Class: AWSCDK::RDS::SnapshotCredentials

Inherits:
Jsii::Object
  • Object
show all
Defined in:
rds/snapshot_credentials.rb

Overview

Credentials to update the password for a DatabaseInstanceFromSnapshot.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeSnapshotCredentials

Returns a new instance of SnapshotCredentials.



8
9
10
# File 'rds/snapshot_credentials.rb', line 8

def initialize
  Jsii::Object.instance_method(:initialize).bind(self).call
end

Class Method Details

.from_generated_password(username, options = nil) ⇒ AWSCDK::RDS::SnapshotCredentials

Generate a new password for the snapshot, using the existing username and an optional encryption key.

Note - The username must match the existing master username of the snapshot.

NOTE: use from_generated_secret() for new Clusters and Instances. Switching from from_generated_password() to from_generated_secret() for already deployed Clusters or Instances will update their master password.

Parameters:

Returns:

  • (AWSCDK::RDS::SnapshotCredentials)


36
37
38
39
40
41
# File 'rds/snapshot_credentials.rb', line 36

def self.from_generated_password(username, options = nil)
  Jsii::Type.check_type(username, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "username")
  options = options.is_a?(Hash) ? ::AWSCDK::RDS::SnapshotCredentialsFromGeneratedPasswordOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfcmRzLlNuYXBzaG90Q3JlZGVudGlhbHNGcm9tR2VuZXJhdGVkUGFzc3dvcmRPcHRpb25zIn0=")), "options") unless options.nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_rds.SnapshotCredentials", "fromGeneratedPassword", [username, options])
end

.from_generated_secret(username, options = nil) ⇒ AWSCDK::RDS::SnapshotCredentials

Generate a new password for the snapshot, using the existing username and an optional encryption key.

The new credentials are stored in Secrets Manager.

Note - The username must match the existing master username of the snapshot.

Parameters:

Returns:

  • (AWSCDK::RDS::SnapshotCredentials)


52
53
54
55
56
57
# File 'rds/snapshot_credentials.rb', line 52

def self.from_generated_secret(username, options = nil)
  Jsii::Type.check_type(username, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "username")
  options = options.is_a?(Hash) ? ::AWSCDK::RDS::SnapshotCredentialsFromGeneratedPasswordOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfcmRzLlNuYXBzaG90Q3JlZGVudGlhbHNGcm9tR2VuZXJhdGVkUGFzc3dvcmRPcHRpb25zIn0=")), "options") unless options.nil?
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_rds.SnapshotCredentials", "fromGeneratedSecret", [username, options])
end

.from_password(password) ⇒ AWSCDK::RDS::SnapshotCredentials

Update the snapshot login with an existing password.

Parameters:

Returns:

  • (AWSCDK::RDS::SnapshotCredentials)


63
64
65
66
# File 'rds/snapshot_credentials.rb', line 63

def self.from_password(password)
  Jsii::Type.check_type(password, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRWYWx1ZSJ9")), "password")
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_rds.SnapshotCredentials", "fromPassword", [password])
end

.from_secret(secret) ⇒ AWSCDK::RDS::SnapshotCredentials

Update the snapshot login with an existing password from a Secret.

The Secret must be a JSON string with a password field:

{
  ...
  "password": <required: password>,
}

Parameters:

Returns:

  • (AWSCDK::RDS::SnapshotCredentials)


81
82
83
84
# File 'rds/snapshot_credentials.rb', line 81

def self.from_secret(secret)
  Jsii::Type.check_type(secret, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldCJ9")), "secret")
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_rds.SnapshotCredentials", "fromSecret", [secret])
end

.jsii_overridable_methodsObject



12
13
14
15
16
17
18
19
20
21
22
23
# File 'rds/snapshot_credentials.rb', line 12

def self.jsii_overridable_methods
  {
    :generate_password => { kind: :property, name: "generatePassword", is_optional: false },
    :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true },
    :exclude_characters => { kind: :property, name: "excludeCharacters", is_optional: true },
    :password => { kind: :property, name: "password", is_optional: true },
    :replace_on_password_criteria_changes => { kind: :property, name: "replaceOnPasswordCriteriaChanges", is_optional: true },
    :replica_regions => { kind: :property, name: "replicaRegions", is_optional: true },
    :secret => { kind: :property, name: "secret", is_optional: true },
    :username => { kind: :property, name: "username", is_optional: true },
  }
end

Instance Method Details

#encryption_keyAWSCDK::KMS::IKey?

Note:

Default: - default master key

KMS encryption key to encrypt the generated secret.

Returns:



97
98
99
# File 'rds/snapshot_credentials.rb', line 97

def encryption_key()
  jsii_get_property("encryptionKey")
end

#exclude_charactersString?

Note:

Default: - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/@\"\")

The characters to exclude from the generated password.

Only used if generate_password if true.

Returns:

  • (String, nil)


107
108
109
# File 'rds/snapshot_credentials.rb', line 107

def exclude_characters()
  jsii_get_property("excludeCharacters")
end

#generate_passwordBoolean

Whether a new password should be generated.

Returns:

  • (Boolean)


89
90
91
# File 'rds/snapshot_credentials.rb', line 89

def generate_password()
  jsii_get_property("generatePassword")
end

#passwordAWSCDK::SecretValue?

Note:

Default: - the existing password from the snapshot

The master user password.

Do not put passwords in your CDK code directly.

Returns:



117
118
119
# File 'rds/snapshot_credentials.rb', line 117

def password()
  jsii_get_property("password")
end

#replace_on_password_criteria_changesBoolean?

Note:

Default: false

Whether to replace the generated secret when the criteria for the password change.

Returns:

  • (Boolean, nil)


125
126
127
# File 'rds/snapshot_credentials.rb', line 125

def replace_on_password_criteria_changes()
  jsii_get_property("replaceOnPasswordCriteriaChanges")
end

#replica_regionsArray<AWSCDK::SecretsManager::ReplicaRegion>?

Note:

Default: - Secret is not replicated

A list of regions where to replicate the generated secret.

Returns:



133
134
135
# File 'rds/snapshot_credentials.rb', line 133

def replica_regions()
  jsii_get_property("replicaRegions")
end

#secretAWSCDK::SecretsManager::ISecret?

Note:

Default: - none

Secret used to instantiate this Login.



141
142
143
# File 'rds/snapshot_credentials.rb', line 141

def secret()
  jsii_get_property("secret")
end

#usernameString?

Note:

Default: - the existing username from the snapshot

The master user name.

Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.

Returns:

  • (String, nil)


152
153
154
# File 'rds/snapshot_credentials.rb', line 152

def username()
  jsii_get_property("username")
end