class Credentials
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.RDS.Credentials |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsrds#Credentials |
 Java | software.amazon.awscdk.services.rds.Credentials |
 Python | aws_cdk.aws_rds.Credentials |
 TypeScript (source) | aws-cdk-lib » aws_rds » Credentials |
Username and password combination.
Example
// Create username and password secret for DB Cluster
const secret = new rds.DatabaseSecret(this, 'AuroraSecret', {
username: 'clusteradmin',
});
// The VPC to place the cluster in
const vpc = new ec2.Vpc(this, 'AuroraVpc');
// Create the serverless cluster, provide all values needed to customise the database.
const cluster = new rds.DatabaseCluster(this, 'AuroraClusterV2', {
engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_15_5 }),
credentials: { username: 'clusteradmin' },
clusterIdentifier: 'db-endpoint-test',
writer: rds.ClusterInstance.serverlessV2('writer'),
serverlessV2MinCapacity: 2,
serverlessV2MaxCapacity: 10,
vpc,
defaultDatabaseName: 'demos',
enableDataApi: true, // has to be set to true to enable Data API as not enable by default
});
// Build a data source for AppSync to access the database.
declare const api: appsync.GraphqlApi;
const rdsDS = api.addRdsDataSourceV2('rds', cluster, secret, 'demos');
// Set up a resolver for an RDS query.
rdsDS.createResolver('QueryGetDemosRdsResolver', {
typeName: 'Query',
fieldName: 'getDemosRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"SELECT * FROM demos"
]
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[0])
`),
});
// Set up a resolver for an RDS mutation.
rdsDS.createResolver('MutationAddDemoRdsResolver', {
typeName: 'Mutation',
fieldName: 'addDemoRds',
requestMappingTemplate: appsync.MappingTemplate.fromString(`
{
"version": "2018-05-29",
"statements": [
"INSERT INTO demos VALUES (:id, :version)",
"SELECT * WHERE id = :id"
],
"variableMap": {
":id": $util.toJson($util.autoId()),
":version": $util.toJson($ctx.args.version)
}
}
`),
responseMappingTemplate: appsync.MappingTemplate.fromString(`
$utils.toJson($utils.rds.toJsonObject($ctx.result)[1][0])
`),
});
Initializer
new Credentials()
Properties
| Name | Type | Description |
|---|---|---|
| username | string | Username. |
| encryption | IKey | KMS encryption key to encrypt the generated secret. |
| exclude | string | The characters to exclude from the generated password. |
| password? | Secret | Password. |
| replica | Replica[] | A list of regions where to replicate the generated secret. |
| secret? | ISecret | Secret used to instantiate this Login. |
| secret | string | The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials. |
| username | boolean | Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret. |
username
Type:
string
Username.
encryptionKey?
Type:
IKey
(optional, default: default master key)
KMS encryption key to encrypt the generated secret.
excludeCharacters?
Type:
string
(optional, default: the DatabaseSecret default exclude character set (" %+~`#$&()|[]{}:;<>?!'/@"\"))*
The characters to exclude from the generated password.
Only used if password has not been set.
password?
Type:
Secret
(optional, default: a Secrets Manager generated password)
Password.
Do not put passwords in your CDK code directly.
replicaRegions?
Type:
Replica[]
(optional, default: Secret is not replicated)
A list of regions where to replicate the generated secret.
secret?
Type:
ISecret
(optional, default: none)
Secret used to instantiate this Login.
secretName?
Type:
string
(optional, default: A name is generated by CloudFormation.)
The name to use for the Secret if a new Secret is to be generated in SecretsManager for these Credentials.
usernameAsString?
Type:
boolean
(optional, default: false)
Whether the username should be referenced as a string and not as a dynamic reference to the username in the secret.
Methods
| Name | Description |
|---|---|
| static from | Creates Credentials with a password generated and stored in Secrets Manager. |
| static from | Creates Credentials from a password. |
| static from | Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret). |
| static from | Creates Credentials for the given username, and optional password and key. |
static fromGeneratedSecret(username, options?)
public static fromGeneratedSecret(username: string, options?: CredentialsBaseOptions): Credentials
Parameters
- username
string - options
CredentialsBase Options
Returns
Creates Credentials with a password generated and stored in Secrets Manager.
static fromPassword(username, password)
public static fromPassword(username: string, password: SecretValue): Credentials
Parameters
- username
string - password
SecretValue
Returns
Creates Credentials from a password.
Do not put passwords in your CDK code directly.
static fromSecret(secret, username?)
public static fromSecret(secret: ISecret, username?: string): Credentials
Parameters
- secret
ISecret— The secret where the credentials are stored. - username
string— The username defined in the secret.
Returns
Creates Credentials from an existing Secrets Manager Secret (or DatabaseSecret).
The Secret must be a JSON string with a username and password field:
{
...
"username": <required: username>,
"password": <required: password>,
}
static fromUsername(username, options?)
public static fromUsername(username: string, options?: CredentialsFromUsernameOptions): Credentials
Parameters
- username
string - options
CredentialsFrom Username Options
Returns
Creates Credentials for the given username, and optional password and key.
If no password is provided, one will be generated and stored in Secrets Manager.