aws-sdk-rds 1.106.0 → 1.107.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -174,6 +174,9 @@ module Aws::RDS
174
174
 
175
175
  # If `Encrypted` is true, the AWS KMS key identifier for the encrypted
176
176
  # DB snapshot.
177
+ #
178
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
179
+ # name for the AWS KMS customer master key (CMK).
177
180
  # @return [String]
178
181
  def kms_key_id
179
182
  data[:kms_key_id]
@@ -426,14 +429,14 @@ module Aws::RDS
426
429
  #
427
430
  # Example: `my-db-snapshot`
428
431
  # @option options [String] :kms_key_id
429
- # The AWS KMS key ID for an encrypted DB snapshot. The KMS key ID is the
430
- # Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias
431
- # for the KMS encryption key.
432
+ # The AWS KMS key identifier for an encrypted DB snapshot. The AWS KMS
433
+ # key identifier is the key ARN, key ID, alias ARN, or alias name for
434
+ # the AWS KMS customer master key (CMK).
432
435
  #
433
436
  # If you copy an encrypted DB snapshot from your AWS account, you can
434
- # specify a value for this parameter to encrypt the copy with a new KMS
435
- # encryption key. If you don't specify a value for this parameter, then
436
- # the copy of the DB snapshot is encrypted with the same KMS key as the
437
+ # specify a value for this parameter to encrypt the copy with a new AWS
438
+ # KMS CMK. If you don't specify a value for this parameter, then the
439
+ # copy of the DB snapshot is encrypted with the same AWS KMS key as the
437
440
  # source DB snapshot.
438
441
  #
439
442
  # If you copy an encrypted DB snapshot that is shared from another AWS
@@ -443,9 +446,9 @@ module Aws::RDS
443
446
  # the copy is encrypted.
444
447
  #
445
448
  # If you copy an encrypted snapshot to a different AWS Region, then you
446
- # must specify a KMS key for the destination AWS Region. KMS encryption
447
- # keys are specific to the AWS Region that they are created in, and you
448
- # can't use encryption keys from one AWS Region in another AWS Region.
449
+ # must specify a AWS KMS key identifier for the destination AWS Region.
450
+ # AWS KMS CMKs are specific to the AWS Region that they are created in,
451
+ # and you can't use CMKs from one AWS Region in another AWS Region.
449
452
  # @option options [Array<Types::Tag>] :tags
450
453
  # A list of tags. For more information, see [Tagging Amazon RDS
451
454
  # Resources][1] in the *Amazon RDS User Guide.*
@@ -482,11 +485,11 @@ module Aws::RDS
482
485
  # the us-west-2 AWS Region. For this example, the `DestinationRegion`
483
486
  # in the presigned URL must be set to the us-east-1 AWS Region.
484
487
  #
485
- # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
486
- # encrypt the copy of the DB snapshot in the destination AWS Region.
487
- # This is the same identifier for both the `CopyDBSnapshot` action
488
- # that is called in the destination AWS Region, and the action
489
- # contained in the presigned URL.
488
+ # * `KmsKeyId` - The AWS KMS key identifier for the customer master key
489
+ # (CMK) to use to encrypt the copy of the DB snapshot in the
490
+ # destination AWS Region. This is the same identifier for both the
491
+ # `CopyDBSnapshot` action that is called in the destination AWS
492
+ # Region, and the action contained in the presigned URL.
490
493
  #
491
494
  # * `SourceDBSnapshotIdentifier` - The DB snapshot identifier for the
492
495
  # encrypted snapshot to be copied. This identifier must be in the
@@ -531,7 +534,6 @@ module Aws::RDS
531
534
  # CAZ.
532
535
  #
533
536
  # Example: `rds-caz-aiqhTgQv`.
534
- # @option options [String] :destination_region
535
537
  # @option options [String] :source_region
536
538
  # The source region of the snapshot. This is only needed when the
537
539
  # shapshot is encrypted and in a different region.
@@ -5,28 +5,26 @@ require 'aws-sigv4'
5
5
  module Aws
6
6
  module RDS
7
7
  module Plugins
8
-
9
- # This plugin populates the `:pre_signed_url` request param for the
10
- # CopyDBSnapshot API.
8
+ # This plugin populates the `:pre_signed_url` request param for APIs
9
+ # that support cross region copying.
11
10
  #
12
11
  # This parameter is required by RDS when copying an encrypted snapshot
13
12
  # across regions. This plugin will be skipped if the `:pre_signed_url`
14
13
  # parameter is provided by the user.
15
14
  class CrossRegionCopying < Seahorse::Client::Plugin
16
-
17
15
  # @api private
18
16
  class Handler < Seahorse::Client::Handler
19
-
20
17
  def call(context)
21
18
  params = context.params
22
- if params.is_a?(Hash) && params[:source_region] && !params[:pre_signed_url]
19
+ if params.is_a?(Hash) &&
20
+ params[:source_region] && !params[:pre_signed_url]
23
21
  params[:pre_signed_url] = presigned_url(context, params)
24
- params[:destination_region] = context.config.region
25
22
  end
26
23
  @handler.call(context)
27
24
  end
28
25
 
29
26
  private
27
+
30
28
  def presigned_url(context, params)
31
29
  # :source_region is not modeled in the api
32
30
  source_region = params.delete(:source_region)
@@ -43,12 +41,13 @@ module Aws
43
41
  region: source_region,
44
42
  credentials_provider: context.config.credentials
45
43
  )
46
- url = Aws::Partitions::EndpointProvider.resolve(signer.region, 'rds')
47
- url += "?#{param_list.to_s}"
44
+ url = Aws::Partitions::EndpointProvider.resolve(
45
+ signer.region, 'rds'
46
+ )
47
+ url += "?#{param_list}"
48
48
  signer.presign_url(
49
49
  http_method: 'GET',
50
50
  url: url,
51
- body: '',
52
51
  expires_in: 3600
53
52
  ).to_s
54
53
  end
@@ -61,10 +60,10 @@ module Aws
61
60
  :copy_db_snapshot,
62
61
  :create_db_instance_read_replica,
63
62
  :copy_db_cluster_snapshot,
64
- :create_db_cluster
63
+ :create_db_cluster,
64
+ :start_db_instance_automated_backups_replication
65
65
  ]
66
66
  )
67
-
68
67
  end
69
68
  end
70
69
  end
@@ -258,30 +258,27 @@ module Aws::RDS
258
258
  # @option options [String] :kms_key_id
259
259
  # The AWS KMS key identifier for an encrypted DB cluster.
260
260
  #
261
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
262
- # encryption key. If you are creating a DB cluster with the same AWS
263
- # account that owns the KMS encryption key used to encrypt the new DB
264
- # cluster, then you can use the KMS key alias instead of the ARN for the
265
- # KMS encryption key.
261
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
262
+ # name for the AWS KMS customer master key (CMK). To use a CMK in a
263
+ # different AWS account, specify the key ARN or alias ARN.
266
264
  #
267
- # If an encryption key isn't specified in `KmsKeyId`\:
265
+ # When a CMK isn't specified in `KmsKeyId`\:
268
266
  #
269
267
  # * If `ReplicationSourceIdentifier` identifies an encrypted source,
270
- # then Amazon RDS will use the encryption key used to encrypt the
271
- # source. Otherwise, Amazon RDS will use your default encryption key.
268
+ # then Amazon RDS will use the CMK used to encrypt the source.
269
+ # Otherwise, Amazon RDS will use your default CMK.
272
270
  #
273
271
  # * If the `StorageEncrypted` parameter is enabled and
274
272
  # `ReplicationSourceIdentifier` isn't specified, then Amazon RDS will
275
- # use your default encryption key.
273
+ # use your default CMK.
276
274
  #
277
- # AWS KMS creates the default encryption key for your AWS account. Your
278
- # AWS account has a different default encryption key for each AWS
279
- # Region.
275
+ # There is a default CMK for your AWS account. Your AWS account has a
276
+ # different default CMK for each AWS Region.
280
277
  #
281
278
  # If you create a read replica of an encrypted DB cluster in another AWS
282
- # Region, you must set `KmsKeyId` to a KMS key ID that is valid in the
283
- # destination AWS Region. This key is used to encrypt the read replica
284
- # in that AWS Region.
279
+ # Region, you must set `KmsKeyId` to a AWS KMS key identifier that is
280
+ # valid in the destination AWS Region. This CMK is used to encrypt the
281
+ # read replica in that AWS Region.
285
282
  # @option options [String] :pre_signed_url
286
283
  # A URL that contains a Signature Version 4 signed request for the
287
284
  # `CreateDBCluster` action to be called in the source AWS Region where
@@ -298,9 +295,9 @@ module Aws::RDS
298
295
  #
299
296
  # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
300
297
  # encrypt the copy of the DB cluster in the destination AWS Region.
301
- # This should refer to the same KMS key for both the `CreateDBCluster`
302
- # action that is called in the destination AWS Region, and the action
303
- # contained in the pre-signed URL.
298
+ # This should refer to the same AWS KMS CMK for both the
299
+ # `CreateDBCluster` action that is called in the destination AWS
300
+ # Region, and the action contained in the pre-signed URL.
304
301
  #
305
302
  # * `DestinationRegion` - The name of the AWS Region that Aurora read
306
303
  # replica will be created in.
@@ -460,7 +457,6 @@ module Aws::RDS
460
457
  # This parameter only applies to DB clusters that are secondary clusters
461
458
  # in an Aurora global database. By default, Aurora disallows write
462
459
  # operations for secondary clusters.
463
- # @option options [String] :destination_region
464
460
  # @option options [String] :source_region
465
461
  # The source region of the snapshot. This is only needed when the
466
462
  # shapshot is encrypted and in a different region.
@@ -1230,22 +1226,19 @@ module Aws::RDS
1230
1226
  # @option options [String] :kms_key_id
1231
1227
  # The AWS KMS key identifier for an encrypted DB instance.
1232
1228
  #
1233
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
1234
- # encryption key. If you are creating a DB instance with the same AWS
1235
- # account that owns the KMS encryption key used to encrypt the new DB
1236
- # instance, then you can use the KMS key alias instead of the ARN for
1237
- # the KM encryption key.
1229
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1230
+ # name for the AWS KMS customer master key (CMK). To use a CMK in a
1231
+ # different AWS account, specify the key ARN or alias ARN.
1238
1232
  #
1239
1233
  # **Amazon Aurora**
1240
1234
  #
1241
- # Not applicable. The KMS key identifier is managed by the DB cluster.
1242
- # For more information, see `CreateDBCluster`.
1235
+ # Not applicable. The AWS KMS key identifier is managed by the DB
1236
+ # cluster. For more information, see `CreateDBCluster`.
1243
1237
  #
1244
1238
  # If `StorageEncrypted` is enabled, and you do not specify a value for
1245
- # the `KmsKeyId` parameter, then Amazon RDS will use your default
1246
- # encryption key. AWS KMS creates the default encryption key for your
1247
- # AWS account. Your AWS account has a different default encryption key
1248
- # for each AWS Region.
1239
+ # the `KmsKeyId` parameter, then Amazon RDS uses your default CMK. There
1240
+ # is a default CMK for your AWS account. Your AWS account has a
1241
+ # different default CMK for each AWS Region.
1249
1242
  # @option options [String] :domain
1250
1243
  # The Active Directory directory ID to create the DB instance in.
1251
1244
  # Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB
@@ -1337,13 +1330,15 @@ module Aws::RDS
1337
1330
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html
1338
1331
  # @option options [String] :performance_insights_kms_key_id
1339
1332
  # The AWS KMS key identifier for encryption of Performance Insights
1340
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
1341
- # identifier, or the KMS key alias for the KMS encryption key.
1333
+ # data.
1334
+ #
1335
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1336
+ # name for the AWS KMS customer master key (CMK).
1342
1337
  #
1343
1338
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`, then
1344
- # Amazon RDS uses your default encryption key. AWS KMS creates the
1345
- # default encryption key for your AWS account. Your AWS account has a
1346
- # different default encryption key for each AWS Region.
1339
+ # Amazon RDS uses your default CMK. There is a default CMK for your AWS
1340
+ # account. Your AWS account has a different default CMK for each AWS
1341
+ # Region.
1347
1342
  # @option options [Integer] :performance_insights_retention_period
1348
1343
  # The amount of time, in days, to retain Performance Insights data.
1349
1344
  # Valid values are 7 or 731 (2 years).
@@ -157,7 +157,7 @@ module Aws::RDS
157
157
  #
158
158
  # @!attribute [rw] role_arn
159
159
  # The Amazon Resource Name (ARN) of the IAM role to associate with the
160
- # Aurora DB cluster, for example
160
+ # Aurora DB cluster, for example,
161
161
  # `arn:aws:iam::123456789012:role/AuroraAccessRole`.
162
162
  # @return [String]
163
163
  #
@@ -1050,25 +1050,25 @@ module Aws::RDS
1050
1050
  # @return [String]
1051
1051
  #
1052
1052
  # @!attribute [rw] kms_key_id
1053
- # The AWS KMS key ID for an encrypted DB cluster snapshot. The KMS key
1054
- # ID is the Amazon Resource Name (ARN), KMS key identifier, or the KMS
1055
- # key alias for the KMS encryption key.
1053
+ # The AWS KMS key identifier for an encrypted DB cluster snapshot. The
1054
+ # AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias
1055
+ # name for the AWS KMS customer master key (CMK).
1056
1056
  #
1057
1057
  # If you copy an encrypted DB cluster snapshot from your AWS account,
1058
1058
  # you can specify a value for `KmsKeyId` to encrypt the copy with a
1059
- # new KMS encryption key. If you don't specify a value for
1060
- # `KmsKeyId`, then the copy of the DB cluster snapshot is encrypted
1061
- # with the same KMS key as the source DB cluster snapshot.
1059
+ # new AWS KMS CMK. If you don't specify a value for `KmsKeyId`, then
1060
+ # the copy of the DB cluster snapshot is encrypted with the same AWS
1061
+ # KMS key as the source DB cluster snapshot.
1062
1062
  #
1063
1063
  # If you copy an encrypted DB cluster snapshot that is shared from
1064
1064
  # another AWS account, then you must specify a value for `KmsKeyId`.
1065
1065
  #
1066
1066
  # To copy an encrypted DB cluster snapshot to another AWS Region, you
1067
- # must set `KmsKeyId` to the KMS key ID you want to use to encrypt the
1068
- # copy of the DB cluster snapshot in the destination AWS Region. KMS
1069
- # encryption keys are specific to the AWS Region that they are created
1070
- # in, and you can't use encryption keys from one AWS Region in
1071
- # another AWS Region.
1067
+ # must set `KmsKeyId` to the AWS KMS key identifier you want to use to
1068
+ # encrypt the copy of the DB cluster snapshot in the destination AWS
1069
+ # Region. AWS KMS CMKs are specific to the AWS Region that they are
1070
+ # created in, and you can't use CMKs from one AWS Region in another
1071
+ # AWS Region.
1072
1072
  #
1073
1073
  # If you copy an unencrypted DB cluster snapshot and specify a value
1074
1074
  # for the `KmsKeyId` parameter, an error is returned.
@@ -1088,11 +1088,12 @@ module Aws::RDS
1088
1088
  # be copied. The pre-signed URL request must contain the following
1089
1089
  # parameter values:
1090
1090
  #
1091
- # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1092
- # encrypt the copy of the DB cluster snapshot in the destination AWS
1093
- # Region. This is the same identifier for both the
1094
- # `CopyDBClusterSnapshot` action that is called in the destination
1095
- # AWS Region, and the action contained in the pre-signed URL.
1091
+ # * `KmsKeyId` - The AWS KMS key identifier for the customer master
1092
+ # key (CMK) to use to encrypt the copy of the DB cluster snapshot in
1093
+ # the destination AWS Region. This is the same identifier for both
1094
+ # the `CopyDBClusterSnapshot` action that is called in the
1095
+ # destination AWS Region, and the action contained in the pre-signed
1096
+ # URL.
1096
1097
  #
1097
1098
  # * `DestinationRegion` - The name of the AWS Region that the DB
1098
1099
  # cluster snapshot is to be created in.
@@ -1139,9 +1140,6 @@ module Aws::RDS
1139
1140
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
1140
1141
  # @return [Array<Types::Tag>]
1141
1142
  #
1142
- # @!attribute [rw] destination_region
1143
- # @return [String]
1144
- #
1145
1143
  # @!attribute [rw] source_region
1146
1144
  # The source region of the snapshot. This is only needed when the
1147
1145
  # shapshot is encrypted and in a different region.
@@ -1156,7 +1154,6 @@ module Aws::RDS
1156
1154
  :pre_signed_url,
1157
1155
  :copy_tags,
1158
1156
  :tags,
1159
- :destination_region,
1160
1157
  :source_region)
1161
1158
  SENSITIVE = []
1162
1159
  include Aws::Structure
@@ -1331,15 +1328,15 @@ module Aws::RDS
1331
1328
  # @return [String]
1332
1329
  #
1333
1330
  # @!attribute [rw] kms_key_id
1334
- # The AWS KMS key ID for an encrypted DB snapshot. The KMS key ID is
1335
- # the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
1336
- # alias for the KMS encryption key.
1331
+ # The AWS KMS key identifier for an encrypted DB snapshot. The AWS KMS
1332
+ # key identifier is the key ARN, key ID, alias ARN, or alias name for
1333
+ # the AWS KMS customer master key (CMK).
1337
1334
  #
1338
1335
  # If you copy an encrypted DB snapshot from your AWS account, you can
1339
1336
  # specify a value for this parameter to encrypt the copy with a new
1340
- # KMS encryption key. If you don't specify a value for this
1341
- # parameter, then the copy of the DB snapshot is encrypted with the
1342
- # same KMS key as the source DB snapshot.
1337
+ # AWS KMS CMK. If you don't specify a value for this parameter, then
1338
+ # the copy of the DB snapshot is encrypted with the same AWS KMS key
1339
+ # as the source DB snapshot.
1343
1340
  #
1344
1341
  # If you copy an encrypted DB snapshot that is shared from another AWS
1345
1342
  # account, then you must specify a value for this parameter.
@@ -1348,10 +1345,10 @@ module Aws::RDS
1348
1345
  # the copy is encrypted.
1349
1346
  #
1350
1347
  # If you copy an encrypted snapshot to a different AWS Region, then
1351
- # you must specify a KMS key for the destination AWS Region. KMS
1352
- # encryption keys are specific to the AWS Region that they are created
1353
- # in, and you can't use encryption keys from one AWS Region in
1354
- # another AWS Region.
1348
+ # you must specify a AWS KMS key identifier for the destination AWS
1349
+ # Region. AWS KMS CMKs are specific to the AWS Region that they are
1350
+ # created in, and you can't use CMKs from one AWS Region in another
1351
+ # AWS Region.
1355
1352
  # @return [String]
1356
1353
  #
1357
1354
  # @!attribute [rw] tags
@@ -1396,11 +1393,11 @@ module Aws::RDS
1396
1393
  # example, the `DestinationRegion` in the presigned URL must be set
1397
1394
  # to the us-east-1 AWS Region.
1398
1395
  #
1399
- # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1400
- # encrypt the copy of the DB snapshot in the destination AWS Region.
1401
- # This is the same identifier for both the `CopyDBSnapshot` action
1402
- # that is called in the destination AWS Region, and the action
1403
- # contained in the presigned URL.
1396
+ # * `KmsKeyId` - The AWS KMS key identifier for the customer master
1397
+ # key (CMK) to use to encrypt the copy of the DB snapshot in the
1398
+ # destination AWS Region. This is the same identifier for both the
1399
+ # `CopyDBSnapshot` action that is called in the destination AWS
1400
+ # Region, and the action contained in the presigned URL.
1404
1401
  #
1405
1402
  # * `SourceDBSnapshotIdentifier` - The DB snapshot identifier for the
1406
1403
  # encrypted snapshot to be copied. This identifier must be in the
@@ -1451,9 +1448,6 @@ module Aws::RDS
1451
1448
  # Example: `rds-caz-aiqhTgQv`.
1452
1449
  # @return [String]
1453
1450
  #
1454
- # @!attribute [rw] destination_region
1455
- # @return [String]
1456
- #
1457
1451
  # @!attribute [rw] source_region
1458
1452
  # The source region of the snapshot. This is only needed when the
1459
1453
  # shapshot is encrypted and in a different region.
@@ -1470,7 +1464,6 @@ module Aws::RDS
1470
1464
  :pre_signed_url,
1471
1465
  :option_group_name,
1472
1466
  :target_custom_availability_zone,
1473
- :destination_region,
1474
1467
  :source_region)
1475
1468
  SENSITIVE = []
1476
1469
  include Aws::Structure
@@ -1954,31 +1947,27 @@ module Aws::RDS
1954
1947
  # @!attribute [rw] kms_key_id
1955
1948
  # The AWS KMS key identifier for an encrypted DB cluster.
1956
1949
  #
1957
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
1958
- # encryption key. If you are creating a DB cluster with the same AWS
1959
- # account that owns the KMS encryption key used to encrypt the new DB
1960
- # cluster, then you can use the KMS key alias instead of the ARN for
1961
- # the KMS encryption key.
1950
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
1951
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
1952
+ # in a different AWS account, specify the key ARN or alias ARN.
1962
1953
  #
1963
- # If an encryption key isn't specified in `KmsKeyId`\:
1954
+ # When a CMK isn't specified in `KmsKeyId`\:
1964
1955
  #
1965
1956
  # * If `ReplicationSourceIdentifier` identifies an encrypted source,
1966
- # then Amazon RDS will use the encryption key used to encrypt the
1967
- # source. Otherwise, Amazon RDS will use your default encryption
1968
- # key.
1957
+ # then Amazon RDS will use the CMK used to encrypt the source.
1958
+ # Otherwise, Amazon RDS will use your default CMK.
1969
1959
  #
1970
1960
  # * If the `StorageEncrypted` parameter is enabled and
1971
1961
  # `ReplicationSourceIdentifier` isn't specified, then Amazon RDS
1972
- # will use your default encryption key.
1962
+ # will use your default CMK.
1973
1963
  #
1974
- # AWS KMS creates the default encryption key for your AWS account.
1975
- # Your AWS account has a different default encryption key for each AWS
1976
- # Region.
1964
+ # There is a default CMK for your AWS account. Your AWS account has a
1965
+ # different default CMK for each AWS Region.
1977
1966
  #
1978
1967
  # If you create a read replica of an encrypted DB cluster in another
1979
- # AWS Region, you must set `KmsKeyId` to a KMS key ID that is valid in
1980
- # the destination AWS Region. This key is used to encrypt the read
1981
- # replica in that AWS Region.
1968
+ # AWS Region, you must set `KmsKeyId` to a AWS KMS key identifier that
1969
+ # is valid in the destination AWS Region. This CMK is used to encrypt
1970
+ # the read replica in that AWS Region.
1982
1971
  # @return [String]
1983
1972
  #
1984
1973
  # @!attribute [rw] pre_signed_url
@@ -1997,7 +1986,7 @@ module Aws::RDS
1997
1986
  #
1998
1987
  # * `KmsKeyId` - The AWS KMS key identifier for the key to use to
1999
1988
  # encrypt the copy of the DB cluster in the destination AWS Region.
2000
- # This should refer to the same KMS key for both the
1989
+ # This should refer to the same AWS KMS CMK for both the
2001
1990
  # `CreateDBCluster` action that is called in the destination AWS
2002
1991
  # Region, and the action contained in the pre-signed URL.
2003
1992
  #
@@ -2185,9 +2174,6 @@ module Aws::RDS
2185
2174
  # disallows write operations for secondary clusters.
2186
2175
  # @return [Boolean]
2187
2176
  #
2188
- # @!attribute [rw] destination_region
2189
- # @return [String]
2190
- #
2191
2177
  # @!attribute [rw] source_region
2192
2178
  # The source region of the snapshot. This is only needed when the
2193
2179
  # shapshot is encrypted and in a different region.
@@ -2229,7 +2215,6 @@ module Aws::RDS
2229
2215
  :domain,
2230
2216
  :domain_iam_role_name,
2231
2217
  :enable_global_write_forwarding,
2232
- :destination_region,
2233
2218
  :source_region)
2234
2219
  SENSITIVE = []
2235
2220
  include Aws::Structure
@@ -3168,22 +3153,19 @@ module Aws::RDS
3168
3153
  # @!attribute [rw] kms_key_id
3169
3154
  # The AWS KMS key identifier for an encrypted DB instance.
3170
3155
  #
3171
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
3172
- # encryption key. If you are creating a DB instance with the same AWS
3173
- # account that owns the KMS encryption key used to encrypt the new DB
3174
- # instance, then you can use the KMS key alias instead of the ARN for
3175
- # the KM encryption key.
3156
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3157
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
3158
+ # in a different AWS account, specify the key ARN or alias ARN.
3176
3159
  #
3177
3160
  # **Amazon Aurora**
3178
3161
  #
3179
- # Not applicable. The KMS key identifier is managed by the DB cluster.
3180
- # For more information, see `CreateDBCluster`.
3162
+ # Not applicable. The AWS KMS key identifier is managed by the DB
3163
+ # cluster. For more information, see `CreateDBCluster`.
3181
3164
  #
3182
3165
  # If `StorageEncrypted` is enabled, and you do not specify a value for
3183
- # the `KmsKeyId` parameter, then Amazon RDS will use your default
3184
- # encryption key. AWS KMS creates the default encryption key for your
3185
- # AWS account. Your AWS account has a different default encryption key
3186
- # for each AWS Region.
3166
+ # the `KmsKeyId` parameter, then Amazon RDS uses your default CMK.
3167
+ # There is a default CMK for your AWS account. Your AWS account has a
3168
+ # different default CMK for each AWS Region.
3187
3169
  # @return [String]
3188
3170
  #
3189
3171
  # @!attribute [rw] domain
@@ -3295,13 +3277,15 @@ module Aws::RDS
3295
3277
  #
3296
3278
  # @!attribute [rw] performance_insights_kms_key_id
3297
3279
  # The AWS KMS key identifier for encryption of Performance Insights
3298
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
3299
- # identifier, or the KMS key alias for the KMS encryption key.
3280
+ # data.
3281
+ #
3282
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3283
+ # alias name for the AWS KMS customer master key (CMK).
3300
3284
  #
3301
3285
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
3302
- # then Amazon RDS uses your default encryption key. AWS KMS creates
3303
- # the default encryption key for your AWS account. Your AWS account
3304
- # has a different default encryption key for each AWS Region.
3286
+ # then Amazon RDS uses your default CMK. There is a default CMK for
3287
+ # your AWS account. Your AWS account has a different default CMK for
3288
+ # each AWS Region.
3305
3289
  # @return [String]
3306
3290
  #
3307
3291
  # @!attribute [rw] performance_insights_retention_period
@@ -3719,19 +3703,20 @@ module Aws::RDS
3719
3703
  # @return [String]
3720
3704
  #
3721
3705
  # @!attribute [rw] kms_key_id
3722
- # The AWS KMS key ID for an encrypted read replica. The KMS key ID is
3723
- # the Amazon Resource Name (ARN), KMS key identifier, or the KMS key
3724
- # alias for the KMS encryption key.
3706
+ # The AWS KMS key identifier for an encrypted read replica.
3707
+ #
3708
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3709
+ # alias name for the AWS KMS CMK.
3725
3710
  #
3726
3711
  # If you create an encrypted read replica in the same AWS Region as
3727
3712
  # the source DB instance, then you do not have to specify a value for
3728
- # this parameter. The read replica is encrypted with the same KMS key
3729
- # as the source DB instance.
3713
+ # this parameter. The read replica is encrypted with the same AWS KMS
3714
+ # CMK as the source DB instance.
3730
3715
  #
3731
3716
  # If you create an encrypted read replica in a different AWS Region,
3732
- # then you must specify a KMS key for the destination AWS Region. KMS
3733
- # encryption keys are specific to the AWS Region that they are created
3734
- # in, and you can't use encryption keys from one AWS Region in
3717
+ # then you must specify a AWS KMS key identifier for the destination
3718
+ # AWS Region. AWS KMS CMKs are specific to the AWS Region that they
3719
+ # are created in, and you can't use CMKs from one AWS Region in
3735
3720
  # another AWS Region.
3736
3721
  #
3737
3722
  # You can't create an encrypted read replica from an unencrypted DB
@@ -3830,13 +3815,15 @@ module Aws::RDS
3830
3815
  #
3831
3816
  # @!attribute [rw] performance_insights_kms_key_id
3832
3817
  # The AWS KMS key identifier for encryption of Performance Insights
3833
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
3834
- # identifier, or the KMS key alias for the KMS encryption key.
3818
+ # data.
3819
+ #
3820
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
3821
+ # alias name for the AWS KMS customer master key (CMK).
3835
3822
  #
3836
3823
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
3837
- # then Amazon RDS uses your default encryption key. AWS KMS creates
3838
- # the default encryption key for your AWS account. Your AWS account
3839
- # has a different default encryption key for each AWS Region.
3824
+ # then Amazon RDS uses your default CMK. There is a default CMK for
3825
+ # your AWS account. Your AWS account has a different default CMK for
3826
+ # each AWS Region.
3840
3827
  # @return [String]
3841
3828
  #
3842
3829
  # @!attribute [rw] performance_insights_retention_period
@@ -3923,9 +3910,6 @@ module Aws::RDS
3923
3910
  # storage of the DB instance.
3924
3911
  # @return [Integer]
3925
3912
  #
3926
- # @!attribute [rw] destination_region
3927
- # @return [String]
3928
- #
3929
3913
  # @!attribute [rw] source_region
3930
3914
  # The source region of the snapshot. This is only needed when the
3931
3915
  # shapshot is encrypted and in a different region.
@@ -3966,7 +3950,6 @@ module Aws::RDS
3966
3950
  :domain_iam_role_name,
3967
3951
  :replica_mode,
3968
3952
  :max_allocated_storage,
3969
- :destination_region,
3970
3953
  :source_region)
3971
3954
  SENSITIVE = []
3972
3955
  include Aws::Structure
@@ -4914,12 +4897,15 @@ module Aws::RDS
4914
4897
  # @!attribute [rw] kms_key_id
4915
4898
  # If `StorageEncrypted` is enabled, the AWS KMS key identifier for the
4916
4899
  # encrypted DB cluster.
4900
+ #
4901
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
4902
+ # alias name for the AWS KMS customer master key (CMK).
4917
4903
  # @return [String]
4918
4904
  #
4919
4905
  # @!attribute [rw] db_cluster_resource_id
4920
4906
  # The AWS Region-unique, immutable identifier for the DB cluster. This
4921
4907
  # identifier is found in AWS CloudTrail log entries whenever the AWS
4922
- # KMS key for the DB cluster is accessed.
4908
+ # KMS CMK for the DB cluster is accessed.
4923
4909
  # @return [String]
4924
4910
  #
4925
4911
  # @!attribute [rw] db_cluster_arn
@@ -5045,6 +5031,9 @@ module Aws::RDS
5045
5031
  # @!attribute [rw] activity_stream_kms_key_id
5046
5032
  # The AWS KMS key identifier used for encrypting messages in the
5047
5033
  # database activity stream.
5034
+ #
5035
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
5036
+ # alias name for the AWS KMS customer master key (CMK).
5048
5037
  # @return [String]
5049
5038
  #
5050
5039
  # @!attribute [rw] activity_stream_kinesis_stream_name
@@ -5738,6 +5727,9 @@ module Aws::RDS
5738
5727
  # @!attribute [rw] kms_key_id
5739
5728
  # If `StorageEncrypted` is true, the AWS KMS key identifier for the
5740
5729
  # encrypted DB cluster snapshot.
5730
+ #
5731
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
5732
+ # alias name for the AWS KMS customer master key (CMK).
5741
5733
  # @return [String]
5742
5734
  #
5743
5735
  # @!attribute [rw] db_cluster_snapshot_arn
@@ -6274,12 +6266,15 @@ module Aws::RDS
6274
6266
  # @!attribute [rw] kms_key_id
6275
6267
  # If `StorageEncrypted` is true, the AWS KMS key identifier for the
6276
6268
  # encrypted DB instance.
6269
+ #
6270
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6271
+ # alias name for the AWS KMS customer master key (CMK).
6277
6272
  # @return [String]
6278
6273
  #
6279
6274
  # @!attribute [rw] dbi_resource_id
6280
6275
  # The AWS Region-unique, immutable identifier for the DB instance.
6281
6276
  # This identifier is found in AWS CloudTrail log entries whenever the
6282
- # AWS KMS key for the DB instance is accessed.
6277
+ # AWS KMS customer master key (CMK) for the DB instance is accessed.
6283
6278
  # @return [String]
6284
6279
  #
6285
6280
  # @!attribute [rw] ca_certificate_identifier
@@ -6361,8 +6356,10 @@ module Aws::RDS
6361
6356
  #
6362
6357
  # @!attribute [rw] performance_insights_kms_key_id
6363
6358
  # The AWS KMS key identifier for encryption of Performance Insights
6364
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
6365
- # identifier, or the KMS key alias for the KMS encryption key.
6359
+ # data.
6360
+ #
6361
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6362
+ # alias name for the AWS KMS customer master key (CMK).
6366
6363
  # @return [String]
6367
6364
  #
6368
6365
  # @!attribute [rw] performance_insights_retention_period
@@ -6421,6 +6418,11 @@ module Aws::RDS
6421
6418
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html
6422
6419
  # @return [Array<Types::Tag>]
6423
6420
  #
6421
+ # @!attribute [rw] db_instance_automated_backups_replications
6422
+ # The list of replicated automated backups associated with the DB
6423
+ # instance.
6424
+ # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
6425
+ #
6424
6426
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstance AWS API Documentation
6425
6427
  #
6426
6428
  class DBInstance < Struct.new(
@@ -6484,7 +6486,8 @@ module Aws::RDS
6484
6486
  :associated_roles,
6485
6487
  :listener_endpoint,
6486
6488
  :max_allocated_storage,
6487
- :tag_list)
6489
+ :tag_list,
6490
+ :db_instance_automated_backups_replications)
6488
6491
  SENSITIVE = []
6489
6492
  include Aws::Structure
6490
6493
  end
@@ -6495,12 +6498,12 @@ module Aws::RDS
6495
6498
  #
6496
6499
  class DBInstanceAlreadyExistsFault < Aws::EmptyStructure; end
6497
6500
 
6498
- # An automated backup of a DB instance. It it consists of system
6499
- # backups, transaction logs, and the database instance properties that
6500
- # existed at the time you deleted the source instance.
6501
+ # An automated backup of a DB instance. It consists of system backups,
6502
+ # transaction logs, and the database instance properties that existed at
6503
+ # the time you deleted the source instance.
6501
6504
  #
6502
6505
  # @!attribute [rw] db_instance_arn
6503
- # The Amazon Resource Name (ARN) for the automated backup.
6506
+ # The Amazon Resource Name (ARN) for the automated backups.
6504
6507
  # @return [String]
6505
6508
  #
6506
6509
  # @!attribute [rw] dbi_resource_id
@@ -6601,9 +6604,10 @@ module Aws::RDS
6601
6604
  # @return [String]
6602
6605
  #
6603
6606
  # @!attribute [rw] kms_key_id
6604
- # The AWS KMS key ID for an automated backup. The KMS key ID is the
6605
- # Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias
6606
- # for the KMS encryption key.
6607
+ # The AWS KMS key ID for an automated backup.
6608
+ #
6609
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
6610
+ # alias name for the AWS KMS customer master key (CMK).
6607
6611
  # @return [String]
6608
6612
  #
6609
6613
  # @!attribute [rw] timezone
@@ -6617,6 +6621,19 @@ module Aws::RDS
6617
6621
  # to database accounts is enabled, and otherwise false.
6618
6622
  # @return [Boolean]
6619
6623
  #
6624
+ # @!attribute [rw] backup_retention_period
6625
+ # The retention period for the automated backups.
6626
+ # @return [Integer]
6627
+ #
6628
+ # @!attribute [rw] db_instance_automated_backups_arn
6629
+ # The Amazon Resource Name (ARN) for the replicated automated backups.
6630
+ # @return [String]
6631
+ #
6632
+ # @!attribute [rw] db_instance_automated_backups_replications
6633
+ # The list of replications to different AWS Regions associated with
6634
+ # the automated backup.
6635
+ # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
6636
+ #
6620
6637
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackup AWS API Documentation
6621
6638
  #
6622
6639
  class DBInstanceAutomatedBackup < Struct.new(
@@ -6642,7 +6659,10 @@ module Aws::RDS
6642
6659
  :storage_type,
6643
6660
  :kms_key_id,
6644
6661
  :timezone,
6645
- :iam_database_authentication_enabled)
6662
+ :iam_database_authentication_enabled,
6663
+ :backup_retention_period,
6664
+ :db_instance_automated_backups_arn,
6665
+ :db_instance_automated_backups_replications)
6646
6666
  SENSITIVE = []
6647
6667
  include Aws::Structure
6648
6668
  end
@@ -6683,6 +6703,22 @@ module Aws::RDS
6683
6703
  #
6684
6704
  class DBInstanceAutomatedBackupQuotaExceededFault < Aws::EmptyStructure; end
6685
6705
 
6706
+ # Automated backups of a DB instance replicated to another AWS Region.
6707
+ # They consist of system backups, transaction logs, and database
6708
+ # instance properties.
6709
+ #
6710
+ # @!attribute [rw] db_instance_automated_backups_arn
6711
+ # The Amazon Resource Name (ARN) of the replicated automated backups.
6712
+ # @return [String]
6713
+ #
6714
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstanceAutomatedBackupsReplication AWS API Documentation
6715
+ #
6716
+ class DBInstanceAutomatedBackupsReplication < Struct.new(
6717
+ :db_instance_automated_backups_arn)
6718
+ SENSITIVE = []
6719
+ include Aws::Structure
6720
+ end
6721
+
6686
6722
  # Contains the result of a successful invocation of the
6687
6723
  # `DescribeDBInstances` action.
6688
6724
  #
@@ -7450,6 +7486,9 @@ module Aws::RDS
7450
7486
  # @!attribute [rw] kms_key_id
7451
7487
  # If `Encrypted` is true, the AWS KMS key identifier for the encrypted
7452
7488
  # DB snapshot.
7489
+ #
7490
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
7491
+ # alias name for the AWS KMS customer master key (CMK).
7453
7492
  # @return [String]
7454
7493
  #
7455
7494
  # @!attribute [rw] db_snapshot_arn
@@ -7935,7 +7974,8 @@ module Aws::RDS
7935
7974
  # data as a hash:
7936
7975
  #
7937
7976
  # {
7938
- # dbi_resource_id: "String", # required
7977
+ # dbi_resource_id: "String",
7978
+ # db_instance_automated_backups_arn: "String",
7939
7979
  # }
7940
7980
  #
7941
7981
  # @!attribute [rw] dbi_resource_id
@@ -7943,18 +7983,25 @@ module Aws::RDS
7943
7983
  # and which is unique to an AWS Region.
7944
7984
  # @return [String]
7945
7985
  #
7986
+ # @!attribute [rw] db_instance_automated_backups_arn
7987
+ # The Amazon Resource Name (ARN) of the automated backups to delete,
7988
+ # for example,
7989
+ # `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
7990
+ # @return [String]
7991
+ #
7946
7992
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupMessage AWS API Documentation
7947
7993
  #
7948
7994
  class DeleteDBInstanceAutomatedBackupMessage < Struct.new(
7949
- :dbi_resource_id)
7995
+ :dbi_resource_id,
7996
+ :db_instance_automated_backups_arn)
7950
7997
  SENSITIVE = []
7951
7998
  include Aws::Structure
7952
7999
  end
7953
8000
 
7954
8001
  # @!attribute [rw] db_instance_automated_backup
7955
- # An automated backup of a DB instance. It it consists of system
7956
- # backups, transaction logs, and the database instance properties that
7957
- # existed at the time you deleted the source instance.
8002
+ # An automated backup of a DB instance. It consists of system backups,
8003
+ # transaction logs, and the database instance properties that existed
8004
+ # at the time you deleted the source instance.
7958
8005
  # @return [Types::DBInstanceAutomatedBackup]
7959
8006
  #
7960
8007
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstanceAutomatedBackupResult AWS API Documentation
@@ -9172,6 +9219,7 @@ module Aws::RDS
9172
9219
  # ],
9173
9220
  # max_records: 1,
9174
9221
  # marker: "String",
9222
+ # db_instance_automated_backups_arn: "String",
9175
9223
  # }
9176
9224
  #
9177
9225
  # @!attribute [rw] dbi_resource_id
@@ -9227,6 +9275,12 @@ module Aws::RDS
9227
9275
  # marker, up to `MaxRecords`.
9228
9276
  # @return [String]
9229
9277
  #
9278
+ # @!attribute [rw] db_instance_automated_backups_arn
9279
+ # The Amazon Resource Name (ARN) of the replicated automated backups,
9280
+ # for example,
9281
+ # `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
9282
+ # @return [String]
9283
+ #
9230
9284
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DescribeDBInstanceAutomatedBackupsMessage AWS API Documentation
9231
9285
  #
9232
9286
  class DescribeDBInstanceAutomatedBackupsMessage < Struct.new(
@@ -9234,7 +9288,8 @@ module Aws::RDS
9234
9288
  :db_instance_identifier,
9235
9289
  :filters,
9236
9290
  :max_records,
9237
- :marker)
9291
+ :marker,
9292
+ :db_instance_automated_backups_arn)
9238
9293
  SENSITIVE = []
9239
9294
  include Aws::Structure
9240
9295
  end
@@ -11742,11 +11797,11 @@ module Aws::RDS
11742
11797
  # @return [String]
11743
11798
  #
11744
11799
  # @!attribute [rw] kms_key_id
11745
- # The ID of the AWS KMS key that is used to encrypt the snapshot when
11746
- # it's exported to Amazon S3. The KMS key ID is the Amazon Resource
11747
- # Name (ARN), the KMS key identifier, or the KMS key alias for the KMS
11748
- # encryption key. The IAM role used for the snapshot export must have
11749
- # encryption and decryption permissions to use this KMS key.
11800
+ # The key identifier of the AWS KMS customer master key (CMK) that is
11801
+ # used to encrypt the snapshot when it's exported to Amazon S3. The
11802
+ # AWS KMS CMK identifier is its key ARN, key ID, alias ARN, or alias
11803
+ # name. The IAM role used for the snapshot export must have encryption
11804
+ # and decryption permissions to use this AWS KMS CMK.
11750
11805
  # @return [String]
11751
11806
  #
11752
11807
  # @!attribute [rw] status
@@ -11930,7 +11985,8 @@ module Aws::RDS
11930
11985
  # @!attribute [rw] global_cluster_resource_id
11931
11986
  # The AWS Region-unique, immutable identifier for the global database
11932
11987
  # cluster. This identifier is found in AWS CloudTrail log entries
11933
- # whenever the AWS KMS key for the DB cluster is accessed.
11988
+ # whenever the AWS KMS customer master key (CMK) for the DB cluster is
11989
+ # accessed.
11934
11990
  # @return [String]
11935
11991
  #
11936
11992
  # @!attribute [rw] global_cluster_arn
@@ -13811,13 +13867,15 @@ module Aws::RDS
13811
13867
  #
13812
13868
  # @!attribute [rw] performance_insights_kms_key_id
13813
13869
  # The AWS KMS key identifier for encryption of Performance Insights
13814
- # data. The KMS key ID is the Amazon Resource Name (ARN), KMS key
13815
- # identifier, or the KMS key alias for the KMS encryption key.
13870
+ # data.
13871
+ #
13872
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
13873
+ # alias name for the AWS KMS customer master key (CMK).
13816
13874
  #
13817
13875
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
13818
- # then Amazon RDS uses your default encryption key. AWS KMS creates
13819
- # the default encryption key for your AWS account. Your AWS account
13820
- # has a different default encryption key for each AWS Region.
13876
+ # then Amazon RDS uses your default CMK. There is a default CMK for
13877
+ # your AWS account. Your AWS account has a different default CMK for
13878
+ # each AWS Region.
13821
13879
  # @return [String]
13822
13880
  #
13823
13881
  # @!attribute [rw] performance_insights_retention_period
@@ -16140,7 +16198,7 @@ module Aws::RDS
16140
16198
  #
16141
16199
  # @!attribute [rw] role_arn
16142
16200
  # The Amazon Resource Name (ARN) of the IAM role to disassociate from
16143
- # the DB instance, for example
16201
+ # the DB instance, for example,
16144
16202
  # `arn:aws:iam::123456789012:role/AccessRole`.
16145
16203
  # @return [String]
16146
16204
  #
@@ -16857,17 +16915,14 @@ module Aws::RDS
16857
16915
  # @!attribute [rw] kms_key_id
16858
16916
  # The AWS KMS key identifier for an encrypted DB cluster.
16859
16917
  #
16860
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
16861
- # encryption key. If you are creating a DB cluster with the same AWS
16862
- # account that owns the KMS encryption key used to encrypt the new DB
16863
- # cluster, then you can use the KMS key alias instead of the ARN for
16864
- # the KM encryption key.
16918
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
16919
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
16920
+ # in a different AWS account, specify the key ARN or alias ARN.
16865
16921
  #
16866
16922
  # If the StorageEncrypted parameter is enabled, and you do not specify
16867
16923
  # a value for the `KmsKeyId` parameter, then Amazon RDS will use your
16868
- # default encryption key. AWS KMS creates the default encryption key
16869
- # for your AWS account. Your AWS account has a different default
16870
- # encryption key for each AWS Region.
16924
+ # default CMK. There is a default CMK for your AWS account. Your AWS
16925
+ # account has a different default CMK for each AWS Region.
16871
16926
  # @return [String]
16872
16927
  #
16873
16928
  # @!attribute [rw] enable_iam_database_authentication
@@ -17185,18 +17240,16 @@ module Aws::RDS
17185
17240
  # The AWS KMS key identifier to use when restoring an encrypted DB
17186
17241
  # cluster from a DB snapshot or DB cluster snapshot.
17187
17242
  #
17188
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
17189
- # encryption key. If you are restoring a DB cluster with the same AWS
17190
- # account that owns the KMS encryption key used to encrypt the new DB
17191
- # cluster, then you can use the KMS key alias instead of the ARN for
17192
- # the KMS encryption key.
17243
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
17244
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
17245
+ # in a different AWS account, specify the key ARN or alias ARN.
17193
17246
  #
17194
- # If you don't specify a value for the `KmsKeyId` parameter, then the
17195
- # following occurs:
17247
+ # When you don't specify a value for the `KmsKeyId` parameter, then
17248
+ # the following occurs:
17196
17249
  #
17197
17250
  # * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
17198
17251
  # is encrypted, then the restored DB cluster is encrypted using the
17199
- # KMS key that was used to encrypt the DB snapshot or DB cluster
17252
+ # AWS KMS CMK that was used to encrypt the DB snapshot or DB cluster
17200
17253
  # snapshot.
17201
17254
  #
17202
17255
  # * If the DB snapshot or DB cluster snapshot in `SnapshotIdentifier`
@@ -17491,23 +17544,21 @@ module Aws::RDS
17491
17544
  # The AWS KMS key identifier to use when restoring an encrypted DB
17492
17545
  # cluster from an encrypted DB cluster.
17493
17546
  #
17494
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
17495
- # encryption key. If you are restoring a DB cluster with the same AWS
17496
- # account that owns the KMS encryption key used to encrypt the new DB
17497
- # cluster, then you can use the KMS key alias instead of the ARN for
17498
- # the KMS encryption key.
17547
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
17548
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
17549
+ # in a different AWS account, specify the key ARN or alias ARN.
17499
17550
  #
17500
17551
  # You can restore to a new DB cluster and encrypt the new DB cluster
17501
- # with a KMS key that is different than the KMS key used to encrypt
17502
- # the source DB cluster. The new DB cluster is encrypted with the KMS
17503
- # key identified by the `KmsKeyId` parameter.
17552
+ # with a AWS KMS CMK that is different than the AWS KMS key used to
17553
+ # encrypt the source DB cluster. The new DB cluster is encrypted with
17554
+ # the AWS KMS CMK identified by the `KmsKeyId` parameter.
17504
17555
  #
17505
17556
  # If you don't specify a value for the `KmsKeyId` parameter, then the
17506
17557
  # following occurs:
17507
17558
  #
17508
17559
  # * If the DB cluster is encrypted, then the restored DB cluster is
17509
- # encrypted using the KMS key that was used to encrypt the source DB
17510
- # cluster.
17560
+ # encrypted using the AWS KMS CMK that was used to encrypt the
17561
+ # source DB cluster.
17511
17562
  #
17512
17563
  # * If the DB cluster isn't encrypted, then the restored DB cluster
17513
17564
  # isn't encrypted.
@@ -18366,17 +18417,14 @@ module Aws::RDS
18366
18417
  # @!attribute [rw] kms_key_id
18367
18418
  # The AWS KMS key identifier for an encrypted DB instance.
18368
18419
  #
18369
- # The KMS key identifier is the Amazon Resource Name (ARN) for the KMS
18370
- # encryption key. If you are creating a DB instance with the same AWS
18371
- # account that owns the KMS encryption key used to encrypt the new DB
18372
- # instance, then you can use the KMS key alias instead of the ARN for
18373
- # the KM encryption key.
18420
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
18421
+ # alias name for the AWS KMS customer master key (CMK). To use a CMK
18422
+ # in a different AWS account, specify the key ARN or alias ARN.
18374
18423
  #
18375
18424
  # If the `StorageEncrypted` parameter is enabled, and you do not
18376
18425
  # specify a value for the `KmsKeyId` parameter, then Amazon RDS will
18377
- # use your default encryption key. AWS KMS creates the default
18378
- # encryption key for your AWS account. Your AWS account has a
18379
- # different default encryption key for each AWS Region.
18426
+ # use your default CMK. There is a default CMK for your AWS account.
18427
+ # Your AWS account has a different default CMK for each AWS Region.
18380
18428
  # @return [String]
18381
18429
  #
18382
18430
  # @!attribute [rw] copy_tags_to_snapshot
@@ -18468,13 +18516,15 @@ module Aws::RDS
18468
18516
  #
18469
18517
  # @!attribute [rw] performance_insights_kms_key_id
18470
18518
  # The AWS KMS key identifier for encryption of Performance Insights
18471
- # data. The KMS key ID is the Amazon Resource Name (ARN), the KMS key
18472
- # identifier, or the KMS key alias for the KMS encryption key.
18519
+ # data.
18520
+ #
18521
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
18522
+ # alias name for the AWS KMS customer master key (CMK).
18473
18523
  #
18474
18524
  # If you do not specify a value for `PerformanceInsightsKMSKeyId`,
18475
- # then Amazon RDS uses your default encryption key. AWS KMS creates
18476
- # the default encryption key for your AWS account. Your AWS account
18477
- # has a different default encryption key for each AWS Region.
18525
+ # then Amazon RDS uses your default CMK. There is a default CMK for
18526
+ # your AWS account. Your AWS account has a different default CMK for
18527
+ # each AWS Region.
18478
18528
  # @return [String]
18479
18529
  #
18480
18530
  # @!attribute [rw] performance_insights_retention_period
@@ -18631,6 +18681,7 @@ module Aws::RDS
18631
18681
  # deletion_protection: false,
18632
18682
  # source_dbi_resource_id: "String",
18633
18683
  # max_allocated_storage: 1,
18684
+ # source_db_instance_automated_backups_arn: "String",
18634
18685
  # }
18635
18686
  #
18636
18687
  # @!attribute [rw] source_db_instance_identifier
@@ -18959,6 +19010,12 @@ module Aws::RDS
18959
19010
  # storage of the DB instance.
18960
19011
  # @return [Integer]
18961
19012
  #
19013
+ # @!attribute [rw] source_db_instance_automated_backups_arn
19014
+ # The Amazon Resource Name (ARN) of the replicated automated backups
19015
+ # from which to restore, for example,
19016
+ # `arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
19017
+ # @return [String]
19018
+ #
18962
19019
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTimeMessage AWS API Documentation
18963
19020
  #
18964
19021
  class RestoreDBInstanceToPointInTimeMessage < Struct.new(
@@ -18993,7 +19050,8 @@ module Aws::RDS
18993
19050
  :db_parameter_group_name,
18994
19051
  :deletion_protection,
18995
19052
  :source_dbi_resource_id,
18996
- :max_allocated_storage)
19053
+ :max_allocated_storage,
19054
+ :source_db_instance_automated_backups_arn)
18997
19055
  SENSITIVE = []
18998
19056
  include Aws::Structure
18999
19057
  end
@@ -19306,12 +19364,18 @@ module Aws::RDS
19306
19364
  # The status of the source AWS Region.
19307
19365
  # @return [String]
19308
19366
  #
19367
+ # @!attribute [rw] supports_db_instance_automated_backups_replication
19368
+ # Whether the source AWS Region supports replicating automated backups
19369
+ # to the current AWS Region.
19370
+ # @return [Boolean]
19371
+ #
19309
19372
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SourceRegion AWS API Documentation
19310
19373
  #
19311
19374
  class SourceRegion < Struct.new(
19312
19375
  :region_name,
19313
19376
  :endpoint,
19314
- :status)
19377
+ :status,
19378
+ :supports_db_instance_automated_backups_replication)
19315
19379
  SENSITIVE = []
19316
19380
  include Aws::Structure
19317
19381
  end
@@ -19351,7 +19415,7 @@ module Aws::RDS
19351
19415
  # }
19352
19416
  #
19353
19417
  # @!attribute [rw] resource_arn
19354
- # The Amazon Resource Name (ARN) of the DB cluster, for example
19418
+ # The Amazon Resource Name (ARN) of the DB cluster, for example,
19355
19419
  # `arn:aws:rds:us-east-1:12345667890:cluster:das-cluster`.
19356
19420
  # @return [String]
19357
19421
  #
@@ -19364,8 +19428,8 @@ module Aws::RDS
19364
19428
  #
19365
19429
  # @!attribute [rw] kms_key_id
19366
19430
  # The AWS KMS key identifier for encrypting messages in the database
19367
- # activity stream. The key identifier can be either a key ID, a key
19368
- # ARN, or a key alias.
19431
+ # activity stream. The AWS KMS key identifier is the key ARN, key ID,
19432
+ # alias ARN, or alias name for the AWS KMS customer master key (CMK).
19369
19433
  # @return [String]
19370
19434
  #
19371
19435
  # @!attribute [rw] apply_immediately
@@ -19456,6 +19520,75 @@ module Aws::RDS
19456
19520
  include Aws::Structure
19457
19521
  end
19458
19522
 
19523
+ # @note When making an API call, you may pass StartDBInstanceAutomatedBackupsReplicationMessage
19524
+ # data as a hash:
19525
+ #
19526
+ # {
19527
+ # source_db_instance_arn: "String", # required
19528
+ # backup_retention_period: 1,
19529
+ # kms_key_id: "String",
19530
+ # pre_signed_url: "String",
19531
+ # source_region: "String",
19532
+ # }
19533
+ #
19534
+ # @!attribute [rw] source_db_instance_arn
19535
+ # The Amazon Resource Name (ARN) of the source DB instance for the
19536
+ # replicated automated backups, for example,
19537
+ # `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
19538
+ # @return [String]
19539
+ #
19540
+ # @!attribute [rw] backup_retention_period
19541
+ # The retention period for the replicated automated backups.
19542
+ # @return [Integer]
19543
+ #
19544
+ # @!attribute [rw] kms_key_id
19545
+ # The AWS KMS key identifier for encryption of the replicated
19546
+ # automated backups. The KMS key ID is the Amazon Resource Name (ARN)
19547
+ # for the KMS encryption key in the destination AWS Region, for
19548
+ # example,
19549
+ # `arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`.
19550
+ # @return [String]
19551
+ #
19552
+ # @!attribute [rw] pre_signed_url
19553
+ # A URL that contains a Signature Version 4 signed request for the
19554
+ # StartDBInstanceAutomatedBackupsReplication action to be called in
19555
+ # the AWS Region of the source DB instance. The presigned URL must be
19556
+ # a valid request for the StartDBInstanceAutomatedBackupsReplication
19557
+ # API action that can be executed in the AWS Region that contains the
19558
+ # source DB instance.
19559
+ # @return [String]
19560
+ #
19561
+ # @!attribute [rw] source_region
19562
+ # The source region of the snapshot. This is only needed when the
19563
+ # shapshot is encrypted and in a different region.
19564
+ # @return [String]
19565
+ #
19566
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
19567
+ #
19568
+ class StartDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
19569
+ :source_db_instance_arn,
19570
+ :backup_retention_period,
19571
+ :kms_key_id,
19572
+ :pre_signed_url,
19573
+ :source_region)
19574
+ SENSITIVE = []
19575
+ include Aws::Structure
19576
+ end
19577
+
19578
+ # @!attribute [rw] db_instance_automated_backup
19579
+ # An automated backup of a DB instance. It consists of system backups,
19580
+ # transaction logs, and the database instance properties that existed
19581
+ # at the time you deleted the source instance.
19582
+ # @return [Types::DBInstanceAutomatedBackup]
19583
+ #
19584
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
19585
+ #
19586
+ class StartDBInstanceAutomatedBackupsReplicationResult < Struct.new(
19587
+ :db_instance_automated_backup)
19588
+ SENSITIVE = []
19589
+ include Aws::Structure
19590
+ end
19591
+
19459
19592
  # @note When making an API call, you may pass StartDBInstanceMessage
19460
19593
  # data as a hash:
19461
19594
  #
@@ -19524,11 +19657,12 @@ module Aws::RDS
19524
19657
  # @return [String]
19525
19658
  #
19526
19659
  # @!attribute [rw] kms_key_id
19527
- # The ID of the AWS KMS key to use to encrypt the snapshot exported to
19528
- # Amazon S3. The KMS key ID is the Amazon Resource Name (ARN), the KMS
19529
- # key identifier, or the KMS key alias for the KMS encryption key. The
19530
- # caller of this operation must be authorized to execute the following
19531
- # operations. These can be set in the KMS key policy:
19660
+ # The ID of the AWS KMS customer master key (CMK) to use to encrypt
19661
+ # the snapshot exported to Amazon S3. The AWS KMS key identifier is
19662
+ # the key ARN, key ID, alias ARN, or alias name for the AWS KMS
19663
+ # customer master key (CMK). The caller of this operation must be
19664
+ # authorized to execute the following operations. These can be set in
19665
+ # the AWS KMS key policy:
19532
19666
  #
19533
19667
  # * GrantOperation.Encrypt
19534
19668
  #
@@ -19620,6 +19754,9 @@ module Aws::RDS
19620
19754
  # @!attribute [rw] kms_key_id
19621
19755
  # The AWS KMS key identifier used for encrypting messages in the
19622
19756
  # database activity stream.
19757
+ #
19758
+ # The AWS KMS key identifier is the key ARN, key ID, alias ARN, or
19759
+ # alias name for the AWS KMS customer master key (CMK).
19623
19760
  # @return [String]
19624
19761
  #
19625
19762
  # @!attribute [rw] kinesis_stream_name
@@ -19676,6 +19813,41 @@ module Aws::RDS
19676
19813
  include Aws::Structure
19677
19814
  end
19678
19815
 
19816
+ # @note When making an API call, you may pass StopDBInstanceAutomatedBackupsReplicationMessage
19817
+ # data as a hash:
19818
+ #
19819
+ # {
19820
+ # source_db_instance_arn: "String", # required
19821
+ # }
19822
+ #
19823
+ # @!attribute [rw] source_db_instance_arn
19824
+ # The Amazon Resource Name (ARN) of the source DB instance for which
19825
+ # to stop replicating automated backups, for example,
19826
+ # `arn:aws:rds:us-west-2:123456789012:db:mydatabase`.
19827
+ # @return [String]
19828
+ #
19829
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationMessage AWS API Documentation
19830
+ #
19831
+ class StopDBInstanceAutomatedBackupsReplicationMessage < Struct.new(
19832
+ :source_db_instance_arn)
19833
+ SENSITIVE = []
19834
+ include Aws::Structure
19835
+ end
19836
+
19837
+ # @!attribute [rw] db_instance_automated_backup
19838
+ # An automated backup of a DB instance. It consists of system backups,
19839
+ # transaction logs, and the database instance properties that existed
19840
+ # at the time you deleted the source instance.
19841
+ # @return [Types::DBInstanceAutomatedBackup]
19842
+ #
19843
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstanceAutomatedBackupsReplicationResult AWS API Documentation
19844
+ #
19845
+ class StopDBInstanceAutomatedBackupsReplicationResult < Struct.new(
19846
+ :db_instance_automated_backup)
19847
+ SENSITIVE = []
19848
+ include Aws::Structure
19849
+ end
19850
+
19679
19851
  # @note When making an API call, you may pass StopDBInstanceMessage
19680
19852
  # data as a hash:
19681
19853
  #