @Nullable public abstract Boolean getReplaceOnPasswordCriteriaChanges()
      Whether to replace the generated secret when the criteria for the password change.

      Default: false

    • getReplicaRegions

      @Stability(Stable) @Nullable public abstract List<ReplicaRegion> getReplicaRegions()
      A list of regions where to replicate the generated secret.

      Default: - Secret is not replicated

    • getSecret

      @Stability(Stable) @Nullable public abstract ISecret getSecret()
      Secret used to instantiate this Login.

      Default: - none

    • getUsername

      @Stability(Stable) @Nullable public abstract String getUsername()
      The master user name.

      Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.

      Default: - the existing username from the snapshot