aws-sdk-rds 1.102.0 → 1.107.0

data/lib/aws-sdk-rds/plugins/cross_region_copying.rb

@@ -5,28 +5,26 @@ require 'aws-sigv4'
 module Aws
   module RDS
     module Plugins
-
-      # This plugin populates the `:pre_signed_url` request param for the
-      # CopyDBSnapshot API.
+      # This plugin populates the `:pre_signed_url` request param for APIs
+      # that support cross region copying.
       #
       # This parameter is required by RDS when copying an encrypted snapshot
       # across regions. This plugin will be skipped if the `:pre_signed_url`
       # parameter is provided by the user.
       class CrossRegionCopying < Seahorse::Client::Plugin
-
         # @api private
         class Handler < Seahorse::Client::Handler
-
           def call(context)
             params = context.params
-            if params.is_a?(Hash) && params[:source_region] && !params[:pre_signed_url]
+            if params.is_a?(Hash) &&
+               params[:source_region] && !params[:pre_signed_url]
               params[:pre_signed_url] = presigned_url(context, params)
-              params[:destination_region] = context.config.region
             end
             @handler.call(context)
           end
 
           private
+
           def presigned_url(context, params)
             # :source_region is not modeled in the api
             source_region = params.delete(:source_region)
@@ -43,12 +41,13 @@ module Aws
               region: source_region,
               credentials_provider: context.config.credentials
             )
-            url = Aws::Partitions::EndpointProvider.resolve(signer.region, 'rds')
-            url += "?#{param_list.to_s}"
+            url = Aws::Partitions::EndpointProvider.resolve(
+              signer.region, 'rds'
+            )
+            url += "?#{param_list}"
             signer.presign_url(
               http_method: 'GET',
               url: url,
-              body: '',
               expires_in: 3600
             ).to_s
           end
@@ -61,10 +60,10 @@ module Aws
             :copy_db_snapshot,
             :create_db_instance_read_replica,
             :copy_db_cluster_snapshot,
-            :create_db_cluster
+            :create_db_cluster,
+            :start_db_instance_automated_backups_replication
           ]
         )
-
       end
     end
   end

data/lib/aws-sdk-rds/resource.rb

@@ -258,30 +258,27 @@ module Aws::RDS
     # @option options [String] :kms_key_id
     #   The AWS KMS key identifier for an encrypted DB cluster.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB cluster with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   cluster, then you can use the KMS key alias instead of the ARN for the
-    #   KMS encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
+    #   name for the AWS KMS customer master key (CMK). To use a CMK in a
+    #   different AWS account, specify the key ARN or alias ARN.
     #
-    #   If an encryption key isn't specified in `KmsKeyId`\:
+    #   When a CMK isn't specified in `KmsKeyId`\:
     #
     #   * If `ReplicationSourceIdentifier` identifies an encrypted source,
-    #     then Amazon RDS will use the encryption key used to encrypt the
-    #     source. Otherwise, Amazon RDS will use your default encryption key.
+    #     then Amazon RDS will use the CMK used to encrypt the source.
+    #     Otherwise, Amazon RDS will use your default CMK.
     #
     #   * If the `StorageEncrypted` parameter is enabled and
     #     `ReplicationSourceIdentifier` isn't specified, then Amazon RDS will
-    #     use your default encryption key.
+    #     use your default CMK.
     #
-    #   AWS KMS creates the default encryption key for your AWS account. Your
-    #   AWS account has a different default encryption key for each AWS
-    #   Region.
+    #   There is a default CMK for your AWS account. Your AWS account has a
+    #   different default CMK for each AWS Region.
     #
     #   If you create a read replica of an encrypted DB cluster in another AWS
-    #   Region, you must set `KmsKeyId` to a KMS key ID that is valid in the
-    #   destination AWS Region. This key is used to encrypt the read replica
-    #   in that AWS Region.
+    #   Region, you must set `KmsKeyId` to a AWS KMS key identifier that is
+    #   valid in the destination AWS Region. This CMK is used to encrypt the
+    #   read replica in that AWS Region.
     # @option options [String] :pre_signed_url
     #   A URL that contains a Signature Version 4 signed request for the
     #   `CreateDBCluster` action to be called in the source AWS Region where
@@ -298,9 +295,9 @@ module Aws::RDS
     #
     #   * `KmsKeyId` - The AWS KMS key identifier for the key to use to
     #     encrypt the copy of the DB cluster in the destination AWS Region.
-    #     This should refer to the same KMS key for both the `CreateDBCluster`
-    #     action that is called in the destination AWS Region, and the action
-    #     contained in the pre-signed URL.
+    #     This should refer to the same AWS KMS CMK for both the
+    #     `CreateDBCluster` action that is called in the destination AWS
+    #     Region, and the action contained in the pre-signed URL.
     #
     #   * `DestinationRegion` - The name of the AWS Region that Aurora read
     #     replica will be created in.
@@ -374,14 +371,23 @@ module Aws::RDS
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
     # @option options [String] :engine_mode
-    #   The DB engine mode of the DB cluster, either `provisioned`,
+    #   The DB engine mode of the DB cluster, either `provisioned`
     #   `serverless`, `parallelquery`, `global`, or `multimaster`.
     #
-    #   <note markdown="1"> `global` engine mode only applies for global database clusters created
-    #   with Aurora MySQL version 5.6.10a. For higher Aurora MySQL versions,
-    #   the clusters in a global database use `provisioned` engine mode.
+    #   The `parallelquery` engine mode isn't required for Aurora MySQL
+    #   version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x
+    #   versions.
+    #
+    #   The `global` engine mode isn't required for Aurora MySQL version 1.22
+    #   and higher 1.x versions, and `global` engine mode isn't required for
+    #   any 2.x versions.
     #
-    #    </note>
+    #   The `multimaster` engine mode only applies for DB clusters created
+    #   with Aurora MySQL version 5.6.10a.
+    #
+    #   For Aurora PostgreSQL, the `global` engine mode isn't required, and
+    #   both the `parallelquery` and the `multimaster` engine modes currently
+    #   aren't supported.
     #
     #   Limitations and requirements apply to some DB engine modes. For more
     #   information, see the following sections in the *Amazon Aurora User
@@ -391,7 +397,7 @@ module Aws::RDS
     #
     #   * [ Limitations of Parallel Query][2]
     #
-    #   * [ Requirements for Aurora Global Databases][3]
+    #   * [ Limitations of Aurora Global Databases][3]
     #
     #   * [ Limitations of Multi-Master Clusters][4]
     #
@@ -451,7 +457,6 @@ module Aws::RDS
     #   This parameter only applies to DB clusters that are secondary clusters
     #   in an Aurora global database. By default, Aurora disallows write
     #   operations for secondary clusters.
-    # @option options [String] :destination_region
     # @option options [String] :source_region
     #   The source region of the snapshot. This is only needed when the
     #   shapshot is encrypted and in a different region.
@@ -1093,8 +1098,8 @@ module Aws::RDS
     #
     #   **Microsoft SQL Server**
     #
-    #   See [Version and Feature Support on Amazon RDS][2] in the *Amazon RDS
-    #   User Guide.*
+    #   See [Microsoft SQL Server Versions on Amazon RDS][2] in the *Amazon
+    #   RDS User Guide.*
     #
     #   **MySQL**
     #
@@ -1113,7 +1118,7 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt
-    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
+    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
     #   [3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
     #   [4]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html
     #   [5]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions
@@ -1221,22 +1226,19 @@ module Aws::RDS
     # @option options [String] :kms_key_id
     #   The AWS KMS key identifier for an encrypted DB instance.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB instance with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   instance, then you can use the KMS key alias instead of the ARN for
-    #   the KM encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
+    #   name for the AWS KMS customer master key (CMK). To use a CMK in a
+    #   different AWS account, specify the key ARN or alias ARN.
     #
     #   **Amazon Aurora**
     #
-    #   Not applicable. The KMS key identifier is managed by the DB cluster.
-    #   For more information, see `CreateDBCluster`.
+    #   Not applicable. The AWS KMS key identifier is managed by the DB
+    #   cluster. For more information, see `CreateDBCluster`.
     #
     #   If `StorageEncrypted` is enabled, and you do not specify a value for
-    #   the `KmsKeyId` parameter, then Amazon RDS will use your default
-    #   encryption key. AWS KMS creates the default encryption key for your
-    #   AWS account. Your AWS account has a different default encryption key
-    #   for each AWS Region.
+    #   the `KmsKeyId` parameter, then Amazon RDS uses your default CMK. There
+    #   is a default CMK for your AWS account. Your AWS account has a
+    #   different default CMK for each AWS Region.
     # @option options [String] :domain
     #   The Active Directory directory ID to create the DB instance in.
     #   Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB
@@ -1307,29 +1309,8 @@ module Aws::RDS
     #   Access Management (IAM) accounts to database accounts. By default,
     #   mapping is disabled.
     #
-    #   You can enable IAM database authentication for the following database
-    #   engines:
-    #
-    #   **Amazon Aurora**
-    #
-    #   Not applicable. Mapping AWS IAM accounts to database accounts is
-    #   managed by the DB cluster.
-    #
-    #   **MySQL**
-    #
-    #   * For MySQL 5.6, minor version 5.6.34 or higher
-    #
-    #   * For MySQL 5.7, minor version 5.7.16 or higher
-    #
-    #   * For MySQL 8.0, minor version 8.0.16 or higher
-    #
-    #   **PostgreSQL**
-    #
-    #   * For PostgreSQL 9.5, minor version 9.5.15 or higher
-    #
-    #   * For PostgreSQL 9.6, minor version 9.6.11 or higher
-    #
-    #   * PostgreSQL 10.6, 10.7, and 10.9
+    #   This setting doesn't apply to Amazon Aurora. Mapping AWS IAM accounts
+    #   to database accounts is managed by the DB cluster.
     #
     #   For more information, see [ IAM Database Authentication for MySQL and
     #   PostgreSQL][1] in the *Amazon RDS User Guide.*
@@ -1349,13 +1330,15 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html
     # @option options [String] :performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
+    #   name for the AWS KMS customer master key (CMK).
     #
     #   If you do not specify a value for `PerformanceInsightsKMSKeyId`, then
-    #   Amazon RDS uses your default encryption key. AWS KMS creates the
-    #   default encryption key for your AWS account. Your AWS account has a
-    #   different default encryption key for each AWS Region.
+    #   Amazon RDS uses your default CMK. There is a default CMK for your AWS
+    #   account. Your AWS account has a different default CMK for each AWS
+    #   Region.
     # @option options [Integer] :performance_insights_retention_period
     #   The amount of time, in days, to retain Performance Insights data.
     #   Valid values are 7 or 731 (2 years).
@@ -1366,6 +1349,10 @@ module Aws::RDS
     #   CloudWatch Logs ][1] in the *Amazon Relational Database Service User
     #   Guide*.
     #
+    #   **Amazon Aurora**
+    #
+    #   Not applicable. CloudWatch Logs exports are managed by the DB cluster.
+    #
     #   **MariaDB**
     #
     #   Possible values are `audit`, `error`, `general`, and `slowquery`.

data/lib/aws-sdk-rds/types.rb

@@ -157,7 +157,7 @@ module Aws::RDS
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) of the IAM role to associate with the
-    #   Aurora DB cluster, for example
+    #   Aurora DB cluster, for example,
     #   `arn:aws:iam::123456789012:role/AuroraAccessRole`.
     #   @return [String]
     #
@@ -715,13 +715,20 @@ module Aws::RDS
     #
     # The `EnableLogTypes` and `DisableLogTypes` arrays determine which logs
     # will be exported (or not exported) to CloudWatch Logs. The values
-    # within these arrays depend on the DB engine being used. For more
-    # information, see [Publishing Database Logs to Amazon CloudWatch Logs
+    # within these arrays depend on the DB engine being used.
+    #
+    # For more information about exporting CloudWatch Logs for Amazon RDS DB
+    # instances, see [Publishing Database Logs to Amazon CloudWatch Logs
     # ][1] in the *Amazon RDS User Guide*.
     #
+    # For more information about exporting CloudWatch Logs for Amazon Aurora
+    # DB clusters, see [Publishing Database Logs to Amazon CloudWatch
+    # Logs][2] in the *Amazon Aurora User Guide*.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
+    # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
     #
     # @note When making an API call, you may pass CloudwatchLogsExportConfiguration
     #   data as a hash:
@@ -1043,25 +1050,25 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The AWS KMS key ID for an encrypted DB cluster snapshot. The KMS key
-    #   ID is the Amazon Resource Name (ARN), KMS key identifier, or the KMS
-    #   key alias for the KMS encryption key.
+    #   The AWS KMS key identifier for an encrypted DB cluster snapshot. The
+    #   AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
+    #   name for the AWS KMS customer master key (CMK).
     #
     #   If you copy an encrypted DB cluster snapshot from your AWS account,
     #   you can specify a value for `KmsKeyId` to encrypt the copy with a
-    #   new KMS encryption key. If you don't specify a value for
-    #   `KmsKeyId`, then the copy of the DB cluster snapshot is encrypted
-    #   with the same KMS key as the source DB cluster snapshot.
+    #   new AWS KMS CMK. If you don't specify a value for `KmsKeyId`, then
+    #   the copy of the DB cluster snapshot is encrypted with the same AWS
+    #   KMS key as the source DB cluster snapshot.
     #
     #   If you copy an encrypted DB cluster snapshot that is shared from
     #   another AWS account, then you must specify a value for `KmsKeyId`.
     #
     #   To copy an encrypted DB cluster snapshot to another AWS Region, you
-    #   must set `KmsKeyId` to the KMS key ID you want to use to encrypt the
-    #   copy of the DB cluster snapshot in the destination AWS Region. KMS
-    #   encryption keys are specific to the AWS Region that they are created
-    #   in, and you can't use encryption keys from one AWS Region in
-    #   another AWS Region.
+    #   must set `KmsKeyId` to the AWS KMS key identifier you want to use to
+    #   encrypt the copy of the DB cluster snapshot in the destination AWS
+    #   Region. AWS KMS CMKs are specific to the AWS Region that they are
+    #   created in, and you can't use CMKs from one AWS Region in another
+    #   AWS Region.
     #
     #   If you copy an unencrypted DB cluster snapshot and specify a value
     #   for the `KmsKeyId` parameter, an error is returned.
@@ -1081,11 +1088,12 @@ module Aws::RDS
     #   be copied. The pre-signed URL request must contain the following
     #   parameter values:
     #
-    #   * `KmsKeyId` - The AWS KMS key identifier for the key to use to
-    #     encrypt the copy of the DB cluster snapshot in the destination AWS
-    #     Region. This is the same identifier for both the
-    #     `CopyDBClusterSnapshot` action that is called in the destination
-    #     AWS Region, and the action contained in the pre-signed URL.
+    #   * `KmsKeyId` - The AWS KMS key identifier for the customer master
+    #     key (CMK) to use to encrypt the copy of the DB cluster snapshot in
+    #     the destination AWS Region. This is the same identifier for both
+    #     the `CopyDBClusterSnapshot` action that is called in the
+    #     destination AWS Region, and the action contained in the pre-signed
+    #     URL.
     #
     #   * `DestinationRegion` - The name of the AWS Region that the DB
     #     cluster snapshot is to be created in.
@@ -1132,9 +1140,6 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
     #   @return [Array<Types::Tag>]
     #
-    # @!attribute [rw] destination_region
-    #   @return [String]
-    #
     # @!attribute [rw] source_region
     #   The source region of the snapshot. This is only needed when the
     #   shapshot is encrypted and in a different region.
@@ -1149,7 +1154,6 @@ module Aws::RDS
       :pre_signed_url,
       :copy_tags,
       :tags,
-      :destination_region,
       :source_region)
       SENSITIVE = []
       include Aws::Structure
@@ -1273,6 +1277,7 @@ module Aws::RDS
     #         copy_tags: false,
     #         pre_signed_url: "String",
     #         option_group_name: "String",
+    #         target_custom_availability_zone: "String",
     #         source_region: "String",
     #       }
     #
@@ -1323,15 +1328,15 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The AWS KMS key ID for an encrypted DB snapshot. The KMS key ID is
-    #   the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
-    #   alias for the KMS encryption key.
+    #   The AWS KMS key identifier for an encrypted DB snapshot. The AWS KMS
+    #   key identifier is the key ARN, key ID, alias ARN, or alias name for
+    #   the AWS KMS customer master key (CMK).
     #
     #   If you copy an encrypted DB snapshot from your AWS account, you can
     #   specify a value for this parameter to encrypt the copy with a new
-    #   KMS encryption key. If you don't specify a value for this
-    #   parameter, then the copy of the DB snapshot is encrypted with the
-    #   same KMS key as the source DB snapshot.
+    #   AWS KMS CMK. If you don't specify a value for this parameter, then
+    #   the copy of the DB snapshot is encrypted with the same AWS KMS key
+    #   as the source DB snapshot.
     #
     #   If you copy an encrypted DB snapshot that is shared from another AWS
     #   account, then you must specify a value for this parameter.
@@ -1340,10 +1345,10 @@ module Aws::RDS
     #   the copy is encrypted.
     #
     #   If you copy an encrypted snapshot to a different AWS Region, then
-    #   you must specify a KMS key for the destination AWS Region. KMS
-    #   encryption keys are specific to the AWS Region that they are created
-    #   in, and you can't use encryption keys from one AWS Region in
-    #   another AWS Region.
+    #   you must specify a AWS KMS key identifier for the destination AWS
+    #   Region. AWS KMS CMKs are specific to the AWS Region that they are
+    #   created in, and you can't use CMKs from one AWS Region in another
+    #   AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -1388,11 +1393,11 @@ module Aws::RDS
     #     example, the `DestinationRegion` in the presigned URL must be set
     #     to the us-east-1 AWS Region.
     #
-    #   * `KmsKeyId` - The AWS KMS key identifier for the key to use to
-    #     encrypt the copy of the DB snapshot in the destination AWS Region.
-    #     This is the same identifier for both the `CopyDBSnapshot` action
-    #     that is called in the destination AWS Region, and the action
-    #     contained in the presigned URL.
+    #   * `KmsKeyId` - The AWS KMS key identifier for the customer master
+    #     key (CMK) to use to encrypt the copy of the DB snapshot in the
+    #     destination AWS Region. This is the same identifier for both the
+    #     `CopyDBSnapshot` action that is called in the destination AWS
+    #     Region, and the action contained in the presigned URL.
     #
     #   * `SourceDBSnapshotIdentifier` - The DB snapshot identifier for the
     #     encrypted snapshot to be copied. This identifier must be in the
@@ -1436,7 +1441,11 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html#USER_CopySnapshot.Options
     #   @return [String]
     #
-    # @!attribute [rw] destination_region
+    # @!attribute [rw] target_custom_availability_zone
+    #   The external custom Availability Zone (CAZ) identifier for the
+    #   target CAZ.
+    #
+    #   Example: `rds-caz-aiqhTgQv`.
     #   @return [String]
     #
     # @!attribute [rw] source_region
@@ -1454,7 +1463,7 @@ module Aws::RDS
       :copy_tags,
       :pre_signed_url,
       :option_group_name,
-      :destination_region,
+      :target_custom_availability_zone,
       :source_region)
       SENSITIVE = []
       include Aws::Structure
@@ -1491,25 +1500,13 @@ module Aws::RDS
     #       }
     #
     # @!attribute [rw] source_option_group_identifier
-    #   The identifier or ARN for the source option group. For information
-    #   about creating an ARN, see [ Constructing an ARN for Amazon RDS][1]
-    #   in the *Amazon RDS User Guide*.
+    #   The identifier for the source option group.
     #
     #   Constraints:
     #
     #   * Must specify a valid option group.
     #
-    #   * If the source option group is in the same AWS Region as the copy,
-    #     specify a valid option group identifier, for example
-    #     `my-option-group`, or a valid ARN.
-    #
-    #   * If the source option group is in a different AWS Region than the
-    #     copy, specify a valid option group ARN, for example
-    #     `arn:aws:rds:us-west-2:123456789012:og:special-options`.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing
+    #   ^
     #   @return [String]
     #
     # @!attribute [rw] target_option_group_identifier
@@ -1950,31 +1947,27 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier for an encrypted DB cluster.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB cluster with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   cluster, then you can use the KMS key alias instead of the ARN for
-    #   the KMS encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
-    #   If an encryption key isn't specified in `KmsKeyId`\:
+    #   When a CMK isn't specified in `KmsKeyId`\:
     #
     #   * If `ReplicationSourceIdentifier` identifies an encrypted source,
-    #     then Amazon RDS will use the encryption key used to encrypt the
-    #     source. Otherwise, Amazon RDS will use your default encryption
-    #     key.
+    #     then Amazon RDS will use the CMK used to encrypt the source.
+    #     Otherwise, Amazon RDS will use your default CMK.
     #
     #   * If the `StorageEncrypted` parameter is enabled and
     #     `ReplicationSourceIdentifier` isn't specified, then Amazon RDS
-    #     will use your default encryption key.
+    #     will use your default CMK.
     #
-    #   AWS KMS creates the default encryption key for your AWS account.
-    #   Your AWS account has a different default encryption key for each AWS
-    #   Region.
+    #   There is a default CMK for your AWS account. Your AWS account has a
+    #   different default CMK for each AWS Region.
     #
     #   If you create a read replica of an encrypted DB cluster in another
-    #   AWS Region, you must set `KmsKeyId` to a KMS key ID that is valid in
-    #   the destination AWS Region. This key is used to encrypt the read
-    #   replica in that AWS Region.
+    #   AWS Region, you must set `KmsKeyId` to a AWS KMS key identifier that
+    #   is valid in the destination AWS Region. This CMK is used to encrypt
+    #   the read replica in that AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] pre_signed_url
@@ -1993,7 +1986,7 @@ module Aws::RDS
     #
     #   * `KmsKeyId` - The AWS KMS key identifier for the key to use to
     #     encrypt the copy of the DB cluster in the destination AWS Region.
-    #     This should refer to the same KMS key for both the
+    #     This should refer to the same AWS KMS CMK for both the
     #     `CreateDBCluster` action that is called in the destination AWS
     #     Region, and the action contained in the pre-signed URL.
     #
@@ -2077,15 +2070,23 @@ module Aws::RDS
     #   @return [Array<String>]
     #
     # @!attribute [rw] engine_mode
-    #   The DB engine mode of the DB cluster, either `provisioned`,
+    #   The DB engine mode of the DB cluster, either `provisioned`
     #   `serverless`, `parallelquery`, `global`, or `multimaster`.
     #
-    #   <note markdown="1"> `global` engine mode only applies for global database clusters
-    #   created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
-    #   versions, the clusters in a global database use `provisioned` engine
-    #   mode.
+    #   The `parallelquery` engine mode isn't required for Aurora MySQL
+    #   version 1.23 and higher 1.x versions, and version 2.09 and higher
+    #   2.x versions.
     #
-    #    </note>
+    #   The `global` engine mode isn't required for Aurora MySQL version
+    #   1.22 and higher 1.x versions, and `global` engine mode isn't
+    #   required for any 2.x versions.
+    #
+    #   The `multimaster` engine mode only applies for DB clusters created
+    #   with Aurora MySQL version 5.6.10a.
+    #
+    #   For Aurora PostgreSQL, the `global` engine mode isn't required, and
+    #   both the `parallelquery` and the `multimaster` engine modes
+    #   currently aren't supported.
     #
     #   Limitations and requirements apply to some DB engine modes. For more
     #   information, see the following sections in the *Amazon Aurora User
@@ -2095,7 +2096,7 @@ module Aws::RDS
     #
     #   * [ Limitations of Parallel Query][2]
     #
-    #   * [ Requirements for Aurora Global Databases][3]
+    #   * [ Limitations of Aurora Global Databases][3]
     #
     #   * [ Limitations of Multi-Master Clusters][4]
     #
@@ -2173,9 +2174,6 @@ module Aws::RDS
     #   disallows write operations for secondary clusters.
     #   @return [Boolean]
     #
-    # @!attribute [rw] destination_region
-    #   @return [String]
-    #
     # @!attribute [rw] source_region
     #   The source region of the snapshot. This is only needed when the
     #   shapshot is encrypted and in a different region.
@@ -2217,7 +2215,6 @@ module Aws::RDS
       :domain,
       :domain_iam_role_name,
       :enable_global_write_forwarding,
-      :destination_region,
       :source_region)
       SENSITIVE = []
       include Aws::Structure
@@ -2998,7 +2995,7 @@ module Aws::RDS
     #
     #   **Microsoft SQL Server**
     #
-    #   See [Version and Feature Support on Amazon RDS][2] in the *Amazon
+    #   See [Microsoft SQL Server Versions on Amazon RDS][2] in the *Amazon
     #   RDS User Guide.*
     #
     #   **MySQL**
@@ -3019,7 +3016,7 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt
-    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
+    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
     #   [3]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt
     #   [4]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html
     #   [5]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions
@@ -3156,22 +3153,19 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier for an encrypted DB instance.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB instance with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   instance, then you can use the KMS key alias instead of the ARN for
-    #   the KM encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
     #   **Amazon Aurora**
     #
-    #   Not applicable. The KMS key identifier is managed by the DB cluster.
-    #   For more information, see `CreateDBCluster`.
+    #   Not applicable. The AWS KMS key identifier is managed by the DB
+    #   cluster. For more information, see `CreateDBCluster`.
     #
     #   If `StorageEncrypted` is enabled, and you do not specify a value for
-    #   the `KmsKeyId` parameter, then Amazon RDS will use your default
-    #   encryption key. AWS KMS creates the default encryption key for your
-    #   AWS account. Your AWS account has a different default encryption key
-    #   for each AWS Region.
+    #   the `KmsKeyId` parameter, then Amazon RDS uses your default CMK.
+    #   There is a default CMK for your AWS account. Your AWS account has a
+    #   different default CMK for each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] domain
@@ -3258,29 +3252,8 @@ module Aws::RDS
     #   Access Management (IAM) accounts to database accounts. By default,
     #   mapping is disabled.
     #
-    #   You can enable IAM database authentication for the following
-    #   database engines:
-    #
-    #   **Amazon Aurora**
-    #
-    #   Not applicable. Mapping AWS IAM accounts to database accounts is
-    #   managed by the DB cluster.
-    #
-    #   **MySQL**
-    #
-    #   * For MySQL 5.6, minor version 5.6.34 or higher
-    #
-    #   * For MySQL 5.7, minor version 5.7.16 or higher
-    #
-    #   * For MySQL 8.0, minor version 8.0.16 or higher
-    #
-    #   **PostgreSQL**
-    #
-    #   * For PostgreSQL 9.5, minor version 9.5.15 or higher
-    #
-    #   * For PostgreSQL 9.6, minor version 9.6.11 or higher
-    #
-    #   * PostgreSQL 10.6, 10.7, and 10.9
+    #   This setting doesn't apply to Amazon Aurora. Mapping AWS IAM
+    #   accounts to database accounts is managed by the DB cluster.
     #
     #   For more information, see [ IAM Database Authentication for MySQL
     #   and PostgreSQL][1] in the *Amazon RDS User Guide.*
@@ -3304,13 +3277,15 @@ module Aws::RDS
     #
     # @!attribute [rw] performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #
     #   If you do not specify a value for `PerformanceInsightsKMSKeyId`,
-    #   then Amazon RDS uses your default encryption key. AWS KMS creates
-    #   the default encryption key for your AWS account. Your AWS account
-    #   has a different default encryption key for each AWS Region.
+    #   then Amazon RDS uses your default CMK. There is a default CMK for
+    #   your AWS account. Your AWS account has a different default CMK for
+    #   each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] performance_insights_retention_period
@@ -3325,6 +3300,11 @@ module Aws::RDS
     #   Amazon CloudWatch Logs ][1] in the *Amazon Relational Database
     #   Service User Guide*.
     #
+    #   **Amazon Aurora**
+    #
+    #   Not applicable. CloudWatch Logs exports are managed by the DB
+    #   cluster.
+    #
     #   **MariaDB**
     #
     #   Possible values are `audit`, `error`, `general`, and `slowquery`.
@@ -3477,6 +3457,7 @@ module Aws::RDS
     #         domain: "String",
     #         domain_iam_role_name: "String",
     #         replica_mode: "open-read-only", # accepts open-read-only, mounted
+    #         max_allocated_storage: 1,
     #         source_region: "String",
     #       }
     #
@@ -3722,19 +3703,20 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The AWS KMS key ID for an encrypted read replica. The KMS key ID is
-    #   the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
-    #   alias for the KMS encryption key.
+    #   The AWS KMS key identifier for an encrypted read replica.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS CMK.
     #
     #   If you create an encrypted read replica in the same AWS Region as
     #   the source DB instance, then you do not have to specify a value for
-    #   this parameter. The read replica is encrypted with the same KMS key
-    #   as the source DB instance.
+    #   this parameter. The read replica is encrypted with the same AWS KMS
+    #   CMK as the source DB instance.
     #
     #   If you create an encrypted read replica in a different AWS Region,
-    #   then you must specify a KMS key for the destination AWS Region. KMS
-    #   encryption keys are specific to the AWS Region that they are created
-    #   in, and you can't use encryption keys from one AWS Region in
+    #   then you must specify a AWS KMS key identifier for the destination
+    #   AWS Region. AWS KMS CMKs are specific to the AWS Region that they
+    #   are created in, and you can't use CMKs from one AWS Region in
     #   another AWS Region.
     #
     #   You can't create an encrypted read replica from an unencrypted DB
@@ -3808,8 +3790,7 @@ module Aws::RDS
     # @!attribute [rw] enable_iam_database_authentication
     #   A value that indicates whether to enable mapping of AWS Identity and
     #   Access Management (IAM) accounts to database accounts. By default,
-    #   mapping is disabled. For information about the supported DB engines,
-    #   see CreateDBInstance.
+    #   mapping is disabled.
     #
     #   For more information about IAM database authentication, see [ IAM
     #   Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -3834,13 +3815,15 @@ module Aws::RDS
     #
     # @!attribute [rw] performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #
     #   If you do not specify a value for `PerformanceInsightsKMSKeyId`,
-    #   then Amazon RDS uses your default encryption key. AWS KMS creates
-    #   the default encryption key for your AWS account. Your AWS account
-    #   has a different default encryption key for each AWS Region.
+    #   then Amazon RDS uses your default CMK. There is a default CMK for
+    #   your AWS account. Your AWS account has a different default CMK for
+    #   each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] performance_insights_retention_period
@@ -3922,8 +3905,10 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
     #   @return [String]
     #
-    # @!attribute [rw] destination_region
-    #   @return [String]
+    # @!attribute [rw] max_allocated_storage
+    #   The upper limit to which Amazon RDS can automatically scale the
+    #   storage of the DB instance.
+    #   @return [Integer]
     #
     # @!attribute [rw] source_region
     #   The source region of the snapshot. This is only needed when the
@@ -3964,7 +3949,7 @@ module Aws::RDS
       :domain,
       :domain_iam_role_name,
       :replica_mode,
-      :destination_region,
+      :max_allocated_storage,
       :source_region)
       SENSITIVE = []
       include Aws::Structure
@@ -4912,12 +4897,15 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   If `StorageEncrypted` is enabled, the AWS KMS key identifier for the
     #   encrypted DB cluster.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] db_cluster_resource_id
     #   The AWS Region-unique, immutable identifier for the DB cluster. This
     #   identifier is found in AWS CloudTrail log entries whenever the AWS
-    #   KMS key for the DB cluster is accessed.
+    #   KMS CMK for the DB cluster is accessed.
     #   @return [String]
     #
     # @!attribute [rw] db_cluster_arn
@@ -4988,14 +4976,11 @@ module Aws::RDS
     #   The DB engine mode of the DB cluster, either `provisioned`,
     #   `serverless`, `parallelquery`, `global`, or `multimaster`.
     #
-    #   <note markdown="1"> `global` engine mode only applies for global database clusters
-    #   created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
-    #   versions, the clusters in a global database use `provisioned` engine
-    #   mode. To check if a DB cluster is part of a global database, use
-    #   `DescribeGlobalClusters` instead of checking the `EngineMode` return
-    #   value from `DescribeDBClusters`.
+    #   For more information, see [ CreateDBCluster][1].
     #
-    #    </note>
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html
     #   @return [String]
     #
     # @!attribute [rw] scaling_configuration_info
@@ -5046,6 +5031,9 @@ module Aws::RDS
     # @!attribute [rw] activity_stream_kms_key_id
     #   The AWS KMS key identifier used for encrypting messages in the
     #   database activity stream.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] activity_stream_kinesis_stream_name
@@ -5068,6 +5056,15 @@ module Aws::RDS
     #   DB cluster.
     #   @return [Array<Types::DomainMembership>]
     #
+    # @!attribute [rw] tag_list
+    #   A list of tags. For more information, see [Tagging Amazon RDS
+    #   Resources][1] in the *Amazon RDS User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] global_write_forwarding_status
     #   Specifies whether a secondary cluster in an Aurora global database
     #   has write forwarding enabled, not enabled, or is in the process of
@@ -5138,6 +5135,7 @@ module Aws::RDS
       :copy_tags_to_snapshot,
       :cross_account_clone,
       :domain_memberships,
+      :tag_list,
       :global_write_forwarding_status,
       :global_write_forwarding_requested)
       SENSITIVE = []
@@ -5729,6 +5727,9 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   If `StorageEncrypted` is true, the AWS KMS key identifier for the
     #   encrypted DB cluster snapshot.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] db_cluster_snapshot_arn
@@ -5746,6 +5747,15 @@ module Aws::RDS
     #   to database accounts is enabled, and otherwise false.
     #   @return [Boolean]
     #
+    # @!attribute [rw] tag_list
+    #   A list of tags. For more information, see [Tagging Amazon RDS
+    #   Resources][1] in the *Amazon RDS User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBClusterSnapshot AWS API Documentation
     #
     class DBClusterSnapshot < Struct.new(
@@ -5768,7 +5778,8 @@ module Aws::RDS
       :kms_key_id,
       :db_cluster_snapshot_arn,
       :source_db_cluster_snapshot_arn,
-      :iam_database_authentication_enabled)
+      :iam_database_authentication_enabled,
+      :tag_list)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5937,13 +5948,6 @@ module Aws::RDS
     #
     # @!attribute [rw] supported_engine_modes
     #   A list of the supported DB engine modes.
-    #
-    #   <note markdown="1"> `global` engine mode only applies for global database clusters
-    #   created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
-    #   versions, the clusters in a global database use `provisioned` engine
-    #   mode.
-    #
-    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] supported_feature_names
@@ -6262,12 +6266,15 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   If `StorageEncrypted` is true, the AWS KMS key identifier for the
     #   encrypted DB instance.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] dbi_resource_id
     #   The AWS Region-unique, immutable identifier for the DB instance.
     #   This identifier is found in AWS CloudTrail log entries whenever the
-    #   AWS KMS key for the DB instance is accessed.
+    #   AWS KMS customer master key (CMK) for the DB instance is accessed.
     #   @return [String]
     #
     # @!attribute [rw] ca_certificate_identifier
@@ -6349,8 +6356,10 @@ module Aws::RDS
     #
     # @!attribute [rw] performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] performance_insights_retention_period
@@ -6400,6 +6409,20 @@ module Aws::RDS
     #   storage of the DB instance.
     #   @return [Integer]
     #
+    # @!attribute [rw] tag_list
+    #   A list of tags. For more information, see [Tagging Amazon RDS
+    #   Resources][1] in the *Amazon RDS User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] db_instance_automated_backups_replications
+    #   The list of replicated automated backups associated with the DB
+    #   instance.
+    #   @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstance AWS API Documentation
     #
     class DBInstance < Struct.new(
@@ -6462,7 +6485,9 @@ module Aws::RDS
       :deletion_protection,
       :associated_roles,
       :listener_endpoint,
-      :max_allocated_storage)
+      :max_allocated_storage,
+      :tag_list,
+      :db_instance_automated_backups_replications)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6473,12 +6498,12 @@ module Aws::RDS
     #
     class DBInstanceAlreadyExistsFault < Aws::EmptyStructure; end
 
-    # An automated backup of a DB instance. It it consists of system
-    # backups, transaction logs, and the database instance properties that
-    # existed at the time you deleted the source instance.
+    # An automated backup of a DB instance. It consists of system backups,
+    # transaction logs, and the database instance properties that existed at
+    # the time you deleted the source instance.
     #
     # @!attribute [rw] db_instance_arn
-    #   The Amazon Resource Name (ARN) for the automated backup.
+    #   The Amazon Resource Name (ARN) for the automated backups.
     #   @return [String]
     #
     # @!attribute [rw] dbi_resource_id
@@ -6579,9 +6604,10 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The AWS KMS key ID for an automated backup. The KMS key ID is the
-    #   Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias
-    #   for the KMS encryption key.
+    #   The AWS KMS key ID for an automated backup.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] timezone
@@ -6595,6 +6621,19 @@ module Aws::RDS
     #   to database accounts is enabled, and otherwise false.
     #   @return [Boolean]
     #
+    # @!attribute [rw] backup_retention_period
+    #   The retention period for the automated backups.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) for the replicated automated backups.
+    #   @return [String]
+    #
+    # @!attribute [rw] db_instance_automated_backups_replications
+    #   The list of replications to different AWS Regions associated with
+    #   the automated backup.
+    #   @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackup AWS API Documentation
     #
     class DBInstanceAutomatedBackup < Struct.new(
@@ -6620,7 +6659,10 @@ module Aws::RDS
       :storage_type,
       :kms_key_id,
       :timezone,
-      :iam_database_authentication_enabled)
+      :iam_database_authentication_enabled,
+      :backup_retention_period,
+      :db_instance_automated_backups_arn,
+      :db_instance_automated_backups_replications)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6661,6 +6703,22 @@ module Aws::RDS
     #
     class DBInstanceAutomatedBackupQuotaExceededFault < Aws::EmptyStructure; end
 
+    # Automated backups of a DB instance replicated to another AWS Region.
+    # They consist of system backups, transaction logs, and database
+    # instance properties.
+    #
+    # @!attribute [rw] db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) of the replicated automated backups.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackupsReplication AWS API Documentation
+    #
+    class DBInstanceAutomatedBackupsReplication < Struct.new(
+      :db_instance_automated_backups_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the result of a successful invocation of the
     # `DescribeDBInstances` action.
     #
@@ -7048,7 +7106,7 @@ module Aws::RDS
     class DBProxyAlreadyExistsFault < Aws::EmptyStructure; end
 
     # The specified proxy name doesn't correspond to a proxy owned by your
-    # AWS accoutn in the specified AWS Region.
+    # AWS account in the specified AWS Region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBProxyNotFoundFault AWS API Documentation
     #
@@ -7338,7 +7396,7 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] snapshot_create_time
-    #   Specifies when the snapshot was taken in Coodinated Universal Time
+    #   Specifies when the snapshot was taken in Coordinated Universal Time
     #   (UTC).
     #   @return [Time]
     #
@@ -7428,6 +7486,9 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   If `Encrypted` is true, the AWS KMS key identifier for the encrypted
     #   DB snapshot.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] db_snapshot_arn
@@ -7457,6 +7518,15 @@ module Aws::RDS
     #   and which is unique to an AWS Region.
     #   @return [String]
     #
+    # @!attribute [rw] tag_list
+    #   A list of tags. For more information, see [Tagging Amazon RDS
+    #   Resources][1] in the *Amazon RDS User Guide.*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBSnapshot AWS API Documentation
     #
     class DBSnapshot < Struct.new(
@@ -7487,7 +7557,8 @@ module Aws::RDS
       :timezone,
       :iam_database_authentication_enabled,
       :processor_features,
-      :dbi_resource_id)
+      :dbi_resource_id,
+      :tag_list)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7903,7 +7974,8 @@ module Aws::RDS
     #   data as a hash:
     #
     #       {
-    #         dbi_resource_id: "String", # required
+    #         dbi_resource_id: "String",
+    #         db_instance_automated_backups_arn: "String",
     #       }
     #
     # @!attribute [rw] dbi_resource_id
@@ -7911,18 +7983,25 @@ module Aws::RDS
     #   and which is unique to an AWS Region.
     #   @return [String]
     #
+    # @!attribute [rw] db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) of the automated backups to delete,
+    #   for example,
+    #   `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupMessage AWS API Documentation
     #
     class DeleteDBInstanceAutomatedBackupMessage < Struct.new(
-      :dbi_resource_id)
+      :dbi_resource_id,
+      :db_instance_automated_backups_arn)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] db_instance_automated_backup
-    #   An automated backup of a DB instance. It it consists of system
-    #   backups, transaction logs, and the database instance properties that
-    #   existed at the time you deleted the source instance.
+    #   An automated backup of a DB instance. It consists of system backups,
+    #   transaction logs, and the database instance properties that existed
+    #   at the time you deleted the source instance.
     #   @return [Types::DBInstanceAutomatedBackup]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupResult AWS API Documentation
@@ -9140,6 +9219,7 @@ module Aws::RDS
     #         ],
     #         max_records: 1,
     #         marker: "String",
+    #         db_instance_automated_backups_arn: "String",
     #       }
     #
     # @!attribute [rw] dbi_resource_id
@@ -9195,6 +9275,12 @@ module Aws::RDS
     #   marker, up to `MaxRecords`.
     #   @return [String]
     #
+    # @!attribute [rw] db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) of the replicated automated backups,
+    #   for example,
+    #   `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstanceAutomatedBackupsMessage AWS API Documentation
     #
     class DescribeDBInstanceAutomatedBackupsMessage < Struct.new(
@@ -9202,7 +9288,8 @@ module Aws::RDS
       :db_instance_identifier,
       :filters,
       :max_records,
-      :marker)
+      :marker,
+      :db_instance_automated_backups_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -11710,11 +11797,11 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ID of the AWS KMS key that is used to encrypt the snapshot when
-    #   it's exported to Amazon S3. The KMS key ID is the Amazon Resource
-    #   Name (ARN), the KMS key identifier, or the KMS key alias for the KMS
-    #   encryption key. The IAM role used for the snapshot export must have
-    #   encryption and decryption permissions to use this KMS key.
+    #   The key identifier of the AWS KMS customer master key (CMK) that is
+    #   used to encrypt the snapshot when it's exported to Amazon S3. The
+    #   AWS KMS CMK identifier is its key ARN, key ID, alias ARN, or alias
+    #   name. The IAM role used for the snapshot export must have encryption
+    #   and decryption permissions to use this AWS KMS CMK.
     #   @return [String]
     #
     # @!attribute [rw] status
@@ -11898,7 +11985,8 @@ module Aws::RDS
     # @!attribute [rw] global_cluster_resource_id
     #   The AWS Region-unique, immutable identifier for the global database
     #   cluster. This identifier is found in AWS CloudTrail log entries
-    #   whenever the AWS KMS key for the DB cluster is accessed.
+    #   whenever the AWS KMS customer master key (CMK) for the DB cluster is
+    #   accessed.
     #   @return [String]
     #
     # @!attribute [rw] global_cluster_arn
@@ -12096,12 +12184,12 @@ module Aws::RDS
     #
     #   **Microsoft SQL Server**
     #
-    #   See [Version and Feature Support on Amazon RDS][1] in the *Amazon
+    #   See [ Microsoft SQL Server Versions on Amazon RDS][1] in the *Amazon
     #   RDS User Guide.*
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.FeatureSupport
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport
     #   @return [String]
     #
     # @!attribute [rw] engine_installation_media_path
@@ -13452,7 +13540,7 @@ module Aws::RDS
     #   The version number of the database engine to upgrade to. Changing
     #   this parameter results in an outage and the change is applied during
     #   the next maintenance window unless the `ApplyImmediately` parameter
-    #   is eanbled for this request.
+    #   is enabled for this request.
     #
     #   For major version upgrades, if a nondefault DB parameter group is
     #   currently in use, a new DB parameter group in the DB parameter group
@@ -13751,8 +13839,10 @@ module Aws::RDS
     # @!attribute [rw] enable_iam_database_authentication
     #   A value that indicates whether to enable mapping of AWS Identity and
     #   Access Management (IAM) accounts to database accounts. By default,
-    #   mapping is disabled. For information about the supported DB engines,
-    #   see CreateDBInstance.
+    #   mapping is disabled.
+    #
+    #   This setting doesn't apply to Amazon Aurora. Mapping AWS IAM
+    #   accounts to database accounts is managed by the DB cluster.
     #
     #   For more information about IAM database authentication, see [ IAM
     #   Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -13777,13 +13867,15 @@ module Aws::RDS
     #
     # @!attribute [rw] performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #
     #   If you do not specify a value for `PerformanceInsightsKMSKeyId`,
-    #   then Amazon RDS uses your default encryption key. AWS KMS creates
-    #   the default encryption key for your AWS account. Your AWS account
-    #   has a different default encryption key for each AWS Region.
+    #   then Amazon RDS uses your default CMK. There is a default CMK for
+    #   your AWS account. Your AWS account has a different default CMK for
+    #   each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] performance_insights_retention_period
@@ -15188,13 +15280,6 @@ module Aws::RDS
     #
     # @!attribute [rw] supported_engine_modes
     #   A list of the supported DB engine modes.
-    #
-    #   <note markdown="1"> `global` engine mode only applies for global database clusters
-    #   created with Aurora MySQL version 5.6.10a. For higher Aurora MySQL
-    #   versions, the clusters in a global database use `provisioned` engine
-    #   mode.
-    #
-    #    </note>
     #   @return [Array<String>]
     #
     # @!attribute [rw] supports_storage_autoscaling
@@ -16113,7 +16198,7 @@ module Aws::RDS
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) of the IAM role to disassociate from
-    #   the DB instance, for example
+    #   the DB instance, for example,
     #   `arn:aws:iam::123456789012:role/AccessRole`.
     #   @return [String]
     #
@@ -16830,17 +16915,14 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier for an encrypted DB cluster.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB cluster with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   cluster, then you can use the KMS key alias instead of the ARN for
-    #   the KM encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
     #   If the StorageEncrypted parameter is enabled, and you do not specify
     #   a value for the `KmsKeyId` parameter, then Amazon RDS will use your
-    #   default encryption key. AWS KMS creates the default encryption key
-    #   for your AWS account. Your AWS account has a different default
-    #   encryption key for each AWS Region.
+    #   default CMK. There is a default CMK for your AWS account. Your AWS
+    #   account has a different default CMK for each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] enable_iam_database_authentication
@@ -17158,18 +17240,16 @@ module Aws::RDS
     #   The AWS KMS key identifier to use when restoring an encrypted DB
     #   cluster from a DB snapshot or DB cluster snapshot.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are restoring a DB cluster with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   cluster, then you can use the KMS key alias instead of the ARN for
-    #   the KMS encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
-    #   If you don't specify a value for the `KmsKeyId` parameter, then the
-    #   following occurs:
+    #   When you don't specify a value for the `KmsKeyId` parameter, then
+    #   the following occurs:
     #
     #   * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
     #     is encrypted, then the restored DB cluster is encrypted using the
-    #     KMS key that was used to encrypt the DB snapshot or DB cluster
+    #     AWS KMS CMK that was used to encrypt the DB snapshot or DB cluster
     #     snapshot.
     #
     #   * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
@@ -17221,6 +17301,12 @@ module Aws::RDS
     # @!attribute [rw] engine_mode
     #   The DB engine mode of the DB cluster, either `provisioned`,
     #   `serverless`, `parallelquery`, `global`, or `multimaster`.
+    #
+    #   For more information, see [ CreateDBCluster][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html
     #   @return [String]
     #
     # @!attribute [rw] scaling_configuration
@@ -17458,23 +17544,21 @@ module Aws::RDS
     #   The AWS KMS key identifier to use when restoring an encrypted DB
     #   cluster from an encrypted DB cluster.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are restoring a DB cluster with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   cluster, then you can use the KMS key alias instead of the ARN for
-    #   the KMS encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
     #   You can restore to a new DB cluster and encrypt the new DB cluster
-    #   with a KMS key that is different than the KMS key used to encrypt
-    #   the source DB cluster. The new DB cluster is encrypted with the KMS
-    #   key identified by the `KmsKeyId` parameter.
+    #   with a AWS KMS CMK that is different than the AWS KMS key used to
+    #   encrypt the source DB cluster. The new DB cluster is encrypted with
+    #   the AWS KMS CMK identified by the `KmsKeyId` parameter.
     #
     #   If you don't specify a value for the `KmsKeyId` parameter, then the
     #   following occurs:
     #
     #   * If the DB cluster is encrypted, then the restored DB cluster is
-    #     encrypted using the KMS key that was used to encrypt the source DB
-    #     cluster.
+    #     encrypted using the AWS KMS CMK that was used to encrypt the
+    #     source DB cluster.
     #
     #   * If the DB cluster isn't encrypted, then the restored DB cluster
     #     isn't encrypted.
@@ -17904,8 +17988,7 @@ module Aws::RDS
     # @!attribute [rw] enable_iam_database_authentication
     #   A value that indicates whether to enable mapping of AWS Identity and
     #   Access Management (IAM) accounts to database accounts. By default,
-    #   mapping is disabled. For information about the supported DB engines,
-    #   see CreateDBInstance.
+    #   mapping is disabled.
     #
     #   For more information about IAM database authentication, see [ IAM
     #   Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -17920,11 +18003,11 @@ module Aws::RDS
     #   The list of logs that the restored DB instance is to export to
     #   CloudWatch Logs. The values in the list depend on the DB engine
     #   being used. For more information, see [Publishing Database Logs to
-    #   Amazon CloudWatch Logs][1] in the *Amazon Aurora User Guide*.
+    #   Amazon CloudWatch Logs][1] in the *Amazon RDS User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch
     #   @return [Array<String>]
     #
     # @!attribute [rw] processor_features
@@ -18073,6 +18156,7 @@ module Aws::RDS
     #         ],
     #         use_default_processor_features: false,
     #         deletion_protection: false,
+    #         max_allocated_storage: 1,
     #       }
     #
     # @!attribute [rw] db_name
@@ -18333,17 +18417,14 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier for an encrypted DB instance.
     #
-    #   The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
-    #   encryption key. If you are creating a DB instance with the same AWS
-    #   account that owns the KMS encryption key used to encrypt the new DB
-    #   instance, then you can use the KMS key alias instead of the ARN for
-    #   the KM encryption key.
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK). To use a CMK
+    #   in a different AWS account, specify the key ARN or alias ARN.
     #
     #   If the `StorageEncrypted` parameter is enabled, and you do not
     #   specify a value for the `KmsKeyId` parameter, then Amazon RDS will
-    #   use your default encryption key. AWS KMS creates the default
-    #   encryption key for your AWS account. Your AWS account has a
-    #   different default encryption key for each AWS Region.
+    #   use your default CMK. There is a default CMK for your AWS account.
+    #   Your AWS account has a different default CMK for each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] copy_tags_to_snapshot
@@ -18382,8 +18463,7 @@ module Aws::RDS
     # @!attribute [rw] enable_iam_database_authentication
     #   A value that indicates whether to enable mapping of AWS Identity and
     #   Access Management (IAM) accounts to database accounts. By default,
-    #   mapping is disabled. For information about the supported DB engines,
-    #   see CreateDBInstance.
+    #   mapping is disabled.
     #
     #   For more information about IAM database authentication, see [ IAM
     #   Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -18436,13 +18516,15 @@ module Aws::RDS
     #
     # @!attribute [rw] performance_insights_kms_key_id
     #   The AWS KMS key identifier for encryption of Performance Insights
-    #   data. The KMS key ID is the Amazon Resource Name (ARN), the KMS key
-    #   identifier, or the KMS key alias for the KMS encryption key.
+    #   data.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #
     #   If you do not specify a value for `PerformanceInsightsKMSKeyId`,
-    #   then Amazon RDS uses your default encryption key. AWS KMS creates
-    #   the default encryption key for your AWS account. Your AWS account
-    #   has a different default encryption key for each AWS Region.
+    #   then Amazon RDS uses your default CMK. There is a default CMK for
+    #   your AWS account. Your AWS account has a different default CMK for
+    #   each AWS Region.
     #   @return [String]
     #
     # @!attribute [rw] performance_insights_retention_period
@@ -18482,6 +18564,11 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
     #   @return [Boolean]
     #
+    # @!attribute [rw] max_allocated_storage
+    #   The upper limit to which Amazon RDS can automatically scale the
+    #   storage of the DB instance.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3Message AWS API Documentation
     #
     class RestoreDBInstanceFromS3Message < Struct.new(
@@ -18527,7 +18614,8 @@ module Aws::RDS
       :enable_cloudwatch_logs_exports,
       :processor_features,
       :use_default_processor_features,
-      :deletion_protection)
+      :deletion_protection,
+      :max_allocated_storage)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -18592,6 +18680,8 @@ module Aws::RDS
     #         db_parameter_group_name: "String",
     #         deletion_protection: false,
     #         source_dbi_resource_id: "String",
+    #         max_allocated_storage: 1,
+    #         source_db_instance_automated_backups_arn: "String",
     #       }
     #
     # @!attribute [rw] source_db_instance_identifier
@@ -18850,8 +18940,7 @@ module Aws::RDS
     # @!attribute [rw] enable_iam_database_authentication
     #   A value that indicates whether to enable mapping of AWS Identity and
     #   Access Management (IAM) accounts to database accounts. By default,
-    #   mapping is disabled. For information about the supported DB engines,
-    #   see CreateDBInstance.
+    #   mapping is disabled.
     #
     #   For more information about IAM database authentication, see [ IAM
     #   Database Authentication for MySQL and PostgreSQL][1] in the *Amazon
@@ -18916,6 +19005,17 @@ module Aws::RDS
     #   The resource ID of the source DB instance from which to restore.
     #   @return [String]
     #
+    # @!attribute [rw] max_allocated_storage
+    #   The upper limit to which Amazon RDS can automatically scale the
+    #   storage of the DB instance.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] source_db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) of the replicated automated backups
+    #   from which to restore, for example,
+    #   `arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTimeMessage AWS API Documentation
     #
     class RestoreDBInstanceToPointInTimeMessage < Struct.new(
@@ -18949,7 +19049,9 @@ module Aws::RDS
       :use_default_processor_features,
       :db_parameter_group_name,
       :deletion_protection,
-      :source_dbi_resource_id)
+      :source_dbi_resource_id,
+      :max_allocated_storage,
+      :source_db_instance_automated_backups_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -19262,12 +19364,18 @@ module Aws::RDS
     #   The status of the source AWS Region.
     #   @return [String]
     #
+    # @!attribute [rw] supports_db_instance_automated_backups_replication
+    #   Whether the source AWS Region supports replicating automated backups
+    #   to the current AWS Region.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SourceRegion AWS API Documentation
     #
     class SourceRegion < Struct.new(
       :region_name,
       :endpoint,
-      :status)
+      :status,
+      :supports_db_instance_automated_backups_replication)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -19307,7 +19415,7 @@ module Aws::RDS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the DB cluster, for example
+    #   The Amazon Resource Name (ARN) of the DB cluster, for example,
     #   `arn:aws:rds:us-east-1:12345667890:cluster:das-cluster`.
     #   @return [String]
     #
@@ -19320,8 +19428,8 @@ module Aws::RDS
     #
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier for encrypting messages in the database
-    #   activity stream. The key identifier can be either a key ID, a key
-    #   ARN, or a key alias.
+    #   activity stream. The AWS KMS key identifier is the key ARN, key ID,
+    #   alias ARN, or alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] apply_immediately
@@ -19412,6 +19520,75 @@ module Aws::RDS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass StartDBInstanceAutomatedBackupsReplicationMessage
+    #   data as a hash:
+    #
+    #       {
+    #         source_db_instance_arn: "String", # required
+    #         backup_retention_period: 1,
+    #         kms_key_id: "String",
+    #         pre_signed_url: "String",
+    #         source_region: "String",
+    #       }
+    #
+    # @!attribute [rw] source_db_instance_arn
+    #   The Amazon Resource Name (ARN) of the source DB instance for the
+    #   replicated automated backups, for example,
+    #   `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
+    #   @return [String]
+    #
+    # @!attribute [rw] backup_retention_period
+    #   The retention period for the replicated automated backups.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The AWS KMS key identifier for encryption of the replicated
+    #   automated backups. The KMS key ID is the Amazon Resource Name (ARN)
+    #   for the KMS encryption key in the destination AWS Region, for
+    #   example,
+    #   `arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`.
+    #   @return [String]
+    #
+    # @!attribute [rw] pre_signed_url
+    #   A URL that contains a Signature Version 4 signed request for the
+    #   StartDBInstanceAutomatedBackupsReplication action to be called in
+    #   the AWS Region of the source DB instance. The presigned URL must be
+    #   a valid request for the StartDBInstanceAutomatedBackupsReplication
+    #   API action that can be executed in the AWS Region that contains the
+    #   source DB instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] source_region
+    #   The source region of the snapshot. This is only needed when the
+    #   shapshot is encrypted and in a different region.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
+    #
+    class StartDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
+      :source_db_instance_arn,
+      :backup_retention_period,
+      :kms_key_id,
+      :pre_signed_url,
+      :source_region)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] db_instance_automated_backup
+    #   An automated backup of a DB instance. It consists of system backups,
+    #   transaction logs, and the database instance properties that existed
+    #   at the time you deleted the source instance.
+    #   @return [Types::DBInstanceAutomatedBackup]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
+    #
+    class StartDBInstanceAutomatedBackupsReplicationResult < Struct.new(
+      :db_instance_automated_backup)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass StartDBInstanceMessage
     #   data as a hash:
     #
@@ -19480,11 +19657,12 @@ module Aws::RDS
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ID of the AWS KMS key to use to encrypt the snapshot exported to
-    #   Amazon S3. The KMS key ID is the Amazon Resource Name (ARN), the KMS
-    #   key identifier, or the KMS key alias for the KMS encryption key. The
-    #   caller of this operation must be authorized to execute the following
-    #   operations. These can be set in the KMS key policy:
+    #   The ID of the AWS KMS customer master key (CMK) to use to encrypt
+    #   the snapshot exported to Amazon S3. The AWS KMS key identifier is
+    #   the key ARN, key ID, alias ARN, or alias name for the AWS KMS
+    #   customer master key (CMK). The caller of this operation must be
+    #   authorized to execute the following operations. These can be set in
+    #   the AWS KMS key policy:
     #
     #   * GrantOperation.Encrypt
     #
@@ -19576,6 +19754,9 @@ module Aws::RDS
     # @!attribute [rw] kms_key_id
     #   The AWS KMS key identifier used for encrypting messages in the
     #   database activity stream.
+    #
+    #   The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
+    #   alias name for the AWS KMS customer master key (CMK).
     #   @return [String]
     #
     # @!attribute [rw] kinesis_stream_name
@@ -19632,6 +19813,41 @@ module Aws::RDS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass StopDBInstanceAutomatedBackupsReplicationMessage
+    #   data as a hash:
+    #
+    #       {
+    #         source_db_instance_arn: "String", # required
+    #       }
+    #
+    # @!attribute [rw] source_db_instance_arn
+    #   The Amazon Resource Name (ARN) of the source DB instance for which
+    #   to stop replicating automated backups, for example,
+    #   `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
+    #
+    class StopDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
+      :source_db_instance_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] db_instance_automated_backup
+    #   An automated backup of a DB instance. It consists of system backups,
+    #   transaction logs, and the database instance properties that existed
+    #   at the time you deleted the source instance.
+    #   @return [Types::DBInstanceAutomatedBackup]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
+    #
+    class StopDBInstanceAutomatedBackupsReplicationResult < Struct.new(
+      :db_instance_automated_backup)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass StopDBInstanceMessage
     #   data as a hash:
     #