The AWS::RDS::DBInstance
resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster.
For more information about creating an RDS DB instance, see Creating an Amazon RDS DB instance in the Amazon RDS User Guide.
For more information about creating a DB instance in an Aurora DB cluster, see Creating an Amazon Aurora DB cluster in the Amazon Aurora User Guide.
If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation.
If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see Prevent Updates to Stack Resources.
Updating DB instances
When properties labeled "Update requires: Replacement" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance.
We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure:
DBSnapshotIdentifier
property with the ID of the DB snapshot that you want to use.
After you restore a DB instance with a DBSnapshotIdentifier
property, you can delete the DBSnapshotIdentifier
property. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier
property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier
property, and the original DB instance is deleted.For more information about updating other properties of this resource, see ModifyDBInstance
. For more information about updating stacks, see CloudFormation Stacks Updates.
Deleting DB instances
For DB instances that are part of an Aurora DB cluster, you can set a deletion policy for your DB instance to control how AWS CloudFormation handles the DB instance when the stack is deleted. For Amazon RDS DB instances, you can choose to retain the DB instance, to delete the DB instance, or to create a snapshot of the DB instance. The default AWS CloudFormation behavior depends on the DBClusterIdentifier
property:
AWS::RDS::DBInstance
resources that don't specify the DBClusterIdentifier
property, AWS CloudFormation saves a snapshot of the DB instance.AWS::RDS::DBInstance
resources that do specify the DBClusterIdentifier
property, AWS CloudFormation deletes the DB instance.For more information, see DeletionPolicy Attribute.
To create a AWS RDS DB instance with basic details
resource "awscc_rds_db_instance" "this" {
allocated_storage = 10
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
db_instance_class = "db.t3.micro"
master_username = "foo"
master_user_password = "foobarbaz"
db_parameter_group_name = "default.mysql5.7"
}
To enable Storage Autoscaling with instances that support the feature, define the max_allocated_storage argument higher than the allocated_storage argument. Terraform will automatically hide differences with the allocated_storage argument value if autoscaling occurs.
resource "awscc_rds_db_instance" "this" {
# ... other configuration ...
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
db_instance_class = "db.t3.micro"
master_username = "foo"
master_user_password = "foobarbaz"
db_parameter_group_name = "default.mysql5.7"
allocated_storage = 50
max_allocated_storage = 100
}
You can specify the manage_master_user_password attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the manage_master_user_password attribute and removing the password attribute (removal is required).
resource "awscc_rds_db_instance" "this" {
allocated_storage = 10
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
db_instance_class = "db.t3.micro"
manage_master_user_password = true
master_username = "foo"
db_parameter_group_name = "default.mysql5.7"
}
You can specify the kms_key_id attribute under nested block master_user_secret to specify a specific KMS Key.
resource "aws_kms_key" "this" {
description = "Example KMS Key"
}
resource "awscc_rds_db_instance" "this" {
allocated_storage = 10
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
db_instance_class = "db.t3.micro"
manage_master_user_password = true
master_username = "foo"
master_user_secret = {
kms_key_id = aws_kms_key.this.key_id
}
db_parameter_group_name = "default.mysql5.7"
}
You can create RDS DB instance by using custom db subnet group
resource "awscc_rds_db_subnet_group" "this" {
db_subnet_group_name = "example"
db_subnet_group_description = "example subnet group"
subnet_ids = ["subnet-006182af0254ccbc4", "subnet-0c40688dd8ca51435"]
}
resource "awscc_rds_db_instance" "this" {
allocated_storage = 10
db_name = "mydb"
engine = "mysql"
engine_version = "5.7"
db_instance_class = "db.t3.micro"
master_username = "foo"
master_user_password = "foobarbaz"
db_parameter_group_name = "default.mysql5.7"
db_subnet_group_name = awscc_rds_db_subnet_group.this.id
tags = [{
key = "Name"
value = "this"
}]
}
allocated_storage
(String) The amount of storage in gibibytes (GiB) to be initially allocated for the database instance.
If any value is set in the Iops
parameter, AllocatedStorage
must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the Iops
value (in 1,000 IOPS increments), then you must also increase the AllocatedStorage
value (in 100-GiB increments).
Amazon Aurora
Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.
Db2
Constraints to the amount of storage for each storage type are the following:
MySQL Constraints to the amount of storage for each storage type are the following:
MariaDB Constraints to the amount of storage for each storage type are the following:
PostgreSQL Constraints to the amount of storage for each storage type are the following:
Oracle Constraints to the amount of storage for each storage type are the following:
SQL Server Constraints to the amount of storage for each storage type are the following:
Web and Express editions: Must be an integer from 20 to 16384.
Provisioned IOPS storage (io1):
Web and Express editions: Must be an integer from 20 to 16384.
Magnetic storage (standard):
allow_major_version_upgrade
(Boolean) A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.
Constraints: Major version upgrades must be allowed when specifying a value for the EngineVersion
parameter that is a different major version than the DB instance's current version.associated_roles
(Attributes List) The IAMlong (IAM) roles associated with the DB instance.
Amazon Aurora
Not applicable. The associated roles are managed by the DB cluster. (see below for nested schema)auto_minor_version_upgrade
(Boolean) A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.automatic_backup_replication_kms_key_id
(String)automatic_backup_replication_region
(String) The destination region for the backup replication of the DB instance. For more info, see Replicating automated backups to another Region in the Amazon RDS User Guide.availability_zone
(String) The Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see Regions and Availability Zones.
For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.
Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region.
Constraints:
AvailabilityZone
parameter can't be specified if the DB instance is a Multi-AZ deployment.Example: us-east-1d
backup_retention_period
(Number) The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
Amazon Aurora
Not applicable. The retention period for automated backups is managed by the DB cluster.
Default: 1
Constraints:
md5-d115e7beec3332d93cc34ab74710e08c
This setting doesn't apply to RDS Custom DB instances.
character_set_name
(String) For supported engines, indicates that the DB instance should be associated with the specified character set.
Amazon Aurora
Not applicable. The character set is managed by the DB cluster. For more information, see AWS::RDS::DBCluster.copy_tags_to_snapshot
(Boolean) Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.
This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.custom_iam_instance_profile
(String) The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.
This setting is required for RDS Custom.
Constraints:
AWSRDSCustom
.For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
db_cluster_identifier
(String) The identifier of the DB cluster that the instance will belong to.db_cluster_snapshot_identifier
(String) The identifier for the Multi-AZ DB cluster snapshot to restore from.
For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
Constraints:
md5-9c9148aef0801e5634b81421901b4bfd
MySQL The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints:
MariaDB The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints:
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter is not specified, the default postgres
database is created in the DB instance.
Constraints:
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null
, the default value ORCL
is used. You can't specify the string NULL, or any other reserved word, for DBName
.
Default: ORCL
Constraints:
SQL Server Not applicable. Must be null.
db_parameter_group_name
(String) The name of an existing DB parameter group or a reference to an AWS::RDS::DBParameterGroup resource created in the template.
To list all of the available DB parameter group names, use the following command:
aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text
If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.
If you don't specify a value for DBParameterGroupName
property, the default DB parameter group for the specified engine and engine version is used.db_security_groups
(List of String) A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template.
If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.
If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations:
AllocatedStorage
AutoMinorVersionUpgrade
AvailabilityZone
BackupRetentionPeriod
CharacterSetName
DBInstanceClass
DBName
DBParameterGroupName
DBSecurityGroups
DBSubnetGroupName
Engine
EngineVersion
Iops
LicenseModel
MasterUsername
MasterUserPassword
MultiAZ
OptionGroupName
PreferredBackupWindow
PreferredMaintenanceWindow
All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as StorageType
, StorageEncrypted
, or KmsKeyId
. If you're already using the DBSecurityGroups
property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
db_snapshot_identifier
(String) The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.
By specifying this property, you can create a DB instance from the specified DB snapshot. If the DBSnapshotIdentifier
property is an empty string or the AWS::RDS::DBInstance
declaration has no DBSnapshotIdentifier
property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.
Some DB instance properties aren't valid when you restore from a snapshot, such as the MasterUsername
and MasterUserPassword
properties. For information about the properties that you can specify, see the RestoreDBInstanceFromDBSnapshot
action in the Amazon RDS API Reference.
After you restore a DB instance with a DBSnapshotIdentifier
property, you must specify the same DBSnapshotIdentifier
property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier
property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier
property, and the original DB instance is deleted.
If you specify the DBSnapshotIdentifier
property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:
CharacterSetName
DBClusterIdentifier
DBName
DeleteAutomatedBackups
EnablePerformanceInsights
KmsKeyId
MasterUsername
MasterUserPassword
PerformanceInsightsKMSKeyId
PerformanceInsightsRetentionPeriod
PromotionTier
SourceDBInstanceIdentifier
SourceRegion
StorageEncrypted
(for an encrypted snapshot)Timezone
Amazon Aurora Not applicable. Snapshot restore is managed by the DB cluster.
db_subnet_group_name
(String) A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC.
If there's no DB subnet group, then the DB instance isn't a VPC DB instance.
For more information about using Amazon RDS in a VPC, see Using Amazon RDS with Amazon Virtual Private Cloud (VPC) in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.dedicated_log_volume
(Boolean) Indicates whether the DB instance has a dedicated log volume (DLV) enabled.delete_automated_backups
(Boolean) A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted.
Amazon Aurora
Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.deletion_protection
(Boolean) A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance.
Amazon Aurora
Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster
. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.domain
(String) The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.domain_auth_secret_arn
(String) The ARN for the Secrets Manager secret with the credentials for the user joining the domain.
Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456
domain_dns_ips
(List of String) The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers.
Constraints:
Example: 123.124.125.126,234.235.236.237
domain_fqdn
(String) The fully qualified domain name (FQDN) of an Active Directory domain.
Constraints:
Example: mymanagedADtest.mymanagedAD.mydomain
domain_iam_role_name
(String) The name of the IAM role to use when making API calls to the Directory Service.
This setting doesn't apply to the following DB instances:
md5-7cea0c76f524ddf389401f858a8ae130
Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain
enable_cloudwatch_logs_exports
(List of String) The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Relational Database Service User Guide.
Amazon Aurora
Not applicable. CloudWatch Logs exports are managed by the DB cluster.
Db2
Valid values: diag.log
, notify.log
MariaDB
Valid values: audit
, error
, general
, slowquery
Microsoft SQL Server
Valid values: agent
, error
MySQL
Valid values: audit
, error
, general
, slowquery
Oracle
Valid values: alert
, audit
, listener
, trace
, oemagent
PostgreSQL
Valid values: postgresql
, upgrade
enable_iam_database_authentication
(Boolean) A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see IAM Database Authentication for MariaDB, MySQL, and PostgreSQL in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.enable_performance_insights
(Boolean) Specifies whether to enable Performance Insights for the DB instance. For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom DB instances.endpoint
(Attributes) The connection endpoint for the DB instance.
The endpoint might not be shown for instances with the status of creating
. (see below for nested schema)engine
(String) The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region.
This property is required when creating a DB instance.
You can change the architecture of an Oracle database from the non-container database (CDB) architecture to the CDB architecture by updating the Engine
value in your templates from oracle-ee
or oracle-ee-cdb
to oracle-se2-cdb
. Converting to the CDB architecture requires an interruption.
Valid Values:
md5-6226d615e7670f60ccd7f4846df89c80
If you've specified DBSecurityGroups
and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
manage_master_user_password
(Boolean) Specifies whether to manage the master user password with AWS Secrets Manager.
For more information, see Password management with Secrets Manager in the Amazon RDS User Guide.
Constraints:
md5-79ecfc5f71e6b1bb0c38636d31ad1dd6
RDS for MariaDB Constraints:
RDS for Microsoft SQL Server Constraints:
RDS for MySQL Constraints:
RDS for Oracle Constraints:
RDS for PostgreSQL Constraints:
max_allocated_storage
(Number) The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.
This setting doesn't apply to the following DB instances:
monitoring_interval
(Number) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn
is specified, then you must set MonitoringInterval
to a value other than 0.
This setting doesn't apply to RDS Custom.
Valid Values: 0, 1, 5, 10, 15, 30, 60
monitoring_role_arn
(String) The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess
. For information on creating a monitoring role, see Setting Up and Enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval
is set to a value other than 0
, then you must supply a MonitoringRoleArn
value.
This setting doesn't apply to RDS Custom DB instances.multi_az
(Boolean) Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the AvailabilityZone
parameter if the MultiAZ
parameter is set to true.
For more information, see Multi-AZ deployments for high availability in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the MultiAZ
option to be set.nchar_character_set_name
(String) The name of the NCHAR character set for the Oracle DB instance.
This setting doesn't apply to RDS Custom DB instances.network_type
(String) The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup
specified for the DB instance. A DBSubnetGroup
can support only the IPv4 protocol or the IPv4 and IPv6 protocols (DUAL
).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
option_group_name
(String) Indicates that the DB instance should be associated with the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.performance_insights_kms_key_id
(String) The AWS KMS key identifier for encryption of Performance Insights data.
The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId
, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region.
For information about enabling Performance Insights, see EnablePerformanceInsights.performance_insights_retention_period
(Number) The number of days to retain Performance Insights data.
This setting doesn't apply to RDS Custom DB instances.
Valid Values:
7
93
(3 months * 31), 341
(11 months * 31), 589
(19 months * 31)731
Default: 7
days
If you specify a retention period that isn't valid, such as 94
, Amazon RDS returns an error.
port
(String) The port number on which the database accepts connections.
Amazon Aurora
Not applicable. The port number is managed by the DB cluster.
Db2
Default value: 50000
preferred_backup_window
(String) The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod
parameter. For more information, see Backup Window in the Amazon RDS User Guide.
Constraints:
hh24:mi-hh24:mi
.Amazon Aurora Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
preferred_maintenance_window
(String) The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Instance Maintenance Window in the Amazon RDS User Guide.
This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.
Constraints: Minimum 30-minute window.processor_features
(Attributes List) The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to Amazon Aurora or RDS Custom DB instances. (see below for nested schema)promotion_tier
(Number) The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.
This setting doesn't apply to RDS Custom DB instances.
Default: 1
Valid Values: 0 - 15
publicly_accessible
(Boolean) Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address.
The default behavior value depends on your VPC setup and the database subnet group. For more information, see the PubliclyAccessible
parameter in the CreateDBInstance in the Amazon RDS API Reference.replica_mode
(String) The open mode of an Oracle read replica. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
This setting is only supported in RDS for Oracle.
Default: open-read-only
Valid Values: open-read-only
or mounted
restore_time
(String) The date and time to restore from.
Constraints:
UseLatestRestorableTime
parameter is enabled.Example: 2009-09-07T23:45:00Z
source_db_cluster_identifier
(String) The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas.
Constraints:
SourceDBInstanceIdentifier
parameter is also specified.source_db_instance_automated_backups_arn
(String) The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE
.
This setting doesn't apply to RDS Custom.source_db_instance_identifier
(String) If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see Working with Read Replicas in the Amazon RDS User Guide.
For information about constraints that apply to DB instance identifiers, see Naming constraints in Amazon RDS in the Amazon RDS User Guide.
The SourceDBInstanceIdentifier
property determines whether a DB instance is a read replica. If you remove the SourceDBInstanceIdentifier
property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance.
VPCSecurityGroups
property. If you don't specify the property, the read replica inherits the value of the VPCSecurityGroups
property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's VPCSecurityGroups
property to the default value because it's not defined in the stack's template. This change might cause unexpected issues.SourceDBInstanceIdentifier
, don't specify the DBSnapshotIdentifier
property. You can't create a read replica from a snapshot.BackupRetentionPeriod
, DBName
, MasterUsername
, MasterUserPassword
, and PreferredBackupWindow
properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas.SourceRegion
, and specify an ARN for a valid DB instance in SourceDBInstanceIdentifier
. For more information, see Constructing a Amazon RDS Amazon Resource Name (ARN) in the Amazon RDS User Guide.source_dbi_resource_id
(String) The resource ID of the source DB instance from which to restore.source_region
(String) The ID of the region that contains the source DB instance for the read replica.storage_encrypted
(Boolean) A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.
If you specify the KmsKeyId
property, then you must enable encryption.
If you specify the SourceDBInstanceIdentifier
property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified KmsKeyId
property is used.
If you specify the DBSnapshotIdentifier
and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified KmsKeyId
property is used.
If you specify the DBSnapshotIdentifier
and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB instance is encrypted. Specify the KmsKeyId
property for the KMS key to use for encryption. If you don't want the restored DB instance to be encrypted, then don't set this property or set it to false
.
Amazon Aurora
Not applicable. The encryption for DB instances is managed by the DB cluster.storage_throughput
(Number) Specifies the storage throughput value for the DB instance. This setting applies only to the gp3
storage type.
This setting doesn't apply to RDS Custom or Amazon Aurora.storage_type
(String) The storage type to associate with the DB instance.
If you specify io1
, io2
, or gp3
, you must also include a value for the Iops
parameter.
This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.
Valid Values: gp2 | gp3 | io1 | io2 | standard
Default: io1
, if the Iops
parameter is specified. Otherwise, gp2
.tags
(Attributes List) An optional array of key-value pairs to apply to this DB instance. (see below for nested schema)tde_credential_arn
(String)tde_credential_password
(String)timezone
(String) The time zone of the DB instance. The time zone parameter is currently supported only by Microsoft SQL Server.use_default_processor_features
(Boolean) Specifies whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom DB instances.use_latest_restorable_time
(Boolean) Specifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time.
Constraints:
RestoreTime
parameter is provided.vpc_security_groups
(List of String) A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to AWS::EC2::SecurityGroup resources created in the template.
If you plan to update the resource, don't specify VPC security groups in a shared VPC.
If you set VPCSecurityGroups
, you must not set DBSecurityGroups, and vice versa.
You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind:
To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template. Amazon Aurora Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
db_instance_arn
(String)db_system_id
(String) The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to RDSCDB
. The Oracle SID is also the name of your CDB.dbi_resource_id
(String)id
(String) Uniquely identifies the resource.associated_roles
Required:
feature_name
(String) The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB instance grant permission for the DB instance to access other AWS services on your behalf. For the list of supported feature names, see the SupportedFeatureNames
description in DBEngineVersion in the Amazon RDS API Reference.role_arn
(String) The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance.certificate_details
Read-Only:
ca_identifier
(String) The CA identifier of the CA certificate used for the DB instance's server certificate.valid_till
(String) The expiration date of the DB instance’s server certificate.endpoint
Read-Only:
address
(String) Specifies the DNS address of the DB instance.hosted_zone_id
(String) Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.port
(String) Specifies the port that the database engine is listening on.master_user_secret
Optional:
kms_key_id
(String) The AWS KMS key identifier that is used to encrypt the secret.Read-Only:
secret_arn
(String) The Amazon Resource Name (ARN) of the secret.processor_features
Optional:
name
(String) The name of the processor feature. Valid names are coreCount
and threadsPerCore
.value
(String) The value of a processor feature name.tags
Required:
key
(String) A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with aws:
or rds:
. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$").Optional:
value
(String) A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with aws:
or rds:
. The string can only contain only the set of Unicode letters, digits, white-space, '_', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$").Import is supported using the following syntax:
$ terraform import awscc_rds_db_instance.example <resource ID>