SecretsManager / Client / replicate_secret_to_regions
replicate_secret_to_regions#
- SecretsManager.Client.replicate_secret_to_regions(**kwargs)#
Replicates the secret to a new Regions. See Multi-Region secrets.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions:
secretsmanager:ReplicateSecretToRegions
. If the primary secret is encrypted with a KMS key other thanaws/secretsmanager
, you also needkms:Decrypt
permission to the key. To encrypt the replicated secret with a KMS key other thanaws/secretsmanager
, you needkms:GenerateDataKey
andkms:Encrypt
to the key. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.See also: AWS API Documentation
Request Syntax
response = client.replicate_secret_to_regions( SecretId='string', AddReplicaRegions=[ { 'Region': 'string', 'KmsKeyId': 'string' }, ], ForceOverwriteReplicaSecret=True|False )
- Parameters:
SecretId (string) –
[REQUIRED]
The ARN or name of the secret to replicate.
AddReplicaRegions (list) –
[REQUIRED]
A list of Regions in which to replicate the secret.
(dict) –
A custom type that specifies a
Region
and theKmsKeyId
for a replica secret.Region (string) –
A Region code. For a list of Region codes, see Name and code of Regions.
KmsKeyId (string) –
The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don’t include this field, Secrets Manager uses
aws/secretsmanager
.
ForceOverwriteReplicaSecret (boolean) – Specifies whether to overwrite a secret with the same name in the destination Region. By default, secrets aren’t overwritten.
- Return type:
dict
- Returns:
Response Syntax
{ 'ARN': 'string', 'ReplicationStatus': [ { 'Region': 'string', 'KmsKeyId': 'string', 'Status': 'InSync'|'Failed'|'InProgress', 'StatusMessage': 'string', 'LastAccessedDate': datetime(2015, 1, 1) }, ] }
Response Structure
(dict) –
ARN (string) –
The ARN of the primary secret.
ReplicationStatus (list) –
The status of replication.
(dict) –
A replication object consisting of a
RegionReplicationStatus
object and includes a Region, KMSKeyId, status, and status message.Region (string) –
The Region where replication occurs.
KmsKeyId (string) –
Can be an
ARN
,Key ID
, orAlias
.Status (string) –
The status can be
InProgress
,Failed
, orInSync
.StatusMessage (string) –
Status message such as “Secret with this name already exists in this region”.
LastAccessedDate (datetime) –
The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.
Exceptions