This documentation is for the developer preview release of the AWS CDK. Do not use this version of the AWS CDK in production. Subsequent releases of the AWS CDK will likely include breaking changes.

@aws-cdk/aws-secretsmanager

AWS SecretsManager Construct Library

const secretsmanager = require('@aws-cdk/aws-secretsmanager');

Create a new Secret in a Stack

In order to have SecretsManager generate a new secret value automatically, you can get started with the following:

const secret = new secretsManager.Secret(this, 'Secret');
secret.grantRead(role);

new iam.User(this, 'User', {
  password: secret.stringValue
});

The Secret construct does not allow specifying the SecretString property of the AWS::SecretsManager::Secret resource (as this will almost always lead to the secret being surfaced in plain text and possibly committed to your source control).

If you need to use a pre-existing secret, the recommended way is to manually provision the secret in AWS SecretsManager and use the Secret.import method to make it available in your CDK Application:

const secret = Secret.import(scope, 'ImportedSecret', {
  secretArn: 'arn:aws:secretsmanager:<region>:<account-id-number>:secret:<secret-name>-<random-6-characters>',
  // If the secret is encrypted using a KMS-hosted CMK, either import or reference that key:
  encryptionKey,
});

SecretsManager secret values can only be used in select set of properties. For the list of properties, see the CloudFormation Dynamic References documentation.

Reference

View in Nuget

csproj:

<PackageReference Include="Amazon.CDK.AWS.SecretsManager" Version="0.25.3" />

dotnet:

dotnet add package Amazon.CDK.AWS.SecretsManager --version 0.25.3

packages.config:

<package id="Amazon.CDK.AWS.SecretsManager" version="0.25.3" />

View in Maven Central

Apache Buildr:

'software.amazon.awscdk:secretsmanager:jar:0.25.3'

Apache Ivy:

<dependency groupId="software.amazon.awscdk" name="secretsmanager" rev="0.25.3"/>

Apache Maven:

<dependency>
  <groupId>software.amazon.awscdk</groupId>
  <artifactId>secretsmanager</artifactId>
  <version>0.25.3</version>
</dependency>

Gradle / Grails:

compile 'software.amazon.awscdk:secretsmanager:0.25.3'

Groovy Grape:

@Grapes(
@Grab(group='software.amazon.awscdk', module='secretsmanager', version='0.25.3')
)

View in NPM

npm:

$ npm i @aws-cdk/aws-secretsmanager@0.25.3

package.json:

{
  "@aws-cdk/aws-secretsmanager": "^0.25.3"
}

yarn:

$ yarn add @aws-cdk/aws-secretsmanager@0.25.3

View in NPM

npm:

$ npm i @aws-cdk/aws-secretsmanager@0.25.3

package.json:

{
  "@aws-cdk/aws-secretsmanager": "^0.25.3"
}

yarn:

$ yarn add @aws-cdk/aws-secretsmanager@0.25.3

CfnResourcePolicy

class @aws-cdk/aws-secretsmanager.CfnResourcePolicy(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnResourcePolicy;
const { CfnResourcePolicy } = require('@aws-cdk/aws-secretsmanager');
import { CfnResourcePolicy } from '@aws-cdk/aws-secretsmanager';
Extends:

@aws-cdk/cdk.Resource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.Resource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
propertyOverrides
Type:CfnResourcePolicyProps (readonly)
resourcePolicySecretArn
Type:string (readonly)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)
ref

Inherited from @aws-cdk/cdk.Referenceable

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.Resource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.Resource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.Resource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.Resource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.Resource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
toCloudFormation() → json

Inherited from @aws-cdk/cdk.Resource

Emits CloudFormation for this resource.

Return type:json
options

Inherited from @aws-cdk/cdk.Resource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.ResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.Resource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.Resource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.Resource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.StackElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.StackElement

Automatically detect references in this StackElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.StackElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.StackElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.StackElement

Return the path with respect to the stack

Type:string (readonly)

CfnResourcePolicyProps (interface)

class @aws-cdk/aws-secretsmanager.CfnResourcePolicyProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnResourcePolicyProps;
// CfnResourcePolicyProps is an interface
import { CfnResourcePolicyProps } from '@aws-cdk/aws-secretsmanager';
resourcePolicy

AWS::SecretsManager::ResourcePolicy.ResourcePolicy

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html#cfn-secretsmanager-resourcepolicy-resourcepolicy

Type:json or @aws-cdk/cdk.Token
secretId

AWS::SecretsManager::ResourcePolicy.SecretId

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html#cfn-secretsmanager-resourcepolicy-secretid

Type:string

CfnRotationSchedule

class @aws-cdk/aws-secretsmanager.CfnRotationSchedule(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnRotationSchedule;
const { CfnRotationSchedule } = require('@aws-cdk/aws-secretsmanager');
import { CfnRotationSchedule } from '@aws-cdk/aws-secretsmanager';
Extends:

@aws-cdk/cdk.Resource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.Resource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
propertyOverrides
Type:CfnRotationScheduleProps (readonly)
rotationScheduleSecretArn
Type:string (readonly)
class RotationRulesProperty

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnRotationSchedule.RotationRulesProperty;
// CfnRotationSchedule.RotationRulesProperty is an interface
import { CfnRotationSchedule.RotationRulesProperty } from '@aws-cdk/aws-secretsmanager';
automaticallyAfterDays

CfnRotationSchedule.RotationRulesProperty.AutomaticallyAfterDays

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-rotationschedule-rotationrules.html#cfn-secretsmanager-rotationschedule-rotationrules-automaticallyafterdays

Type:number or @aws-cdk/cdk.Token (optional)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)
ref

Inherited from @aws-cdk/cdk.Referenceable

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.Resource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.Resource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.Resource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.Resource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.Resource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
toCloudFormation() → json

Inherited from @aws-cdk/cdk.Resource

Emits CloudFormation for this resource.

Return type:json
options

Inherited from @aws-cdk/cdk.Resource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.ResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.Resource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.Resource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.Resource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.StackElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.StackElement

Automatically detect references in this StackElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.StackElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.StackElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.StackElement

Return the path with respect to the stack

Type:string (readonly)

CfnRotationScheduleProps (interface)

class @aws-cdk/aws-secretsmanager.CfnRotationScheduleProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnRotationScheduleProps;
// CfnRotationScheduleProps is an interface
import { CfnRotationScheduleProps } from '@aws-cdk/aws-secretsmanager';
secretId

AWS::SecretsManager::RotationSchedule.SecretId

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html#cfn-secretsmanager-rotationschedule-secretid

Type:string
rotationLambdaArn

AWS::SecretsManager::RotationSchedule.RotationLambdaARN

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html#cfn-secretsmanager-rotationschedule-rotationlambdaarn

Type:string (optional)
rotationRules

AWS::SecretsManager::RotationSchedule.RotationRules

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-rotationschedule.html#cfn-secretsmanager-rotationschedule-rotationrules

Type:@aws-cdk/cdk.Token or RotationRulesProperty (optional)

CfnSecret

class @aws-cdk/aws-secretsmanager.CfnSecret(scope, id[, props])

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnSecret;
const { CfnSecret } = require('@aws-cdk/aws-secretsmanager');
import { CfnSecret } from '@aws-cdk/aws-secretsmanager';
Extends:

@aws-cdk/cdk.Resource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.Resource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
propertyOverrides
Type:CfnSecretProps (readonly)
secretArn
Type:string (readonly)
tags

The TagManager handles setting, removing and formatting tags

Tags should be managed either passing them as properties during

initiation or by calling methods on this object. If both techniques are

used only the tags from the TagManager will be used. Tag (aspect)

will use the manager.

Type:@aws-cdk/cdk.TagManager (readonly)
class GenerateSecretStringProperty

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnSecret.GenerateSecretStringProperty;
// CfnSecret.GenerateSecretStringProperty is an interface
import { CfnSecret.GenerateSecretStringProperty } from '@aws-cdk/aws-secretsmanager';
excludeCharacters

CfnSecret.GenerateSecretStringProperty.ExcludeCharacters

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludecharacters

Type:string (optional)
excludeLowercase

CfnSecret.GenerateSecretStringProperty.ExcludeLowercase

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludelowercase

Type:boolean or @aws-cdk/cdk.Token (optional)
excludeNumbers

CfnSecret.GenerateSecretStringProperty.ExcludeNumbers

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludenumbers

Type:boolean or @aws-cdk/cdk.Token (optional)
excludePunctuation

CfnSecret.GenerateSecretStringProperty.ExcludePunctuation

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludepunctuation

Type:boolean or @aws-cdk/cdk.Token (optional)
excludeUppercase

CfnSecret.GenerateSecretStringProperty.ExcludeUppercase

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-excludeuppercase

Type:boolean or @aws-cdk/cdk.Token (optional)
generateStringKey

CfnSecret.GenerateSecretStringProperty.GenerateStringKey

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-generatestringkey

Type:string (optional)
includeSpace

CfnSecret.GenerateSecretStringProperty.IncludeSpace

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-includespace

Type:boolean or @aws-cdk/cdk.Token (optional)
passwordLength

CfnSecret.GenerateSecretStringProperty.PasswordLength

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-passwordlength

Type:number or @aws-cdk/cdk.Token (optional)
requireEachIncludedType

CfnSecret.GenerateSecretStringProperty.RequireEachIncludedType

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-requireeachincludedtype

Type:boolean or @aws-cdk/cdk.Token (optional)
secretStringTemplate

CfnSecret.GenerateSecretStringProperty.SecretStringTemplate

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-secretsmanager-secret-generatesecretstring.html#cfn-secretsmanager-secret-generatesecretstring-secretstringtemplate

Type:string (optional)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)
ref

Inherited from @aws-cdk/cdk.Referenceable

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.Resource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.Resource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.Resource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.Resource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.Resource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
toCloudFormation() → json

Inherited from @aws-cdk/cdk.Resource

Emits CloudFormation for this resource.

Return type:json
options

Inherited from @aws-cdk/cdk.Resource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.ResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.Resource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.Resource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.Resource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.StackElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.StackElement

Automatically detect references in this StackElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.StackElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.StackElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.StackElement

Return the path with respect to the stack

Type:string (readonly)

CfnSecretProps (interface)

class @aws-cdk/aws-secretsmanager.CfnSecretProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnSecretProps;
// CfnSecretProps is an interface
import { CfnSecretProps } from '@aws-cdk/aws-secretsmanager';
description

AWS::SecretsManager::Secret.Description

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-description

Type:string (optional)
generateSecretString

AWS::SecretsManager::Secret.GenerateSecretString

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-generatesecretstring

Type:@aws-cdk/cdk.Token or GenerateSecretStringProperty (optional)
kmsKeyId

AWS::SecretsManager::Secret.KmsKeyId

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-kmskeyid

Type:string (optional)
name

AWS::SecretsManager::Secret.Name

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-name

Type:string (optional)
secretString

AWS::SecretsManager::Secret.SecretString

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-secretstring

Type:string (optional)
tags

AWS::SecretsManager::Secret.Tags

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-tags

Type:@aws-cdk/cdk.Token or (@aws-cdk/cdk.Token or @aws-cdk/cdk.CfnTag)[] (optional)

CfnSecretTargetAttachment

class @aws-cdk/aws-secretsmanager.CfnSecretTargetAttachment(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnSecretTargetAttachment;
const { CfnSecretTargetAttachment } = require('@aws-cdk/aws-secretsmanager');
import { CfnSecretTargetAttachment } from '@aws-cdk/aws-secretsmanager';
Extends:

@aws-cdk/cdk.Resource

Parameters:
renderProperties(properties) → string => any

Overrides @aws-cdk/cdk.Resource.renderProperties()

Protected method

Parameters:properties (any) –
Return type:string => any
resourceTypeName

The CloudFormation resource type name for this resource class.

Type:string (readonly) (static)
propertyOverrides
Type:CfnSecretTargetAttachmentProps (readonly)
secretTargetAttachmentSecretArn
Type:string (readonly)
toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)
ref

Inherited from @aws-cdk/cdk.Referenceable

Returns a token to a CloudFormation { Ref } that references this entity based on it’s logical ID.

Type:string (readonly)
addDeletionOverride(path)

Inherited from @aws-cdk/cdk.Resource

Syntactic sugar for addOverride(path, undefined).

Parameters:path (string) – The path of the value to delete
addDependsOn(resource)

Inherited from @aws-cdk/cdk.Resource

Indicates that this resource depends on another resource and cannot be provisioned

unless the other resource has been successfully provisioned.

Parameters:resource (@aws-cdk/cdk.Resource) –
addOverride(path, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to the synthesized CloudFormation resource. To add a

property override, either use addPropertyOverride or prefix path with

“Properties.” (i.e. Properties.TopicName).

Parameters:
  • path (string) – The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
  • value (any) – The value. Could be primitive or complex.
addPropertyDeletionOverride(propertyPath)

Inherited from @aws-cdk/cdk.Resource

Adds an override that deletes the value of a property from the resource definition.

Parameters:propertyPath (string) – The path to the property.
addPropertyOverride(propertyPath, value)

Inherited from @aws-cdk/cdk.Resource

Adds an override to a resource property.

Syntactic sugar for addOverride(“Properties.<…>”, value).

Parameters:
  • propertyPath (string) – The path of the property
  • value (any) – The value
getAtt(attributeName) → @aws-cdk/cdk.CfnReference

Inherited from @aws-cdk/cdk.Resource

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility

in case there is no generated attribute.

Parameters:attributeName (string) – The name of the attribute.
Return type:@aws-cdk/cdk.CfnReference
toCloudFormation() → json

Inherited from @aws-cdk/cdk.Resource

Emits CloudFormation for this resource.

Return type:json
options

Inherited from @aws-cdk/cdk.Resource

Options for this resource, such as condition, update policy etc.

Type:@aws-cdk/cdk.ResourceOptions (readonly)
properties

Inherited from @aws-cdk/cdk.Resource

AWS resource properties.

This object is rendered via a call to “renderProperties(this.properties)”.

Protected property

Type:any (readonly)
resourceType

Inherited from @aws-cdk/cdk.Resource

AWS resource type.

Type:string (readonly)
untypedPropertyOverrides

Inherited from @aws-cdk/cdk.Resource

AWS resource property overrides.

During synthesis, the method “renderProperties(this.overrides)” is called

with this object, and merged on top of the output of

“renderProperties(this.properties)”.

Derived classes should expose a strongly-typed version of this object as

a public property called propertyOverrides.

Protected property

Type:any (readonly)
overrideLogicalId(newLogicalId)

Inherited from @aws-cdk/cdk.StackElement

Overrides the auto-generated logical ID with a specific ID.

Parameters:newLogicalId (string) – The new logical ID to use for this stack element.
prepare()

Inherited from @aws-cdk/cdk.StackElement

Automatically detect references in this StackElement

Protected method

creationStackTrace

Inherited from @aws-cdk/cdk.StackElement

Type:string[] (readonly)
logicalId

Inherited from @aws-cdk/cdk.StackElement

The logical ID for this CloudFormation stack element. The logical ID of the element

is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Type:string (readonly)
stackPath

Inherited from @aws-cdk/cdk.StackElement

Return the path with respect to the stack

Type:string (readonly)

CfnSecretTargetAttachmentProps (interface)

class @aws-cdk/aws-secretsmanager.CfnSecretTargetAttachmentProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.CfnSecretTargetAttachmentProps;
// CfnSecretTargetAttachmentProps is an interface
import { CfnSecretTargetAttachmentProps } from '@aws-cdk/aws-secretsmanager';
secretId

AWS::SecretsManager::SecretTargetAttachment.SecretId

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-secretid

Type:string
targetId

AWS::SecretsManager::SecretTargetAttachment.TargetId

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-targetid

Type:string
targetType

AWS::SecretsManager::SecretTargetAttachment.TargetType

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secrettargetattachment.html#cfn-secretsmanager-secrettargetattachment-targettype

Type:string

ISecret (interface)

class @aws-cdk/aws-secretsmanager.ISecret

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.ISecret;
// ISecret is an interface
import { ISecret } from '@aws-cdk/aws-secretsmanager';

A secret in AWS Secrets Manager.

Extends:@aws-cdk/cdk.IConstruct
secretArn

The ARN of the secret in AWS Secrets Manager.

Type:string (readonly)
secretString

Returns a SecretString corresponding to this secret.

SecretString represents the value of the Secret.

Type:SecretString (readonly)
stringValue

Retrieve the value of the Secret, as a string.

Type:string (readonly)
encryptionKey

The customer-managed encryption key that is used to encrypt this secret, if any. When not specified, the default

KMS key for the account and region is being used.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly)
export() → @aws-cdk/aws-secretsmanager.SecretImportProps

Exports this secret.

Returns:import props that can be passed back to Secret.import.
Return type:SecretImportProps
Abstract:Yes
grantRead(grantee[, versionStages])

Grants reading the secret value to some role.

Parameters:
  • grantee (@aws-cdk/aws-iam.IPrincipal) – the principal being granted permission.
  • versionStages (string[] (optional)) – the version stages the grant is limited to. If not specified, no restriction on the version stages is applied.
Abstract:

Yes

jsonFieldValue(key) → string

Interpret the secret as a JSON object and return a field’s value from it

Parameters:key (string) –
Return type:string
Abstract:Yes
node

Inherited from @aws-cdk/cdk.IConstruct

The construct node in the scope tree.

Type:@aws-cdk/cdk.ConstructNode (readonly)
dependencyRoots

Inherited from @aws-cdk/cdk.IDependable

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)

Secret

class @aws-cdk/aws-secretsmanager.Secret(scope, id[, props])

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.Secret;
const { Secret } = require('@aws-cdk/aws-secretsmanager');
import { Secret } from '@aws-cdk/aws-secretsmanager';

Creates a new secret in AWS SecretsManager.

Extends:

SecretBase

Parameters:
static import(scope, id, props) → @aws-cdk/aws-secretsmanager.ISecret

Import an existing secret into the Stack.

Parameters:
  • scope (@aws-cdk/cdk.Construct) – the scope of the import.
  • id (string) – the ID of the imported Secret in the construct tree.
  • props (SecretImportProps) – the attributes of the imported secret.
Return type:

ISecret

export() → @aws-cdk/aws-secretsmanager.SecretImportProps

Implements @aws-cdk/aws-secretsmanager.SecretBase.export()

Exports this secret.

Return type:SecretImportProps
secretArn

Implements @aws-cdk/aws-secretsmanager.SecretBase.secretArn()

The ARN of the secret in AWS Secrets Manager.

Type:string (readonly)
encryptionKey

Implements @aws-cdk/aws-secretsmanager.SecretBase.encryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any. When not specified, the default

KMS key for the account and region is being used.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly)
grantRead(grantee[, versionStages])

Inherited from @aws-cdk/aws-secretsmanager.SecretBase

Grants reading the secret value to some role.

Parameters:
jsonFieldValue(key) → string

Inherited from @aws-cdk/aws-secretsmanager.SecretBase

Interpret the secret as a JSON object and return a field’s value from it

Parameters:key (string) –
Return type:string
secretString

Inherited from @aws-cdk/aws-secretsmanager.SecretBase

Returns a SecretString corresponding to this secret.

SecretString represents the value of the Secret.

Type:SecretString (readonly)
stringValue

Inherited from @aws-cdk/aws-secretsmanager.SecretBase

Retrieve the value of the Secret, as a string.

Type:string (readonly)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

SecretBase

class @aws-cdk/aws-secretsmanager.SecretBase(scope, id)

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretBase;
const { SecretBase } = require('@aws-cdk/aws-secretsmanager');
import { SecretBase } from '@aws-cdk/aws-secretsmanager';

The common behavior of Secrets. Users should not use this class directly, and instead use Secret.

Extends:

@aws-cdk/cdk.Construct

Implements:

ISecret

Abstract:

Yes

Parameters:
  • scope (@aws-cdk/cdk.Construct) – The scope in which to define this construct
  • id (string) – The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (/), then it will be replaced by double dash .
export() → @aws-cdk/aws-secretsmanager.SecretImportProps

Implements @aws-cdk/aws-secretsmanager.ISecret.export()

Exports this secret.

Return type:SecretImportProps
Abstract:Yes
grantRead(grantee[, versionStages])

Implements @aws-cdk/aws-secretsmanager.ISecret.grantRead()

Grants reading the secret value to some role.

Parameters:
jsonFieldValue(key) → string

Implements @aws-cdk/aws-secretsmanager.ISecret.jsonFieldValue()

Interpret the secret as a JSON object and return a field’s value from it

Parameters:key (string) –
Return type:string
secretArn

Implements @aws-cdk/aws-secretsmanager.ISecret.secretArn()

The ARN of the secret in AWS Secrets Manager.

Type:string (readonly) (abstract)
secretString

Implements @aws-cdk/aws-secretsmanager.ISecret.secretString()

Returns a SecretString corresponding to this secret.

SecretString represents the value of the Secret.

Type:SecretString (readonly)
stringValue

Implements @aws-cdk/aws-secretsmanager.ISecret.stringValue()

Retrieve the value of the Secret, as a string.

Type:string (readonly)
encryptionKey

Implements @aws-cdk/aws-secretsmanager.ISecret.encryptionKey()

The customer-managed encryption key that is used to encrypt this secret, if any. When not specified, the default

KMS key for the account and region is being used.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional) (readonly) (abstract)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)

SecretImportProps (interface)

class @aws-cdk/aws-secretsmanager.SecretImportProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretImportProps;
// SecretImportProps is an interface
import { SecretImportProps } from '@aws-cdk/aws-secretsmanager';

Attributes required to import an existing secret into the Stack.

secretArn

The ARN of the secret in SecretsManager.

Type:string
encryptionKey

The encryption key that is used to encrypt the secret, unless the default SecretsManager key is used.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional)

SecretProps (interface)

class @aws-cdk/aws-secretsmanager.SecretProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretProps;
// SecretProps is an interface
import { SecretProps } from '@aws-cdk/aws-secretsmanager';

The properties required to create a new secret in AWS Secrets Manager.

description

An optional, human-friendly description of the secret.

Type:string (optional)
encryptionKey

The customer-managed encryption key to use for encrypting the secret value.

Type:@aws-cdk/aws-kms.IEncryptionKey (optional)
Default:a default KMS key for the account and region is used.
generateSecretString

Configuration for how to generate a secret value.

Type:SecretStringGenerator (optional)
Default:32 characters with upper-case letters, lower-case letters, punctuation and numbers (at least one from each

category), per the default values of SecretStringGenerator.

@aws-cdk/aws-secretsmanager.name

A name for the secret. Note that deleting secrets from SecretsManager does not happen immediately, but after a 7 to

30 days blackout period. During that period, it is not possible to create another secret that shares the same name.

Type:string (optional)
Default:a name is generated by CloudFormation.

SecretString

class @aws-cdk/aws-secretsmanager.SecretString(scope, id, props)

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretString;
const { SecretString } = require('@aws-cdk/aws-secretsmanager');
import { SecretString } from '@aws-cdk/aws-secretsmanager';

References a secret string in Secrets Manager

Extends:

@aws-cdk/cdk.DynamicReference

Parameters:
jsonFieldValue(key) → string

Interpret the secret as a JSON object and return a field’s value from it

Parameters:key (string) –
Return type:string
props
Type:SecretStringProps (readonly)
stringValue

Overrides @aws-cdk/cdk.DynamicReference.stringValue

Return the full value of the secret

Type:string (readonly)
prepare()

Inherited from @aws-cdk/cdk.Construct

Perform final modifications before synthesis

This method can be implemented by derived constructs in order to perform

final changes before synthesis. prepare() will be called after child

constructs have been prepared.

This is an advanced framework feature. Only use this if you

understand the implications.

Protected method

toString() → string

Inherited from @aws-cdk/cdk.Construct

Returns a string representation of this construct.

Return type:string
validate() → string[]

Inherited from @aws-cdk/cdk.Construct

Validate the current construct.

This method can be implemented by derived constructs in order to perform

validation logic. It is called on all constructs before synthesis.

Protected method

Returns:An array of validation error messages, or an empty array if there the construct is valid.
Return type:string[]
dependencyRoots

Inherited from @aws-cdk/cdk.Construct

The set of constructs that form the root of this dependable

All resources under all returned constructs are included in the ordering

dependency.

Type:@aws-cdk/cdk.IConstruct[] (readonly)
node

Inherited from @aws-cdk/cdk.Construct

Construct node.

Type:@aws-cdk/cdk.ConstructNode (readonly)
makeResolveValue(service, referenceKey) → string

Inherited from @aws-cdk/cdk.DynamicReference

Make a dynamic reference Token value

This is a value (similar to CDK Tokens) that will be substituted by

CloudFormation before executing the changeset.

Protected method

Parameters:
Return type:

string

SecretStringGenerator (interface)

class @aws-cdk/aws-secretsmanager.SecretStringGenerator

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretStringGenerator;
// SecretStringGenerator is an interface
import { SecretStringGenerator } from '@aws-cdk/aws-secretsmanager';

Configuration to generate secrets such as passwords automatically.

excludeCharacters

A string that includes characters that shouldn’t be included in the generated password. The string can be a minimum

of 0 and a maximum of 4096 characters long.

Type:string (optional)
Default:no exclusions
excludeLowercase

Specifies that the generated password shouldn’t include lowercase letters.

Type:boolean (optional)
Default:false
excludeNumbers

Specifies that the generated password shouldn’t include digits.

Type:boolean (optional)
Default:false
excludePunctuation

Specifies that the generated password shouldn’t include punctuation characters.

Type:boolean (optional)
Default:false
excludeUppercase

Specifies that the generated password shouldn’t include uppercase letters.

Type:boolean (optional)
Default:false
includeSpace

Specifies that the generated password can include the space character.

Type:boolean (optional)
Default:false
passwordLength

The desired length of the generated password.

Type:number (optional)
Default:32
requireEachIncludedType

Specifies whether the generated password must include at least one of every allowed character type.

Type:boolean (optional)
Default:true

SecretStringProps (interface)

class @aws-cdk/aws-secretsmanager.SecretStringProps

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.SecretStringProps;
// SecretStringProps is an interface
import { SecretStringProps } from '@aws-cdk/aws-secretsmanager';

Properties for a SecretString

secretId

Unique identifier or ARN of the secret

Type:string
versionId

Specifies the unique identifier of the version of the secret that you want to use in stack operations.

Can specify at most one of versionId and versionStage.

Type:string (optional)
Default:AWSCURRENT
versionStage

Specifies the secret version that you want to retrieve by the staging label attached to the version.

Can specify at most one of versionId and versionStage.

Type:string (optional)
Default:AWSCURRENT

TemplatedSecretStringGenerator (interface)

class @aws-cdk/aws-secretsmanager.TemplatedSecretStringGenerator

Language-specific names:

using Amazon.CDK.AWS.SecretsManager;
import software.amazon.awscdk.services.secretsmanager.TemplatedSecretStringGenerator;
// TemplatedSecretStringGenerator is an interface
import { TemplatedSecretStringGenerator } from '@aws-cdk/aws-secretsmanager';

Configuration to generate secrets such as passwords automatically, and include them in a JSON object template.

Extends:SecretStringGenerator
generateStringKey

The JSON key name that’s used to add the generated password to the JSON structure specified by the

secretStringTemplate parameter.

Type:string
secretStringTemplate

A properly structured JSON string that the generated password can be added to. The generateStringKey is

combined with the generated random string and inserted into the JSON structure that’s specified by this parameter.

The merged JSON string is returned as the completed SecretString of the secret.

Type:string
excludeCharacters

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

A string that includes characters that shouldn’t be included in the generated password. The string can be a minimum

of 0 and a maximum of 4096 characters long.

Type:string (optional)
Default:no exclusions
excludeLowercase

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies that the generated password shouldn’t include lowercase letters.

Type:boolean (optional)
Default:false
excludeNumbers

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies that the generated password shouldn’t include digits.

Type:boolean (optional)
Default:false
excludePunctuation

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies that the generated password shouldn’t include punctuation characters.

Type:boolean (optional)
Default:false
excludeUppercase

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies that the generated password shouldn’t include uppercase letters.

Type:boolean (optional)
Default:false
includeSpace

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies that the generated password can include the space character.

Type:boolean (optional)
Default:false
passwordLength

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

The desired length of the generated password.

Type:number (optional)
Default:32
requireEachIncludedType

Inherited from @aws-cdk/aws-secretsmanager.SecretStringGenerator

Specifies whether the generated password must include at least one of every allowed character type.

Type:boolean (optional)
Default:true