CfnSecretPropsMixin

class aws_cdk.mixins_preview.aws_secretsmanager.mixins.CfnSecretPropsMixin(props, *, strategy=None)

Bases: Mixin

Creates a new secret.

A secret can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager.

For Amazon RDS master user credentials, see AWS::RDS::DBCluster MasterUserSecret .

For Amazon Redshift admin user credentials, see AWS::Redshift::Cluster .

To retrieve a secret in a CloudFormation template, use a dynamic reference . For more information, see Retrieve a secret in an CloudFormation resource .

For information about creating a secret in the console, see Create a secret . For information about creating a secret using the CLI or SDK, see CreateSecret .

For information about retrieving a secret in code, see Retrieve secrets from Secrets Manager .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html

CloudformationResource:

AWS::SecretsManager::Secret

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_secretsmanager import mixins as secretsmanager_mixins

cfn_secret_props_mixin = secretsmanager_mixins.CfnSecretPropsMixin(secretsmanager_mixins.CfnSecretMixinProps(
    description="description",
    generate_secret_string=secretsmanager_mixins.CfnSecretPropsMixin.GenerateSecretStringProperty(
        exclude_characters="excludeCharacters",
        exclude_lowercase=False,
        exclude_numbers=False,
        exclude_punctuation=False,
        exclude_uppercase=False,
        generate_string_key="generateStringKey",
        include_space=False,
        password_length=123,
        require_each_included_type=False,
        secret_string_template="secretStringTemplate"
    ),
    kms_key_id="kmsKeyId",
    name="name",
    replica_regions=[secretsmanager_mixins.CfnSecretPropsMixin.ReplicaRegionProperty(
        kms_key_id="kmsKeyId",
        region="region"
    )],
    secret_string="secretString",
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    type="type"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::SecretsManager::Secret.

Parameters:

• props (Union[CfnSecretMixinProps, Dict[str, Any]]) – L1 properties to apply.

• strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['description', 'generateSecretString', 'kmsKeyId', 'name', 'replicaRegions', 'secretString', 'tags', 'type']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

GenerateSecretStringProperty

class CfnSecretPropsMixin.GenerateSecretStringProperty(*, exclude_characters=None, exclude_lowercase=None, exclude_numbers=None, exclude_punctuation=None, exclude_uppercase=None, generate_string_key=None, include_space=None, password_length=None, require_each_included_type=None, secret_string_template=None)

Bases: object

Generates a random password.

We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.

Required permissions: secretsmanager:GetRandomPassword . For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager .

Parameters:

• exclude_characters (Optional[str]) – A string of the characters that you don’t want in the password.

• exclude_lowercase (Union[bool, IResolvable, None]) – Specifies whether to exclude lowercase letters from the password. If you don’t include this switch, the password can contain lowercase letters.

• exclude_numbers (Union[bool, IResolvable, None]) – Specifies whether to exclude numbers from the password. If you don’t include this switch, the password can contain numbers.

• exclude_punctuation (Union[bool, IResolvable, None]) – Specifies whether to exclude the following punctuation characters from the password: ! “ # $ % & ‘ ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~`` . If you don’t include this switch, the password can contain punctuation.

• exclude_uppercase (Union[bool, IResolvable, None]) – Specifies whether to exclude uppercase letters from the password. If you don’t include this switch, the password can contain uppercase letters.

• generate_string_key (Optional[str]) – The JSON key name for the key/value pair, where the value is the generated password. This pair is added to the JSON structure specified by the SecretStringTemplate parameter. If you specify this parameter, then you must also specify SecretStringTemplate .

• include_space (Union[bool, IResolvable, None]) – Specifies whether to include the space character. If you include this switch, the password can contain space characters.

• password_length (Union[int, float, None]) – The length of the password. If you don’t include this parameter, the default length is 32 characters.

• require_each_included_type (Union[bool, IResolvable, None]) – Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don’t include this switch, the password contains at least one of every character type.

• secret_string_template (Optional[str]) – A template that the generated string must match. When you make a change to this property, a new secret version is created.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_secretsmanager import mixins as secretsmanager_mixins

generate_secret_string_property = secretsmanager_mixins.CfnSecretPropsMixin.GenerateSecretStringProperty(
    exclude_characters="excludeCharacters",
    exclude_lowercase=False,
    exclude_numbers=False,
    exclude_punctuation=False,
    exclude_uppercase=False,
    generate_string_key="generateStringKey",
    include_space=False,
    password_length=123,
    require_each_included_type=False,
    secret_string_template="secretStringTemplate"
)

Attributes

exclude_characters

A string of the characters that you don’t want in the password.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludecharacters

exclude_lowercase

Specifies whether to exclude lowercase letters from the password.

If you don’t include this switch, the password can contain lowercase letters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludelowercase

exclude_numbers

Specifies whether to exclude numbers from the password.

If you don’t include this switch, the password can contain numbers.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludenumbers

exclude_punctuation

`!

“ # $ % & ‘ ( ) * + , - . / : ; < = > ? @ [ ] ^ _ `` { | } ~`` . If you don’t include this switch, the password can contain punctuation.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludepunctuation

Type:

Specifies whether to exclude the following punctuation characters from the password

exclude_uppercase

Specifies whether to exclude uppercase letters from the password.

If you don’t include this switch, the password can contain uppercase letters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludeuppercase

generate_string_key

The JSON key name for the key/value pair, where the value is the generated password.

This pair is added to the JSON structure specified by the SecretStringTemplate parameter. If you specify this parameter, then you must also specify SecretStringTemplate .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-generatestringkey

include_space

Specifies whether to include the space character.

If you include this switch, the password can contain space characters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-includespace

password_length

The length of the password.

If you don’t include this parameter, the default length is 32 characters.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-passwordlength

require_each_included_type

Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.

If you don’t include this switch, the password contains at least one of every character type.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-requireeachincludedtype

secret_string_template

A template that the generated string must match.

When you make a change to this property, a new secret version is created.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-secretstringtemplate

ReplicaRegionProperty

class CfnSecretPropsMixin.ReplicaRegionProperty(*, kms_key_id=None, region=None)

Bases: object

Specifies a Region and the KmsKeyId for a replica secret.

Parameters:

• kms_key_id (Optional[str]) – The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don’t include this field, Secrets Manager uses aws/secretsmanager .

• region (Optional[str]) – A string that represents a Region , for example “us-east-1”.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-replicaregion.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_secretsmanager import mixins as secretsmanager_mixins

replica_region_property = secretsmanager_mixins.CfnSecretPropsMixin.ReplicaRegionProperty(
    kms_key_id="kmsKeyId",
    region="region"
)

Attributes

kms_key_id

The ARN, key ID, or alias of the KMS key to encrypt the secret.

If you don’t include this field, Secrets Manager uses aws/secretsmanager .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-replicaregion.html#cfn-secretsmanager-secret-replicaregion-kmskeyid

region

A string that represents a Region , for example “us-east-1”.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-replicaregion.html#cfn-secretsmanager-secret-replicaregion-region