Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #26099

Closed
2 tasks
rittneje opened this issue Jun 23, 2023 · 2 comments · Fixed by #26329
Closed
2 tasks

aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #26099

rittneje opened this issue Jun 23, 2023 · 2 comments · Fixed by #26329
Assignees
@colifran
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1

Comments

@rittneje
Copy link

rittneje commented Jun 23, 2023
edited
Loading

Describe the feature

Reopening #25365 because the feature request was not actually completed.

In CloudFormation, AWS::SecretsManager::RotationSchedule contains an optional property RotateImmediatelyOnUpdate, which controls whether the secret gets rotated as part of the stack update.

As of #25652, this property can also be set during creation of aws_secretsmanager.RotationSchedule, but this alone is not sufficient, because there is no way to set this property via aws_rds.DatabaseCluster.add_rotation_single_user.

Add an optional parameter to add_rotation_single_user to control this property. Probably should be added to add_rotation_multi_user as well.

cc @colifran @pahud

Use Case

We don't want the secret to rotate immediately.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

Alpine 3.18
@rittneje rittneje added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 23, 2023
@rittneje rittneje changed the title aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #25365 aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation Jun 23, 2023
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Jun 23, 2023
@pahud
Copy link
Contributor

pahud commented Jun 23, 2023

Yes I guess we probably should expose this option in RotationSingleUserOptions for addRotationSingleUser and pass all the way to SecretRotation for addRotationSchedule here.

@pahud pahud added p1 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 23, 2023
@colifran colifran self-assigned this Jun 23, 2023
@colifran colifran added the in-progress This issue is being actively worked on. label Jul 11, 2023
@colifran colifran mentioned this issue Jul 12, 2023
Merged
@mergify mergify bot closed this as completed in #26329 Jul 18, 2023
mergify bot pushed a commit that referenced this issue Jul 18, 2023
@colifran
feat(rds): support configuring secret rotation behavior via rotateImm…
979cbff 
…ediatelyOnUpdate prop (#26329)

This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property.

Closes #26099

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jul 26, 2023
Closed
Closed
bmoffatt pushed a commit to bmoffatt/aws-cdk that referenced this issue Jul 29, 2023
@colifran @bmoffatt
feat(rds): support configuring secret rotation behavior via rotateImm…
0d35307 
…ediatelyOnUpdate prop (aws#26329)

This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property.

Closes aws#26099

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@jkkitakita jkkitakita mentioned this issue Feb 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colifran colifran

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
3 participants
@pahud @rittneje @colifran