remove_regions_from_replication

SecretsManager.Client.remove_regions_from_replication(**kwargs)

For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

Required permissions: secretsmanager:RemoveRegionsFromReplication . For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.

See also: AWS API Documentation

Request Syntax

response = client.remove_regions_from_replication(
    SecretId='string',
    RemoveReplicaRegions=[
        'string',
    ]
)
Parameters
  • SecretId (string) --

    [REQUIRED]

    The ARN or name of the secret.

  • RemoveReplicaRegions (list) --

    [REQUIRED]

    The Regions of the replicas to remove.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'ARN': 'string',
    'ReplicationStatus': [
        {
            'Region': 'string',
            'KmsKeyId': 'string',
            'Status': 'InSync'|'Failed'|'InProgress',
            'StatusMessage': 'string',
            'LastAccessedDate': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • ARN (string) --

      The ARN of the primary secret.

    • ReplicationStatus (list) --

      The status of replicas for this secret after you remove Regions.

      • (dict) --

        A replication object consisting of a RegionReplicationStatus object and includes a Region, KMSKeyId, status, and status message.

        • Region (string) --

          The Region where replication occurs.

        • KmsKeyId (string) --

          Can be an ARN , Key ID , or Alias .

        • Status (string) --

          The status can be InProgress , Failed , or InSync .

        • StatusMessage (string) --

          Status message such as "Secret with this name already exists in this region ".

        • LastAccessedDate (datetime) --

          The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.

Exceptions

  • SecretsManager.Client.exceptions.ResourceNotFoundException
  • SecretsManager.Client.exceptions.InvalidRequestException
  • SecretsManager.Client.exceptions.InvalidParameterException
  • SecretsManager.Client.exceptions.InternalServiceError