feat(client-redshift-serverless): Added support for managing credentials of serverless namespace admin using AWS Secrets Manager.

Author: awstools

clients/client-redshift-serverless/src/commands/ConvertRecoveryPointToSnapshotCommand.ts

@@ -93,6 +93,8 @@ export interface ConvertRecoveryPointToSnapshotCommandOutput
  * //     accountsWithProvisionedRestoreAccess: [
  * //       "STRING_VALUE",
  * //     ],
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/CreateNamespaceCommand.ts

@@ -72,6 +72,8 @@ export interface CreateNamespaceCommandOutput extends CreateNamespaceResponse, _
  *       value: "STRING_VALUE", // required
  *     },
  *   ],
+ *   manageAdminPassword: true || false,
+ *   adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new CreateNamespaceCommand(input);
  * const response = await client.send(command);
@@ -92,6 +94,8 @@ export interface CreateNamespaceCommandOutput extends CreateNamespaceResponse, _
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/CreateSnapshotCommand.ts

@@ -90,6 +90,8 @@ export interface CreateSnapshotCommandOutput extends CreateSnapshotResponse, __M
  * //     accountsWithProvisionedRestoreAccess: [
  * //       "STRING_VALUE",
  * //     ],
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/DeleteNamespaceCommand.ts

@@ -77,6 +77,8 @@ export interface DeleteNamespaceCommandOutput extends DeleteNamespaceResponse, _
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/DeleteSnapshotCommand.ts

@@ -79,6 +79,8 @@ export interface DeleteSnapshotCommandOutput extends DeleteSnapshotResponse, __M
  * //     accountsWithProvisionedRestoreAccess: [
  * //       "STRING_VALUE",
  * //     ],
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/GetNamespaceCommand.ts

@@ -70,6 +70,8 @@ export interface GetNamespaceCommandOutput extends GetNamespaceResponse, __Metad
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/GetSnapshotCommand.ts

@@ -81,6 +81,8 @@ export interface GetSnapshotCommandOutput extends GetSnapshotResponse, __Metadat
  * //     accountsWithProvisionedRestoreAccess: [
  * //       "STRING_VALUE",
  * //     ],
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/ListNamespacesCommand.ts

@@ -77,6 +77,8 @@ export interface ListNamespacesCommandOutput extends ListNamespacesResponse, __M
  * //       ],
  * //       status: "STRING_VALUE",
  * //       creationDate: new Date("TIMESTAMP"),
+ * //       adminPasswordSecretArn: "STRING_VALUE",
+ * //       adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //     },
  * //   ],
  * // };

clients/client-redshift-serverless/src/commands/ListSnapshotsCommand.ts

@@ -87,6 +87,8 @@ export interface ListSnapshotsCommandOutput extends ListSnapshotsResponse, __Met
  * //       accountsWithProvisionedRestoreAccess: [
  * //         "STRING_VALUE",
  * //       ],
+ * //       adminPasswordSecretArn: "STRING_VALUE",
+ * //       adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //     },
  * //   ],
  * // };

clients/client-redshift-serverless/src/commands/RestoreFromRecoveryPointCommand.ts

@@ -77,6 +77,8 @@ export interface RestoreFromRecoveryPointCommandOutput extends RestoreFromRecove
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/RestoreFromSnapshotCommand.ts

@@ -58,6 +58,8 @@ export interface RestoreFromSnapshotCommandOutput extends RestoreFromSnapshotRes
  *   snapshotName: "STRING_VALUE",
  *   snapshotArn: "STRING_VALUE",
  *   ownerAccount: "STRING_VALUE",
+ *   manageAdminPassword: true || false,
+ *   adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new RestoreFromSnapshotCommand(input);
  * const response = await client.send(command);
@@ -80,6 +82,8 @@ export interface RestoreFromSnapshotCommandOutput extends RestoreFromSnapshotRes
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/UpdateNamespaceCommand.ts

@@ -67,6 +67,8 @@ export interface UpdateNamespaceCommandOutput extends UpdateNamespaceResponse, _
  *   logExports: [ // LogExportList
  *     "STRING_VALUE",
  *   ],
+ *   manageAdminPassword: true || false,
+ *   adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new UpdateNamespaceCommand(input);
  * const response = await client.send(command);
@@ -87,6 +89,8 @@ export interface UpdateNamespaceCommandOutput extends UpdateNamespaceResponse, _
  * //     ],
  * //     status: "STRING_VALUE",
  * //     creationDate: new Date("TIMESTAMP"),
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/commands/UpdateSnapshotCommand.ts

@@ -80,6 +80,8 @@ export interface UpdateSnapshotCommandOutput extends UpdateSnapshotResponse, __M
  * //     accountsWithProvisionedRestoreAccess: [
  * //       "STRING_VALUE",
  * //     ],
+ * //     adminPasswordSecretArn: "STRING_VALUE",
+ * //     adminPasswordSecretKmsKeyId: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-redshift-serverless/src/models/models_0.ts

@@ -258,6 +258,18 @@ export interface Snapshot {
    * <p>All of the Amazon Web Services accounts that have access to restore a snapshot to a provisioned cluster.</p>
    */
   accountsWithProvisionedRestoreAccess?: string[];
+
+  /**
+   * @public
+   * <p>The Amazon Resource Name (ARN) for the namespace's admin user credentials secret.</p>
+   */
+  adminPasswordSecretArn?: string;
+
+  /**
+   * @public
+   * <p>The ID of the Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret.</p>
+   */
+  adminPasswordSecretKmsKeyId?: string;
 }
 
 /**
@@ -605,6 +617,7 @@ export interface CreateNamespaceRequest {
   /**
    * @public
    * <p>The password of the administrator for the first database created in the namespace.</p>
+   *          <p>You can't use <code>adminUserPassword</code> if <code>manageAdminPassword</code> is true. </p>
    */
   adminUserPassword?: string;
 
@@ -644,6 +657,23 @@ export interface CreateNamespaceRequest {
    * <p>A list of tag instances.</p>
    */
   tags?: Tag[];
+
+  /**
+   * @public
+   * <p>If <code>true</code>, Amazon Redshift uses Secrets Manager to manage the namespace's admin credentials.
+   *          You can't use <code>adminUserPassword</code> if <code>manageAdminPassword</code> is true.
+   *          If <code>manageAdminPassword</code> is false or not set, Amazon Redshift uses
+   *          <code>adminUserPassword</code> for the admin user account's password.
+   *       </p>
+   */
+  manageAdminPassword?: boolean;
+
+  /**
+   * @public
+   * <p>The ID of the Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret.
+   *          You can only use this parameter if <code>manageAdminPassword</code> is true.</p>
+   */
+  adminPasswordSecretKmsKeyId?: string;
 }
 
 /**
@@ -734,6 +764,18 @@ export interface Namespace {
    * <p>The date of when the namespace was created.</p>
    */
   creationDate?: Date;
+
+  /**
+   * @public
+   * <p>The Amazon Resource Name (ARN) for the namespace's admin user credentials secret.</p>
+   */
+  adminPasswordSecretArn?: string;
+
+  /**
+   * @public
+   * <p>The ID of the Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret.</p>
+   */
+  adminPasswordSecretKmsKeyId?: string;
 }
 
 /**
@@ -2200,6 +2242,7 @@ export interface UpdateNamespaceRequest {
    * @public
    * <p>The password of the administrator for the first database created in the namespace. This parameter must be updated together
    *       with <code>adminUsername</code>.</p>
+   *          <p>You can't use <code>adminUserPassword</code> if <code>manageAdminPassword</code> is true. </p>
    */
   adminUserPassword?: string;
 
@@ -2234,6 +2277,23 @@ export interface UpdateNamespaceRequest {
    * <p>The types of logs the namespace can export. The export types are <code>userlog</code>, <code>connectionlog</code>, and <code>useractivitylog</code>.</p>
    */
   logExports?: LogExport[];
+
+  /**
+   * @public
+   * <p>If <code>true</code>, Amazon Redshift uses Secrets Manager to manage the namespace's admin credentials.
+   *          You can't use <code>adminUserPassword</code> if <code>manageAdminPassword</code> is true.
+   *          If <code>manageAdminPassword</code> is false or not set, Amazon Redshift uses
+   *          <code>adminUserPassword</code> for the admin user account's password.
+   *       </p>
+   */
+  manageAdminPassword?: boolean;
+
+  /**
+   * @public
+   * <p>The ID of the Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret.
+   *          You can only use this parameter if <code>manageAdminPassword</code> is true.</p>
+   */
+  adminPasswordSecretKmsKeyId?: string;
 }
 
 /**
@@ -2356,6 +2416,21 @@ export interface RestoreFromSnapshotRequest {
    * <p>The Amazon Web Services account that owns the snapshot.</p>
    */
   ownerAccount?: string;
+
+  /**
+   * @public
+   * <p>If <code>true</code>, Amazon Redshift uses Secrets Manager to manage the restored
+   *          snapshot's admin credentials. If <code>MmanageAdminPassword</code> is false or not set,
+   *          Amazon Redshift uses the admin credentials that the namespace or cluster
+   *          had at the time the snapshot was taken.</p>
+   */
+  manageAdminPassword?: boolean;
+
+  /**
+   * @public
+   * <p>The ID of the Key Management Service (KMS) key used to encrypt and store the namespace's admin credentials secret.</p>
+   */
+  adminPasswordSecretKmsKeyId?: string;
 }
 
 /**

clients/client-redshift-serverless/src/protocols/Aws_json1_1.ts

@@ -3462,6 +3462,8 @@ const de_ListWorkgroupsResponse = (output: any, context: __SerdeContext): ListWo
  */
 const de_Namespace = (output: any, context: __SerdeContext): Namespace => {
   return take(output, {
+    adminPasswordSecretArn: __expectString,
+    adminPasswordSecretKmsKeyId: __expectString,
     adminUsername: __expectString,
     creationDate: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
     dbName: __expectString,
@@ -3572,6 +3574,8 @@ const de_Snapshot = (output: any, context: __SerdeContext): Snapshot => {
     accountsWithProvisionedRestoreAccess: _json,
     accountsWithRestoreAccess: _json,
     actualIncrementalBackupSizeInMegaBytes: __limitedParseDouble,
+    adminPasswordSecretArn: __expectString,
+    adminPasswordSecretKmsKeyId: __expectString,
     adminUsername: __expectString,
     backupProgressInMegaBytes: __limitedParseDouble,
     currentBackupRateInMegaBytesPerSecond: __limitedParseDouble,