Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move secret rotation to aws-secretsmanager and add aws-secretsmanager-targets #5194

Closed
1 of 2 tasks
jogold opened this issue Nov 26, 2019 · 2 comments · Fixed by #5281
Closed
1 of 2 tasks

Move secret rotation to aws-secretsmanager and add aws-secretsmanager-targets #5194

jogold opened this issue Nov 26, 2019 · 2 comments · Fixed by #5281
Assignees
@rix0rrr
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager feature-request A feature should be added or improved. in-progress This issue is being actively worked on.

Comments

@jogold
Copy link
Contributor

jogold commented Nov 26, 2019

AWS Secrets Manager just announced support for Redshift and DocumentDB: https://aws.amazon.com/about-aws/whats-new/2019/11/aws-secrets-manager-easier-rotate-secrets-through-cloudformation/

The SecretRotation class is currently located in aws-rds but should be moved to aws-secretsmanager.

Secret target attachements should be implemented in a separate package aws-secretsmanager-targets (integration pattern).

Serverless applications should be updated to their latest version which include lambda permissions.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@jogold jogold added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 26, 2019
@SomayaB SomayaB added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Nov 26, 2019
@rix0rrr
Copy link
Contributor

rix0rrr commented Nov 27, 2019

100% agreed.

jogold added a commit to jogold/aws-cdk that referenced this issue Dec 3, 2019
@jogold
feat(rds,secretsmanager): new databases, multi user scheme
601496a 
Add support for Redshift clusters, DocumentDB databases and the multi user rotation scheme.

Move `SecretRotation` from `aws-rds` to `aws-secretsmanager`.

Add resource policy for secrets and use it to prevent deletion of secrets for which rotation is
enabled.

Update instance class to `t3` in `aws-rds` integration tests (`t2` is being deprecated and Oracle
`t2` instances cannot be created anymore).

Closes aws#5194

BREAKING CHANGE: `addRotationSingleUser(id: string, options: SecretRotationOptions)` is now `addRotationSingleUser(automaticallyAfter?: Duration)`
jogold added a commit to jogold/aws-cdk that referenced this issue Dec 3, 2019
@jogold
feat(rds,secretsmanager): new databases, multi user scheme
8f5b725 
Add support for Redshift clusters, DocumentDB databases and the multi user rotation scheme.

Move `SecretRotation` from `aws-rds` to `aws-secretsmanager`.

Add resource policy for secrets and use it to prevent deletion of secrets for which rotation is
enabled.

Update instance class to `t3` in `aws-rds` integration tests (`t2` is being deprecated and Oracle
`t2` instances cannot be created anymore).

Closes aws#5194

BREAKING CHANGE: `addRotationSingleUser(id: string, options: SecretRotationOptions)` is now `addRotationSingleUser(automaticallyAfter?: Duration)`
@jogold jogold mentioned this issue Dec 3, 2019
Merged
jogold added a commit to jogold/aws-cdk that referenced this issue Dec 3, 2019
@jogold
feat(rds,secretsmanager): new databases, multi user scheme
d6360ce 
Add support for Redshift clusters, DocumentDB databases and the multi user rotation scheme.

Move `SecretRotation` from `aws-rds` to `aws-secretsmanager`.

Add resource policy for secrets and use it to prevent deletion of secrets for which rotation is
enabled.

Update instance class to `t3` in `aws-rds` integration tests (`t2` is being deprecated and Oracle
`t2` instances cannot be created anymore).

Closes aws#5194

BREAKING CHANGE: `addRotationSingleUser(id: string, options: SecretRotationOptions)` is now `addRotationSingleUser(automaticallyAfter?: Duration)`
@SomayaB SomayaB added in-progress This issue is being actively worked on. and removed needs-triage This issue or PR still needs to be triaged. labels Dec 3, 2019
rix0rrr pushed a commit that referenced this issue Dec 20, 2019
@jogold @rix0rrr
feat(rds): more extensive secret rotation support (#5281)
b700b77 
Add support for Redshift clusters, DocumentDB databases and the multi user rotation scheme.

Move `SecretRotation` from `aws-rds` to `aws-secretsmanager`.

Add resource policy for secrets and use it to prevent deletion of secrets for which rotation is
enabled.

Update instance class to `t3` in `aws-rds` integration tests (`t2` is being deprecated and Oracle
`t2` instances cannot be created anymore).

Closes #5194

BREAKING CHANGE: `addRotationSingleUser(id: string, options: SecretRotationOptions)` is now `addRotationSingleUser(automaticallyAfter?: Duration)`
@nsithamb
Copy link

nsithamb commented Nov 7, 2023

Can this be used with redshiftserverless?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager feature-request A feature should be added or improved. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(rds): more extensive secret rotation support jogold/aws-cdk
4 participants
@rix0rrr @jogold @SomayaB @nsithamb