forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
props.ts
94 lines (87 loc) · 2.76 KB
/
props.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import * as kms from '@aws-cdk/aws-kms';
import * as secretsmanager from '@aws-cdk/aws-secretsmanager';
import { Duration, SecretValue } from '@aws-cdk/core';
/**
* Backup configuration for DocumentDB databases
*
* @default - The retention period for automated backups is 1 day.
* The preferred backup window will be a 30-minute window selected at random
* from an 8-hour block of time for each AWS Region.
* @see https://docs.aws.amazon.com/documentdb/latest/developerguide/backup-restore.db-cluster-snapshots.html#backup-restore.backup-window
*/
export interface BackupProps {
/**
* How many days to retain the backup
*/
readonly retention: Duration;
/**
* A daily time range in 24-hours UTC format in which backups preferably execute.
*
* Must be at least 30 minutes long.
*
* Example: '01:00-02:00'
*
* @default - a 30-minute window selected at random from an 8-hour block of
* time for each AWS Region. To see the time blocks available, see
* https://docs.aws.amazon.com/documentdb/latest/developerguide/backup-restore.db-cluster-snapshots.html#backup-restore.backup-window
*/
readonly preferredWindow?: string;
}
/**
* Login credentials for a database cluster
*/
export interface Login {
/**
* Username
*/
readonly username: string;
/**
* Password
*
* Do not put passwords in your CDK code directly.
*
* @default a Secrets Manager generated password
*/
readonly password?: SecretValue;
/**
* KMS encryption key to encrypt the generated secret.
*
* @default default master key
*/
readonly kmsKey?: kms.IKey;
/**
* Specifies characters to not include in generated passwords.
*
* @default "\"@/"
*/
readonly excludeCharacters?: string;
}
/**
* Options to add the multi user rotation
*/
export interface RotationMultiUserOptions {
/**
* The secret to rotate. It must be a JSON string with the following format:
* ```
* {
* "engine": <required: must be set to 'mongo'>,
* "host": <required: instance host name>,
* "username": <required: username>,
* "password": <required: password>,
* "dbname": <optional: database name>,
* "port": <optional: if not specified, default port 27017 will be used>,
* "masterarn": <required: the arn of the master secret which will be used to create users/change passwords>
* "ssl": <optional: if not specified, defaults to false. This must be true if being used for DocumentDB rotations
* where the cluster has TLS enabled>
* }
* ```
*/
readonly secret: secretsmanager.ISecret;
/**
* Specifies the number of days after the previous rotation before
* Secrets Manager triggers the next automatic rotation.
*
* @default Duration.days(30)
*/
readonly automaticallyAfter?: Duration;
}