OptionaldbDatabase engine to use. Required if dbCredentialsSecretArn is not provided.
OptionaldbDatabase hostname. Required if dbCredentialsSecretArn is not provided.
OptionaldbDatabase name. Required if dbCredentialsSecretArn is not provided.
OptionaldbDatabase port. Required if dbCredentialsSecretArn is not provided.
OptionalkmsKMS key used to encrypt the database credentials. Required if sqlExecutorLambda is not provided.
The SQL statement to execute when the custom resource is created. The SQL statement must be a valid SQL statement for the database engine. Multiple statements can be separated by a semicolon.
If it is not desired to execute a statement on create, use a statement that
does not modify the database, such as a SELECT NOW() statement.
The query supports tokenized parameters that can be resolved either from SSM parameters or Secrets Manager secrets before execution of the statement. The parameters must be provided in the following format:
-- Resolve value from SSM parameter. Set the second parameter to true
-- to resolve the value of a SecureString parameter.
SELECT * FROM §SSM@ssm_parameter_name~[true|false]§ WHERE...
-- Resolve value from Secrets Manager secret
SELECT * FROM §SECRET@secret_name~json_key_to_resolve§ WHERE...
OptionalonThe SQL statement to execute when the custom resource is updated. The SQL statement must be a valid SQL statement for the database engine. Multiple statements can be separated by a semicolon.
OptionalonThe SQL statement to execute when the custom resource is updated. The SQL statement must be a valid SQL statement for the database engine. Multiple statements can be separated by a semicolon.
OptionalsqlThe Custom Resource Lambda function to use for executing SQL statements. If not provided, a new Lambda function will be created.
OptionaltimeoutSQL executor lambda timeout. Has effect only if sqlExecutorLambda is not provided.
OptionalupdateUpdate the timestamp to trigger update event and execution of the onUpdateSQL statement on the stack deployment.
Has no other effect.
OptionalvpcVPC to use for the Lambda function. Has effect only if sqlExecutorLambda is not provided.
OptionalvpcSubnets to use for the Lambda function. Has effect only if sqlExecutorLambda is not provided.
ARN of the secret in Secrets Manager containing the database credentials.
The secret must be encrypted with the KMS key provided. The secret must contain JSON in the following format: