The CDK Construct Library for AWS::DocDB
Project description
Amazon DocumentDB Construct Library
---
Starting a Clustered Database
To set up a clustered DocumentDB database, define a DatabaseCluster. You must
always launch a database in a VPC. Use the vpcSubnets attribute to control whether
your instances will be launched privately or publicly:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster = DatabaseCluster(self, "Database",
master_user={
"username": "myuser"
},
instance_type=ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpc_subnets={
"subnet_type": ec2.SubnetType.PUBLIC
},
vpc=vpc
)
By default, the master password will be generated and stored in AWS Secrets Manager with auto-generated description.
Your cluster will be empty by default.
Connecting
To control who can access the cluster, use the .connections attribute. DocumentDB databases have a default port, so
you don't need to specify the port:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
cluster.connections.allow_default_port_from_any_ipv4("Open to the world")
The endpoints to access your database cluster will be available as the .clusterEndpoint and .clusterReadEndpoint
attributes:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
write_address = cluster.cluster_endpoint.socket_address
Rotating credentials
When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster.add_rotation_single_user()
# Example automatically generated. See https://github.com/aws/jsii/issues/826
cluster = docdb.DatabaseCluster(stack, "Database",
master_user=Login(
username="docdb"
),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpc=vpc,
removal_policy=cdk.RemovalPolicy.DESTROY
)
cluster.add_rotation_single_user()
The multi user rotation scheme is also available:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster.add_rotation_multi_user("MyUser",
secret=my_imported_secret
)
It's also possible to create user credentials together with the cluster and add rotation:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
my_user_secret = docdb.DatabaseSecret(self, "MyUserSecret",
username="myuser",
master_secret=cluster.secret
)
my_user_secret_attached = my_user_secret.attach(cluster)# Adds DB connections information in the secret
cluster.add_rotation_multi_user("MyUser", # Add rotation using the multi user scheme
secret=my_user_secret_attached)
Note: This user must be created manually in the database using the master credentials. The rotation will start as soon as this user exists.
See also @aws-cdk/aws-secretsmanager for credentials rotation of existing clusters.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-docdb-1.101.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ee98943b70ac626ca71ea278dcc9f5daeb0e0b968f016cd8872cc56b1db38d87 |
|
| MD5 | ba969f0f7497d5b72034bf1d8569529b |
|
| BLAKE2b-256 | 05f32c534cd44372cd6e159565692610b07c9d61503a6a4615dc79cc33d78aff |
Hashes for aws_cdk.aws_docdb-1.101.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fe5afcc80ab193f8d9437b855cc0bad48ea701c2b87db53ad84076847f19d8f3 |
|
| MD5 | b3025748f1cb0879a892b13d52917e74 |
|
| BLAKE2b-256 | 5b286745dd6eff829c0f1bac06d0a38a524a2ca327b805ffdbf854eba58c8597 |
