Struct aws_sdk_secretsmanager::client::fluent_builders::RotateSecret [−][src]
pub struct RotateSecret<C = DynConnector, M = DefaultMiddleware, R = Standard> { /* fields omitted */ }
Expand description
Fluent builder constructing a request to RotateSecret
.
Configures and starts the asynchronous process of rotating the secret.
If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. For more information about rotation, see Rotate secrets.
To configure rotation, you include the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label AWSCURRENT
. Then anyone who retrieves the secret gets the new version. For more information, see How rotation works.
When rotation is successful, the AWSPENDING
staging label might be attached to the same version as the AWSCURRENT
version, or it might not be attached to any version.
If the AWSPENDING
staging label is present but not attached to the same version as AWSCURRENT
, then any later invocation of RotateSecret
assumes that a previous rotation request is still in progress and returns an error.
To run this command, you must have secretsmanager:RotateSecret
permissions and lambda:InvokeFunction
permissions on the function specified in the secret's metadata.
Implementations
impl<C, M, R> RotateSecret<C, M, R> where
C: SmithyConnector,
M: SmithyMiddleware<C>,
R: NewRequestPolicy,
impl<C, M, R> RotateSecret<C, M, R> where
C: SmithyConnector,
M: SmithyMiddleware<C>,
R: NewRequestPolicy,
pub async fn send(
self
) -> Result<RotateSecretOutput, SdkError<RotateSecretError>> where
R::Policy: SmithyRetryPolicy<RotateSecretInputOperationOutputAlias, RotateSecretOutput, RotateSecretError, RotateSecretInputOperationRetryAlias>,
pub async fn send(
self
) -> Result<RotateSecretOutput, SdkError<RotateSecretError>> where
R::Policy: SmithyRetryPolicy<RotateSecretInputOperationOutputAlias, RotateSecretOutput, RotateSecretError, RotateSecretInputOperationRetryAlias>,
Sends the request and returns the response.
If an error occurs, an SdkError
will be returned with additional details that
can be matched against.
By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.
The ARN or name of the secret to rotate.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.
The ARN or name of the secret to rotate.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.
A unique identifier for the new version of the secret that helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during rotation. This value becomes the VersionId
of the new version.
If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken
yourself for new versions and include that value in the request.
You only need to specify this value if you implement your own retry logic and you want to ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a UUID-type value to ensure uniqueness within the specified secret.
A unique identifier for the new version of the secret that helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during rotation. This value becomes the VersionId
of the new version.
If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken
yourself for new versions and include that value in the request.
You only need to specify this value if you implement your own retry logic and you want to ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a UUID-type value to ensure uniqueness within the specified secret.
The ARN of the Lambda rotation function that can rotate the secret.
The ARN of the Lambda rotation function that can rotate the secret.
A structure that defines the rotation configuration for this secret.
A structure that defines the rotation configuration for this secret.
Trait Implementations
Auto Trait Implementations
impl<C = DynConnector, M = DefaultMiddleware, R = Standard> !RefUnwindSafe for RotateSecret<C, M, R>
impl<C, M, R> Unpin for RotateSecret<C, M, R>
impl<C = DynConnector, M = DefaultMiddleware, R = Standard> !UnwindSafe for RotateSecret<C, M, R>
Blanket Implementations
Mutably borrows from an owned value. Read more
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more