Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #26099

Closed
2 tasks
rittneje opened this issue Jun 23, 2023 · 2 comments · Fixed by #26329
Closed
2 tasks

aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #26099

rittneje opened this issue Jun 23, 2023 · 2 comments · Fixed by #26329
Assignees
@colifran
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1

Comments

@rittneje
Copy link

rittneje commented Jun 23, 2023
edited
Loading

Describe the feature

Reopening #25365 because the feature request was not actually completed.

In CloudFormation, AWS::SecretsManager::RotationSchedule contains an optional property RotateImmediatelyOnUpdate, which controls whether the secret gets rotated as part of the stack update.

As of #25652, this property can also be set during creation of aws_secretsmanager.RotationSchedule, but this alone is not sufficient, because there is no way to set this property via aws_rds.DatabaseCluster.add_rotation_single_user.

Add an optional parameter to add_rotation_single_user to control this property. Probably should be added to add_rotation_multi_user as well.

cc @colifran @pahud

Use Case

We don't want the secret to rotate immediately.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.85.0

Environment details (OS name and version, etc.)

Alpine 3.18
@rittneje rittneje added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 23, 2023
@rittneje rittneje changed the title aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation #25365 aws_rds: add support for RotateImmediatelyOnUpdate to secret rotation Jun 23, 2023
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Jun 23, 2023
@pahud
Copy link
Contributor

pahud commented Jun 23, 2023

Yes I guess we probably should expose this option in RotationSingleUserOptions for addRotationSingleUser and pass all the way to SecretRotation for addRotationSchedule here.

@pahud pahud added p1 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 23, 2023
@colifran colifran self-assigned this Jun 23, 2023
@colifran colifran added the in-progress This issue is being actively worked on. label Jul 11, 2023
@colifran colifran mentioned this issue Jul 12, 2023
Merged
@mergify mergify bot closed this as completed in #26329 Jul 18, 2023
mergify bot pushed a commit that referenced this issue Jul 18, 2023
@colifran
feat(rds): support configuring secret rotation behavior via rotateImm…
979cbff 
…ediatelyOnUpdate prop (#26329)

This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property.

Closes #26099

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jul 26, 2023
Closed
Closed
bmoffatt pushed a commit to bmoffatt/aws-cdk that referenced this issue Jul 29, 2023
@colifran @bmoffatt
feat(rds): support configuring secret rotation behavior via rotateImm…
0d35307 
…ediatelyOnUpdate prop (aws#26329)

This PR supports allowing users to configure the default secret rotation behavior of AWS Secrets Manager. By default, AWS Secrets Manager will rotate the secret immediately. Setting `rotateImmediatelyOnUpdate` to `false` will force AWS Secrets Manager to wait until the next scheduled rotation window which is specified via the `automaticallyAfter` property.

Closes aws#26099

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@jkkitakita jkkitakita mentioned this issue Feb 21, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@colifran colifran

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
3 participants
@pahud @rittneje @colifran