Module: AWSCDK::SecretsManager::ISecretTargetAttachment
- Includes:
- Interfaces::AWSSecretsmanager::ISecretTargetAttachmentRef, ISecret
- Included in:
- SecretTargetAttachment
- Defined in:
- secrets_manager/i_secret_target_attachment.rb
Class Method Summary collapse
Instance Method Summary collapse
-
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
-
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
-
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
-
#deny_account_root_delete ⇒ void
Denies the
DeleteSecretaction to all principals within the current account. -
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
-
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
Grants reading the secret value to some role.
-
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
Grants writing and updating the secret value to some role.
-
#node ⇒ Constructs::Node
The tree node.
-
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
-
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
-
#secret_name ⇒ String
The name of the secret.
-
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
-
#secret_target_attachment_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretTargetAttachmentReference
A reference to a SecretTargetAttachment resource.
-
#secret_target_attachment_secret_arn ⇒ String
Same as
secretArn. -
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a
SecretValue. -
#secret_value_from_json(key) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a
SecretValue. -
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Class Method Details
.jsii_overridable_methods ⇒ Object
216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 216 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :secret_ref => { kind: :property, name: "secretRef", is_optional: false }, :secret_arn => { kind: :property, name: "secretArn", is_optional: false }, :secret_name => { kind: :property, name: "secretName", is_optional: false }, :secret_value => { kind: :property, name: "secretValue", is_optional: false }, :encryption_key => { kind: :property, name: "encryptionKey", is_optional: true }, :secret_full_arn => { kind: :property, name: "secretFullArn", is_optional: true }, :secret_target_attachment_ref => { kind: :property, name: "secretTargetAttachmentRef", is_optional: false }, :secret_target_attachment_secret_arn => { kind: :property, name: "secretTargetAttachmentSecretArn", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :add_rotation_schedule => { kind: :method, name: "addRotationSchedule", is_optional: false }, :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false }, :attach => { kind: :method, name: "attach", is_optional: false }, :cfn_dynamic_reference_key => { kind: :method, name: "cfnDynamicReferenceKey", is_optional: false }, :deny_account_root_delete => { kind: :method, name: "denyAccountRootDelete", is_optional: false }, :grant_read => { kind: :method, name: "grantRead", is_optional: false }, :grant_write => { kind: :method, name: "grantWrite", is_optional: false }, :secret_value_from_json => { kind: :method, name: "secretValueFromJson", is_optional: false }, } end |
Instance Method Details
#add_rotation_schedule(id, options) ⇒ AWSCDK::SecretsManager::RotationSchedule
Adds a rotation schedule to the secret.
140 141 142 143 144 145 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 140 def add_rotation_schedule(id, ) Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::SecretsManager::RotationScheduleOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuUm90YXRpb25TY2hlZHVsZU9wdGlvbnMifQ==")), "options") jsii_call_method("addRotationSchedule", [id, ]) end |
#add_to_resource_policy(statement) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the IAM resource policy associated with this secret.
If this secret was created in this stack, a resource policy will be
automatically created upon the first call to add_to_resource_policy. If
the secret is imported, then this is a no-op.
155 156 157 158 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 155 def add_to_resource_policy(statement) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") jsii_call_method("addToResourcePolicy", [statement]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
130 131 132 133 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 130 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#attach(target) ⇒ AWSCDK::SecretsManager::ISecret
Attach a target to this secret.
164 165 166 167 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 164 def attach(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfc2VjcmV0c21hbmFnZXIuSVNlY3JldEF0dGFjaG1lbnRUYXJnZXQifQ==")), "target") jsii_call_method("attach", [target]) end |
#cfn_dynamic_reference_key(options = nil) ⇒ String
Returns a key which can be used within an AWS CloudFormation dynamic reference to dynamically load this secret from AWS Secrets Manager.
174 175 176 177 178 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 174 def cfn_dynamic_reference_key( = nil) = .is_a?(Hash) ? ::AWSCDK::SecretsManagerSecretOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRzTWFuYWdlclNlY3JldE9wdGlvbnMifQ==")), "options") unless .nil? jsii_call_method("cfnDynamicReferenceKey", []) end |
#deny_account_root_delete ⇒ void
This method returns an undefined value.
Denies the DeleteSecret action to all principals within the current account.
183 184 185 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 183 def deny_account_root_delete() jsii_call_method("denyAccountRootDelete", []) end |
#encryption_key ⇒ AWSCDK::KMS::IKey?
The customer-managed encryption key that is used to encrypt this secret, if any.
When not specified, the default KMS key for the account and region is being used.
77 78 79 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 77 def encryption_key() jsii_get_property("encryptionKey") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
26 27 28 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 26 def env() jsii_get_property("env") end |
#grant_read(grantee, version_stages = nil) ⇒ AWSCDK::IAM::Grant
Grants reading the secret value to some role.
192 193 194 195 196 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 192 def grant_read(grantee, version_stages = nil) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") Jsii::Type.check_type(version_stages, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "versionStages") unless version_stages.nil? jsii_call_method("grantRead", [grantee, version_stages]) end |
#grant_write(grantee) ⇒ AWSCDK::IAM::Grant
Grants writing and updating the secret value to some role.
202 203 204 205 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 202 def grant_write(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantWrite", [grantee]) end |
#node ⇒ Constructs::Node
The tree node.
11 12 13 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 11 def node() jsii_get_property("node") end |
#secret_arn ⇒ String
The ARN of the secret in AWS Secrets Manager.
Will return the full ARN if available, otherwise a partial arn.
For secrets imported by the deprecated from_secret_name, it will return the secret_name.
50 51 52 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 50 def secret_arn() jsii_get_property("secretArn") end |
#secret_full_arn ⇒ String?
The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
This is equal to secret_arn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).
86 87 88 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 86 def secret_full_arn() jsii_get_property("secretFullArn") end |
#secret_name ⇒ String
The name of the secret.
For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.
60 61 62 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 60 def secret_name() jsii_get_property("secretName") end |
#secret_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretReference
A reference to a Secret resource.
40 41 42 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 40 def secret_ref() jsii_get_property("secretRef") end |
#secret_target_attachment_ref ⇒ AWSCDK::Interfaces::AWSSecretsmanager::SecretTargetAttachmentReference
A reference to a SecretTargetAttachment resource.
93 94 95 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 93 def () jsii_get_property("secretTargetAttachmentRef") end |
#secret_target_attachment_secret_arn ⇒ String
Same as secretArn.
100 101 102 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 100 def () jsii_get_property("secretTargetAttachmentSecretArn") end |
#secret_value ⇒ AWSCDK::SecretValue
Retrieve the value of the stored secret as a SecretValue.
67 68 69 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 67 def secret_value() jsii_get_property("secretValue") end |
#secret_value_from_json(key) ⇒ AWSCDK::SecretValue
Interpret the secret as a JSON object and return a field's value from it as a SecretValue.
211 212 213 214 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 211 def secret_value_from_json(key) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") jsii_call_method("secretValueFromJson", [key]) end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
33 34 35 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 33 def stack() jsii_get_property("stack") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.
111 112 113 114 115 116 |
# File 'secrets_manager/i_secret_target_attachment.rb', line 111 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |