I have a requirement to rotate documentDB secret quarterly on first Sunday through CDK. AWS Secret Manager does provide option to setup rotation through cron via AWS console but not through CDK.
The current construct for documentDB in CDK only provide a way for secret rotation using documentDB construct's cluster.addRotationSingleUser(); method. And this method only takes Duration as input. In my case, i need to setup a cron expression to achieve my use-case.
Here is the sample code with which i tried
this.cluster = new DatabaseCluster(this, `DocumentDB-${name}`, {
masterUser: {
username: DOCUMENT_DB_USERNAME,
secretName: DOCUMENT_DB_SECRET_NAME,
excludeCharacters: DOCUMENT_DB_SECRET_EXCLUDE_PATTERN,
},
dbClusterName: props.clusterName,
instanceType: stageDatabaseConfig.instanceType,
instances: stageDatabaseConfig.numOfInstances,
instanceIdentifierBase: `${props.clusterName}instance`,
vpc: props.vpc,
port: stageDatabaseConfig.port,
deletionProtection: stageDatabaseConfig.deletionProtection,
securityGroup: this.docDbSecurityGroup,
kmsKey: this.docDbKMSKey,
exportAuditLogsToCloudWatch: true,
exportProfilerLogsToCloudWatch: true,
cloudWatchLogsRetention: RetentionDays.SIX_MONTHS,
storageEncrypted: true,
});
// add rotation configuration for the password
this.cluster.addRotationSingleUser(Duration.days(90));
Can someone please help on how to setup rotation for documentDB for my requirement?