aws-cdk-lib.aws_secretsmanager.RotationScheduleProps

interface RotationScheduleProps

LanguageType name
.NETAmazon.CDK.AWS.SecretsManager.RotationScheduleProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager#RotationScheduleProps
Javasoftware.amazon.awscdk.services.secretsmanager.RotationScheduleProps
Pythonaws_cdk.aws_secretsmanager.RotationScheduleProps
TypeScript (source)aws-cdk-lib » aws_secretsmanager » RotationScheduleProps

Construction properties for a RotationSchedule.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as cdk from 'aws-cdk-lib';
import { aws_lambda as lambda } from 'aws-cdk-lib';
import { aws_secretsmanager as secretsmanager } from 'aws-cdk-lib';

declare const function_: lambda.Function;
declare const hostedRotation: secretsmanager.HostedRotation;
declare const secret: secretsmanager.Secret;
const rotationScheduleProps: secretsmanager.RotationScheduleProps = {
  secret: secret,

  // the properties below are optional
  automaticallyAfter: cdk.Duration.minutes(30),
  hostedRotation: hostedRotation,
  rotateImmediatelyOnUpdate: false,
  rotationLambda: function_,
};

Properties

NameTypeDescription
secretISecretThe secret to rotate.
automaticallyAfter?DurationSpecifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
hostedRotation?HostedRotationHosted rotation.
rotateImmediatelyOnUpdate?booleanSpecifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
rotationLambda?IFunctionA Lambda function that can rotate the secret.

secret

Type: ISecret

The secret to rotate.

If hosted rotation is used, this must be a JSON string with the following format:

{
  "engine": <required: database engine>,
  "host": <required: instance host name>,
  "username": <required: username>,
  "password": <required: password>,
  "dbname": <optional: database name>,
  "port": <optional: if not specified, default port will be used>,
  "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.


automaticallyAfter?

Type: Duration (optional, default: Duration.days(30))

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

A value of zero will disable automatic rotation - Duration.days(0).


hostedRotation?

Type: HostedRotation (optional, default: either rotationLambda or hostedRotation must be specified)

Hosted rotation.


rotateImmediatelyOnUpdate?

Type: boolean (optional, default: secret is rotated immediately)

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.


rotationLambda?

Type: IFunction (optional, default: either rotationLambda or hostedRotation must be specified)

A Lambda function that can rotate the secret.