@aws-cdk_aws-redshift-alpha.DatabaseSecret

class DatabaseSecret (construct) ๐Ÿ”น

LanguageType name
.NETAmazon.CDK.AWS.Redshift.Alpha.DatabaseSecret
Gogithub.com/aws/aws-cdk-go/awscdkredshiftalpha/v2#DatabaseSecret
Javasoftware.amazon.awscdk.services.redshift.alpha.DatabaseSecret
Pythonaws_cdk.aws_redshift_alpha.DatabaseSecret
TypeScript (source)@aws-cdk/aws-redshift-alpha ยป DatabaseSecret

Implements IConstruct, IDependable, IResource, ISecret

A database secret.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as redshift_alpha from '@aws-cdk/aws-redshift-alpha';
import { aws_kms as kms } from 'aws-cdk-lib';

declare const key: kms.Key;
const databaseSecret = new redshift_alpha.DatabaseSecret(this, 'MyDatabaseSecret', {
  username: 'username',

  // the properties below are optional
  encryptionKey: key,
});

Initializer

new DatabaseSecret(scope: Construct, id: string, props: DatabaseSecretProps)

Parameters

  • scope Construct
  • id string
  • props DatabaseSecretProps

Construct Props

NameTypeDescription
username๐Ÿ”นstringThe username.
encryptionKey?๐Ÿ”นIKeyThe KMS key to use to encrypt the secret.

username๐Ÿ”น

Type: string

The username.


encryptionKey?๐Ÿ”น

Type: IKey (optional, default: default master key)

The KMS key to use to encrypt the secret.

Properties

NameTypeDescription
env๐Ÿ”นResourceEnvironmentThe environment this resource belongs to.
node๐Ÿ”นNodeThe tree node.
secretArn๐Ÿ”นstringThe ARN of the secret in AWS Secrets Manager.
secretName๐Ÿ”นstringThe name of the secret.
secretValue๐Ÿ”นSecretValueRetrieve the value of the stored secret as a SecretValue.
stack๐Ÿ”นStackThe stack in which this resource is defined.
encryptionKey?๐Ÿ”นIKeyThe customer-managed encryption key that is used to encrypt this secret, if any.
excludeCharacters?๐Ÿ”นstringThe string of the characters that are excluded in this secret when it is generated.
secretFullArn?๐Ÿ”นstringThe full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

env๐Ÿ”น

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node๐Ÿ”น

Type: Node

The tree node.


secretArn๐Ÿ”น

Type: string

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.


secretName๐Ÿ”น

Type: string

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.


secretValue๐Ÿ”น

Type: SecretValue

Retrieve the value of the stored secret as a SecretValue.


stack๐Ÿ”น

Type: Stack

The stack in which this resource is defined.


encryptionKey?๐Ÿ”น

Type: IKey (optional)

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.


excludeCharacters?๐Ÿ”น

Type: string (optional)

The string of the characters that are excluded in this secret when it is generated.


secretFullArn?๐Ÿ”น

Type: string (optional)

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Methods

NameDescription
addReplicaRegion(region, encryptionKey?)๐Ÿ”นAdds a replica region for the secret.
addRotationSchedule(id, options)๐Ÿ”นAdds a rotation schedule to the secret.
addToResourcePolicy(statement)๐Ÿ”นAdds a statement to the IAM resource policy associated with this secret.
applyRemovalPolicy(policy)๐Ÿ”นApply the given removal policy to this resource.
attach(target)๐Ÿ”นAttach a target to this secret.
denyAccountRootDelete()๐Ÿ”นDenies the DeleteSecret action to all principals within the current account.
grantRead(grantee, versionStages?)๐Ÿ”นGrants reading the secret value to some role.
grantWrite(grantee)๐Ÿ”นGrants writing and updating the secret value to some role.
secretValueFromJson(jsonField)๐Ÿ”นInterpret the secret as a JSON object and return a field's value from it as a SecretValue.
toString()๐Ÿ”นReturns a string representation of this construct.

addReplicaRegion(region, encryptionKey?)๐Ÿ”น

public addReplicaRegion(region: string, encryptionKey?: IKey): void

Parameters

  • region string โ€” The name of the region.
  • encryptionKey IKey โ€” The customer-managed encryption key to use for encrypting the secret value.

Adds a replica region for the secret.


addRotationSchedule(id, options)๐Ÿ”น

public addRotationSchedule(id: string, options: RotationScheduleOptions): RotationSchedule

Parameters

  • id string
  • options RotationScheduleOptions

Returns

  • RotationSchedule

Adds a rotation schedule to the secret.


addToResourcePolicy(statement)๐Ÿ”น

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Parameters

  • statement PolicyStatement

Returns

  • AddToResourcePolicyResult

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.


applyRemovalPolicy(policy)๐Ÿ”น

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


attach(target)๐Ÿ”น

public attach(target: ISecretAttachmentTarget): ISecret

Parameters

  • target ISecretAttachmentTarget โ€” The target to attach.

Returns

  • ISecret

Attach a target to this secret.


denyAccountRootDelete()๐Ÿ”น

public denyAccountRootDelete(): void

Denies the DeleteSecret action to all principals within the current account.


grantRead(grantee, versionStages?)๐Ÿ”น

public grantRead(grantee: IGrantable, versionStages?: string[]): Grant

Parameters

  • grantee IGrantable
  • versionStages string[]

Returns

  • Grant

Grants reading the secret value to some role.


grantWrite(grantee)๐Ÿ”น

public grantWrite(grantee: IGrantable): Grant

Parameters

  • grantee IGrantable

Returns

  • Grant

Grants writing and updating the secret value to some role.


secretValueFromJson(jsonField)๐Ÿ”น

public secretValueFromJson(jsonField: string): SecretValue

Parameters

  • jsonField string

Returns

  • SecretValue

Interpret the secret as a JSON object and return a field's value from it as a SecretValue.


toString()๐Ÿ”น

public toString(): string

Returns

  • string

Returns a string representation of this construct.