aws-sdk-docdb 1.79.0 → 1.80.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9b09dd8888acdf0fd302fadfb7ea75b8b8447e4b09300197e6c58c992397f56
-  data.tar.gz: 3fde06d394192c91c30e5078e612d25ad7c23dba33588e3cb8edbbcf5ddc4c96
+  metadata.gz: 742046cd971eeccf0ea92a34fb84c90c8b150b93aba710ec3588425dc6ff25a4
+  data.tar.gz: ecef8308ca532ae813f04dd82ac947f673e450328e6d73c4d0c9ce25feb2eecd
 SHA512:
-  metadata.gz: 6f90e212dac8fd769c820a0d4579d34ef7999709f3e9461d6e0a8e3ac912e29f9cc7c0bcdf40a001b24c8077bf9a148805ea52f5ccab9f8953fa25bff1d340f0
-  data.tar.gz: 3bf275861499b73c658a48b91c7134f82898accae127d9fbc734c5ef6b33d00b9326e1b629b1509e7d724409a348891be36b44c37628b34190bef6e4918d5abc
+  metadata.gz: 15750b4b49d3e1ef0f5f1592b3850752cfcdd7c355ed406abd20a653f78919ac83d71fe4340545029d10185da3a909c91d2b39ee842d1ccc476e7ec0093a938c
+  data.tar.gz: 810dcf9fde683c79379705276e98fab7dd7c9ad087da0ca4fab0d7ce3216ac18ac2733a0262f0be39416315c5fb3ebfd9d257ad30fb7f58cab909cf7d9c73b2e

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.80.0 (2024-12-20)
+------------------
+
+* Feature - Support AWS Secret Manager managed password for AWS DocumentDB instance-based cluster.
+
 1.79.0 (2024-11-06)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.79.0
+1.80.0

data/lib/aws-sdk-docdb/client.rb

@@ -1020,6 +1020,35 @@ module Aws::DocDB
     #
     #    </note>
     #
+    # @option params [Boolean] :manage_master_user_password
+    #   Specifies whether to manage the master user password with Amazon Web
+    #   Services Secrets Manager.
+    #
+    #   Constraint: You can't manage the master user password with Amazon Web
+    #   Services Secrets Manager if `MasterUserPassword` is specified.
+    #
+    # @option params [String] :master_user_secret_kms_key_id
+    #   The Amazon Web Services KMS key identifier to encrypt a secret that is
+    #   automatically generated and managed in Amazon Web Services Secrets
+    #   Manager. This setting is valid only if the master user password is
+    #   managed by Amazon DocumentDB in Amazon Web Services Secrets Manager
+    #   for the DB cluster.
+    #
+    #   The Amazon Web Services KMS key identifier is the key ARN, key ID,
+    #   alias ARN, or alias name for the KMS key. To use a KMS key in a
+    #   different Amazon Web Services account, specify the key ARN or alias
+    #   ARN.
+    #
+    #   If you don't specify `MasterUserSecretKmsKeyId`, then the
+    #   `aws/secretsmanager` KMS key is used to encrypt the secret. If the
+    #   secret is in a different Amazon Web Services account, then you can't
+    #   use the `aws/secretsmanager` KMS key to encrypt the secret, and you
+    #   must use a customer managed KMS key.
+    #
+    #   There is a default KMS key for your Amazon Web Services account. Your
+    #   Amazon Web Services account has a different default KMS key for each
+    #   Amazon Web Services Region.
+    #
     # @option params [String] :source_region
     #   The source region of the snapshot. This is only needed when the
     #   shapshot is encrypted and in a different region.
@@ -1057,6 +1086,8 @@ module Aws::DocDB
     #     deletion_protection: false,
     #     global_cluster_identifier: "GlobalClusterIdentifier",
     #     storage_type: "String",
+    #     manage_master_user_password: false,
+    #     master_user_secret_kms_key_id: "String",
     #     source_region: "String",
     #   })
     #
@@ -1106,6 +1137,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/CreateDBCluster AWS API Documentation
     #
@@ -1858,6 +1892,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/DeleteDBCluster AWS API Documentation
     #
@@ -2706,6 +2743,9 @@ module Aws::DocDB
     #   resp.db_clusters[0].enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_clusters[0].deletion_protection #=> Boolean
     #   resp.db_clusters[0].storage_type #=> String
+    #   resp.db_clusters[0].master_user_secret.secret_arn #=> String
+    #   resp.db_clusters[0].master_user_secret.secret_status #=> String
+    #   resp.db_clusters[0].master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/DescribeDBClusters AWS API Documentation
     #
@@ -3676,6 +3716,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/FailoverDBCluster AWS API Documentation
     #
@@ -3979,6 +4022,60 @@ module Aws::DocDB
     #
     #   Default value is `standard `
     #
+    # @option params [Boolean] :manage_master_user_password
+    #   Specifies whether to manage the master user password with Amazon Web
+    #   Services Secrets Manager. If the cluster doesn't manage the master
+    #   user password with Amazon Web Services Secrets Manager, you can turn
+    #   on this management. In this case, you can't specify
+    #   `MasterUserPassword`. If the cluster already manages the master user
+    #   password with Amazon Web Services Secrets Manager, and you specify
+    #   that the master user password is not managed with Amazon Web Services
+    #   Secrets Manager, then you must specify `MasterUserPassword`. In this
+    #   case, Amazon DocumentDB deletes the secret and uses the new password
+    #   for the master user specified by `MasterUserPassword`.
+    #
+    # @option params [String] :master_user_secret_kms_key_id
+    #   The Amazon Web Services KMS key identifier to encrypt a secret that is
+    #   automatically generated and managed in Amazon Web Services Secrets
+    #   Manager.
+    #
+    #   This setting is valid only if both of the following conditions are
+    #   met:
+    #
+    #   * The cluster doesn't manage the master user password in Amazon Web
+    #     Services Secrets Manager. If the cluster already manages the master
+    #     user password in Amazon Web Services Secrets Manager, you can't
+    #     change the KMS key that is used to encrypt the secret.
+    #
+    #   * You are enabling `ManageMasterUserPassword` to manage the master
+    #     user password in Amazon Web Services Secrets Manager. If you are
+    #     turning on `ManageMasterUserPassword` and don't specify
+    #     `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager` KMS key is
+    #     used to encrypt the secret. If the secret is in a different Amazon
+    #     Web Services account, then you can't use the `aws/secretsmanager`
+    #     KMS key to encrypt the secret, and you must use a customer managed
+    #     KMS key.
+    #
+    #   The Amazon Web Services KMS key identifier is the key ARN, key ID,
+    #   alias ARN, or alias name for the KMS key. To use a KMS key in a
+    #   different Amazon Web Services account, specify the key ARN or alias
+    #   ARN.
+    #
+    #   There is a default KMS key for your Amazon Web Services account. Your
+    #   Amazon Web Services account has a different default KMS key for each
+    #   Amazon Web Services Region.
+    #
+    # @option params [Boolean] :rotate_master_user_password
+    #   Specifies whether to rotate the secret managed by Amazon Web Services
+    #   Secrets Manager for the master user password.
+    #
+    #   This setting is valid only if the master user password is managed by
+    #   Amazon DocumentDB in Amazon Web Services Secrets Manager for the
+    #   cluster. The secret value contains the updated password.
+    #
+    #   Constraint: You must apply the change immediately when rotating the
+    #   master user password.
+    #
     # @return [Types::ModifyDBClusterResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ModifyDBClusterResult#db_cluster #db_cluster} => Types::DBCluster
@@ -4004,6 +4101,9 @@ module Aws::DocDB
     #     allow_major_version_upgrade: false,
     #     deletion_protection: false,
     #     storage_type: "String",
+    #     manage_master_user_password: false,
+    #     master_user_secret_kms_key_id: "String",
+    #     rotate_master_user_password: false,
     #   })
     #
     # @example Response structure
@@ -4052,6 +4152,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/ModifyDBCluster AWS API Documentation
     #
@@ -5127,6 +5230,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/RestoreDBClusterFromSnapshot AWS API Documentation
     #
@@ -5351,6 +5457,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/RestoreDBClusterToPointInTime AWS API Documentation
     #
@@ -5429,6 +5538,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/StartDBCluster AWS API Documentation
     #
@@ -5507,6 +5619,9 @@ module Aws::DocDB
     #   resp.db_cluster.enabled_cloudwatch_logs_exports[0] #=> String
     #   resp.db_cluster.deletion_protection #=> Boolean
     #   resp.db_cluster.storage_type #=> String
+    #   resp.db_cluster.master_user_secret.secret_arn #=> String
+    #   resp.db_cluster.master_user_secret.secret_status #=> String
+    #   resp.db_cluster.master_user_secret.kms_key_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/StopDBCluster AWS API Documentation
     #
@@ -5605,7 +5720,7 @@ module Aws::DocDB
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-docdb'
-      context[:gem_version] = '1.79.0'
+      context[:gem_version] = '1.80.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-docdb/client_api.rb

@@ -34,6 +34,7 @@ module Aws::DocDB
     CertificateMessage = Shapes::StructureShape.new(name: 'CertificateMessage')
     CertificateNotFoundFault = Shapes::StructureShape.new(name: 'CertificateNotFoundFault', error: {"code"=>"CertificateNotFound", "httpStatusCode"=>404, "senderFault"=>true})
     CloudwatchLogsExportConfiguration = Shapes::StructureShape.new(name: 'CloudwatchLogsExportConfiguration')
+    ClusterMasterUserSecret = Shapes::StructureShape.new(name: 'ClusterMasterUserSecret')
     CopyDBClusterParameterGroupMessage = Shapes::StructureShape.new(name: 'CopyDBClusterParameterGroupMessage')
     CopyDBClusterParameterGroupResult = Shapes::StructureShape.new(name: 'CopyDBClusterParameterGroupResult')
     CopyDBClusterSnapshotMessage = Shapes::StructureShape.new(name: 'CopyDBClusterSnapshotMessage')
@@ -314,6 +315,11 @@ module Aws::DocDB
     CloudwatchLogsExportConfiguration.add_member(:disable_log_types, Shapes::ShapeRef.new(shape: LogTypeList, location_name: "DisableLogTypes"))
     CloudwatchLogsExportConfiguration.struct_class = Types::CloudwatchLogsExportConfiguration
 
+    ClusterMasterUserSecret.add_member(:secret_arn, Shapes::ShapeRef.new(shape: String, location_name: "SecretArn"))
+    ClusterMasterUserSecret.add_member(:secret_status, Shapes::ShapeRef.new(shape: String, location_name: "SecretStatus"))
+    ClusterMasterUserSecret.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "KmsKeyId"))
+    ClusterMasterUserSecret.struct_class = Types::ClusterMasterUserSecret
+
     CopyDBClusterParameterGroupMessage.add_member(:source_db_cluster_parameter_group_identifier, Shapes::ShapeRef.new(shape: String, required: true, location_name: "SourceDBClusterParameterGroupIdentifier"))
     CopyDBClusterParameterGroupMessage.add_member(:target_db_cluster_parameter_group_identifier, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TargetDBClusterParameterGroupIdentifier"))
     CopyDBClusterParameterGroupMessage.add_member(:target_db_cluster_parameter_group_description, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TargetDBClusterParameterGroupDescription"))
@@ -356,6 +362,8 @@ module Aws::DocDB
     CreateDBClusterMessage.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: BooleanOptional, location_name: "DeletionProtection"))
     CreateDBClusterMessage.add_member(:global_cluster_identifier, Shapes::ShapeRef.new(shape: GlobalClusterIdentifier, location_name: "GlobalClusterIdentifier"))
     CreateDBClusterMessage.add_member(:storage_type, Shapes::ShapeRef.new(shape: String, location_name: "StorageType"))
+    CreateDBClusterMessage.add_member(:manage_master_user_password, Shapes::ShapeRef.new(shape: BooleanOptional, location_name: "ManageMasterUserPassword"))
+    CreateDBClusterMessage.add_member(:master_user_secret_kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "MasterUserSecretKmsKeyId"))
     CreateDBClusterMessage.add_member(:source_region, Shapes::ShapeRef.new(shape: String, location_name: "SourceRegion"))
     CreateDBClusterMessage.struct_class = Types::CreateDBClusterMessage
 
@@ -463,6 +471,7 @@ module Aws::DocDB
     DBCluster.add_member(:enabled_cloudwatch_logs_exports, Shapes::ShapeRef.new(shape: LogTypeList, location_name: "EnabledCloudwatchLogsExports"))
     DBCluster.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: Boolean, location_name: "DeletionProtection"))
     DBCluster.add_member(:storage_type, Shapes::ShapeRef.new(shape: String, location_name: "StorageType"))
+    DBCluster.add_member(:master_user_secret, Shapes::ShapeRef.new(shape: ClusterMasterUserSecret, location_name: "MasterUserSecret"))
     DBCluster.struct_class = Types::DBCluster
 
     DBClusterAlreadyExistsFault.struct_class = Types::DBClusterAlreadyExistsFault
@@ -981,6 +990,9 @@ module Aws::DocDB
     ModifyDBClusterMessage.add_member(:allow_major_version_upgrade, Shapes::ShapeRef.new(shape: Boolean, location_name: "AllowMajorVersionUpgrade"))
     ModifyDBClusterMessage.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: BooleanOptional, location_name: "DeletionProtection"))
     ModifyDBClusterMessage.add_member(:storage_type, Shapes::ShapeRef.new(shape: String, location_name: "StorageType"))
+    ModifyDBClusterMessage.add_member(:manage_master_user_password, Shapes::ShapeRef.new(shape: BooleanOptional, location_name: "ManageMasterUserPassword"))
+    ModifyDBClusterMessage.add_member(:master_user_secret_kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "MasterUserSecretKmsKeyId"))
+    ModifyDBClusterMessage.add_member(:rotate_master_user_password, Shapes::ShapeRef.new(shape: BooleanOptional, location_name: "RotateMasterUserPassword"))
     ModifyDBClusterMessage.struct_class = Types::ModifyDBClusterMessage
 
     ModifyDBClusterParameterGroupMessage.add_member(:db_cluster_parameter_group_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "DBClusterParameterGroupName"))

data/lib/aws-sdk-docdb/types.rb

@@ -279,6 +279,51 @@ module Aws::DocDB
       include Aws::Structure
     end
 
+    # Contains the secret managed by Amazon DocumentDB in Amazon Web
+    # Services Secrets Manager for the master user password.
+    #
+    # @!attribute [rw] secret_arn
+    #   The Amazon Resource Name (ARN) of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_status
+    #   The status of the secret.
+    #
+    #   The possible status values include the following:
+    #
+    #   * creating - The secret is being created.
+    #
+    #   * active - The secret is available for normal use and rotation.
+    #
+    #   * rotating - The secret is being rotated.
+    #
+    #   * impaired - The secret can be used to access database credentials,
+    #     but it can't be rotated. A secret might have this status if, for
+    #     example, permissions are changed so that Amazon DocumentDB can no
+    #     longer access either the secret or the KMS key for the secret.
+    #
+    #     When a secret has this status, you can correct the condition that
+    #     caused the status. Alternatively, modify the instance to turn off
+    #     automatic management of database credentials, and then modify the
+    #     instance again to turn on automatic management of database
+    #     credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The Amazon Web Services KMS key identifier that is used to encrypt
+    #   the secret.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/ClusterMasterUserSecret AWS API Documentation
+    #
+    class ClusterMasterUserSecret < Struct.new(
+      :secret_arn,
+      :secret_status,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Represents the input to CopyDBClusterParameterGroup.
     #
     # @!attribute [rw] source_db_cluster_parameter_group_identifier
@@ -686,6 +731,37 @@ module Aws::DocDB
     #    </note>
     #   @return [String]
     #
+    # @!attribute [rw] manage_master_user_password
+    #   Specifies whether to manage the master user password with Amazon Web
+    #   Services Secrets Manager.
+    #
+    #   Constraint: You can't manage the master user password with Amazon
+    #   Web Services Secrets Manager if `MasterUserPassword` is specified.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] master_user_secret_kms_key_id
+    #   The Amazon Web Services KMS key identifier to encrypt a secret that
+    #   is automatically generated and managed in Amazon Web Services
+    #   Secrets Manager. This setting is valid only if the master user
+    #   password is managed by Amazon DocumentDB in Amazon Web Services
+    #   Secrets Manager for the DB cluster.
+    #
+    #   The Amazon Web Services KMS key identifier is the key ARN, key ID,
+    #   alias ARN, or alias name for the KMS key. To use a KMS key in a
+    #   different Amazon Web Services account, specify the key ARN or alias
+    #   ARN.
+    #
+    #   If you don't specify `MasterUserSecretKmsKeyId`, then the
+    #   `aws/secretsmanager` KMS key is used to encrypt the secret. If the
+    #   secret is in a different Amazon Web Services account, then you
+    #   can't use the `aws/secretsmanager` KMS key to encrypt the secret,
+    #   and you must use a customer managed KMS key.
+    #
+    #   There is a default KMS key for your Amazon Web Services account.
+    #   Your Amazon Web Services account has a different default KMS key for
+    #   each Amazon Web Services Region.
+    #   @return [String]
+    #
     # @!attribute [rw] source_region
     #   The source region of the snapshot. This is only needed when the
     #   shapshot is encrypted and in a different region.
@@ -715,6 +791,8 @@ module Aws::DocDB
       :deletion_protection,
       :global_cluster_identifier,
       :storage_type,
+      :manage_master_user_password,
+      :master_user_secret_kms_key_id,
       :source_region)
       SENSITIVE = []
       include Aws::Structure
@@ -1373,6 +1451,11 @@ module Aws::DocDB
     #   Default value is `standard `
     #   @return [String]
     #
+    # @!attribute [rw] master_user_secret
+    #   The secret managed by Amazon DocumentDB in Amazon Web Services
+    #   Secrets Manager for the master user password.
+    #   @return [Types::ClusterMasterUserSecret]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/DBCluster AWS API Documentation
     #
     class DBCluster < Struct.new(
@@ -1408,7 +1491,8 @@ module Aws::DocDB
       :cluster_create_time,
       :enabled_cloudwatch_logs_exports,
       :deletion_protection,
-      :storage_type)
+      :storage_type,
+      :master_user_secret)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4228,6 +4312,64 @@ module Aws::DocDB
     #   Default value is `standard `
     #   @return [String]
     #
+    # @!attribute [rw] manage_master_user_password
+    #   Specifies whether to manage the master user password with Amazon Web
+    #   Services Secrets Manager. If the cluster doesn't manage the master
+    #   user password with Amazon Web Services Secrets Manager, you can turn
+    #   on this management. In this case, you can't specify
+    #   `MasterUserPassword`. If the cluster already manages the master user
+    #   password with Amazon Web Services Secrets Manager, and you specify
+    #   that the master user password is not managed with Amazon Web
+    #   Services Secrets Manager, then you must specify
+    #   `MasterUserPassword`. In this case, Amazon DocumentDB deletes the
+    #   secret and uses the new password for the master user specified by
+    #   `MasterUserPassword`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] master_user_secret_kms_key_id
+    #   The Amazon Web Services KMS key identifier to encrypt a secret that
+    #   is automatically generated and managed in Amazon Web Services
+    #   Secrets Manager.
+    #
+    #   This setting is valid only if both of the following conditions are
+    #   met:
+    #
+    #   * The cluster doesn't manage the master user password in Amazon Web
+    #     Services Secrets Manager. If the cluster already manages the
+    #     master user password in Amazon Web Services Secrets Manager, you
+    #     can't change the KMS key that is used to encrypt the secret.
+    #
+    #   * You are enabling `ManageMasterUserPassword` to manage the master
+    #     user password in Amazon Web Services Secrets Manager. If you are
+    #     turning on `ManageMasterUserPassword` and don't specify
+    #     `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager` KMS key
+    #     is used to encrypt the secret. If the secret is in a different
+    #     Amazon Web Services account, then you can't use the
+    #     `aws/secretsmanager` KMS key to encrypt the secret, and you must
+    #     use a customer managed KMS key.
+    #
+    #   The Amazon Web Services KMS key identifier is the key ARN, key ID,
+    #   alias ARN, or alias name for the KMS key. To use a KMS key in a
+    #   different Amazon Web Services account, specify the key ARN or alias
+    #   ARN.
+    #
+    #   There is a default KMS key for your Amazon Web Services account.
+    #   Your Amazon Web Services account has a different default KMS key for
+    #   each Amazon Web Services Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] rotate_master_user_password
+    #   Specifies whether to rotate the secret managed by Amazon Web
+    #   Services Secrets Manager for the master user password.
+    #
+    #   This setting is valid only if the master user password is managed by
+    #   Amazon DocumentDB in Amazon Web Services Secrets Manager for the
+    #   cluster. The secret value contains the updated password.
+    #
+    #   Constraint: You must apply the change immediately when rotating the
+    #   master user password.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/docdb-2014-10-31/ModifyDBClusterMessage AWS API Documentation
     #
     class ModifyDBClusterMessage < Struct.new(
@@ -4245,7 +4387,10 @@ module Aws::DocDB
       :engine_version,
       :allow_major_version_upgrade,
       :deletion_protection,
-      :storage_type)
+      :storage_type,
+      :manage_master_user_password,
+      :master_user_secret_kms_key_id,
+      :rotate_master_user_password)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-docdb.rb

@@ -55,7 +55,7 @@ module Aws::DocDB
   autoload :EndpointProvider, 'aws-sdk-docdb/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-docdb/endpoints'
 
-  GEM_VERSION = '1.79.0'
+  GEM_VERSION = '1.80.0'
 
 end
 

data/sig/client.rbs

@@ -181,6 +181,8 @@ module Aws
                                ?deletion_protection: bool,
                                ?global_cluster_identifier: ::String,
                                ?storage_type: ::String,
+                               ?manage_master_user_password: bool,
+                               ?master_user_secret_kms_key_id: ::String,
                                ?source_region: ::String
                              ) -> _CreateDBClusterResponseSuccess
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateDBClusterResponseSuccess
@@ -739,7 +741,10 @@ module Aws
                                ?engine_version: ::String,
                                ?allow_major_version_upgrade: bool,
                                ?deletion_protection: bool,
-                               ?storage_type: ::String
+                               ?storage_type: ::String,
+                               ?manage_master_user_password: bool,
+                               ?master_user_secret_kms_key_id: ::String,
+                               ?rotate_master_user_password: bool
                              ) -> _ModifyDBClusterResponseSuccess
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ModifyDBClusterResponseSuccess
 

data/sig/types.rbs

@@ -76,6 +76,13 @@ module Aws::DocDB
       SENSITIVE: []
     end
 
+    class ClusterMasterUserSecret
+      attr_accessor secret_arn: ::String
+      attr_accessor secret_status: ::String
+      attr_accessor kms_key_id: ::String
+      SENSITIVE: []
+    end
+
     class CopyDBClusterParameterGroupMessage
       attr_accessor source_db_cluster_parameter_group_identifier: ::String
       attr_accessor target_db_cluster_parameter_group_identifier: ::String
@@ -127,6 +134,8 @@ module Aws::DocDB
       attr_accessor deletion_protection: bool
       attr_accessor global_cluster_identifier: ::String
       attr_accessor storage_type: ::String
+      attr_accessor manage_master_user_password: bool
+      attr_accessor master_user_secret_kms_key_id: ::String
       attr_accessor source_region: ::String
       SENSITIVE: []
     end
@@ -262,6 +271,7 @@ module Aws::DocDB
       attr_accessor enabled_cloudwatch_logs_exports: ::Array[::String]
       attr_accessor deletion_protection: bool
       attr_accessor storage_type: ::String
+      attr_accessor master_user_secret: Types::ClusterMasterUserSecret
       SENSITIVE: []
     end
 
@@ -914,6 +924,9 @@ module Aws::DocDB
       attr_accessor allow_major_version_upgrade: bool
       attr_accessor deletion_protection: bool
       attr_accessor storage_type: ::String
+      attr_accessor manage_master_user_password: bool
+      attr_accessor master_user_secret_kms_key_id: ::String
+      attr_accessor rotate_master_user_password: bool
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-docdb
 version: !ruby/object:Gem::Version
-  version: 1.79.0
+  version: 1.80.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-06 00:00:00.000000000 Z
+date: 2024-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core