software.amazon.awscdk.services.rds

Class SnapshotCredentials

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.rds.SnapshotCredentials

All Implemented Interfaces:

software.amazon.jsii.JsiiSerializable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:41.508Z")
 @Stability(value=Stable)
public abstract class SnapshotCredentials
extends software.amazon.jsii.JsiiObject

Credentials to update the password for a ``DatabaseInstanceFromSnapshot``.

Example:

 Vpc vpc;
 IInstanceEngine engine = DatabaseInstanceEngine.postgres(PostgresInstanceEngineProps.builder().version(PostgresEngineVersion.VER_12_3).build());
 Key myKey = new Key(this, "MyKey");
 DatabaseInstanceFromSnapshot.Builder.create(this, "InstanceFromSnapshotWithCustomizedSecret")
         .engine(engine)
         .vpc(vpc)
         .snapshotIdentifier("mySnapshot")
         .credentials(SnapshotCredentials.fromGeneratedSecret("username", SnapshotCredentialsFromGeneratedPasswordOptions.builder()
                 .encryptionKey(myKey)
                 .excludeCharacters("!&*^#@()")
                 .replicaRegions(List.of(ReplicaRegion.builder().region("eu-west-1").build(), ReplicaRegion.builder().region("eu-west-2").build()))
                 .build()))
         .build();
 

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SnapshotCredentials()
protected	SnapshotCredentials(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	SnapshotCredentials(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
static SnapshotCredentials	fromGeneratedPassword(String username) Generate a new password for the snapshot, using the existing username and an optional encryption key.
static SnapshotCredentials	fromGeneratedPassword(String username, SnapshotCredentialsFromGeneratedPasswordOptions options) Generate a new password for the snapshot, using the existing username and an optional encryption key.
static SnapshotCredentials	fromGeneratedSecret(String username) Generate a new password for the snapshot, using the existing username and an optional encryption key.
static SnapshotCredentials	fromGeneratedSecret(String username, SnapshotCredentialsFromGeneratedPasswordOptions options) Generate a new password for the snapshot, using the existing username and an optional encryption key.
static SnapshotCredentials	fromPassword(SecretValue password) Update the snapshot login with an existing password.
static SnapshotCredentials	fromSecret(ISecret secret) Update the snapshot login with an existing password from a Secret.
abstract IKey	getEncryptionKey() KMS encryption key to encrypt the generated secret.
abstract String	getExcludeCharacters() The characters to exclude from the generated password.
abstract Boolean	getGeneratePassword() Whether a new password should be generated.
abstract SecretValue	getPassword() The master user password.
abstract Boolean	getReplaceOnPasswordCriteriaChanges() Whether to replace the generated secret when the criteria for the password change.
abstract List<ReplicaRegion>	getReplicaRegions() A list of regions where to replicate the generated secret.
abstract ISecret	getSecret() Secret used to instantiate this Login.
abstract String	getUsername() The master user name.

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

SnapshotCredentials

protected SnapshotCredentials(software.amazon.jsii.JsiiObjectRef objRef)

SnapshotCredentials

protected SnapshotCredentials(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

SnapshotCredentials

@Stability(value=Stable)
protected SnapshotCredentials()

Method Detail

fromGeneratedPassword

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromGeneratedPassword(@NotNull
                                                                                           String username,
                                                                                           @Nullable
                                                                                           SnapshotCredentialsFromGeneratedPasswordOptions options)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

Note - The username must match the existing master username of the snapshot.

NOTE: use fromGeneratedSecret() for new Clusters and Instances. Switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

Parameters:

username - This parameter is required.

options -

fromGeneratedPassword

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromGeneratedPassword(@NotNull
                                                                                           String username)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

Note - The username must match the existing master username of the snapshot.

NOTE: use fromGeneratedSecret() for new Clusters and Instances. Switching from fromGeneratedPassword() to fromGeneratedSecret() for already deployed Clusters or Instances will update their master password.

Parameters:

username - This parameter is required.

fromGeneratedSecret

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromGeneratedSecret(@NotNull
                                                                                         String username,
                                                                                         @Nullable
                                                                                         SnapshotCredentialsFromGeneratedPasswordOptions options)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

The new credentials are stored in Secrets Manager.

Note - The username must match the existing master username of the snapshot.

Parameters:

username - This parameter is required.

options -

fromGeneratedSecret

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromGeneratedSecret(@NotNull
                                                                                         String username)

Generate a new password for the snapshot, using the existing username and an optional encryption key.

The new credentials are stored in Secrets Manager.

Note - The username must match the existing master username of the snapshot.

Parameters:

username - This parameter is required.

fromPassword

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromPassword(@NotNull
                                                                                  SecretValue password)

Update the snapshot login with an existing password.

Parameters:

password - This parameter is required.

fromSecret

@Stability(value=Stable)
 @NotNull
public static SnapshotCredentials fromSecret(@NotNull
                                                                                ISecret secret)

Update the snapshot login with an existing password from a Secret.

The Secret must be a JSON string with a password field:

 {
    ...
    "password": <required: password>,
 }
 

Parameters:

secret - This parameter is required.

getGeneratePassword

@Stability(value=Stable)
 @NotNull
public abstract Boolean getGeneratePassword()

Whether a new password should be generated.

getEncryptionKey

@Stability(value=Stable)
 @Nullable
public abstract IKey getEncryptionKey()

KMS encryption key to encrypt the generated secret.

Default: - default master key

getExcludeCharacters

@Stability(value=Stable)
 @Nullable
public abstract String getExcludeCharacters()

The characters to exclude from the generated password.

Only used if {@link generatePassword} if true.

Default: - the DatabaseSecret default exclude character set (" %+~`#$&*()|[]{}:;<>?!'/

getPassword

@Stability(value=Stable)
 @Nullable
public abstract SecretValue getPassword()

The master user password.

Do not put passwords in your CDK code directly.

Default: - the existing password from the snapshot

getReplaceOnPasswordCriteriaChanges

@Stability(value=Stable)
 @Nullable
public abstract Boolean getReplaceOnPasswordCriteriaChanges()

Whether to replace the generated secret when the criteria for the password change.

Default: false

getReplicaRegions

@Stability(value=Stable)
 @Nullable
public abstract List<ReplicaRegion> getReplicaRegions()

A list of regions where to replicate the generated secret.

Default: - Secret is not replicated

getSecret

@Stability(value=Stable)
 @Nullable
public abstract ISecret getSecret()

Secret used to instantiate this Login.

Default: - none

getUsername

@Stability(value=Stable)
 @Nullable
public abstract String getUsername()

The master user name.

Must be the current master user name of the snapshot. It is not possible to change the master user name of a RDS instance.

Default: - the existing username from the snapshot