aws-cdk-lib.aws_rds.Credentials

class Credentials

LanguageType name
.NETAmazon.CDK.AWS.RDS.Credentials
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsrds#Credentials
Javasoftware.amazon.awscdk.services.rds.Credentials
Pythonaws_cdk.aws_rds.Credentials
TypeScript (source)aws-cdk-lib » aws_rds » Credentials

Username and password combination.

Example

// Create username and password secret for DB Cluster
const secret = new rds.DatabaseSecret(this, 'AuroraSecret', {
  username: 'clusteradmin',
});

// The VPC to place the cluster in
const vpc = new ec2.Vpc(this, 'AuroraVpc');

// Create the serverless cluster, provide all values needed to customise the database.
const cluster = new rds.ServerlessCluster(this, 'AuroraCluster', {
  engine: rds.DatabaseClusterEngine.AURORA_MYSQL,
  vpc,
  credentials: { username: 'clusteradmin' },
  clusterIdentifier: 'db-endpoint-test',
  defaultDatabaseName: 'demos',
});

// Build a data source for AppSync to access the database.
declare const api: appsync.GraphqlApi;
const rdsDS = api.addRdsDataSource('rds', cluster, secret, 'demos');

// Set up a resolver for an RDS query.
rdsDS.createResolver('QueryGetDemosRdsResolver', {
  typeName: 'Query',
  fieldName: 'getDemosRds',
  requestMappingTemplate: appsync.MappingTemplate.fromString(`
  {
    "version": "2018-05-29",
    "statements": [
      "SELECT * FROM demos"
    ]
  }
  `),
  responseMappingTemplate: appsync.MappingTemplate.fromString(`
    $utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
  `),
});

// Set up a resolver for an RDS mutation.
rdsDS.createResolver('MutationAddDemoRdsResolver', {
  typeName: 'Mutation',
  fieldName: 'addDemoRds',
  requestMappingTemplate: appsync.MappingTemplate.fromString(`
  {
    "version": "2018-05-29",
    "statements": [
      "INSERT INTO demos VALUES (:id, :version)",
      "SELECT * WHERE id = :id"
    ],
    "variableMap": {
      ":id": $util.toJson($util.autoId()),
      ":version": $util.toJson($ctx.args.version)
    }
  }
  `),
  responseMappingTemplate: appsync.MappingTemplate.fromString(`
    $utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
  `),
});

Initializer

new Credentials()

Properties

NameTypeDescription
usernamestringUsername.
encryptionKey?IKeyKMS encryption key to encrypt the generated secret.
excludeCharacters?stringThe characters to exclude from the generated password.
password?SecretValuePassword.
replicaRegions?ReplicaRegion[]A list of regions where to replicate the generated secret.
secret?ISecretSecret used to instantiate this Login.
secretName?stringThe name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.
usernameAsString?booleanWhether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

username

Type: string

Username.


encryptionKey?

Type: IKey (optional, default: default master key)

KMS encryption key to encrypt the generated secret.


excludeCharacters?

Type: string (optional, default: the DatabaseSecret default exclude character set (" %+~`#$&()|[]{}:;<>?!'/@"\"))*

The characters to exclude from the generated password.

Only used if password has not been set.


password?

Type: SecretValue (optional, default: a Secrets Manager generated password)

Password.

Do not put passwords in your CDK code directly.


replicaRegions?

Type: ReplicaRegion[] (optional, default: Secret is not replicated)

A list of regions where to replicate the generated secret.


secret?

Type: ISecret (optional, default: none)

Secret used to instantiate this Login.


secretName?

Type: string (optional, default: A name is generated by CloudFormation.)

The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.


usernameAsString?

Type: boolean (optional, default: false)

Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.

Methods

NameDescription
static fromGeneratedSecret(username, options?)Creates Credentials with a password generated and stored in Secrets Manager.
static fromPassword(username, password)Creates Credentials from a password.
static fromSecret(secret, username?)Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).
static fromUsername(username, options?)Creates Credentials for the given username, and optional password and key.

static fromGeneratedSecret(username, options?)

public static fromGeneratedSecret(username: string, options?: CredentialsBaseOptions): Credentials

Parameters

  • username string
  • options CredentialsBaseOptions

Returns

  • Credentials

Creates Credentials with a password generated and stored in Secrets Manager.


static fromPassword(username, password)

public static fromPassword(username: string, password: SecretValue): Credentials

Parameters

  • username string
  • password SecretValue

Returns

  • Credentials

Creates Credentials from a password.

Do not put passwords in your CDK code directly.


static fromSecret(secret, username?)

public static fromSecret(secret: ISecret, username?: string): Credentials

Parameters

  • secret ISecret — The secret where the credentials are stored.
  • username string — The username defined in the secret.

Returns

  • Credentials

Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).

The Secret must be a JSON string with a username and password field:

{
  ...
  "username": <required: username>,
  "password": <required: password>,
}

static fromUsername(username, options?)

public static fromUsername(username: string, options?: CredentialsFromUsernameOptions): Credentials

Parameters

  • username string
  • options CredentialsFromUsernameOptions

Returns

  • Credentials

Creates Credentials for the given username, and optional password and key.

If no password is provided, one will be generated and stored in Secrets Manager.