Skip to content

Commit 979cbff

Browse files
authored
feat(rds): support configuring secret rotation behavior via rotateImmediatelyOnUpdate prop (#26329)
This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property. Closes #26099 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 267e42c commit 979cbff

File tree

14 files changed

+336
-222
lines changed

14 files changed

+336
-222
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.assets.json

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
{
2-
"version": "31.0.0",
2+
"version": "32.0.0",
33
"files": {
4-
"a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305": {
4+
"c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea": {
55
"source": {
66
"path": "aws-cdk-rds-cluster-rotation.template.json",
77
"packaging": "file"
88
},
99
"destinations": {
1010
"current_account-current_region": {
1111
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12-
"objectKey": "a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305.json",
12+
"objectKey": "c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea.json",
1313
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
1414
}
1515
}

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/aws-cdk-rds-cluster-rotation.template.json

+1
Original file line numberDiff line numberDiff line change
@@ -915,6 +915,7 @@
915915
"SecretId": {
916916
"Ref": "CustomRotationOptionsSecretAttachment697A23BF"
917917
},
918+
"RotateImmediatelyOnUpdate": false,
918919
"RotationLambdaARN": {
919920
"Fn::GetAtt": [
920921
"CustomRotationOptionsRotationSingleUserC555446F",
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"version":"31.0.0"}
1+
{"version":"32.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/integ.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
2-
"version": "31.0.0",
2+
"version": "32.0.0",
33
"testCases": {
44
"integ.cluster-rotation.lit": {
55
"stacks": [

packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-rotation.lit.js.snapshot/manifest.json

+8-26
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
2-
"version": "31.0.0",
2+
"version": "32.0.0",
33
"artifacts": {
44
"aws-cdk-rds-cluster-rotation.assets": {
55
"type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
1717
"validateOnSynth": false,
1818
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
1919
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
20-
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a633d33a056f9a9a775353c3902b2da4fa8318b43707e565b45a591da0888305.json",
20+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c62036466c88b9e1cc7a3ba34aa9d9be5ec760159fac241679198e1e98655fea.json",
2121
"requiresBootstrapStackVersion": 6,
2222
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
2323
"additionalDependencies": [
@@ -234,28 +234,19 @@
234234
"/aws-cdk-rds-cluster-rotation/Database/Resource": [
235235
{
236236
"type": "aws:cdk:logicalId",
237-
"data": "DatabaseB269D8BB",
238-
"trace": [
239-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
240-
]
237+
"data": "DatabaseB269D8BB"
241238
}
242239
],
243240
"/aws-cdk-rds-cluster-rotation/Database/Instance1": [
244241
{
245242
"type": "aws:cdk:logicalId",
246-
"data": "DatabaseInstance1844F58FD",
247-
"trace": [
248-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
249-
]
243+
"data": "DatabaseInstance1844F58FD"
250244
}
251245
],
252246
"/aws-cdk-rds-cluster-rotation/Database/Instance2": [
253247
{
254248
"type": "aws:cdk:logicalId",
255-
"data": "DatabaseInstance2AA380DEE",
256-
"trace": [
257-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
258-
]
249+
"data": "DatabaseInstance2AA380DEE"
259250
}
260251
],
261252
"/aws-cdk-rds-cluster-rotation/Database/RotationSingleUser/SecurityGroup/Resource": [
@@ -321,28 +312,19 @@
321312
"/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Resource": [
322313
{
323314
"type": "aws:cdk:logicalId",
324-
"data": "CustomRotationOptions7CA9E132",
325-
"trace": [
326-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
327-
]
315+
"data": "CustomRotationOptions7CA9E132"
328316
}
329317
],
330318
"/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Instance1": [
331319
{
332320
"type": "aws:cdk:logicalId",
333-
"data": "CustomRotationOptionsInstance1D693E87C",
334-
"trace": [
335-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
336-
]
321+
"data": "CustomRotationOptionsInstance1D693E87C"
337322
}
338323
],
339324
"/aws-cdk-rds-cluster-rotation/CustomRotationOptions/Instance2": [
340325
{
341326
"type": "aws:cdk:logicalId",
342-
"data": "CustomRotationOptionsInstance2A21FADD8",
343-
"trace": [
344-
"!!DESTRUCTIVE_CHANGES: MAY_REPLACE"
345-
]
327+
"data": "CustomRotationOptionsInstance2A21FADD8"
346328
}
347329
],
348330
"/aws-cdk-rds-cluster-rotation/CustomRotationOptions/RotationSingleUser/SARMapping": [

0 commit comments

Comments
 (0)