aws-cdk-lib.aws_secretsmanager.RotationSchedule

class RotationSchedule (construct)

LanguageType name
.NETAmazon.CDK.AWS.SecretsManager.RotationSchedule
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager#RotationSchedule
Javasoftware.amazon.awscdk.services.secretsmanager.RotationSchedule
Pythonaws_cdk.aws_secretsmanager.RotationSchedule
TypeScript (source)aws-cdk-lib » aws_secretsmanager » RotationSchedule

Implements IConstruct, IDependable, IResource

A rotation schedule.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as cdk from 'aws-cdk-lib';
import { aws_lambda as lambda } from 'aws-cdk-lib';
import { aws_secretsmanager as secretsmanager } from 'aws-cdk-lib';

declare const function_: lambda.Function;
declare const hostedRotation: secretsmanager.HostedRotation;
declare const secret: secretsmanager.Secret;
const rotationSchedule = new secretsmanager.RotationSchedule(this, 'MyRotationSchedule', {
  secret: secret,

  // the properties below are optional
  automaticallyAfter: cdk.Duration.minutes(30),
  hostedRotation: hostedRotation,
  rotateImmediatelyOnUpdate: false,
  rotationLambda: function_,
});

Initializer

new RotationSchedule(scope: Construct, id: string, props: RotationScheduleProps)

Parameters

  • scope Construct
  • id string
  • props RotationScheduleProps

Construct Props

NameTypeDescription
secretISecretThe secret to rotate.
automaticallyAfter?DurationSpecifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.
hostedRotation?HostedRotationHosted rotation.
rotateImmediatelyOnUpdate?booleanSpecifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
rotationLambda?IFunctionA Lambda function that can rotate the secret.

secret

Type: ISecret

The secret to rotate.

If hosted rotation is used, this must be a JSON string with the following format:

{
  "engine": <required: database engine>,
  "host": <required: instance host name>,
  "username": <required: username>,
  "password": <required: password>,
  "dbname": <optional: database name>,
  "port": <optional: if not specified, default port will be used>,
  "masterarn": <required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>
}

This is typically the case for a secret referenced from an AWS::SecretsManager::SecretTargetAttachment or an ISecret returned by the attach() method of Secret.


automaticallyAfter?

Type: Duration (optional, default: Duration.days(30))

Specifies the number of days after the previous rotation before Secrets Manager triggers the next automatic rotation.

A value of zero will disable automatic rotation - Duration.days(0).


hostedRotation?

Type: HostedRotation (optional, default: either rotationLambda or hostedRotation must be specified)

Hosted rotation.


rotateImmediatelyOnUpdate?

Type: boolean (optional, default: secret is rotated immediately)

Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.


rotationLambda?

Type: IFunction (optional, default: either rotationLambda or hostedRotation must be specified)

A Lambda function that can rotate the secret.

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.