CredentialsBaseOptions
- class aws_cdk.aws_rds.CredentialsBaseOptions(*, encryption_key=None, exclude_characters=None, replica_regions=None, secret_name=None)
Bases:
objectBase options for creating Credentials.
- Parameters:
encryption_key (
Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master keyexclude_characters (
Optional[str]) – The characters to exclude from the generated password. Has no effect ifpasswordhas been provided. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/@”")replica_regions (
Optional[Sequence[Union[ReplicaRegion,Dict[str,Any]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicatedsecret_name (
Optional[str]) – The name of the secret. Default: - A name is generated by CloudFormation.
- ExampleMetadata:
infused
Example:
# vpc: ec2.Vpc engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3) my_key = kms.Key(self, "MyKey") rds.DatabaseInstance(self, "InstanceWithCustomizedSecret", engine=engine, vpc=vpc, credentials=rds.Credentials.from_generated_secret("postgres", secret_name="my-cool-name", encryption_key=my_key, exclude_characters="!&*^#@()", replica_regions=[secretsmanager.ReplicaRegion(region="eu-west-1"), secretsmanager.ReplicaRegion(region="eu-west-2")] ) )
Attributes
- encryption_key
KMS encryption key to encrypt the generated secret.
- Default:
default master key
- exclude_characters
The characters to exclude from the generated password.
Has no effect if
passwordhas been provided.- Default:
the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/@”")
- replica_regions
A list of regions where to replicate this secret.
- Default:
Secret is not replicated
- secret_name
The name of the secret.
- Default:
A name is generated by CloudFormation.