aws-sdk-rds 1.166.0 → 1.167.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2097,7 +2097,11 @@ module Aws::RDS
2097
2097
  # The password for the master database user. This password can contain
2098
2098
  # any printable ASCII character except "/", """, or "@".
2099
2099
  #
2100
- # Constraints: Must contain from 8 to 41 characters.
2100
+ # Constraints:
2101
+ #
2102
+ # * Must contain from 8 to 41 characters.
2103
+ #
2104
+ # * Can't be specified if `ManageMasterUserPassword` is turned on.
2101
2105
  #
2102
2106
  # Valid for: Aurora DB clusters and Multi-AZ DB clusters
2103
2107
  # @return [String]
@@ -2704,6 +2708,56 @@ module Aws::RDS
2704
2708
  # Reserved for future use.
2705
2709
  # @return [String]
2706
2710
  #
2711
+ # @!attribute [rw] manage_master_user_password
2712
+ # A value that indicates whether to manage the master user password
2713
+ # with Amazon Web Services Secrets Manager.
2714
+ #
2715
+ # For more information, see [Password management with Amazon Web
2716
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
2717
+ # [Password management with Amazon Web Services Secrets Manager][2] in
2718
+ # the *Amazon Aurora User Guide.*
2719
+ #
2720
+ # Constraints:
2721
+ #
2722
+ # * Can't manage the master user password with Amazon Web Services
2723
+ # Secrets Manager if `MasterUserPassword` is specified.
2724
+ #
2725
+ # ^
2726
+ #
2727
+ # Valid for: Aurora DB clusters and Multi-AZ DB clusters
2728
+ #
2729
+ #
2730
+ #
2731
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
2732
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
2733
+ # @return [Boolean]
2734
+ #
2735
+ # @!attribute [rw] master_user_secret_kms_key_id
2736
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
2737
+ # is automatically generated and managed in Amazon Web Services
2738
+ # Secrets Manager.
2739
+ #
2740
+ # This setting is valid only if the master user password is managed by
2741
+ # RDS in Amazon Web Services Secrets Manager for the DB cluster.
2742
+ #
2743
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
2744
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
2745
+ # different Amazon Web Services account, specify the key ARN or alias
2746
+ # ARN.
2747
+ #
2748
+ # If you don't specify `MasterUserSecretKmsKeyId`, then the
2749
+ # `aws/secretsmanager` KMS key is used to encrypt the secret. If the
2750
+ # secret is in a different Amazon Web Services account, then you
2751
+ # can't use the `aws/secretsmanager` KMS key to encrypt the secret,
2752
+ # and you must use a customer managed KMS key.
2753
+ #
2754
+ # There is a default KMS key for your Amazon Web Services account.
2755
+ # Your Amazon Web Services account has a different default KMS key for
2756
+ # each Amazon Web Services Region.
2757
+ #
2758
+ # Valid for: Aurora DB clusters and Multi-AZ DB clusters
2759
+ # @return [String]
2760
+ #
2707
2761
  # @!attribute [rw] source_region
2708
2762
  # The source region of the snapshot. This is only needed when the
2709
2763
  # shapshot is encrypted and in a different region.
@@ -2759,6 +2813,8 @@ module Aws::RDS
2759
2813
  :serverless_v2_scaling_configuration,
2760
2814
  :network_type,
2761
2815
  :db_system_id,
2816
+ :manage_master_user_password,
2817
+ :master_user_secret_kms_key_id,
2762
2818
  :source_region)
2763
2819
  SENSITIVE = []
2764
2820
  include Aws::Structure
@@ -3287,6 +3343,9 @@ module Aws::RDS
3287
3343
  # Not applicable. The password for the master user is managed by the
3288
3344
  # DB cluster.
3289
3345
  #
3346
+ # Constraints: Can't be specified if `ManageMasterUserPassword` is
3347
+ # turned on.
3348
+ #
3290
3349
  # **MariaDB**
3291
3350
  #
3292
3351
  # Constraints: Must contain from 8 to 41 characters.
@@ -4127,6 +4186,49 @@ module Aws::RDS
4127
4186
  # This setting doesn't apply to RDS Custom or Amazon Aurora.
4128
4187
  # @return [Integer]
4129
4188
  #
4189
+ # @!attribute [rw] manage_master_user_password
4190
+ # A value that indicates whether to manage the master user password
4191
+ # with Amazon Web Services Secrets Manager.
4192
+ #
4193
+ # For more information, see [Password management with Amazon Web
4194
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide.*
4195
+ #
4196
+ # Constraints:
4197
+ #
4198
+ # * Can't manage the master user password with Amazon Web Services
4199
+ # Secrets Manager if `MasterUserPassword` is specified.
4200
+ #
4201
+ # ^
4202
+ #
4203
+ #
4204
+ #
4205
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
4206
+ # @return [Boolean]
4207
+ #
4208
+ # @!attribute [rw] master_user_secret_kms_key_id
4209
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
4210
+ # is automatically generated and managed in Amazon Web Services
4211
+ # Secrets Manager.
4212
+ #
4213
+ # This setting is valid only if the master user password is managed by
4214
+ # RDS in Amazon Web Services Secrets Manager for the DB instance.
4215
+ #
4216
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
4217
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
4218
+ # different Amazon Web Services account, specify the key ARN or alias
4219
+ # ARN.
4220
+ #
4221
+ # If you don't specify `MasterUserSecretKmsKeyId`, then the
4222
+ # `aws/secretsmanager` KMS key is used to encrypt the secret. If the
4223
+ # secret is in a different Amazon Web Services account, then you
4224
+ # can't use the `aws/secretsmanager` KMS key to encrypt the secret,
4225
+ # and you must use a customer managed KMS key.
4226
+ #
4227
+ # There is a default KMS key for your Amazon Web Services account.
4228
+ # Your Amazon Web Services account has a different default KMS key for
4229
+ # each Amazon Web Services Region.
4230
+ # @return [String]
4231
+ #
4130
4232
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstanceMessage AWS API Documentation
4131
4233
  #
4132
4234
  class CreateDBInstanceMessage < Struct.new(
@@ -4181,7 +4283,9 @@ module Aws::RDS
4181
4283
  :custom_iam_instance_profile,
4182
4284
  :backup_target,
4183
4285
  :network_type,
4184
- :storage_throughput)
4286
+ :storage_throughput,
4287
+ :manage_master_user_password,
4288
+ :master_user_secret_kms_key_id)
4185
4289
  SENSITIVE = []
4186
4290
  include Aws::Structure
4187
4291
  end
@@ -6100,6 +6204,21 @@ module Aws::RDS
6100
6204
  # Reserved for future use.
6101
6205
  # @return [String]
6102
6206
  #
6207
+ # @!attribute [rw] master_user_secret
6208
+ # Contains the secret managed by RDS in Amazon Web Services Secrets
6209
+ # Manager for the master user password.
6210
+ #
6211
+ # For more information, see [Password management with Amazon Web
6212
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
6213
+ # [Password management with Amazon Web Services Secrets Manager][2] in
6214
+ # the *Amazon Aurora User Guide.*
6215
+ #
6216
+ #
6217
+ #
6218
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
6219
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
6220
+ # @return [Types::MasterUserSecret]
6221
+ #
6103
6222
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBCluster AWS API Documentation
6104
6223
  #
6105
6224
  class DBCluster < Struct.new(
@@ -6172,7 +6291,8 @@ module Aws::RDS
6172
6291
  :performance_insights_retention_period,
6173
6292
  :serverless_v2_scaling_configuration,
6174
6293
  :network_type,
6175
- :db_system_id)
6294
+ :db_system_id,
6295
+ :master_user_secret)
6176
6296
  SENSITIVE = []
6177
6297
  include Aws::Structure
6178
6298
  end
@@ -7726,6 +7846,18 @@ module Aws::RDS
7726
7846
  # for RDS Custom only.
7727
7847
  # @return [String]
7728
7848
  #
7849
+ # @!attribute [rw] master_user_secret
7850
+ # Contains the secret managed by RDS in Amazon Web Services Secrets
7851
+ # Manager for the master user password.
7852
+ #
7853
+ # For more information, see [Password management with Amazon Web
7854
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide.*
7855
+ #
7856
+ #
7857
+ #
7858
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
7859
+ # @return [Types::MasterUserSecret]
7860
+ #
7729
7861
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DBInstance AWS API Documentation
7730
7862
  #
7731
7863
  class DBInstance < Struct.new(
@@ -7806,7 +7938,8 @@ module Aws::RDS
7806
7938
  :network_type,
7807
7939
  :activity_stream_policy_status,
7808
7940
  :storage_throughput,
7809
- :db_system_id)
7941
+ :db_system_id,
7942
+ :master_user_secret)
7810
7943
  SENSITIVE = []
7811
7944
  include Aws::Structure
7812
7945
  end
@@ -13734,6 +13867,61 @@ module Aws::RDS
13734
13867
  include Aws::Structure
13735
13868
  end
13736
13869
 
13870
+ # Contains the secret managed by RDS in Amazon Web Services Secrets
13871
+ # Manager for the master user password.
13872
+ #
13873
+ # For more information, see [Password management with Amazon Web
13874
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
13875
+ # [Password management with Amazon Web Services Secrets Manager][2] in
13876
+ # the *Amazon Aurora User Guide.*
13877
+ #
13878
+ #
13879
+ #
13880
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
13881
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
13882
+ #
13883
+ # @!attribute [rw] secret_arn
13884
+ # The Amazon Resource Name (ARN) of the secret.
13885
+ # @return [String]
13886
+ #
13887
+ # @!attribute [rw] secret_status
13888
+ # The status of the secret.
13889
+ #
13890
+ # The possible status values include the following:
13891
+ #
13892
+ # * `creating` - The secret is being created.
13893
+ #
13894
+ # * `active` - The secret is available for normal use and rotation.
13895
+ #
13896
+ # * `rotating` - The secret is being rotated.
13897
+ #
13898
+ # * `impaired` - The secret can be used to access database
13899
+ # credentials, but it can't be rotated. A secret might have this
13900
+ # status if, for example, permissions are changed so that RDS can no
13901
+ # longer access either the secret or the KMS key for the secret.
13902
+ #
13903
+ # When a secret has this status, you can correct the condition that
13904
+ # caused the status. Alternatively, modify the DB instance to turn
13905
+ # off automatic management of database credentials, and then modify
13906
+ # the DB instance again to turn on automatic management of database
13907
+ # credentials.
13908
+ # @return [String]
13909
+ #
13910
+ # @!attribute [rw] kms_key_id
13911
+ # The Amazon Web Services KMS key identifier that is used to encrypt
13912
+ # the secret.
13913
+ # @return [String]
13914
+ #
13915
+ # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/MasterUserSecret AWS API Documentation
13916
+ #
13917
+ class MasterUserSecret < Struct.new(
13918
+ :secret_arn,
13919
+ :secret_status,
13920
+ :kms_key_id)
13921
+ SENSITIVE = []
13922
+ include Aws::Structure
13923
+ end
13924
+
13737
13925
  # The minimum DB engine version required for each corresponding allowed
13738
13926
  # value for an option setting.
13739
13927
  #
@@ -14079,7 +14267,11 @@ module Aws::RDS
14079
14267
  # contain any printable ASCII character except "/", """, or
14080
14268
  # "@".
14081
14269
  #
14082
- # Constraints: Must contain from 8 to 41 characters.
14270
+ # Constraints:
14271
+ #
14272
+ # * Must contain from 8 to 41 characters.
14273
+ #
14274
+ # * Can't be specified if `ManageMasterUserPassword` is turned on.
14083
14275
  #
14084
14276
  # Valid for: Aurora DB clusters and Multi-AZ DB clusters
14085
14277
  # @return [String]
@@ -14552,6 +14744,99 @@ module Aws::RDS
14552
14744
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
14553
14745
  # @return [String]
14554
14746
  #
14747
+ # @!attribute [rw] manage_master_user_password
14748
+ # A value that indicates whether to manage the master user password
14749
+ # with Amazon Web Services Secrets Manager.
14750
+ #
14751
+ # If the DB cluster doesn't manage the master user password with
14752
+ # Amazon Web Services Secrets Manager, you can turn on this
14753
+ # management. In this case, you can't specify `MasterUserPassword`.
14754
+ #
14755
+ # If the DB cluster already manages the master user password with
14756
+ # Amazon Web Services Secrets Manager, and you specify that the master
14757
+ # user password is not managed with Amazon Web Services Secrets
14758
+ # Manager, then you must specify `MasterUserPassword`. In this case,
14759
+ # RDS deletes the secret and uses the new password for the master user
14760
+ # specified by `MasterUserPassword`.
14761
+ #
14762
+ # For more information, see [Password management with Amazon Web
14763
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
14764
+ # [Password management with Amazon Web Services Secrets Manager][2] in
14765
+ # the *Amazon Aurora User Guide.*
14766
+ #
14767
+ # Valid for: Aurora DB clusters and Multi-AZ DB clusters
14768
+ #
14769
+ #
14770
+ #
14771
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
14772
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
14773
+ # @return [Boolean]
14774
+ #
14775
+ # @!attribute [rw] rotate_master_user_password
14776
+ # A value that indicates whether to rotate the secret managed by
14777
+ # Amazon Web Services Secrets Manager for the master user password.
14778
+ #
14779
+ # This setting is valid only if the master user password is managed by
14780
+ # RDS in Amazon Web Services Secrets Manager for the DB cluster. The
14781
+ # secret value contains the updated password.
14782
+ #
14783
+ # For more information, see [Password management with Amazon Web
14784
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
14785
+ # [Password management with Amazon Web Services Secrets Manager][2] in
14786
+ # the *Amazon Aurora User Guide.*
14787
+ #
14788
+ # Constraints:
14789
+ #
14790
+ # * You must apply the change immediately when rotating the master
14791
+ # user password.
14792
+ #
14793
+ # ^
14794
+ #
14795
+ # Valid for: Aurora DB clusters and Multi-AZ DB clusters
14796
+ #
14797
+ #
14798
+ #
14799
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
14800
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
14801
+ # @return [Boolean]
14802
+ #
14803
+ # @!attribute [rw] master_user_secret_kms_key_id
14804
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
14805
+ # is automatically generated and managed in Amazon Web Services
14806
+ # Secrets Manager.
14807
+ #
14808
+ # This setting is valid only if both of the following conditions are
14809
+ # met:
14810
+ #
14811
+ # * The DB cluster doesn't manage the master user password in Amazon
14812
+ # Web Services Secrets Manager.
14813
+ #
14814
+ # If the DB cluster already manages the master user password in
14815
+ # Amazon Web Services Secrets Manager, you can't change the KMS key
14816
+ # that is used to encrypt the secret.
14817
+ #
14818
+ # * You are turning on `ManageMasterUserPassword` to manage the master
14819
+ # user password in Amazon Web Services Secrets Manager.
14820
+ #
14821
+ # If you are turning on `ManageMasterUserPassword` and don't
14822
+ # specify `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager`
14823
+ # KMS key is used to encrypt the secret. If the secret is in a
14824
+ # different Amazon Web Services account, then you can't use the
14825
+ # `aws/secretsmanager` KMS key to encrypt the secret, and you must
14826
+ # use a customer managed KMS key.
14827
+ #
14828
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
14829
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
14830
+ # different Amazon Web Services account, specify the key ARN or alias
14831
+ # ARN.
14832
+ #
14833
+ # There is a default KMS key for your Amazon Web Services account.
14834
+ # Your Amazon Web Services account has a different default KMS key for
14835
+ # each Amazon Web Services Region.
14836
+ #
14837
+ # Valid for: Aurora DB clusters and Multi-AZ DB clusters
14838
+ # @return [String]
14839
+ #
14555
14840
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBClusterMessage AWS API Documentation
14556
14841
  #
14557
14842
  class ModifyDBClusterMessage < Struct.new(
@@ -14590,7 +14875,10 @@ module Aws::RDS
14590
14875
  :performance_insights_kms_key_id,
14591
14876
  :performance_insights_retention_period,
14592
14877
  :serverless_v2_scaling_configuration,
14593
- :network_type)
14878
+ :network_type,
14879
+ :manage_master_user_password,
14880
+ :rotate_master_user_password,
14881
+ :master_user_secret_kms_key_id)
14594
14882
  SENSITIVE = []
14595
14883
  include Aws::Structure
14596
14884
  end
@@ -14884,6 +15172,9 @@ module Aws::RDS
14884
15172
  #
14885
15173
  # Default: Uses existing setting
14886
15174
  #
15175
+ # Constraints: Can't be specified if `ManageMasterUserPassword` is
15176
+ # turned on.
15177
+ #
14887
15178
  # **MariaDB**
14888
15179
  #
14889
15180
  # Constraints: Must contain from 8 to 41 characters.
@@ -15631,6 +15922,94 @@ module Aws::RDS
15631
15922
  # This setting doesn't apply to RDS Custom or Amazon Aurora.
15632
15923
  # @return [Integer]
15633
15924
  #
15925
+ # @!attribute [rw] manage_master_user_password
15926
+ # A value that indicates whether to manage the master user password
15927
+ # with Amazon Web Services Secrets Manager.
15928
+ #
15929
+ # If the DB cluster doesn't manage the master user password with
15930
+ # Amazon Web Services Secrets Manager, you can turn on this
15931
+ # management. In this case, you can't specify `MasterUserPassword`.
15932
+ #
15933
+ # If the DB cluster already manages the master user password with
15934
+ # Amazon Web Services Secrets Manager, and you specify that the master
15935
+ # user password is not managed with Amazon Web Services Secrets
15936
+ # Manager, then you must specify `MasterUserPassword`. In this case,
15937
+ # RDS deletes the secret and uses the new password for the master user
15938
+ # specified by `MasterUserPassword`.
15939
+ #
15940
+ # For more information, see [Password management with Amazon Web
15941
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide.*
15942
+ #
15943
+ # Constraints:
15944
+ #
15945
+ # * Can't manage the master user password with Amazon Web Services
15946
+ # Secrets Manager if `MasterUserPassword` is specified.
15947
+ #
15948
+ # ^
15949
+ #
15950
+ #
15951
+ #
15952
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
15953
+ # @return [Boolean]
15954
+ #
15955
+ # @!attribute [rw] rotate_master_user_password
15956
+ # A value that indicates whether to rotate the secret managed by
15957
+ # Amazon Web Services Secrets Manager for the master user password.
15958
+ #
15959
+ # This setting is valid only if the master user password is managed by
15960
+ # RDS in Amazon Web Services Secrets Manager for the DB cluster. The
15961
+ # secret value contains the updated password.
15962
+ #
15963
+ # For more information, see [Password management with Amazon Web
15964
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide.*
15965
+ #
15966
+ # Constraints:
15967
+ #
15968
+ # * You must apply the change immediately when rotating the master
15969
+ # user password.
15970
+ #
15971
+ # ^
15972
+ #
15973
+ #
15974
+ #
15975
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
15976
+ # @return [Boolean]
15977
+ #
15978
+ # @!attribute [rw] master_user_secret_kms_key_id
15979
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
15980
+ # is automatically generated and managed in Amazon Web Services
15981
+ # Secrets Manager.
15982
+ #
15983
+ # This setting is valid only if both of the following conditions are
15984
+ # met:
15985
+ #
15986
+ # * The DB instance doesn't manage the master user password in Amazon
15987
+ # Web Services Secrets Manager.
15988
+ #
15989
+ # If the DB instance already manages the master user password in
15990
+ # Amazon Web Services Secrets Manager, you can't change the KMS key
15991
+ # used to encrypt the secret.
15992
+ #
15993
+ # * You are turning on `ManageMasterUserPassword` to manage the master
15994
+ # user password in Amazon Web Services Secrets Manager.
15995
+ #
15996
+ # If you are turning on `ManageMasterUserPassword` and don't
15997
+ # specify `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager`
15998
+ # KMS key is used to encrypt the secret. If the secret is in a
15999
+ # different Amazon Web Services account, then you can't use the
16000
+ # `aws/secretsmanager` KMS key to encrypt the secret, and you must
16001
+ # use a customer managed KMS key.
16002
+ #
16003
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
16004
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
16005
+ # different Amazon Web Services account, specify the key ARN or alias
16006
+ # ARN.
16007
+ #
16008
+ # There is a default KMS key for your Amazon Web Services account.
16009
+ # Your Amazon Web Services account has a different default KMS key for
16010
+ # each Amazon Web Services Region.
16011
+ # @return [String]
16012
+ #
15634
16013
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBInstanceMessage AWS API Documentation
15635
16014
  #
15636
16015
  class ModifyDBInstanceMessage < Struct.new(
@@ -15682,7 +16061,10 @@ module Aws::RDS
15682
16061
  :automation_mode,
15683
16062
  :resume_full_automation_mode_minutes,
15684
16063
  :network_type,
15685
- :storage_throughput)
16064
+ :storage_throughput,
16065
+ :manage_master_user_password,
16066
+ :rotate_master_user_password,
16067
+ :master_user_secret_kms_key_id)
15686
16068
  SENSITIVE = []
15687
16069
  include Aws::Structure
15688
16070
  end
@@ -18438,7 +18820,11 @@ module Aws::RDS
18438
18820
  # The password for the master database user. This password can contain
18439
18821
  # any printable ASCII character except "/", """, or "@".
18440
18822
  #
18441
- # Constraints: Must contain from 8 to 41 characters.
18823
+ # Constraints:
18824
+ #
18825
+ # * Must contain from 8 to 41 characters.
18826
+ #
18827
+ # * Can't be specified if `ManageMasterUserPassword` is turned on.
18442
18828
  # @return [String]
18443
18829
  #
18444
18830
  # @!attribute [rw] option_group_name
@@ -18676,6 +19062,52 @@ module Aws::RDS
18676
19062
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
18677
19063
  # @return [String]
18678
19064
  #
19065
+ # @!attribute [rw] manage_master_user_password
19066
+ # A value that indicates whether to manage the master user password
19067
+ # with Amazon Web Services Secrets Manager.
19068
+ #
19069
+ # For more information, see [Password management with Amazon Web
19070
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide* and
19071
+ # [Password management with Amazon Web Services Secrets Manager][2] in
19072
+ # the *Amazon Aurora User Guide.*
19073
+ #
19074
+ # Constraints:
19075
+ #
19076
+ # * Can't manage the master user password with Amazon Web Services
19077
+ # Secrets Manager if `MasterUserPassword` is specified.
19078
+ #
19079
+ # ^
19080
+ #
19081
+ #
19082
+ #
19083
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
19084
+ # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html
19085
+ # @return [Boolean]
19086
+ #
19087
+ # @!attribute [rw] master_user_secret_kms_key_id
19088
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
19089
+ # is automatically generated and managed in Amazon Web Services
19090
+ # Secrets Manager.
19091
+ #
19092
+ # This setting is valid only if the master user password is managed by
19093
+ # RDS in Amazon Web Services Secrets Manager for the DB cluster.
19094
+ #
19095
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
19096
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
19097
+ # different Amazon Web Services account, specify the key ARN or alias
19098
+ # ARN.
19099
+ #
19100
+ # If you don't specify `MasterUserSecretKmsKeyId`, then the
19101
+ # `aws/secretsmanager` KMS key is used to encrypt the secret. If the
19102
+ # secret is in a different Amazon Web Services account, then you
19103
+ # can't use the `aws/secretsmanager` KMS key to encrypt the secret,
19104
+ # and you must use a customer managed KMS key.
19105
+ #
19106
+ # There is a default KMS key for your Amazon Web Services account.
19107
+ # Your Amazon Web Services account has a different default KMS key for
19108
+ # each Amazon Web Services Region.
19109
+ # @return [String]
19110
+ #
18679
19111
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromS3Message AWS API Documentation
18680
19112
  #
18681
19113
  class RestoreDBClusterFromS3Message < Struct.new(
@@ -18711,7 +19143,9 @@ module Aws::RDS
18711
19143
  :domain,
18712
19144
  :domain_iam_role_name,
18713
19145
  :serverless_v2_scaling_configuration,
18714
- :network_type)
19146
+ :network_type,
19147
+ :manage_master_user_password,
19148
+ :master_user_secret_kms_key_id)
18715
19149
  SENSITIVE = []
18716
19150
  include Aws::Structure
18717
19151
  end
@@ -20383,7 +20817,28 @@ module Aws::RDS
20383
20817
  # The password for the master user. The password can include any
20384
20818
  # printable ASCII character except "/", """, or "@".
20385
20819
  #
20820
+ # Constraints: Can't be specified if `ManageMasterUserPassword` is
20821
+ # turned on.
20822
+ #
20823
+ # **MariaDB**
20824
+ #
20825
+ # Constraints: Must contain from 8 to 41 characters.
20826
+ #
20827
+ # **Microsoft SQL Server**
20828
+ #
20829
+ # Constraints: Must contain from 8 to 128 characters.
20830
+ #
20831
+ # **MySQL**
20832
+ #
20386
20833
  # Constraints: Must contain from 8 to 41 characters.
20834
+ #
20835
+ # **Oracle**
20836
+ #
20837
+ # Constraints: Must contain from 8 to 30 characters.
20838
+ #
20839
+ # **PostgreSQL**
20840
+ #
20841
+ # Constraints: Must contain from 8 to 128 characters.
20387
20842
  # @return [String]
20388
20843
  #
20389
20844
  # @!attribute [rw] db_security_groups
@@ -20790,6 +21245,49 @@ module Aws::RDS
20790
21245
  # This setting doesn't apply to RDS Custom or Amazon Aurora.
20791
21246
  # @return [Integer]
20792
21247
  #
21248
+ # @!attribute [rw] manage_master_user_password
21249
+ # A value that indicates whether to manage the master user password
21250
+ # with Amazon Web Services Secrets Manager.
21251
+ #
21252
+ # For more information, see [Password management with Amazon Web
21253
+ # Services Secrets Manager][1] in the *Amazon RDS User Guide.*
21254
+ #
21255
+ # Constraints:
21256
+ #
21257
+ # * Can't manage the master user password with Amazon Web Services
21258
+ # Secrets Manager if `MasterUserPassword` is specified.
21259
+ #
21260
+ # ^
21261
+ #
21262
+ #
21263
+ #
21264
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html
21265
+ # @return [Boolean]
21266
+ #
21267
+ # @!attribute [rw] master_user_secret_kms_key_id
21268
+ # The Amazon Web Services KMS key identifier to encrypt a secret that
21269
+ # is automatically generated and managed in Amazon Web Services
21270
+ # Secrets Manager.
21271
+ #
21272
+ # This setting is valid only if the master user password is managed by
21273
+ # RDS in Amazon Web Services Secrets Manager for the DB instance.
21274
+ #
21275
+ # The Amazon Web Services KMS key identifier is the key ARN, key ID,
21276
+ # alias ARN, or alias name for the KMS key. To use a KMS key in a
21277
+ # different Amazon Web Services account, specify the key ARN or alias
21278
+ # ARN.
21279
+ #
21280
+ # If you don't specify `MasterUserSecretKmsKeyId`, then the
21281
+ # `aws/secretsmanager` KMS key is used to encrypt the secret. If the
21282
+ # secret is in a different Amazon Web Services account, then you
21283
+ # can't use the `aws/secretsmanager` KMS key to encrypt the secret,
21284
+ # and you must use a customer managed KMS key.
21285
+ #
21286
+ # There is a default KMS key for your Amazon Web Services account.
21287
+ # Your Amazon Web Services account has a different default KMS key for
21288
+ # each Amazon Web Services Region.
21289
+ # @return [String]
21290
+ #
20793
21291
  # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3Message AWS API Documentation
20794
21292
  #
20795
21293
  class RestoreDBInstanceFromS3Message < Struct.new(
@@ -20838,7 +21336,9 @@ module Aws::RDS
20838
21336
  :deletion_protection,
20839
21337
  :max_allocated_storage,
20840
21338
  :network_type,
20841
- :storage_throughput)
21339
+ :storage_throughput,
21340
+ :manage_master_user_password,
21341
+ :master_user_secret_kms_key_id)
20842
21342
  SENSITIVE = []
20843
21343
  include Aws::Structure
20844
21344
  end
data/lib/aws-sdk-rds.rb CHANGED
@@ -78,6 +78,6 @@ require_relative 'aws-sdk-rds/customizations'
78
78
  # @!group service
79
79
  module Aws::RDS
80
80
 
81
- GEM_VERSION = '1.166.0'
81
+ GEM_VERSION = '1.167.0'
82
82
 
83
83
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-rds
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.166.0
4
+ version: 1.167.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-19 00:00:00.000000000 Z
11
+ date: 2022-12-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sigv4