replicate_secret_to_regions
(**kwargs)¶Replicates the secret to a new Regions. See Multi-Region secrets.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions:secretsmanager:ReplicateSecretToRegions
. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
See also: AWS API Documentation
Request Syntax
response = client.replicate_secret_to_regions(
SecretId='string',
AddReplicaRegions=[
{
'Region': 'string',
'KmsKeyId': 'string'
},
],
ForceOverwriteReplicaSecret=True|False
)
[REQUIRED]
The ARN or name of the secret to replicate.
[REQUIRED]
A list of Regions in which to replicate the secret.
A custom type that specifies a Region
and the KmsKeyId
for a replica secret.
A Region code. For a list of Region codes, see Name and code of Regions.
The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager
.
dict
Response Syntax
{
'ARN': 'string',
'ReplicationStatus': [
{
'Region': 'string',
'KmsKeyId': 'string',
'Status': 'InSync'|'Failed'|'InProgress',
'StatusMessage': 'string',
'LastAccessedDate': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
ARN (string) --
The ARN of the primary secret.
ReplicationStatus (list) --
The status of replication.
(dict) --
A replication object consisting of a RegionReplicationStatus
object and includes a Region, KMSKeyId, status, and status message.
Region (string) --
The Region where replication occurs.
KmsKeyId (string) --
Can be an ARN
, Key ID
, or Alias
.
Status (string) --
The status can be InProgress
, Failed
, or InSync
.
StatusMessage (string) --
Status message such as "Secret with this name already exists in this region ".
LastAccessedDate (datetime) --
The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.
Exceptions
SecretsManager.Client.exceptions.ResourceNotFoundException
SecretsManager.Client.exceptions.InvalidRequestException
SecretsManager.Client.exceptions.InvalidParameterException
SecretsManager.Client.exceptions.InternalServiceError