Skip to content

feat(docdb): add managed password support #35711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(docdb): add managed password support #35711

wants to merge 3 commits into from
+1,847 −6

Conversation

mazyu36
Copy link
Contributor

@mazyu36 mazyu36 commented Oct 10, 2025

Issue # (if applicable)

Closes #.

Reason for this change

This change adds support for AWS Secrets Manager managed passwords in DocumentDB clusters.
This feature provides enhanced security by allowing AWS DocumentDB to automatically generate, manage, and rotate master user passwords using AWS Secrets Manager, eliminating the need for manual password management.

Description of changes

  • manageMasterUserPassword: boolean - Enables AWS Secrets Manager to manage the master user password
  • masterUserSecretKmsKey: kms.IKey - Specifies a custom KMS key to encrypt the managed secret
  • rotateMasterUserPassword: boolean - Triggers immediate password rotation for managed secrets

Describe any new or updated permissions being added

Description of how you validated changes

Add unit tests and an integ test.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Oct 10, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team October 10, 2025 04:43
@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Oct 10, 2025
@mazyu36 mazyu36 changed the title feat(docdb): add managed password support feat(docdb): add managed password support Oct 10, 2025
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 10, 2025
@aws-cdk-automation aws-cdk-automation added pr/needs-maintainer-review This PR needs a review from a Core Team Member and removed pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Oct 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@badmintoncryer badmintoncryer badmintoncryer approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

distinguished-contributor [Pilot] contributed 50+ PRs to the CDK p2 pr/needs-maintainer-review This PR needs a review from a Core Team Member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mazyu36 @badmintoncryer @aws-cdk-automation