aws-sdk-rds 1.102.0 → 1.107.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,28 +5,26 @@ require 'aws-sigv4'
5
5
  module Aws
6
6
  module RDS
7
7
  module Plugins
8
-
9
- # This plugin populates the `:pre_signed_url` request param for the
10
- # CopyDBSnapshot API.
8
+ # This plugin populates the `:pre_signed_url` request param for APIs
9
+ # that support cross region copying.
11
10
  #
12
11
  # This parameter is required by RDS when copying an encrypted snapshot
13
12
  # across regions. This plugin will be skipped if the `:pre_signed_url`
14
13
  # parameter is provided by the user.
15
14
  class CrossRegionCopying < Seahorse::Client::Plugin
16
-
17
15
  # @api private
18
16
  class Handler < Seahorse::Client::Handler
19
-
20
17
  def call(context)
21
18
  params = context.params
22
- if params.is_a?(Hash) && params[:source_region] && !params[:pre_signed_url]
19
+ if params.is_a?(Hash) &&
20
+ params[:source_region] && !params[:pre_signed_url]
23
21
  params[:pre_signed_url] = presigned_url(context, params)
24
- params[:destination_region] = context.config.region
25
22
  end
26
23
  @handler.call(context)
27
24
  end
28
25
 
29
26
  private
27
+
30
28
  def presigned_url(context, params)
31
29
  # :source_region is not modeled in the api
32
30
  source_region = params.delete(:source_region)
@@ -43,12 +41,13 @@ module Aws
43
41
  region: source_region,
44
42
  credentials_provider: context.config.credentials
45
43
  )
46
- url = Aws::Partitions::EndpointProvider.resolve(signer.region, 'rds')
47
- url += "?#{param_list.to_s}"
44
+ url = Aws::Partitions::EndpointProvider.resolve(
45
+ signer.region, 'rds'
46
+ )
47
+ url += "?#{param_list}"
48
48
  signer.presign_url(
49
49
  http_method: 'GET',
50
50
  url: url,
51
- body: '',
52
51
  expires_in: 3600
53
52
  ).to_s
54
53
  end
@@ -61,10 +60,10 @@ module Aws
61
60
  :copy_db_snapshot,
62
61
  :create_db_instance_read_replica,
63
62
  :copy_db_cluster_snapshot,
64
- :create_db_cluster
63
+ :create_db_cluster,
64
+ :start_db_instance_automated_backups_replication
65
65
  ]
66
66
  )
67
-
68
67
  end
69
68
  end
70
69
  end
@@ -258,30 +258,27 @@ module Aws::RDS
258
258
  # @option options [String] :kms_key_id
259
259
  # The AWS KMS key identifier for an encrypted DB cluster.
260
260
  #
261
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
262
- # encryption key. If you are creating a DB cluster with the same AWS
263
- # account that owns the KMS encryption key used to encrypt the new DB
264
- # cluster, then you can use the KMS key alias instead of the ARN for the
265
- # KMS encryption key.
261
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
262
+ # name for the AWS KMS customer master key (CMK). To use a CMK in a
263
+ # different AWS account, specify the key ARN or alias ARN.
266
264
  #
267
- # If an encryption key isn't specified in `KmsKeyId`\:
265
+ # When a CMK isn't specified in `KmsKeyId`\:
268
266
  #
269
267
  # * If `ReplicationSourceIdentifier` identifies an encrypted source,
270
- # then Amazon RDS will use the encryption key used to encrypt the
271
- # source. Otherwise, Amazon RDS will use your default encryption key.
268
+ # then Amazon RDS will use the CMK used to encrypt the source.
269
+ # Otherwise, Amazon RDS will use your default CMK.
272
270
  #
273
271
  # * If the `StorageEncrypted` parameter is enabled and
274
272
  # `ReplicationSourceIdentifier` isn't specified, then Amazon RDS will
275
- # use your default encryption key.
273
+ # use your default CMK.
276
274
  #
277
- # AWS KMS creates the default encryption key for your AWS account. Your
278
- # AWS account has a different default encryption key for each AWS
279
- # Region.
275
+ # There is a default CMK for your AWS account. Your AWS account has a
276
+ # different default CMK for each AWS Region.
280
277
  #
281
278
  # If you create a read replica of an encrypted DB cluster in another AWS
282
- # Region, you must set `KmsKeyId` to a KMS key ID that is valid in the
283
- # destination AWS Region. This key is used to encrypt the read replica
284
- # in that AWS Region.
279
+ # Region, you must set `KmsKeyId` to a AWS KMS key identifier that is
280
+ # valid in the destination AWS Region. This CMK is used to encrypt the
281
+ # read replica in that AWS Region.
285
282
  # @option options [String] :pre_signed_url
286
283
  # A URL that contains a Signature Version 4 signed request for the
287
284
  # `CreateDBCluster` action to be called in the source AWS Region where
@@ -298,9 +295,9 @@ module Aws::RDS
298
295
  #
299
296
  # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
300
297
  # encrypt the copy of the DB cluster in the destination AWS Region.
301
- # This should refer to the same KMS key for both the `CreateDBCluster`
302
- # action that is called in the destination AWS Region, and the action
303
- # contained in the pre-signed URL.
298
+ # This should refer to the same AWS KMS CMK for both the
299
+ # `CreateDBCluster` action that is called in the destination AWS
300
+ # Region, and the action contained in the pre-signed URL.
304
301
  #
305
302
  # * `DestinationRegion` - The name of the AWS Region that Aurora read
306
303
  # replica will be created in.
@@ -374,14 +371,23 @@ module Aws::RDS
374
371
  #
375
372
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
376
373
  # @option options [String] :engine_mode
377
- # The DB engine mode of the DB cluster, either `provisioned`,
374
+ # The DB engine mode of the DB cluster, either `provisioned`
378
375
  # `serverless`, `parallelquery`, `global`, or `multimaster`.
379
376
  #
380
- # <note markdown="1"> `global` engine mode only applies for global database clusters created
381
- # with Aurora MySQL version 5.6.10a. For higher Aurora MySQL versions,
382
- # the clusters in a global database use `provisioned` engine mode.
377
+ # The `parallelquery` engine mode isn't required for Aurora MySQL
378
+ # version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x
379
+ # versions.
380
+ #
381
+ # The `global` engine mode isn't required for Aurora MySQL version 1.22
382
+ # and higher 1.x versions, and `global` engine mode isn't required for
383
+ # any 2.x versions.
383
384
  #
384
- # </note>
385
+ # The `multimaster` engine mode only applies for DB clusters created
386
+ # with Aurora MySQL version 5.6.10a.
387
+ #
388
+ # For Aurora PostgreSQL, the `global` engine mode isn't required, and
389
+ # both the `parallelquery` and the `multimaster` engine modes currently
390
+ # aren't supported.
385
391
  #
386
392
  # Limitations and requirements apply to some DB engine modes. For more
387
393
  # information, see the following sections in the *Amazon Aurora User
@@ -391,7 +397,7 @@ module Aws::RDS
391
397
  #
392
398
  # * [ Limitations of Parallel Query][2]
393
399
  #
394
- # * [ Requirements for Aurora Global Databases][3]
400
+ # * [ Limitations of Aurora Global Databases][3]
395
401
  #
396
402
  # * [ Limitations of Multi-Master Clusters][4]
397
403
  #
@@ -451,7 +457,6 @@ module Aws::RDS
451
457
  # This parameter only applies to DB clusters that are secondary clusters
452
458
  # in an Aurora global database. By default, Aurora disallows write
453
459
  # operations for secondary clusters.
454
- # @option options [String] :destination_region
455
460
  # @option options [String] :source_region
456
461
  # The source region of the snapshot. This is only needed when the
457
462
  # shapshot is encrypted and in a different region.
@@ -1093,8 +1098,8 @@ module Aws::RDS
1093
1098
  #
1094
1099
  # **Microsoft SQL Server**
1095
1100
  #
1096
- # See [Version and Feature Support on Amazon RDS][2] in the *Amazon RDS
1097
- # User Guide.*
1101
+ # See [Microsoft SQL Server Versions on Amazon RDS][2] in the *Amazon
1102
+ # RDS User Guide.*
1098
1103
  #
1099
1104
  # **MySQL**
1100
1105
  #
@@ -1113,7 +1118,7 @@ module Aws::RDS
1113
1118
  #
1114
1119
  #
1115
1120
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt
1116
- # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
1121
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
1117
1122
  # [3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
1118
1123
  # [4]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html
1119
1124
  # [5]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions
@@ -1221,22 +1226,19 @@ module Aws::RDS
1221
1226
  # @option options [String] :kms_key_id
1222
1227
  # The AWS KMS key identifier for an encrypted DB instance.
1223
1228
  #
1224
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
1225
- # encryption key. If you are creating a DB instance with the same AWS
1226
- # account that owns the KMS encryption key used to encrypt the new DB
1227
- # instance, then you can use the KMS key alias instead of the ARN for
1228
- # the KM encryption key.
1229
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1230
+ # name for the AWS KMS customer master key (CMK). To use a CMK in a
1231
+ # different AWS account, specify the key ARN or alias ARN.
1229
1232
  #
1230
1233
  # **Amazon Aurora**
1231
1234
  #
1232
- # Not applicable. The KMS key identifier is managed by the DB cluster.
1233
- # For more information, see `CreateDBCluster`.
1235
+ # Not applicable. The AWS KMS key identifier is managed by the DB
1236
+ # cluster. For more information, see `CreateDBCluster`.
1234
1237
  #
1235
1238
  # If `StorageEncrypted` is enabled, and you do not specify a value for
1236
- # the `KmsKeyId` parameter, then Amazon RDS will use your default
1237
- # encryption key. AWS KMS creates the default encryption key for your
1238
- # AWS account. Your AWS account has a different default encryption key
1239
- # for each AWS Region.
1239
+ # the `KmsKeyId` parameter, then Amazon RDS uses your default CMK. There
1240
+ # is a default CMK for your AWS account. Your AWS account has a
1241
+ # different default CMK for each AWS Region.
1240
1242
  # @option options [String] :domain
1241
1243
  # The Active Directory directory ID to create the DB instance in.
1242
1244
  # Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB
@@ -1307,29 +1309,8 @@ module Aws::RDS
1307
1309
  # Access Management (IAM) accounts to database accounts. By default,
1308
1310
  # mapping is disabled.
1309
1311
  #
1310
- # You can enable IAM database authentication for the following database
1311
- # engines:
1312
- #
1313
- # **Amazon Aurora**
1314
- #
1315
- # Not applicable. Mapping AWS IAM accounts to database accounts is
1316
- # managed by the DB cluster.
1317
- #
1318
- # **MySQL**
1319
- #
1320
- # * For MySQL 5.6, minor version 5.6.34 or higher
1321
- #
1322
- # * For MySQL 5.7, minor version 5.7.16 or higher
1323
- #
1324
- # * For MySQL 8.0, minor version 8.0.16 or higher
1325
- #
1326
- # **PostgreSQL**
1327
- #
1328
- # * For PostgreSQL 9.5, minor version 9.5.15 or higher
1329
- #
1330
- # * For PostgreSQL 9.6, minor version 9.6.11 or higher
1331
- #
1332
- # * PostgreSQL 10.6, 10.7, and 10.9
1312
+ # This setting doesn't apply to Amazon Aurora. Mapping AWS IAM accounts
1313
+ # to database accounts is managed by the DB cluster.
1333
1314
  #
1334
1315
  # For more information, see [ IAM Database Authentication for MySQL and
1335
1316
  # PostgreSQL][1] in the *Amazon RDS User Guide.*
@@ -1349,13 +1330,15 @@ module Aws::RDS
1349
1330
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html
1350
1331
  # @option options [String] :performance_insights_kms_key_id
1351
1332
  # The AWS KMS key identifier for encryption of Performance Insights
1352
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
1353
- # identifier, or the KMS key alias for the KMS encryption key.
1333
+ # data.
1334
+ #
1335
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1336
+ # name for the AWS KMS customer master key (CMK).
1354
1337
  #
1355
1338
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`, then
1356
- # Amazon RDS uses your default encryption key. AWS KMS creates the
1357
- # default encryption key for your AWS account. Your AWS account has a
1358
- # different default encryption key for each AWS Region.
1339
+ # Amazon RDS uses your default CMK. There is a default CMK for your AWS
1340
+ # account. Your AWS account has a different default CMK for each AWS
1341
+ # Region.
1359
1342
  # @option options [Integer] :performance_insights_retention_period
1360
1343
  # The amount of time, in days, to retain Performance Insights data.
1361
1344
  # Valid values are 7 or 731 (2 years).
@@ -1366,6 +1349,10 @@ module Aws::RDS
1366
1349
  # CloudWatch Logs ][1] in the *Amazon Relational Database Service User
1367
1350
  # Guide*.
1368
1351
  #
1352
+ # **Amazon Aurora**
1353
+ #
1354
+ # Not applicable. CloudWatch Logs exports are managed by the DB cluster.
1355
+ #
1369
1356
  # **MariaDB**
1370
1357
  #
1371
1358
  # Possible values are `audit`, `error`, `general`, and `slowquery`.
@@ -157,7 +157,7 @@ module Aws::RDS
157
157
  #
158
158
  # @!attribute [rw] role_arn
159
159
  # The Amazon Resource Name (ARN) of the IAM role to associate with the
160
- # Aurora DB cluster, for example
160
+ # Aurora DB cluster, for example,
161
161
  # `arn:aws:iam::123456789012:role/AuroraAccessRole`.
162
162
  # @return [String]
163
163
  #
@@ -715,13 +715,20 @@ module Aws::RDS
715
715
  #
716
716
  # The `EnableLogTypes` and `DisableLogTypes` arrays determine which logs
717
717
  # will be exported (or not exported) to CloudWatch Logs. The values
718
- # within these arrays depend on the DB engine being used. For more
719
- # information, see [Publishing Database Logs to Amazon CloudWatch Logs
718
+ # within these arrays depend on the DB engine being used.
719
+ #
720
+ # For more information about exporting CloudWatch Logs for Amazon RDS DB
721
+ # instances, see [Publishing Database Logs to Amazon CloudWatch Logs
720
722
  # ][1] in the *Amazon RDS User Guide*.
721
723
  #
724
+ # For more information about exporting CloudWatch Logs for Amazon Aurora
725
+ # DB clusters, see [Publishing Database Logs to Amazon CloudWatch
726
+ # Logs][2] in the *Amazon Aurora User Guide*.
727
+ #
722
728
  #
723
729
  #
724
730
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
731
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
725
732
  #
726
733
  # @note When making an API call, you may pass CloudwatchLogsExportConfiguration
727
734
  # data as a hash:
@@ -1043,25 +1050,25 @@ module Aws::RDS
1043
1050
  # @return [String]
1044
1051
  #
1045
1052
  # @!attribute [rw] kms_key_id
1046
- # The AWS KMS key ID for an encrypted DB cluster snapshot. The KMS key
1047
- # ID is the Amazon Resource Name (ARN), KMS key identifier, or the KMS
1048
- # key alias for the KMS encryption key.
1053
+ # The AWS KMS key identifier for an encrypted DB cluster snapshot. The
1054
+ # AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1055
+ # name for the AWS KMS customer master key (CMK).
1049
1056
  #
1050
1057
  # If you copy an encrypted DB cluster snapshot from your AWS account,
1051
1058
  # you can specify a value for `KmsKeyId` to encrypt the copy with a
1052
- # new KMS encryption key. If you don't specify a value for
1053
- # `KmsKeyId`, then the copy of the DB cluster snapshot is encrypted
1054
- # with the same KMS key as the source DB cluster snapshot.
1059
+ # new AWS KMS CMK. If you don't specify a value for `KmsKeyId`, then
1060
+ # the copy of the DB cluster snapshot is encrypted with the same AWS
1061
+ # KMS key as the source DB cluster snapshot.
1055
1062
  #
1056
1063
  # If you copy an encrypted DB cluster snapshot that is shared from
1057
1064
  # another AWS account, then you must specify a value for `KmsKeyId`.
1058
1065
  #
1059
1066
  # To copy an encrypted DB cluster snapshot to another AWS Region, you
1060
- # must set `KmsKeyId` to the KMS key ID you want to use to encrypt the
1061
- # copy of the DB cluster snapshot in the destination AWS Region. KMS
1062
- # encryption keys are specific to the AWS Region that they are created
1063
- # in, and you can't use encryption keys from one AWS Region in
1064
- # another AWS Region.
1067
+ # must set `KmsKeyId` to the AWS KMS key identifier you want to use to
1068
+ # encrypt the copy of the DB cluster snapshot in the destination AWS
1069
+ # Region. AWS KMS CMKs are specific to the AWS Region that they are
1070
+ # created in, and you can't use CMKs from one AWS Region in another
1071
+ # AWS Region.
1065
1072
  #
1066
1073
  # If you copy an unencrypted DB cluster snapshot and specify a value
1067
1074
  # for the `KmsKeyId` parameter, an error is returned.
@@ -1081,11 +1088,12 @@ module Aws::RDS
1081
1088
  # be copied. The pre-signed URL request must contain the following
1082
1089
  # parameter values:
1083
1090
  #
1084
- # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1085
- # encrypt the copy of the DB cluster snapshot in the destination AWS
1086
- # Region. This is the same identifier for both the
1087
- # `CopyDBClusterSnapshot` action that is called in the destination
1088
- # AWS Region, and the action contained in the pre-signed URL.
1091
+ # * `KmsKeyId` - The AWS KMS key identifier for the customer master
1092
+ # key (CMK) to use to encrypt the copy of the DB cluster snapshot in
1093
+ # the destination AWS Region. This is the same identifier for both
1094
+ # the `CopyDBClusterSnapshot` action that is called in the
1095
+ # destination AWS Region, and the action contained in the pre-signed
1096
+ # URL.
1089
1097
  #
1090
1098
  # * `DestinationRegion` - The name of the AWS Region that the DB
1091
1099
  # cluster snapshot is to be created in.
@@ -1132,9 +1140,6 @@ module Aws::RDS
1132
1140
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
1133
1141
  # @return [Array<Types::Tag>]
1134
1142
  #
1135
- # @!attribute [rw] destination_region
1136
- # @return [String]
1137
- #
1138
1143
  # @!attribute [rw] source_region
1139
1144
  # The source region of the snapshot. This is only needed when the
1140
1145
  # shapshot is encrypted and in a different region.
@@ -1149,7 +1154,6 @@ module Aws::RDS
1149
1154
  :pre_signed_url,
1150
1155
  :copy_tags,
1151
1156
  :tags,
1152
- :destination_region,
1153
1157
  :source_region)
1154
1158
  SENSITIVE = []
1155
1159
  include Aws::Structure
@@ -1273,6 +1277,7 @@ module Aws::RDS
1273
1277
  # copy_tags: false,
1274
1278
  # pre_signed_url: "String",
1275
1279
  # option_group_name: "String",
1280
+ # target_custom_availability_zone: "String",
1276
1281
  # source_region: "String",
1277
1282
  # }
1278
1283
  #
@@ -1323,15 +1328,15 @@ module Aws::RDS
1323
1328
  # @return [String]
1324
1329
  #
1325
1330
  # @!attribute [rw] kms_key_id
1326
- # The AWS KMS key ID for an encrypted DB snapshot. The KMS key ID is
1327
- # the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
1328
- # alias for the KMS encryption key.
1331
+ # The AWS KMS key identifier for an encrypted DB snapshot. The AWS KMS
1332
+ # key identifier is the key ARN, key ID, alias ARN, or alias name for
1333
+ # the AWS KMS customer master key (CMK).
1329
1334
  #
1330
1335
  # If you copy an encrypted DB snapshot from your AWS account, you can
1331
1336
  # specify a value for this parameter to encrypt the copy with a new
1332
- # KMS encryption key. If you don't specify a value for this
1333
- # parameter, then the copy of the DB snapshot is encrypted with the
1334
- # same KMS key as the source DB snapshot.
1337
+ # AWS KMS CMK. If you don't specify a value for this parameter, then
1338
+ # the copy of the DB snapshot is encrypted with the same AWS KMS key
1339
+ # as the source DB snapshot.
1335
1340
  #
1336
1341
  # If you copy an encrypted DB snapshot that is shared from another AWS
1337
1342
  # account, then you must specify a value for this parameter.
@@ -1340,10 +1345,10 @@ module Aws::RDS
1340
1345
  # the copy is encrypted.
1341
1346
  #
1342
1347
  # If you copy an encrypted snapshot to a different AWS Region, then
1343
- # you must specify a KMS key for the destination AWS Region. KMS
1344
- # encryption keys are specific to the AWS Region that they are created
1345
- # in, and you can't use encryption keys from one AWS Region in
1346
- # another AWS Region.
1348
+ # you must specify a AWS KMS key identifier for the destination AWS
1349
+ # Region. AWS KMS CMKs are specific to the AWS Region that they are
1350
+ # created in, and you can't use CMKs from one AWS Region in another
1351
+ # AWS Region.
1347
1352
  # @return [String]
1348
1353
  #
1349
1354
  # @!attribute [rw] tags
@@ -1388,11 +1393,11 @@ module Aws::RDS
1388
1393
  # example, the `DestinationRegion` in the presigned URL must be set
1389
1394
  # to the us-east-1 AWS Region.
1390
1395
  #
1391
- # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1392
- # encrypt the copy of the DB snapshot in the destination AWS Region.
1393
- # This is the same identifier for both the `CopyDBSnapshot` action
1394
- # that is called in the destination AWS Region, and the action
1395
- # contained in the presigned URL.
1396
+ # * `KmsKeyId` - The AWS KMS key identifier for the customer master
1397
+ # key (CMK) to use to encrypt the copy of the DB snapshot in the
1398
+ # destination AWS Region. This is the same identifier for both the
1399
+ # `CopyDBSnapshot` action that is called in the destination AWS
1400
+ # Region, and the action contained in the presigned URL.
1396
1401
  #
1397
1402
  # * `SourceDBSnapshotIdentifier` - The DB snapshot identifier for the
1398
1403
  # encrypted snapshot to be copied. This identifier must be in the
@@ -1436,7 +1441,11 @@ module Aws::RDS
1436
1441
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopySnapshot.Options
1437
1442
  # @return [String]
1438
1443
  #
1439
- # @!attribute [rw] destination_region
1444
+ # @!attribute [rw] target_custom_availability_zone
1445
+ # The external custom Availability Zone (CAZ) identifier for the
1446
+ # target CAZ.
1447
+ #
1448
+ # Example: `rds-caz-aiqhTgQv`.
1440
1449
  # @return [String]
1441
1450
  #
1442
1451
  # @!attribute [rw] source_region
@@ -1454,7 +1463,7 @@ module Aws::RDS
1454
1463
  :copy_tags,
1455
1464
  :pre_signed_url,
1456
1465
  :option_group_name,
1457
- :destination_region,
1466
+ :target_custom_availability_zone,
1458
1467
  :source_region)
1459
1468
  SENSITIVE = []
1460
1469
  include Aws::Structure
@@ -1491,25 +1500,13 @@ module Aws::RDS
1491
1500
  # }
1492
1501
  #
1493
1502
  # @!attribute [rw] source_option_group_identifier
1494
- # The identifier or ARN for the source option group. For information
1495
- # about creating an ARN, see [ Constructing an ARN for Amazon RDS][1]
1496
- # in the *Amazon RDS User Guide*.
1503
+ # The identifier for the source option group.
1497
1504
  #
1498
1505
  # Constraints:
1499
1506
  #
1500
1507
  # * Must specify a valid option group.
1501
1508
  #
1502
- # * If the source option group is in the same AWS Region as the copy,
1503
- # specify a valid option group identifier, for example
1504
- # `my-option-group`, or a valid ARN.
1505
- #
1506
- # * If the source option group is in a different AWS Region than the
1507
- # copy, specify a valid option group ARN, for example
1508
- # `arn:aws:rds:us-west-2:123456789012:og:special-options`.
1509
- #
1510
- #
1511
- #
1512
- # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing
1509
+ # ^
1513
1510
  # @return [String]
1514
1511
  #
1515
1512
  # @!attribute [rw] target_option_group_identifier
@@ -1950,31 +1947,27 @@ module Aws::RDS
1950
1947
  # @!attribute [rw] kms_key_id
1951
1948
  # The AWS KMS key identifier for an encrypted DB cluster.
1952
1949
  #
1953
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
1954
- # encryption key. If you are creating a DB cluster with the same AWS
1955
- # account that owns the KMS encryption key used to encrypt the new DB
1956
- # cluster, then you can use the KMS key alias instead of the ARN for
1957
- # the KMS encryption key.
1950
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
1951
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
1952
+ # in a different AWS account, specify the key ARN or alias ARN.
1958
1953
  #
1959
- # If an encryption key isn't specified in `KmsKeyId`\:
1954
+ # When a CMK isn't specified in `KmsKeyId`\:
1960
1955
  #
1961
1956
  # * If `ReplicationSourceIdentifier` identifies an encrypted source,
1962
- # then Amazon RDS will use the encryption key used to encrypt the
1963
- # source. Otherwise, Amazon RDS will use your default encryption
1964
- # key.
1957
+ # then Amazon RDS will use the CMK used to encrypt the source.
1958
+ # Otherwise, Amazon RDS will use your default CMK.
1965
1959
  #
1966
1960
  # * If the `StorageEncrypted` parameter is enabled and
1967
1961
  # `ReplicationSourceIdentifier` isn't specified, then Amazon RDS
1968
- # will use your default encryption key.
1962
+ # will use your default CMK.
1969
1963
  #
1970
- # AWS KMS creates the default encryption key for your AWS account.
1971
- # Your AWS account has a different default encryption key for each AWS
1972
- # Region.
1964
+ # There is a default CMK for your AWS account. Your AWS account has a
1965
+ # different default CMK for each AWS Region.
1973
1966
  #
1974
1967
  # If you create a read replica of an encrypted DB cluster in another
1975
- # AWS Region, you must set `KmsKeyId` to a KMS key ID that is valid in
1976
- # the destination AWS Region. This key is used to encrypt the read
1977
- # replica in that AWS Region.
1968
+ # AWS Region, you must set `KmsKeyId` to a AWS KMS key identifier that
1969
+ # is valid in the destination AWS Region. This CMK is used to encrypt
1970
+ # the read replica in that AWS Region.
1978
1971
  # @return [String]
1979
1972
  #
1980
1973
  # @!attribute [rw] pre_signed_url
@@ -1993,7 +1986,7 @@ module Aws::RDS
1993
1986
  #
1994
1987
  # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1995
1988
  # encrypt the copy of the DB cluster in the destination AWS Region.
1996
- # This should refer to the same KMS key for both the
1989
+ # This should refer to the same AWS KMS CMK for both the
1997
1990
  # `CreateDBCluster` action that is called in the destination AWS
1998
1991
  # Region, and the action contained in the pre-signed URL.
1999
1992
  #
@@ -2077,15 +2070,23 @@ module Aws::RDS
2077
2070
  # @return [Array<String>]
2078
2071
  #
2079
2072
  # @!attribute [rw] engine_mode
2080
- # The DB engine mode of the DB cluster, either `provisioned`,
2073
+ # The DB engine mode of the DB cluster, either `provisioned`
2081
2074
  # `serverless`, `parallelquery`, `global`, or `multimaster`.
2082
2075
  #
2083
- # <note markdown="1"> `global` engine mode only applies for global database clusters
2084
- # created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
2085
- # versions, the clusters in a global database use `provisioned` engine
2086
- # mode.
2076
+ # The `parallelquery` engine mode isn't required for Aurora MySQL
2077
+ # version 1.23 and higher 1.x versions, and version 2.09 and higher
2078
+ # 2.x versions.
2087
2079
  #
2088
- # </note>
2080
+ # The `global` engine mode isn't required for Aurora MySQL version
2081
+ # 1.22 and higher 1.x versions, and `global` engine mode isn't
2082
+ # required for any 2.x versions.
2083
+ #
2084
+ # The `multimaster` engine mode only applies for DB clusters created
2085
+ # with Aurora MySQL version 5.6.10a.
2086
+ #
2087
+ # For Aurora PostgreSQL, the `global` engine mode isn't required, and
2088
+ # both the `parallelquery` and the `multimaster` engine modes
2089
+ # currently aren't supported.
2089
2090
  #
2090
2091
  # Limitations and requirements apply to some DB engine modes. For more
2091
2092
  # information, see the following sections in the *Amazon Aurora User
@@ -2095,7 +2096,7 @@ module Aws::RDS
2095
2096
  #
2096
2097
  # * [ Limitations of Parallel Query][2]
2097
2098
  #
2098
- # * [ Requirements for Aurora Global Databases][3]
2099
+ # * [ Limitations of Aurora Global Databases][3]
2099
2100
  #
2100
2101
  # * [ Limitations of Multi-Master Clusters][4]
2101
2102
  #
@@ -2173,9 +2174,6 @@ module Aws::RDS
2173
2174
  # disallows write operations for secondary clusters.
2174
2175
  # @return [Boolean]
2175
2176
  #
2176
- # @!attribute [rw] destination_region
2177
- # @return [String]
2178
- #
2179
2177
  # @!attribute [rw] source_region
2180
2178
  # The source region of the snapshot. This is only needed when the
2181
2179
  # shapshot is encrypted and in a different region.
@@ -2217,7 +2215,6 @@ module Aws::RDS
2217
2215
  :domain,
2218
2216
  :domain_iam_role_name,
2219
2217
  :enable_global_write_forwarding,
2220
- :destination_region,
2221
2218
  :source_region)
2222
2219
  SENSITIVE = []
2223
2220
  include Aws::Structure
@@ -2998,7 +2995,7 @@ module Aws::RDS
2998
2995
  #
2999
2996
  # **Microsoft SQL Server**
3000
2997
  #
3001
- # See [Version and Feature Support on Amazon RDS][2] in the *Amazon
2998
+ # See [Microsoft SQL Server Versions on Amazon RDS][2] in the *Amazon
3002
2999
  # RDS User Guide.*
3003
3000
  #
3004
3001
  # **MySQL**
@@ -3019,7 +3016,7 @@ module Aws::RDS
3019
3016
  #
3020
3017
  #
3021
3018
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt
3022
- # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
3019
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
3023
3020
  # [3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
3024
3021
  # [4]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html
3025
3022
  # [5]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions
@@ -3156,22 +3153,19 @@ module Aws::RDS
3156
3153
  # @!attribute [rw] kms_key_id
3157
3154
  # The AWS KMS key identifier for an encrypted DB instance.
3158
3155
  #
3159
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
3160
- # encryption key. If you are creating a DB instance with the same AWS
3161
- # account that owns the KMS encryption key used to encrypt the new DB
3162
- # instance, then you can use the KMS key alias instead of the ARN for
3163
- # the KM encryption key.
3156
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3157
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
3158
+ # in a different AWS account, specify the key ARN or alias ARN.
3164
3159
  #
3165
3160
  # **Amazon Aurora**
3166
3161
  #
3167
- # Not applicable. The KMS key identifier is managed by the DB cluster.
3168
- # For more information, see `CreateDBCluster`.
3162
+ # Not applicable. The AWS KMS key identifier is managed by the DB
3163
+ # cluster. For more information, see `CreateDBCluster`.
3169
3164
  #
3170
3165
  # If `StorageEncrypted` is enabled, and you do not specify a value for
3171
- # the `KmsKeyId` parameter, then Amazon RDS will use your default
3172
- # encryption key. AWS KMS creates the default encryption key for your
3173
- # AWS account. Your AWS account has a different default encryption key
3174
- # for each AWS Region.
3166
+ # the `KmsKeyId` parameter, then Amazon RDS uses your default CMK.
3167
+ # There is a default CMK for your AWS account. Your AWS account has a
3168
+ # different default CMK for each AWS Region.
3175
3169
  # @return [String]
3176
3170
  #
3177
3171
  # @!attribute [rw] domain
@@ -3258,29 +3252,8 @@ module Aws::RDS
3258
3252
  # Access Management (IAM) accounts to database accounts. By default,
3259
3253
  # mapping is disabled.
3260
3254
  #
3261
- # You can enable IAM database authentication for the following
3262
- # database engines:
3263
- #
3264
- # **Amazon Aurora**
3265
- #
3266
- # Not applicable. Mapping AWS IAM accounts to database accounts is
3267
- # managed by the DB cluster.
3268
- #
3269
- # **MySQL**
3270
- #
3271
- # * For MySQL 5.6, minor version 5.6.34 or higher
3272
- #
3273
- # * For MySQL 5.7, minor version 5.7.16 or higher
3274
- #
3275
- # * For MySQL 8.0, minor version 8.0.16 or higher
3276
- #
3277
- # **PostgreSQL**
3278
- #
3279
- # * For PostgreSQL 9.5, minor version 9.5.15 or higher
3280
- #
3281
- # * For PostgreSQL 9.6, minor version 9.6.11 or higher
3282
- #
3283
- # * PostgreSQL 10.6, 10.7, and 10.9
3255
+ # This setting doesn't apply to Amazon Aurora. Mapping AWS IAM
3256
+ # accounts to database accounts is managed by the DB cluster.
3284
3257
  #
3285
3258
  # For more information, see [ IAM Database Authentication for MySQL
3286
3259
  # and PostgreSQL][1] in the *Amazon RDS User Guide.*
@@ -3304,13 +3277,15 @@ module Aws::RDS
3304
3277
  #
3305
3278
  # @!attribute [rw] performance_insights_kms_key_id
3306
3279
  # The AWS KMS key identifier for encryption of Performance Insights
3307
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
3308
- # identifier, or the KMS key alias for the KMS encryption key.
3280
+ # data.
3281
+ #
3282
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3283
+ # alias name for the AWS KMS customer master key (CMK).
3309
3284
  #
3310
3285
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
3311
- # then Amazon RDS uses your default encryption key. AWS KMS creates
3312
- # the default encryption key for your AWS account. Your AWS account
3313
- # has a different default encryption key for each AWS Region.
3286
+ # then Amazon RDS uses your default CMK. There is a default CMK for
3287
+ # your AWS account. Your AWS account has a different default CMK for
3288
+ # each AWS Region.
3314
3289
  # @return [String]
3315
3290
  #
3316
3291
  # @!attribute [rw] performance_insights_retention_period
@@ -3325,6 +3300,11 @@ module Aws::RDS
3325
3300
  # Amazon CloudWatch Logs ][1] in the *Amazon Relational Database
3326
3301
  # Service User Guide*.
3327
3302
  #
3303
+ # **Amazon Aurora**
3304
+ #
3305
+ # Not applicable. CloudWatch Logs exports are managed by the DB
3306
+ # cluster.
3307
+ #
3328
3308
  # **MariaDB**
3329
3309
  #
3330
3310
  # Possible values are `audit`, `error`, `general`, and `slowquery`.
@@ -3477,6 +3457,7 @@ module Aws::RDS
3477
3457
  # domain: "String",
3478
3458
  # domain_iam_role_name: "String",
3479
3459
  # replica_mode: "open-read-only", # accepts open-read-only, mounted
3460
+ # max_allocated_storage: 1,
3480
3461
  # source_region: "String",
3481
3462
  # }
3482
3463
  #
@@ -3722,19 +3703,20 @@ module Aws::RDS
3722
3703
  # @return [String]
3723
3704
  #
3724
3705
  # @!attribute [rw] kms_key_id
3725
- # The AWS KMS key ID for an encrypted read replica. The KMS key ID is
3726
- # the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
3727
- # alias for the KMS encryption key.
3706
+ # The AWS KMS key identifier for an encrypted read replica.
3707
+ #
3708
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3709
+ # alias name for the AWS KMS CMK.
3728
3710
  #
3729
3711
  # If you create an encrypted read replica in the same AWS Region as
3730
3712
  # the source DB instance, then you do not have to specify a value for
3731
- # this parameter. The read replica is encrypted with the same KMS key
3732
- # as the source DB instance.
3713
+ # this parameter. The read replica is encrypted with the same AWS KMS
3714
+ # CMK as the source DB instance.
3733
3715
  #
3734
3716
  # If you create an encrypted read replica in a different AWS Region,
3735
- # then you must specify a KMS key for the destination AWS Region. KMS
3736
- # encryption keys are specific to the AWS Region that they are created
3737
- # in, and you can't use encryption keys from one AWS Region in
3717
+ # then you must specify a AWS KMS key identifier for the destination
3718
+ # AWS Region. AWS KMS CMKs are specific to the AWS Region that they
3719
+ # are created in, and you can't use CMKs from one AWS Region in
3738
3720
  # another AWS Region.
3739
3721
  #
3740
3722
  # You can't create an encrypted read replica from an unencrypted DB
@@ -3808,8 +3790,7 @@ module Aws::RDS
3808
3790
  # @!attribute [rw] enable_iam_database_authentication
3809
3791
  # A value that indicates whether to enable mapping of AWS Identity and
3810
3792
  # Access Management (IAM) accounts to database accounts. By default,
3811
- # mapping is disabled. For information about the supported DB engines,
3812
- # see CreateDBInstance.
3793
+ # mapping is disabled.
3813
3794
  #
3814
3795
  # For more information about IAM database authentication, see [ IAM
3815
3796
  # Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -3834,13 +3815,15 @@ module Aws::RDS
3834
3815
  #
3835
3816
  # @!attribute [rw] performance_insights_kms_key_id
3836
3817
  # The AWS KMS key identifier for encryption of Performance Insights
3837
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
3838
- # identifier, or the KMS key alias for the KMS encryption key.
3818
+ # data.
3819
+ #
3820
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3821
+ # alias name for the AWS KMS customer master key (CMK).
3839
3822
  #
3840
3823
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
3841
- # then Amazon RDS uses your default encryption key. AWS KMS creates
3842
- # the default encryption key for your AWS account. Your AWS account
3843
- # has a different default encryption key for each AWS Region.
3824
+ # then Amazon RDS uses your default CMK. There is a default CMK for
3825
+ # your AWS account. Your AWS account has a different default CMK for
3826
+ # each AWS Region.
3844
3827
  # @return [String]
3845
3828
  #
3846
3829
  # @!attribute [rw] performance_insights_retention_period
@@ -3922,8 +3905,10 @@ module Aws::RDS
3922
3905
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
3923
3906
  # @return [String]
3924
3907
  #
3925
- # @!attribute [rw] destination_region
3926
- # @return [String]
3908
+ # @!attribute [rw] max_allocated_storage
3909
+ # The upper limit to which Amazon RDS can automatically scale the
3910
+ # storage of the DB instance.
3911
+ # @return [Integer]
3927
3912
  #
3928
3913
  # @!attribute [rw] source_region
3929
3914
  # The source region of the snapshot. This is only needed when the
@@ -3964,7 +3949,7 @@ module Aws::RDS
3964
3949
  :domain,
3965
3950
  :domain_iam_role_name,
3966
3951
  :replica_mode,
3967
- :destination_region,
3952
+ :max_allocated_storage,
3968
3953
  :source_region)
3969
3954
  SENSITIVE = []
3970
3955
  include Aws::Structure
@@ -4912,12 +4897,15 @@ module Aws::RDS
4912
4897
  # @!attribute [rw] kms_key_id
4913
4898
  # If `StorageEncrypted` is enabled, the AWS KMS key identifier for the
4914
4899
  # encrypted DB cluster.
4900
+ #
4901
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
4902
+ # alias name for the AWS KMS customer master key (CMK).
4915
4903
  # @return [String]
4916
4904
  #
4917
4905
  # @!attribute [rw] db_cluster_resource_id
4918
4906
  # The AWS Region-unique, immutable identifier for the DB cluster. This
4919
4907
  # identifier is found in AWS CloudTrail log entries whenever the AWS
4920
- # KMS key for the DB cluster is accessed.
4908
+ # KMS CMK for the DB cluster is accessed.
4921
4909
  # @return [String]
4922
4910
  #
4923
4911
  # @!attribute [rw] db_cluster_arn
@@ -4988,14 +4976,11 @@ module Aws::RDS
4988
4976
  # The DB engine mode of the DB cluster, either `provisioned`,
4989
4977
  # `serverless`, `parallelquery`, `global`, or `multimaster`.
4990
4978
  #
4991
- # <note markdown="1"> `global` engine mode only applies for global database clusters
4992
- # created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
4993
- # versions, the clusters in a global database use `provisioned` engine
4994
- # mode. To check if a DB cluster is part of a global database, use
4995
- # `DescribeGlobalClusters` instead of checking the `EngineMode` return
4996
- # value from `DescribeDBClusters`.
4979
+ # For more information, see [ CreateDBCluster][1].
4997
4980
  #
4998
- # </note>
4981
+ #
4982
+ #
4983
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html
4999
4984
  # @return [String]
5000
4985
  #
5001
4986
  # @!attribute [rw] scaling_configuration_info
@@ -5046,6 +5031,9 @@ module Aws::RDS
5046
5031
  # @!attribute [rw] activity_stream_kms_key_id
5047
5032
  # The AWS KMS key identifier used for encrypting messages in the
5048
5033
  # database activity stream.
5034
+ #
5035
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
5036
+ # alias name for the AWS KMS customer master key (CMK).
5049
5037
  # @return [String]
5050
5038
  #
5051
5039
  # @!attribute [rw] activity_stream_kinesis_stream_name
@@ -5068,6 +5056,15 @@ module Aws::RDS
5068
5056
  # DB cluster.
5069
5057
  # @return [Array<Types::DomainMembership>]
5070
5058
  #
5059
+ # @!attribute [rw] tag_list
5060
+ # A list of tags. For more information, see [Tagging Amazon RDS
5061
+ # Resources][1] in the *Amazon RDS User Guide.*
5062
+ #
5063
+ #
5064
+ #
5065
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
5066
+ # @return [Array<Types::Tag>]
5067
+ #
5071
5068
  # @!attribute [rw] global_write_forwarding_status
5072
5069
  # Specifies whether a secondary cluster in an Aurora global database
5073
5070
  # has write forwarding enabled, not enabled, or is in the process of
@@ -5138,6 +5135,7 @@ module Aws::RDS
5138
5135
  :copy_tags_to_snapshot,
5139
5136
  :cross_account_clone,
5140
5137
  :domain_memberships,
5138
+ :tag_list,
5141
5139
  :global_write_forwarding_status,
5142
5140
  :global_write_forwarding_requested)
5143
5141
  SENSITIVE = []
@@ -5729,6 +5727,9 @@ module Aws::RDS
5729
5727
  # @!attribute [rw] kms_key_id
5730
5728
  # If `StorageEncrypted` is true, the AWS KMS key identifier for the
5731
5729
  # encrypted DB cluster snapshot.
5730
+ #
5731
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
5732
+ # alias name for the AWS KMS customer master key (CMK).
5732
5733
  # @return [String]
5733
5734
  #
5734
5735
  # @!attribute [rw] db_cluster_snapshot_arn
@@ -5746,6 +5747,15 @@ module Aws::RDS
5746
5747
  # to database accounts is enabled, and otherwise false.
5747
5748
  # @return [Boolean]
5748
5749
  #
5750
+ # @!attribute [rw] tag_list
5751
+ # A list of tags. For more information, see [Tagging Amazon RDS
5752
+ # Resources][1] in the *Amazon RDS User Guide.*
5753
+ #
5754
+ #
5755
+ #
5756
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
5757
+ # @return [Array<Types::Tag>]
5758
+ #
5749
5759
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBClusterSnapshot AWS API Documentation
5750
5760
  #
5751
5761
  class DBClusterSnapshot < Struct.new(
@@ -5768,7 +5778,8 @@ module Aws::RDS
5768
5778
  :kms_key_id,
5769
5779
  :db_cluster_snapshot_arn,
5770
5780
  :source_db_cluster_snapshot_arn,
5771
- :iam_database_authentication_enabled)
5781
+ :iam_database_authentication_enabled,
5782
+ :tag_list)
5772
5783
  SENSITIVE = []
5773
5784
  include Aws::Structure
5774
5785
  end
@@ -5937,13 +5948,6 @@ module Aws::RDS
5937
5948
  #
5938
5949
  # @!attribute [rw] supported_engine_modes
5939
5950
  # A list of the supported DB engine modes.
5940
- #
5941
- # <note markdown="1"> `global` engine mode only applies for global database clusters
5942
- # created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
5943
- # versions, the clusters in a global database use `provisioned` engine
5944
- # mode.
5945
- #
5946
- # </note>
5947
5951
  # @return [Array<String>]
5948
5952
  #
5949
5953
  # @!attribute [rw] supported_feature_names
@@ -6262,12 +6266,15 @@ module Aws::RDS
6262
6266
  # @!attribute [rw] kms_key_id
6263
6267
  # If `StorageEncrypted` is true, the AWS KMS key identifier for the
6264
6268
  # encrypted DB instance.
6269
+ #
6270
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6271
+ # alias name for the AWS KMS customer master key (CMK).
6265
6272
  # @return [String]
6266
6273
  #
6267
6274
  # @!attribute [rw] dbi_resource_id
6268
6275
  # The AWS Region-unique, immutable identifier for the DB instance.
6269
6276
  # This identifier is found in AWS CloudTrail log entries whenever the
6270
- # AWS KMS key for the DB instance is accessed.
6277
+ # AWS KMS customer master key (CMK) for the DB instance is accessed.
6271
6278
  # @return [String]
6272
6279
  #
6273
6280
  # @!attribute [rw] ca_certificate_identifier
@@ -6349,8 +6356,10 @@ module Aws::RDS
6349
6356
  #
6350
6357
  # @!attribute [rw] performance_insights_kms_key_id
6351
6358
  # The AWS KMS key identifier for encryption of Performance Insights
6352
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
6353
- # identifier, or the KMS key alias for the KMS encryption key.
6359
+ # data.
6360
+ #
6361
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6362
+ # alias name for the AWS KMS customer master key (CMK).
6354
6363
  # @return [String]
6355
6364
  #
6356
6365
  # @!attribute [rw] performance_insights_retention_period
@@ -6400,6 +6409,20 @@ module Aws::RDS
6400
6409
  # storage of the DB instance.
6401
6410
  # @return [Integer]
6402
6411
  #
6412
+ # @!attribute [rw] tag_list
6413
+ # A list of tags. For more information, see [Tagging Amazon RDS
6414
+ # Resources][1] in the *Amazon RDS User Guide.*
6415
+ #
6416
+ #
6417
+ #
6418
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
6419
+ # @return [Array<Types::Tag>]
6420
+ #
6421
+ # @!attribute [rw] db_instance_automated_backups_replications
6422
+ # The list of replicated automated backups associated with the DB
6423
+ # instance.
6424
+ # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
6425
+ #
6403
6426
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstance AWS API Documentation
6404
6427
  #
6405
6428
  class DBInstance < Struct.new(
@@ -6462,7 +6485,9 @@ module Aws::RDS
6462
6485
  :deletion_protection,
6463
6486
  :associated_roles,
6464
6487
  :listener_endpoint,
6465
- :max_allocated_storage)
6488
+ :max_allocated_storage,
6489
+ :tag_list,
6490
+ :db_instance_automated_backups_replications)
6466
6491
  SENSITIVE = []
6467
6492
  include Aws::Structure
6468
6493
  end
@@ -6473,12 +6498,12 @@ module Aws::RDS
6473
6498
  #
6474
6499
  class DBInstanceAlreadyExistsFault < Aws::EmptyStructure; end
6475
6500
 
6476
- # An automated backup of a DB instance. It it consists of system
6477
- # backups, transaction logs, and the database instance properties that
6478
- # existed at the time you deleted the source instance.
6501
+ # An automated backup of a DB instance. It consists of system backups,
6502
+ # transaction logs, and the database instance properties that existed at
6503
+ # the time you deleted the source instance.
6479
6504
  #
6480
6505
  # @!attribute [rw] db_instance_arn
6481
- # The Amazon Resource Name (ARN) for the automated backup.
6506
+ # The Amazon Resource Name (ARN) for the automated backups.
6482
6507
  # @return [String]
6483
6508
  #
6484
6509
  # @!attribute [rw] dbi_resource_id
@@ -6579,9 +6604,10 @@ module Aws::RDS
6579
6604
  # @return [String]
6580
6605
  #
6581
6606
  # @!attribute [rw] kms_key_id
6582
- # The AWS KMS key ID for an automated backup. The KMS key ID is the
6583
- # Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias
6584
- # for the KMS encryption key.
6607
+ # The AWS KMS key ID for an automated backup.
6608
+ #
6609
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6610
+ # alias name for the AWS KMS customer master key (CMK).
6585
6611
  # @return [String]
6586
6612
  #
6587
6613
  # @!attribute [rw] timezone
@@ -6595,6 +6621,19 @@ module Aws::RDS
6595
6621
  # to database accounts is enabled, and otherwise false.
6596
6622
  # @return [Boolean]
6597
6623
  #
6624
+ # @!attribute [rw] backup_retention_period
6625
+ # The retention period for the automated backups.
6626
+ # @return [Integer]
6627
+ #
6628
+ # @!attribute [rw] db_instance_automated_backups_arn
6629
+ # The Amazon Resource Name (ARN) for the replicated automated backups.
6630
+ # @return [String]
6631
+ #
6632
+ # @!attribute [rw] db_instance_automated_backups_replications
6633
+ # The list of replications to different AWS Regions associated with
6634
+ # the automated backup.
6635
+ # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
6636
+ #
6598
6637
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackup AWS API Documentation
6599
6638
  #
6600
6639
  class DBInstanceAutomatedBackup < Struct.new(
@@ -6620,7 +6659,10 @@ module Aws::RDS
6620
6659
  :storage_type,
6621
6660
  :kms_key_id,
6622
6661
  :timezone,
6623
- :iam_database_authentication_enabled)
6662
+ :iam_database_authentication_enabled,
6663
+ :backup_retention_period,
6664
+ :db_instance_automated_backups_arn,
6665
+ :db_instance_automated_backups_replications)
6624
6666
  SENSITIVE = []
6625
6667
  include Aws::Structure
6626
6668
  end
@@ -6661,6 +6703,22 @@ module Aws::RDS
6661
6703
  #
6662
6704
  class DBInstanceAutomatedBackupQuotaExceededFault < Aws::EmptyStructure; end
6663
6705
 
6706
+ # Automated backups of a DB instance replicated to another AWS Region.
6707
+ # They consist of system backups, transaction logs, and database
6708
+ # instance properties.
6709
+ #
6710
+ # @!attribute [rw] db_instance_automated_backups_arn
6711
+ # The Amazon Resource Name (ARN) of the replicated automated backups.
6712
+ # @return [String]
6713
+ #
6714
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackupsReplication AWS API Documentation
6715
+ #
6716
+ class DBInstanceAutomatedBackupsReplication < Struct.new(
6717
+ :db_instance_automated_backups_arn)
6718
+ SENSITIVE = []
6719
+ include Aws::Structure
6720
+ end
6721
+
6664
6722
  # Contains the result of a successful invocation of the
6665
6723
  # `DescribeDBInstances` action.
6666
6724
  #
@@ -7048,7 +7106,7 @@ module Aws::RDS
7048
7106
  class DBProxyAlreadyExistsFault < Aws::EmptyStructure; end
7049
7107
 
7050
7108
  # The specified proxy name doesn't correspond to a proxy owned by your
7051
- # AWS accoutn in the specified AWS Region.
7109
+ # AWS account in the specified AWS Region.
7052
7110
  #
7053
7111
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBProxyNotFoundFault AWS API Documentation
7054
7112
  #
@@ -7338,7 +7396,7 @@ module Aws::RDS
7338
7396
  # @return [String]
7339
7397
  #
7340
7398
  # @!attribute [rw] snapshot_create_time
7341
- # Specifies when the snapshot was taken in Coodinated Universal Time
7399
+ # Specifies when the snapshot was taken in Coordinated Universal Time
7342
7400
  # (UTC).
7343
7401
  # @return [Time]
7344
7402
  #
@@ -7428,6 +7486,9 @@ module Aws::RDS
7428
7486
  # @!attribute [rw] kms_key_id
7429
7487
  # If `Encrypted` is true, the AWS KMS key identifier for the encrypted
7430
7488
  # DB snapshot.
7489
+ #
7490
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
7491
+ # alias name for the AWS KMS customer master key (CMK).
7431
7492
  # @return [String]
7432
7493
  #
7433
7494
  # @!attribute [rw] db_snapshot_arn
@@ -7457,6 +7518,15 @@ module Aws::RDS
7457
7518
  # and which is unique to an AWS Region.
7458
7519
  # @return [String]
7459
7520
  #
7521
+ # @!attribute [rw] tag_list
7522
+ # A list of tags. For more information, see [Tagging Amazon RDS
7523
+ # Resources][1] in the *Amazon RDS User Guide.*
7524
+ #
7525
+ #
7526
+ #
7527
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
7528
+ # @return [Array<Types::Tag>]
7529
+ #
7460
7530
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBSnapshot AWS API Documentation
7461
7531
  #
7462
7532
  class DBSnapshot < Struct.new(
@@ -7487,7 +7557,8 @@ module Aws::RDS
7487
7557
  :timezone,
7488
7558
  :iam_database_authentication_enabled,
7489
7559
  :processor_features,
7490
- :dbi_resource_id)
7560
+ :dbi_resource_id,
7561
+ :tag_list)
7491
7562
  SENSITIVE = []
7492
7563
  include Aws::Structure
7493
7564
  end
@@ -7903,7 +7974,8 @@ module Aws::RDS
7903
7974
  # data as a hash:
7904
7975
  #
7905
7976
  # {
7906
- # dbi_resource_id: "String", # required
7977
+ # dbi_resource_id: "String",
7978
+ # db_instance_automated_backups_arn: "String",
7907
7979
  # }
7908
7980
  #
7909
7981
  # @!attribute [rw] dbi_resource_id
@@ -7911,18 +7983,25 @@ module Aws::RDS
7911
7983
  # and which is unique to an AWS Region.
7912
7984
  # @return [String]
7913
7985
  #
7986
+ # @!attribute [rw] db_instance_automated_backups_arn
7987
+ # The Amazon Resource Name (ARN) of the automated backups to delete,
7988
+ # for example,
7989
+ # `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
7990
+ # @return [String]
7991
+ #
7914
7992
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupMessage AWS API Documentation
7915
7993
  #
7916
7994
  class DeleteDBInstanceAutomatedBackupMessage < Struct.new(
7917
- :dbi_resource_id)
7995
+ :dbi_resource_id,
7996
+ :db_instance_automated_backups_arn)
7918
7997
  SENSITIVE = []
7919
7998
  include Aws::Structure
7920
7999
  end
7921
8000
 
7922
8001
  # @!attribute [rw] db_instance_automated_backup
7923
- # An automated backup of a DB instance. It it consists of system
7924
- # backups, transaction logs, and the database instance properties that
7925
- # existed at the time you deleted the source instance.
8002
+ # An automated backup of a DB instance. It consists of system backups,
8003
+ # transaction logs, and the database instance properties that existed
8004
+ # at the time you deleted the source instance.
7926
8005
  # @return [Types::DBInstanceAutomatedBackup]
7927
8006
  #
7928
8007
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupResult AWS API Documentation
@@ -9140,6 +9219,7 @@ module Aws::RDS
9140
9219
  # ],
9141
9220
  # max_records: 1,
9142
9221
  # marker: "String",
9222
+ # db_instance_automated_backups_arn: "String",
9143
9223
  # }
9144
9224
  #
9145
9225
  # @!attribute [rw] dbi_resource_id
@@ -9195,6 +9275,12 @@ module Aws::RDS
9195
9275
  # marker, up to `MaxRecords`.
9196
9276
  # @return [String]
9197
9277
  #
9278
+ # @!attribute [rw] db_instance_automated_backups_arn
9279
+ # The Amazon Resource Name (ARN) of the replicated automated backups,
9280
+ # for example,
9281
+ # `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
9282
+ # @return [String]
9283
+ #
9198
9284
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstanceAutomatedBackupsMessage AWS API Documentation
9199
9285
  #
9200
9286
  class DescribeDBInstanceAutomatedBackupsMessage < Struct.new(
@@ -9202,7 +9288,8 @@ module Aws::RDS
9202
9288
  :db_instance_identifier,
9203
9289
  :filters,
9204
9290
  :max_records,
9205
- :marker)
9291
+ :marker,
9292
+ :db_instance_automated_backups_arn)
9206
9293
  SENSITIVE = []
9207
9294
  include Aws::Structure
9208
9295
  end
@@ -11710,11 +11797,11 @@ module Aws::RDS
11710
11797
  # @return [String]
11711
11798
  #
11712
11799
  # @!attribute [rw] kms_key_id
11713
- # The ID of the AWS KMS key that is used to encrypt the snapshot when
11714
- # it's exported to Amazon S3. The KMS key ID is the Amazon Resource
11715
- # Name (ARN), the KMS key identifier, or the KMS key alias for the KMS
11716
- # encryption key. The IAM role used for the snapshot export must have
11717
- # encryption and decryption permissions to use this KMS key.
11800
+ # The key identifier of the AWS KMS customer master key (CMK) that is
11801
+ # used to encrypt the snapshot when it's exported to Amazon S3. The
11802
+ # AWS KMS CMK identifier is its key ARN, key ID, alias ARN, or alias
11803
+ # name. The IAM role used for the snapshot export must have encryption
11804
+ # and decryption permissions to use this AWS KMS CMK.
11718
11805
  # @return [String]
11719
11806
  #
11720
11807
  # @!attribute [rw] status
@@ -11898,7 +11985,8 @@ module Aws::RDS
11898
11985
  # @!attribute [rw] global_cluster_resource_id
11899
11986
  # The AWS Region-unique, immutable identifier for the global database
11900
11987
  # cluster. This identifier is found in AWS CloudTrail log entries
11901
- # whenever the AWS KMS key for the DB cluster is accessed.
11988
+ # whenever the AWS KMS customer master key (CMK) for the DB cluster is
11989
+ # accessed.
11902
11990
  # @return [String]
11903
11991
  #
11904
11992
  # @!attribute [rw] global_cluster_arn
@@ -12096,12 +12184,12 @@ module Aws::RDS
12096
12184
  #
12097
12185
  # **Microsoft SQL Server**
12098
12186
  #
12099
- # See [Version and Feature Support on Amazon RDS][1] in the *Amazon
12187
+ # See [ Microsoft SQL Server Versions on Amazon RDS][1] in the *Amazon
12100
12188
  # RDS User Guide.*
12101
12189
  #
12102
12190
  #
12103
12191
  #
12104
- # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
12192
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
12105
12193
  # @return [String]
12106
12194
  #
12107
12195
  # @!attribute [rw] engine_installation_media_path
@@ -13452,7 +13540,7 @@ module Aws::RDS
13452
13540
  # The version number of the database engine to upgrade to. Changing
13453
13541
  # this parameter results in an outage and the change is applied during
13454
13542
  # the next maintenance window unless the `ApplyImmediately` parameter
13455
- # is eanbled for this request.
13543
+ # is enabled for this request.
13456
13544
  #
13457
13545
  # For major version upgrades, if a nondefault DB parameter group is
13458
13546
  # currently in use, a new DB parameter group in the DB parameter group
@@ -13751,8 +13839,10 @@ module Aws::RDS
13751
13839
  # @!attribute [rw] enable_iam_database_authentication
13752
13840
  # A value that indicates whether to enable mapping of AWS Identity and
13753
13841
  # Access Management (IAM) accounts to database accounts. By default,
13754
- # mapping is disabled. For information about the supported DB engines,
13755
- # see CreateDBInstance.
13842
+ # mapping is disabled.
13843
+ #
13844
+ # This setting doesn't apply to Amazon Aurora. Mapping AWS IAM
13845
+ # accounts to database accounts is managed by the DB cluster.
13756
13846
  #
13757
13847
  # For more information about IAM database authentication, see [ IAM
13758
13848
  # Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -13777,13 +13867,15 @@ module Aws::RDS
13777
13867
  #
13778
13868
  # @!attribute [rw] performance_insights_kms_key_id
13779
13869
  # The AWS KMS key identifier for encryption of Performance Insights
13780
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
13781
- # identifier, or the KMS key alias for the KMS encryption key.
13870
+ # data.
13871
+ #
13872
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
13873
+ # alias name for the AWS KMS customer master key (CMK).
13782
13874
  #
13783
13875
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
13784
- # then Amazon RDS uses your default encryption key. AWS KMS creates
13785
- # the default encryption key for your AWS account. Your AWS account
13786
- # has a different default encryption key for each AWS Region.
13876
+ # then Amazon RDS uses your default CMK. There is a default CMK for
13877
+ # your AWS account. Your AWS account has a different default CMK for
13878
+ # each AWS Region.
13787
13879
  # @return [String]
13788
13880
  #
13789
13881
  # @!attribute [rw] performance_insights_retention_period
@@ -15188,13 +15280,6 @@ module Aws::RDS
15188
15280
  #
15189
15281
  # @!attribute [rw] supported_engine_modes
15190
15282
  # A list of the supported DB engine modes.
15191
- #
15192
- # <note markdown="1"> `global` engine mode only applies for global database clusters
15193
- # created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
15194
- # versions, the clusters in a global database use `provisioned` engine
15195
- # mode.
15196
- #
15197
- # </note>
15198
15283
  # @return [Array<String>]
15199
15284
  #
15200
15285
  # @!attribute [rw] supports_storage_autoscaling
@@ -16113,7 +16198,7 @@ module Aws::RDS
16113
16198
  #
16114
16199
  # @!attribute [rw] role_arn
16115
16200
  # The Amazon Resource Name (ARN) of the IAM role to disassociate from
16116
- # the DB instance, for example
16201
+ # the DB instance, for example,
16117
16202
  # `arn:aws:iam::123456789012:role/AccessRole`.
16118
16203
  # @return [String]
16119
16204
  #
@@ -16830,17 +16915,14 @@ module Aws::RDS
16830
16915
  # @!attribute [rw] kms_key_id
16831
16916
  # The AWS KMS key identifier for an encrypted DB cluster.
16832
16917
  #
16833
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
16834
- # encryption key. If you are creating a DB cluster with the same AWS
16835
- # account that owns the KMS encryption key used to encrypt the new DB
16836
- # cluster, then you can use the KMS key alias instead of the ARN for
16837
- # the KM encryption key.
16918
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
16919
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
16920
+ # in a different AWS account, specify the key ARN or alias ARN.
16838
16921
  #
16839
16922
  # If the StorageEncrypted parameter is enabled, and you do not specify
16840
16923
  # a value for the `KmsKeyId` parameter, then Amazon RDS will use your
16841
- # default encryption key. AWS KMS creates the default encryption key
16842
- # for your AWS account. Your AWS account has a different default
16843
- # encryption key for each AWS Region.
16924
+ # default CMK. There is a default CMK for your AWS account. Your AWS
16925
+ # account has a different default CMK for each AWS Region.
16844
16926
  # @return [String]
16845
16927
  #
16846
16928
  # @!attribute [rw] enable_iam_database_authentication
@@ -17158,18 +17240,16 @@ module Aws::RDS
17158
17240
  # The AWS KMS key identifier to use when restoring an encrypted DB
17159
17241
  # cluster from a DB snapshot or DB cluster snapshot.
17160
17242
  #
17161
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
17162
- # encryption key. If you are restoring a DB cluster with the same AWS
17163
- # account that owns the KMS encryption key used to encrypt the new DB
17164
- # cluster, then you can use the KMS key alias instead of the ARN for
17165
- # the KMS encryption key.
17243
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
17244
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
17245
+ # in a different AWS account, specify the key ARN or alias ARN.
17166
17246
  #
17167
- # If you don't specify a value for the `KmsKeyId` parameter, then the
17168
- # following occurs:
17247
+ # When you don't specify a value for the `KmsKeyId` parameter, then
17248
+ # the following occurs:
17169
17249
  #
17170
17250
  # * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
17171
17251
  # is encrypted, then the restored DB cluster is encrypted using the
17172
- # KMS key that was used to encrypt the DB snapshot or DB cluster
17252
+ # AWS KMS CMK that was used to encrypt the DB snapshot or DB cluster
17173
17253
  # snapshot.
17174
17254
  #
17175
17255
  # * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
@@ -17221,6 +17301,12 @@ module Aws::RDS
17221
17301
  # @!attribute [rw] engine_mode
17222
17302
  # The DB engine mode of the DB cluster, either `provisioned`,
17223
17303
  # `serverless`, `parallelquery`, `global`, or `multimaster`.
17304
+ #
17305
+ # For more information, see [ CreateDBCluster][1].
17306
+ #
17307
+ #
17308
+ #
17309
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html
17224
17310
  # @return [String]
17225
17311
  #
17226
17312
  # @!attribute [rw] scaling_configuration
@@ -17458,23 +17544,21 @@ module Aws::RDS
17458
17544
  # The AWS KMS key identifier to use when restoring an encrypted DB
17459
17545
  # cluster from an encrypted DB cluster.
17460
17546
  #
17461
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
17462
- # encryption key. If you are restoring a DB cluster with the same AWS
17463
- # account that owns the KMS encryption key used to encrypt the new DB
17464
- # cluster, then you can use the KMS key alias instead of the ARN for
17465
- # the KMS encryption key.
17547
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
17548
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
17549
+ # in a different AWS account, specify the key ARN or alias ARN.
17466
17550
  #
17467
17551
  # You can restore to a new DB cluster and encrypt the new DB cluster
17468
- # with a KMS key that is different than the KMS key used to encrypt
17469
- # the source DB cluster. The new DB cluster is encrypted with the KMS
17470
- # key identified by the `KmsKeyId` parameter.
17552
+ # with a AWS KMS CMK that is different than the AWS KMS key used to
17553
+ # encrypt the source DB cluster. The new DB cluster is encrypted with
17554
+ # the AWS KMS CMK identified by the `KmsKeyId` parameter.
17471
17555
  #
17472
17556
  # If you don't specify a value for the `KmsKeyId` parameter, then the
17473
17557
  # following occurs:
17474
17558
  #
17475
17559
  # * If the DB cluster is encrypted, then the restored DB cluster is
17476
- # encrypted using the KMS key that was used to encrypt the source DB
17477
- # cluster.
17560
+ # encrypted using the AWS KMS CMK that was used to encrypt the
17561
+ # source DB cluster.
17478
17562
  #
17479
17563
  # * If the DB cluster isn't encrypted, then the restored DB cluster
17480
17564
  # isn't encrypted.
@@ -17904,8 +17988,7 @@ module Aws::RDS
17904
17988
  # @!attribute [rw] enable_iam_database_authentication
17905
17989
  # A value that indicates whether to enable mapping of AWS Identity and
17906
17990
  # Access Management (IAM) accounts to database accounts. By default,
17907
- # mapping is disabled. For information about the supported DB engines,
17908
- # see CreateDBInstance.
17991
+ # mapping is disabled.
17909
17992
  #
17910
17993
  # For more information about IAM database authentication, see [ IAM
17911
17994
  # Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -17920,11 +18003,11 @@ module Aws::RDS
17920
18003
  # The list of logs that the restored DB instance is to export to
17921
18004
  # CloudWatch Logs. The values in the list depend on the DB engine
17922
18005
  # being used. For more information, see [Publishing Database Logs to
17923
- # Amazon CloudWatch Logs][1] in the *Amazon Aurora User Guide*.
18006
+ # Amazon CloudWatch Logs][1] in the *Amazon RDS User Guide*.
17924
18007
  #
17925
18008
  #
17926
18009
  #
17927
- # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
18010
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
17928
18011
  # @return [Array<String>]
17929
18012
  #
17930
18013
  # @!attribute [rw] processor_features
@@ -18073,6 +18156,7 @@ module Aws::RDS
18073
18156
  # ],
18074
18157
  # use_default_processor_features: false,
18075
18158
  # deletion_protection: false,
18159
+ # max_allocated_storage: 1,
18076
18160
  # }
18077
18161
  #
18078
18162
  # @!attribute [rw] db_name
@@ -18333,17 +18417,14 @@ module Aws::RDS
18333
18417
  # @!attribute [rw] kms_key_id
18334
18418
  # The AWS KMS key identifier for an encrypted DB instance.
18335
18419
  #
18336
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
18337
- # encryption key. If you are creating a DB instance with the same AWS
18338
- # account that owns the KMS encryption key used to encrypt the new DB
18339
- # instance, then you can use the KMS key alias instead of the ARN for
18340
- # the KM encryption key.
18420
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
18421
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
18422
+ # in a different AWS account, specify the key ARN or alias ARN.
18341
18423
  #
18342
18424
  # If the `StorageEncrypted` parameter is enabled, and you do not
18343
18425
  # specify a value for the `KmsKeyId` parameter, then Amazon RDS will
18344
- # use your default encryption key. AWS KMS creates the default
18345
- # encryption key for your AWS account. Your AWS account has a
18346
- # different default encryption key for each AWS Region.
18426
+ # use your default CMK. There is a default CMK for your AWS account.
18427
+ # Your AWS account has a different default CMK for each AWS Region.
18347
18428
  # @return [String]
18348
18429
  #
18349
18430
  # @!attribute [rw] copy_tags_to_snapshot
@@ -18382,8 +18463,7 @@ module Aws::RDS
18382
18463
  # @!attribute [rw] enable_iam_database_authentication
18383
18464
  # A value that indicates whether to enable mapping of AWS Identity and
18384
18465
  # Access Management (IAM) accounts to database accounts. By default,
18385
- # mapping is disabled. For information about the supported DB engines,
18386
- # see CreateDBInstance.
18466
+ # mapping is disabled.
18387
18467
  #
18388
18468
  # For more information about IAM database authentication, see [ IAM
18389
18469
  # Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -18436,13 +18516,15 @@ module Aws::RDS
18436
18516
  #
18437
18517
  # @!attribute [rw] performance_insights_kms_key_id
18438
18518
  # The AWS KMS key identifier for encryption of Performance Insights
18439
- # data. The KMS key ID is the Amazon Resource Name (ARN), the KMS key
18440
- # identifier, or the KMS key alias for the KMS encryption key.
18519
+ # data.
18520
+ #
18521
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
18522
+ # alias name for the AWS KMS customer master key (CMK).
18441
18523
  #
18442
18524
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
18443
- # then Amazon RDS uses your default encryption key. AWS KMS creates
18444
- # the default encryption key for your AWS account. Your AWS account
18445
- # has a different default encryption key for each AWS Region.
18525
+ # then Amazon RDS uses your default CMK. There is a default CMK for
18526
+ # your AWS account. Your AWS account has a different default CMK for
18527
+ # each AWS Region.
18446
18528
  # @return [String]
18447
18529
  #
18448
18530
  # @!attribute [rw] performance_insights_retention_period
@@ -18482,6 +18564,11 @@ module Aws::RDS
18482
18564
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
18483
18565
  # @return [Boolean]
18484
18566
  #
18567
+ # @!attribute [rw] max_allocated_storage
18568
+ # The upper limit to which Amazon RDS can automatically scale the
18569
+ # storage of the DB instance.
18570
+ # @return [Integer]
18571
+ #
18485
18572
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3Message AWS API Documentation
18486
18573
  #
18487
18574
  class RestoreDBInstanceFromS3Message < Struct.new(
@@ -18527,7 +18614,8 @@ module Aws::RDS
18527
18614
  :enable_cloudwatch_logs_exports,
18528
18615
  :processor_features,
18529
18616
  :use_default_processor_features,
18530
- :deletion_protection)
18617
+ :deletion_protection,
18618
+ :max_allocated_storage)
18531
18619
  SENSITIVE = []
18532
18620
  include Aws::Structure
18533
18621
  end
@@ -18592,6 +18680,8 @@ module Aws::RDS
18592
18680
  # db_parameter_group_name: "String",
18593
18681
  # deletion_protection: false,
18594
18682
  # source_dbi_resource_id: "String",
18683
+ # max_allocated_storage: 1,
18684
+ # source_db_instance_automated_backups_arn: "String",
18595
18685
  # }
18596
18686
  #
18597
18687
  # @!attribute [rw] source_db_instance_identifier
@@ -18850,8 +18940,7 @@ module Aws::RDS
18850
18940
  # @!attribute [rw] enable_iam_database_authentication
18851
18941
  # A value that indicates whether to enable mapping of AWS Identity and
18852
18942
  # Access Management (IAM) accounts to database accounts. By default,
18853
- # mapping is disabled. For information about the supported DB engines,
18854
- # see CreateDBInstance.
18943
+ # mapping is disabled.
18855
18944
  #
18856
18945
  # For more information about IAM database authentication, see [ IAM
18857
18946
  # Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -18916,6 +19005,17 @@ module Aws::RDS
18916
19005
  # The resource ID of the source DB instance from which to restore.
18917
19006
  # @return [String]
18918
19007
  #
19008
+ # @!attribute [rw] max_allocated_storage
19009
+ # The upper limit to which Amazon RDS can automatically scale the
19010
+ # storage of the DB instance.
19011
+ # @return [Integer]
19012
+ #
19013
+ # @!attribute [rw] source_db_instance_automated_backups_arn
19014
+ # The Amazon Resource Name (ARN) of the replicated automated backups
19015
+ # from which to restore, for example,
19016
+ # `arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
19017
+ # @return [String]
19018
+ #
18919
19019
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTimeMessage AWS API Documentation
18920
19020
  #
18921
19021
  class RestoreDBInstanceToPointInTimeMessage < Struct.new(
@@ -18949,7 +19049,9 @@ module Aws::RDS
18949
19049
  :use_default_processor_features,
18950
19050
  :db_parameter_group_name,
18951
19051
  :deletion_protection,
18952
- :source_dbi_resource_id)
19052
+ :source_dbi_resource_id,
19053
+ :max_allocated_storage,
19054
+ :source_db_instance_automated_backups_arn)
18953
19055
  SENSITIVE = []
18954
19056
  include Aws::Structure
18955
19057
  end
@@ -19262,12 +19364,18 @@ module Aws::RDS
19262
19364
  # The status of the source AWS Region.
19263
19365
  # @return [String]
19264
19366
  #
19367
+ # @!attribute [rw] supports_db_instance_automated_backups_replication
19368
+ # Whether the source AWS Region supports replicating automated backups
19369
+ # to the current AWS Region.
19370
+ # @return [Boolean]
19371
+ #
19265
19372
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SourceRegion AWS API Documentation
19266
19373
  #
19267
19374
  class SourceRegion < Struct.new(
19268
19375
  :region_name,
19269
19376
  :endpoint,
19270
- :status)
19377
+ :status,
19378
+ :supports_db_instance_automated_backups_replication)
19271
19379
  SENSITIVE = []
19272
19380
  include Aws::Structure
19273
19381
  end
@@ -19307,7 +19415,7 @@ module Aws::RDS
19307
19415
  # }
19308
19416
  #
19309
19417
  # @!attribute [rw] resource_arn
19310
- # The Amazon Resource Name (ARN) of the DB cluster, for example
19418
+ # The Amazon Resource Name (ARN) of the DB cluster, for example,
19311
19419
  # `arn:aws:rds:us-east-1:12345667890:cluster:das-cluster`.
19312
19420
  # @return [String]
19313
19421
  #
@@ -19320,8 +19428,8 @@ module Aws::RDS
19320
19428
  #
19321
19429
  # @!attribute [rw] kms_key_id
19322
19430
  # The AWS KMS key identifier for encrypting messages in the database
19323
- # activity stream. The key identifier can be either a key ID, a key
19324
- # ARN, or a key alias.
19431
+ # activity stream. The AWS KMS key identifier is the key ARN, key ID,
19432
+ # alias ARN, or alias name for the AWS KMS customer master key (CMK).
19325
19433
  # @return [String]
19326
19434
  #
19327
19435
  # @!attribute [rw] apply_immediately
@@ -19412,6 +19520,75 @@ module Aws::RDS
19412
19520
  include Aws::Structure
19413
19521
  end
19414
19522
 
19523
+ # @note When making an API call, you may pass StartDBInstanceAutomatedBackupsReplicationMessage
19524
+ # data as a hash:
19525
+ #
19526
+ # {
19527
+ # source_db_instance_arn: "String", # required
19528
+ # backup_retention_period: 1,
19529
+ # kms_key_id: "String",
19530
+ # pre_signed_url: "String",
19531
+ # source_region: "String",
19532
+ # }
19533
+ #
19534
+ # @!attribute [rw] source_db_instance_arn
19535
+ # The Amazon Resource Name (ARN) of the source DB instance for the
19536
+ # replicated automated backups, for example,
19537
+ # `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
19538
+ # @return [String]
19539
+ #
19540
+ # @!attribute [rw] backup_retention_period
19541
+ # The retention period for the replicated automated backups.
19542
+ # @return [Integer]
19543
+ #
19544
+ # @!attribute [rw] kms_key_id
19545
+ # The AWS KMS key identifier for encryption of the replicated
19546
+ # automated backups. The KMS key ID is the Amazon Resource Name (ARN)
19547
+ # for the KMS encryption key in the destination AWS Region, for
19548
+ # example,
19549
+ # `arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`.
19550
+ # @return [String]
19551
+ #
19552
+ # @!attribute [rw] pre_signed_url
19553
+ # A URL that contains a Signature Version 4 signed request for the
19554
+ # StartDBInstanceAutomatedBackupsReplication action to be called in
19555
+ # the AWS Region of the source DB instance. The presigned URL must be
19556
+ # a valid request for the StartDBInstanceAutomatedBackupsReplication
19557
+ # API action that can be executed in the AWS Region that contains the
19558
+ # source DB instance.
19559
+ # @return [String]
19560
+ #
19561
+ # @!attribute [rw] source_region
19562
+ # The source region of the snapshot. This is only needed when the
19563
+ # shapshot is encrypted and in a different region.
19564
+ # @return [String]
19565
+ #
19566
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
19567
+ #
19568
+ class StartDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
19569
+ :source_db_instance_arn,
19570
+ :backup_retention_period,
19571
+ :kms_key_id,
19572
+ :pre_signed_url,
19573
+ :source_region)
19574
+ SENSITIVE = []
19575
+ include Aws::Structure
19576
+ end
19577
+
19578
+ # @!attribute [rw] db_instance_automated_backup
19579
+ # An automated backup of a DB instance. It consists of system backups,
19580
+ # transaction logs, and the database instance properties that existed
19581
+ # at the time you deleted the source instance.
19582
+ # @return [Types::DBInstanceAutomatedBackup]
19583
+ #
19584
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
19585
+ #
19586
+ class StartDBInstanceAutomatedBackupsReplicationResult < Struct.new(
19587
+ :db_instance_automated_backup)
19588
+ SENSITIVE = []
19589
+ include Aws::Structure
19590
+ end
19591
+
19415
19592
  # @note When making an API call, you may pass StartDBInstanceMessage
19416
19593
  # data as a hash:
19417
19594
  #
@@ -19480,11 +19657,12 @@ module Aws::RDS
19480
19657
  # @return [String]
19481
19658
  #
19482
19659
  # @!attribute [rw] kms_key_id
19483
- # The ID of the AWS KMS key to use to encrypt the snapshot exported to
19484
- # Amazon S3. The KMS key ID is the Amazon Resource Name (ARN), the KMS
19485
- # key identifier, or the KMS key alias for the KMS encryption key. The
19486
- # caller of this operation must be authorized to execute the following
19487
- # operations. These can be set in the KMS key policy:
19660
+ # The ID of the AWS KMS customer master key (CMK) to use to encrypt
19661
+ # the snapshot exported to Amazon S3. The AWS KMS key identifier is
19662
+ # the key ARN, key ID, alias ARN, or alias name for the AWS KMS
19663
+ # customer master key (CMK). The caller of this operation must be
19664
+ # authorized to execute the following operations. These can be set in
19665
+ # the AWS KMS key policy:
19488
19666
  #
19489
19667
  # * GrantOperation.Encrypt
19490
19668
  #
@@ -19576,6 +19754,9 @@ module Aws::RDS
19576
19754
  # @!attribute [rw] kms_key_id
19577
19755
  # The AWS KMS key identifier used for encrypting messages in the
19578
19756
  # database activity stream.
19757
+ #
19758
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
19759
+ # alias name for the AWS KMS customer master key (CMK).
19579
19760
  # @return [String]
19580
19761
  #
19581
19762
  # @!attribute [rw] kinesis_stream_name
@@ -19632,6 +19813,41 @@ module Aws::RDS
19632
19813
  include Aws::Structure
19633
19814
  end
19634
19815
 
19816
+ # @note When making an API call, you may pass StopDBInstanceAutomatedBackupsReplicationMessage
19817
+ # data as a hash:
19818
+ #
19819
+ # {
19820
+ # source_db_instance_arn: "String", # required
19821
+ # }
19822
+ #
19823
+ # @!attribute [rw] source_db_instance_arn
19824
+ # The Amazon Resource Name (ARN) of the source DB instance for which
19825
+ # to stop replicating automated backups, for example,
19826
+ # `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
19827
+ # @return [String]
19828
+ #
19829
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
19830
+ #
19831
+ class StopDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
19832
+ :source_db_instance_arn)
19833
+ SENSITIVE = []
19834
+ include Aws::Structure
19835
+ end
19836
+
19837
+ # @!attribute [rw] db_instance_automated_backup
19838
+ # An automated backup of a DB instance. It consists of system backups,
19839
+ # transaction logs, and the database instance properties that existed
19840
+ # at the time you deleted the source instance.
19841
+ # @return [Types::DBInstanceAutomatedBackup]
19842
+ #
19843
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
19844
+ #
19845
+ class StopDBInstanceAutomatedBackupsReplicationResult < Struct.new(
19846
+ :db_instance_automated_backup)
19847
+ SENSITIVE = []
19848
+ include Aws::Structure
19849
+ end
19850
+
19635
19851
  # @note When making an API call, you may pass StopDBInstanceMessage
19636
19852
  # data as a hash:
19637
19853
  #