-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #26099
Comments
Yes I guess we probably should expose this option in |
…ediatelyOnUpdate prop (#26329) This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property. Closes #26099 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…ediatelyOnUpdate prop (aws#26329) This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property. Closes aws#26099 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the feature
Reopening #25365 because the feature request was not actually completed.
In CloudFormation, AWS::SecretsManager::RotationSchedule contains an optional property RotateImmediatelyOnUpdate, which controls whether the secret gets rotated as part of the stack update.
As of #25652, this property can also be set during creation of
aws_secretsmanager.RotationSchedule
, but this alone is not sufficient, because there is no way to set this property viaaws_rds.DatabaseCluster.add_rotation_single_user
.Add an optional parameter to
add_rotation_single_user
to control this property. Probably should be added toadd_rotation_multi_user
as well.cc @colifran @pahud
Use Case
We don't want the secret to rotate immediately.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
2.85.0
Environment details (OS name and version, etc.)
Alpine 3.18
The text was updated successfully, but these errors were encountered: