معرفی شرکت ها

تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر

تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر

تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر

تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر

تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر

توضیحات

The CDK Construct Library for AWS::SecretsManager

ویژگی	مقدار
سیستم عامل	-
نام فایل	aws-cdk.aws-secretsmanager-1.99.0
نام	aws-cdk.aws-secretsmanager
نسخه کتابخانه	1.99.0
نگهدارنده	[]
ایمیل نگهدارنده	[]
نویسنده	Amazon Web Services
ایمیل نویسنده	-
آدرس صفحه اصلی	https://github.com/aws/aws-cdk
آدرس اینترنتی	https://pypi.org/project/aws-cdk.aws-secretsmanager/
مجوز	Apache-2.0

# AWS Secrets Manager Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) ---  ```python import aws_cdk.aws_secretsmanager as secretsmanager ``` ## Create a new Secret in a Stack In order to have SecretsManager generate a new secret value automatically, you can get started with the following: ```python # Default secret secret = secretsmanager.Secret(self, "Secret") # Using the default secret iam.User(self, "User", password=secret.secret_value ) # Templated secret templated_secret = secretsmanager.Secret(self, "TemplatedSecret", generate_secret_string=secretsmanager.SecretStringGenerator( secret_string_template=JSON.stringify({"username": "user"}), generate_string_key="password" ) ) # Using the templated secret iam.User(self, "OtherUser", user_name=templated_secret.secret_value_from_json("username").to_string(), password=templated_secret.secret_value_from_json("password") ) ``` If you need to use a pre-existing secret, the recommended way is to manually provision the secret in *AWS SecretsManager* and use the `Secret.fromSecretArn` or `Secret.fromSecretAttributes` method to make it available in your CDK Application: ```python # encryption_key: kms.Key secret = secretsmanager.Secret.from_secret_attributes(self, "ImportedSecret", secret_arn="arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>", # If the secret is encrypted using a KMS-hosted CMK, either import or reference that key: encryption_key=encryption_key ) ``` SecretsManager secret values can only be used in select set of properties. For the list of properties, see [the CloudFormation Dynamic References documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html). A secret can set `RemovalPolicy`. If it set to `RETAIN`, that removing a secret will fail. ## Grant permission to use the secret to a role You must grant permission to a resource for that resource to be allowed to use a secret. This can be achieved with the `Secret.grantRead` and/or `Secret.grantWrite` method, depending on your need: ```python role = iam.Role(self, "SomeRole", assumed_by=iam.AccountRootPrincipal()) secret = secretsmanager.Secret(self, "Secret") secret.grant_read(role) secret.grant_write(role) ``` If, as in the following example, your secret was created with a KMS key: ```python # role: iam.Role key = kms.Key(self, "KMS") secret = secretsmanager.Secret(self, "Secret", encryption_key=key) secret.grant_read(role) secret.grant_write(role) ``` then `Secret.grantRead` and `Secret.grantWrite` will also grant the role the relevant encrypt and decrypt permissions to the KMS key through the SecretsManager service principal. The principal is automatically added to Secret resource policy and KMS Key policy for cross account access: ```python other_account = iam.AccountPrincipal("1234") key = kms.Key(self, "KMS") secret = secretsmanager.Secret(self, "Secret", encryption_key=key) secret.grant_read(other_account) ``` ## Rotating a Secret ### Using a Custom Lambda Function A rotation schedule can be added to a Secret using a custom Lambda function: ```python import aws_cdk.aws_lambda as lambda_ # fn: lambda.Function secret = secretsmanager.Secret(self, "Secret") secret.add_rotation_schedule("RotationSchedule", rotation_lambda=fn, automatically_after=Duration.days(15) ) ``` Note: The required permissions for Lambda to call SecretsManager and the other way round are automatically granted based on [AWS Documentation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions.html) as long as the Lambda is not imported. See [Overview of the Lambda Rotation Function](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-lambda-function-overview.html) on how to implement a Lambda Rotation Function. ### Using a Hosted Lambda Function Use the `hostedRotation` prop to rotate a secret with a hosted Lambda function: ```python secret = secretsmanager.Secret(self, "Secret") secret.add_rotation_schedule("RotationSchedule", hosted_rotation=secretsmanager.HostedRotation.mysql_single_user() ) ``` Hosted rotation is available for secrets representing credentials for MySQL, PostgreSQL, Oracle, MariaDB, SQLServer, Redshift and MongoDB (both for the single and multi user schemes). When deployed in a VPC, the hosted rotation implements `ec2.IConnectable`: ```python # my_vpc: ec2.Vpc # db_connections: ec2.Connections # secret: secretsmanager.Secret my_hosted_rotation = secretsmanager.HostedRotation.mysql_single_user(vpc=my_vpc) secret.add_rotation_schedule("RotationSchedule", hosted_rotation=my_hosted_rotation) db_connections.allow_default_port_from(my_hosted_rotation) ``` See also [Automating secret creation in AWS CloudFormation](https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_cloudformation.html). ## Rotating database credentials Define a `SecretRotation` to rotate database credentials: ```python # my_secret: secretsmanager.Secret # my_database: ec2.IConnectable # my_vpc: ec2.Vpc secretsmanager.SecretRotation(self, "SecretRotation", application=secretsmanager.SecretRotationApplication.MYSQL_ROTATION_SINGLE_USER, # MySQL single user scheme secret=my_secret, target=my_database, # a Connectable vpc=my_vpc, # The VPC where the secret rotation application will be deployed exclude_characters=" %+:;{}" ) ``` The secret must be a JSON string with the following format: ```json { "engine": "<required: database engine>", "host": "<required: instance host name>", "username": "<required: username>", "password": "<required: password>", "dbname": "<optional: database name>", "port": "<optional: if not specified, default port will be used>", "masterarn": "<required for multi user rotation: the arn of the master secret which will be used to create users/change passwords>" } ``` For the multi user scheme, a `masterSecret` must be specified: ```python # my_user_secret: secretsmanager.Secret # my_master_secret: secretsmanager.Secret # my_database: ec2.IConnectable # my_vpc: ec2.Vpc secretsmanager.SecretRotation(self, "SecretRotation", application=secretsmanager.SecretRotationApplication.MYSQL_ROTATION_MULTI_USER, secret=my_user_secret, # The secret that will be rotated master_secret=my_master_secret, # The secret used for the rotation target=my_database, vpc=my_vpc ) ``` See also [aws-rds](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-rds/README.md) where credentials generation and rotation is integrated. ## Importing Secrets Existing secrets can be imported by ARN, name, and other attributes (including the KMS key used to encrypt the secret). Secrets imported by name should use the short-form of the name (without the SecretsManager-provided suffx); the secret name must exist in the same account and region as the stack. Importing by name makes it easier to reference secrets created in different regions, each with their own suffix and ARN. ```python secret_complete_arn = "arn:aws:secretsmanager:eu-west-1:111111111111:secret:MySecret-f3gDy9" secret_partial_arn = "arn:aws:secretsmanager:eu-west-1:111111111111:secret:MySecret" # No Secrets Manager suffix encryption_key = kms.Key.from_key_arn(self, "MyEncKey", "arn:aws:kms:eu-west-1:111111111111:key/21c4b39b-fde2-4273-9ac0-d9bb5c0d0030") my_secret_from_complete_arn = secretsmanager.Secret.from_secret_complete_arn(self, "SecretFromCompleteArn", secret_complete_arn) my_secret_from_partial_arn = secretsmanager.Secret.from_secret_partial_arn(self, "SecretFromPartialArn", secret_partial_arn) my_secret_from_name = secretsmanager.Secret.from_secret_name_v2(self, "SecretFromName", "MySecret") my_secret_from_attrs = secretsmanager.Secret.from_secret_attributes(self, "SecretFromAttributes", secret_complete_arn=secret_complete_arn, encryption_key=encryption_key ) ``` ## Replicating secrets Secrets can be replicated to multiple regions by specifying `replicaRegions`: ```python # my_key: kms.Key secretsmanager.Secret(self, "Secret", replica_regions=[secretsmanager.ReplicaRegion( region="eu-west-1" ), secretsmanager.ReplicaRegion( region="eu-central-1", encryption_key=my_key ) ] ) ``` Alternatively, use `addReplicaRegion()`: ```python secret = secretsmanager.Secret(self, "Secret") secret.add_replica_region("eu-west-1") ```

نیازمندی

مقدار	نام
==1.200.0	aws-cdk.aws-ec2
==1.200.0	aws-cdk.aws-iam
==1.200.0	aws-cdk.aws-kms
==1.200.0	aws-cdk.aws-lambda
==1.200.0	aws-cdk.aws-sam
==1.200.0	aws-cdk.core
==1.200.0	aws-cdk.cx-api
<4.0.0,>=3.3.69	constructs
<2.0.0,>=1.74.0	jsii
>=0.0.3	publication
~=2.13.3	typeguard

زبان مورد نیاز

مقدار	نام
~=3.7	Python

نحوه نصب

نصب پکیج whl aws-cdk.aws-secretsmanager-1.99.0:

pip install aws-cdk.aws-secretsmanager-1.99.0.whl

نصب پکیج tar.gz aws-cdk.aws-secretsmanager-1.99.0:

pip install aws-cdk.aws-secretsmanager-1.99.0.tar.gz