software.amazon.awscdk.services.secretsmanager

Class SecretTargetAttachment

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.Resource

software.amazon.awscdk.services.secretsmanager.SecretTargetAttachment

All Implemented Interfaces:

IResource, ISecret, ISecretTargetAttachment, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:42.059Z")
 @Stability(value=Stable)
public class SecretTargetAttachment
extends Resource
implements ISecretTargetAttachment, ISecret

An attached secret.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.secretsmanager.*;
 Secret secret;
 ISecretAttachmentTarget secretAttachmentTarget;
 SecretTargetAttachment secretTargetAttachment = SecretTargetAttachment.Builder.create(this, "MySecretTargetAttachment")
         .secret(secret)
         .target(secretAttachmentTarget)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SecretTargetAttachment.Builder A fluent builder for SecretTargetAttachment.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.secretsmanager.ISecretTargetAttachment

ISecretTargetAttachment.Jsii$Default, ISecretTargetAttachment.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	SecretTargetAttachment(software.constructs.Construct scope, String id, SecretTargetAttachmentProps props)
protected	SecretTargetAttachment(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	SecretTargetAttachment(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
RotationSchedule	addRotationSchedule(String id, RotationScheduleOptions options) Adds a rotation schedule to the secret.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) Adds a statement to the IAM resource policy associated with this secret.
ISecret	attach(ISecretAttachmentTarget target) Attach a target to this secret.
void	denyAccountRootDelete() Denies the `DeleteSecret` action to all principals within the current account.
static ISecretTargetAttachment	fromSecretTargetAttachmentSecretArn(software.constructs.Construct scope, String id, String secretTargetAttachmentSecretArn)
protected String	getArnForPolicies() Provides an identifier for this secret for use in IAM policies.
protected Boolean	getAutoCreatePolicy()
IKey	getEncryptionKey() The customer-managed encryption key that is used to encrypt this secret, if any.
String	getSecretArn() The ARN of the secret in AWS Secrets Manager.
String	getSecretFullArn() The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.
String	getSecretName() The name of the secret.
String	getSecretTargetAttachmentSecretArn() Same as `secretArn`.
SecretValue	getSecretValue() Retrieve the value of the stored secret as a `SecretValue`.
Grant	grantRead(IGrantable grantee) Grants reading the secret value to some role.
Grant	grantRead(IGrantable grantee, List<String> versionStages) Grants reading the secret value to some role.
Grant	grantWrite(IGrantable grantee) Grants writing and updating the secret value to some role.
SecretValue	secretValueFromJson(String jsonField) Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Methods inherited from class software.amazon.awscdk.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource

Methods inherited from class software.constructs.Construct

getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

SecretTargetAttachment

protected SecretTargetAttachment(software.amazon.jsii.JsiiObjectRef objRef)

SecretTargetAttachment

protected SecretTargetAttachment(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

SecretTargetAttachment

@Stability(value=Stable)
public SecretTargetAttachment(@NotNull
                                                       software.constructs.Construct scope,
                                                       @NotNull
                                                       String id,
                                                       @NotNull
                                                       SecretTargetAttachmentProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props - This parameter is required.

Method Detail

fromSecretTargetAttachmentSecretArn

@Stability(value=Stable)
 @NotNull
public static ISecretTargetAttachment fromSecretTargetAttachmentSecretArn(@NotNull
                                                                                                             software.constructs.Construct scope,
                                                                                                             @NotNull
                                                                                                             String id,
                                                                                                             @NotNull
                                                                                                             String secretTargetAttachmentSecretArn)

Parameters:

scope - This parameter is required.

id - This parameter is required.

secretTargetAttachmentSecretArn - This parameter is required.

addRotationSchedule

@Stability(value=Stable)
 @NotNull
public RotationSchedule addRotationSchedule(@NotNull
                                                                               String id,
                                                                               @NotNull
                                                                               RotationScheduleOptions options)

Adds a rotation schedule to the secret.

Specified by:

addRotationSchedule in interface ISecret

Parameters:

id - This parameter is required.

options - This parameter is required.

addToResourcePolicy

@Stability(value=Stable)
 @NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                        PolicyStatement statement)

Adds a statement to the IAM resource policy associated with this secret.

If this secret was created in this stack, a resource policy will be automatically created upon the first call to addToResourcePolicy. If the secret is imported, then this is a no-op.

Specified by:

addToResourcePolicy in interface ISecret

Parameters:

statement - This parameter is required.

attach

@Stability(value=Stable)
 @NotNull
public ISecret attach(@NotNull
                                                         ISecretAttachmentTarget target)

Attach a target to this secret.

Specified by:

attach in interface ISecret

Parameters:

target - The target to attach. This parameter is required.

Returns:

An attached secret

denyAccountRootDelete

@Stability(value=Stable)
public void denyAccountRootDelete()

Denies the `DeleteSecret` action to all principals within the current account.

Specified by:

denyAccountRootDelete in interface ISecret

grantRead

@Stability(value=Stable)
 @NotNull
public Grant grantRead(@NotNull
                                                          IGrantable grantee,
                                                          @Nullable
                                                          List<String> versionStages)

Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Parameters:

grantee - This parameter is required.

versionStages -

grantRead

@Stability(value=Stable)
 @NotNull
public Grant grantRead(@NotNull
                                                          IGrantable grantee)

Grants reading the secret value to some role.

Specified by:

grantRead in interface ISecret

Parameters:

grantee - This parameter is required.

grantWrite

@Stability(value=Stable)
 @NotNull
public Grant grantWrite(@NotNull
                                                           IGrantable grantee)

Grants writing and updating the secret value to some role.

Specified by:

grantWrite in interface ISecret

Parameters:

grantee - This parameter is required.

secretValueFromJson

@Stability(value=Stable)
 @NotNull
public SecretValue secretValueFromJson(@NotNull
                                                                          String jsonField)

Interpret the secret as a JSON object and return a field's value from it as a `SecretValue`.

Specified by:

secretValueFromJson in interface ISecret

Parameters:

jsonField - This parameter is required.

getArnForPolicies

@Stability(value=Stable)
 @NotNull
protected String getArnForPolicies()

Provides an identifier for this secret for use in IAM policies.

If there is a full ARN, this is just the ARN; if we have a partial ARN -- due to either importing by secret name or partial ARN -- then we need to add a suffix to capture the full ARN's format.

getAutoCreatePolicy

@Stability(value=Stable)
 @NotNull
protected Boolean getAutoCreatePolicy()

getSecretArn

@Stability(value=Stable)
 @NotNull
public String getSecretArn()

The ARN of the secret in AWS Secrets Manager.

Will return the full ARN if available, otherwise a partial arn. For secrets imported by the deprecated fromSecretName, it will return the secretName.

Specified by:

getSecretArn in interface ISecret

getSecretName

@Stability(value=Stable)
 @NotNull
public String getSecretName()

The name of the secret.

For "owned" secrets, this will be the full resource name (secret name + suffix), unless the '@aws-cdk/aws-secretsmanager:parseOwnedSecretName' feature flag is set.

Specified by:

getSecretName in interface ISecret

getSecretTargetAttachmentSecretArn

@Stability(value=Stable)
 @NotNull
public String getSecretTargetAttachmentSecretArn()

Same as `secretArn`.

Specified by:

getSecretTargetAttachmentSecretArn in interface ISecretTargetAttachment

getSecretValue

@Stability(value=Stable)
 @NotNull
public SecretValue getSecretValue()

Retrieve the value of the stored secret as a `SecretValue`.

Specified by:

getSecretValue in interface ISecret

getEncryptionKey

@Stability(value=Stable)
 @Nullable
public IKey getEncryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any.

When not specified, the default KMS key for the account and region is being used.

Specified by:

getEncryptionKey in interface ISecret

getSecretFullArn

@Stability(value=Stable)
 @Nullable
public String getSecretFullArn()

The full ARN of the secret in AWS Secrets Manager, which is the ARN including the Secrets Manager-supplied 6-character suffix.

This is equal to secretArn in most cases, but is undefined when a full ARN is not available (e.g., secrets imported by name).

Specified by:

getSecretFullArn in interface ISecret