The CDK Construct Library for AWS::DocDB
Project description
Amazon DocumentDB Construct Library
---Starting a Clustered Database
To set up a clustered DocumentDB database, define a DatabaseCluster
. You must
always launch a database in a VPC. Use the vpcSubnets
attribute to control whether
your instances will be launched privately or publicly:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster = DatabaseCluster(self, "Database",
master_user={
"username": "myuser"
},
instance_type=ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpc_subnets={
"subnet_type": ec2.SubnetType.PUBLIC
},
vpc=vpc
)
By default, the master password will be generated and stored in AWS Secrets Manager with auto-generated description.
Your cluster will be empty by default.
Connecting
To control who can access the cluster, use the .connections
attribute. DocumentDB databases have a default port, so
you don't need to specify the port:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
cluster.connections.allow_default_port_from_any_ipv4("Open to the world")
The endpoints to access your database cluster will be available as the .clusterEndpoint
and .clusterReadEndpoint
attributes:
# Example automatically generated. See https://github.com/aws/jsii/issues/826
write_address = cluster.cluster_endpoint.socket_address
Rotating credentials
When the master password is generated and stored in AWS Secrets Manager, it can be rotated automatically:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster.add_rotation_single_user()
# Example automatically generated. See https://github.com/aws/jsii/issues/826
cluster = docdb.DatabaseCluster(stack, "Database",
master_user=Login(
username="docdb"
),
instance_type=ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
vpc=vpc,
removal_policy=cdk.RemovalPolicy.DESTROY
)
cluster.add_rotation_single_user()
The multi user rotation scheme is also available:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
cluster.add_rotation_multi_user("MyUser",
secret=my_imported_secret
)
It's also possible to create user credentials together with the cluster and add rotation:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
my_user_secret = docdb.DatabaseSecret(self, "MyUserSecret",
username="myuser",
master_secret=cluster.secret
)
my_user_secret_attached = my_user_secret.attach(cluster)# Adds DB connections information in the secret
cluster.add_rotation_multi_user("MyUser", # Add rotation using the multi user scheme
secret=my_user_secret_attached)
Note: This user must be created manually in the database using the master credentials. The rotation will start as soon as this user exists.
See also @aws-cdk/aws-secretsmanager for credentials rotation of existing clusters.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-docdb-1.102.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | f4cc2884b2edf45c92015f91b153df82614778bbdebc49423e432927fd5157ef |
|
MD5 | 6c962b3fb7adfae3679f1ec67db44cae |
|
BLAKE2b-256 | 77754f69c65e9e17e14dfc8a13b0e96200a2b45a0c8229d984867f6c0343ac82 |
Hashes for aws_cdk.aws_docdb-1.102.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | fba2ac361818071be2a6e9e4cce8aef7d4da8b986e68b38069131c27e08e896e |
|
MD5 | 37b7f1f04a800735e0d7167a7726454e |
|
BLAKE2b-256 | a77e41cd4ed394737906304d05b5ce43325c90ee2c5d0e1a9d9d3f7e75d80ca6 |