SnapshotCredentials
- class aws_cdk.aws_rds.SnapshotCredentials
Bases:
objectCredentials to update the password for a
DatabaseInstanceFromSnapshot.- ExampleMetadata:
infused
Example:
# vpc: ec2.Vpc engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_16_3) my_key = kms.Key(self, "MyKey") rds.DatabaseInstanceFromSnapshot(self, "InstanceFromSnapshotWithCustomizedSecret", engine=engine, vpc=vpc, snapshot_identifier="mySnapshot", credentials=rds.SnapshotCredentials.from_generated_secret("username", encryption_key=my_key, exclude_characters="!&*^#@()", replica_regions=[secretsmanager.ReplicaRegion(region="eu-west-1"), secretsmanager.ReplicaRegion(region="eu-west-2")] ) )
Attributes
- encryption_key
KMS encryption key to encrypt the generated secret.
- Default:
default master key
- exclude_characters
The characters to exclude from the generated password.
Only used if
generatePasswordif true.- Default:
the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/@”")
- generate_password
Whether a new password should be generated.
- password
The master user password.
Do not put passwords in your CDK code directly.
- Default:
the existing password from the snapshot
- replace_on_password_criteria_changes
Whether to replace the generated secret when the criteria for the password change.
- Default:
false
- replica_regions
A list of regions where to replicate the generated secret.
- Default:
Secret is not replicated
- secret
Secret used to instantiate this Login.
- Default:
none
- username
The master user name.
Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.
- Default:
the existing username from the snapshot
Static Methods
- classmethod from_generated_password(username, *, encryption_key=None, exclude_characters=None, replica_regions=None)
Generate a new password for the snapshot, using the existing username and an optional encryption key.
Note - The username must match the existing master username of the snapshot.
NOTE: use
fromGeneratedSecret()for new Clusters and Instances. Switching fromfromGeneratedPassword()tofromGeneratedSecret()for already deployed Clusters or Instances will update their master password.- Parameters:
username (
str) –encryption_key (
Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master keyexclude_characters (
Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/@”")replica_regions (
Optional[Sequence[Union[ReplicaRegion,Dict[str,Any]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated
- Return type:
- classmethod from_generated_secret(username, *, encryption_key=None, exclude_characters=None, replica_regions=None)
Generate a new password for the snapshot, using the existing username and an optional encryption key.
The new credentials are stored in Secrets Manager.
Note - The username must match the existing master username of the snapshot.
- Parameters:
username (
str) –encryption_key (
Optional[IKey]) – KMS encryption key to encrypt the generated secret. Default: - default master keyexclude_characters (
Optional[str]) – The characters to exclude from the generated password. Default: - the DatabaseSecret default exclude character set (” %+~`#$&*()|[]{}:;<>?!’/@”")replica_regions (
Optional[Sequence[Union[ReplicaRegion,Dict[str,Any]]]]) – A list of regions where to replicate this secret. Default: - Secret is not replicated
- Return type:
- classmethod from_password(password)
Update the snapshot login with an existing password.
- Parameters:
password (
SecretValue) –- Return type: