aws-sdk-rds 1.277.0 → 1.300.0

data/lib/aws-sdk-rds/db_instance.rb

@@ -60,12 +60,6 @@ module Aws::RDS
       data[:db_instance_status]
     end
 
-    # The time when a stopped DB instance is restarted automatically.
-    # @return [Time]
-    def automatic_restart_time
-      data[:automatic_restart_time]
-    end
-
     # The master username for the DB instance.
     # @return [String]
     def master_username
@@ -159,6 +153,20 @@ module Aws::RDS
       data[:preferred_maintenance_window]
     end
 
+    # This data type represents the order in which the instances are
+    # upgraded.
+    #
+    # * \[first\] - Typically used for development or testing environments.
+    #
+    # * \[second\] - Default order for resources not specifically
+    #   configured.
+    #
+    # * \[last\] - Usually reserved for production environments.
+    # @return [String]
+    def upgrade_rollout_order
+      data[:upgrade_rollout_order]
+    end
+
     # Information about pending changes to the DB instance. This information
     # is returned only when there are pending changes. Specific changes are
     # identified by subelements.
@@ -227,17 +235,20 @@ module Aws::RDS
       data[:read_replica_db_cluster_identifiers]
     end
 
-    # The open mode of an Oracle read replica. The default is
-    # `open-read-only`. For more information, see [Working with Oracle Read
-    # Replicas for Amazon RDS][1] in the *Amazon RDS User Guide*.
+    # The open mode of a Db2 or an Oracle read replica. The default is
+    # `open-read-only`. For more information, see [Working with replicas for
+    # Amazon RDS for Db2][1] and [Working with read replicas for Amazon RDS
+    # for Oracle][2] in the *Amazon RDS User Guide*.
     #
-    # <note markdown="1"> This attribute is only supported in RDS for Oracle.
+    # <note markdown="1"> This attribute is only supported in RDS for Db2, RDS for Oracle, and
+    # RDS Custom for Oracle.
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
+    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-replication.html
+    # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
     # @return [String]
     def replica_mode
       data[:replica_mode]
@@ -257,6 +268,14 @@ module Aws::RDS
       data[:iops]
     end
 
+    # The storage throughput for the DB instance.
+    #
+    # This setting applies only to the `gp3` storage type.
+    # @return [Integer]
+    def storage_throughput
+      data[:storage_throughput]
+    end
+
     # The list of option group memberships for this DB instance.
     # @return [Array<Types::OptionGroupMembership>]
     def option_group_memberships
@@ -577,11 +596,21 @@ module Aws::RDS
       data[:tag_list]
     end
 
-    # The list of replicated automated backups associated with the DB
-    # instance.
-    # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
-    def db_instance_automated_backups_replications
-      data[:db_instance_automated_backups_replications]
+    # The automation mode of the RDS Custom DB instance: `full` or `all
+    # paused`. If `full`, the DB instance automates monitoring and instance
+    # recovery. If `all paused`, the instance pauses automation for the
+    # duration set by `--resume-full-automation-mode-minutes`.
+    # @return [String]
+    def automation_mode
+      data[:automation_mode]
+    end
+
+    # The number of minutes to pause the automation. When the time period
+    # ends, RDS Custom resumes full automation. The minimum value is 60
+    # (default). The maximum value is 1,440.
+    # @return [Time]
+    def resume_full_automation_mode_time
+      data[:resume_full_automation_mode_time]
     end
 
     # Indicates whether a customer-owned IP address (CoIP) is enabled for an
@@ -609,11 +638,25 @@ module Aws::RDS
       data[:customer_owned_ip_enabled]
     end
 
-    # The Amazon Resource Name (ARN) of the recovery point in Amazon Web
-    # Services Backup.
+    # The network type of the DB instance.
+    #
+    # The network type is determined by the `DBSubnetGroup` specified for
+    # the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
+    # or the IPv4 and the IPv6 protocols (`DUAL`).
+    #
+    # For more information, see [ Working with a DB instance in a VPC][1] in
+    # the *Amazon RDS User Guide* and [ Working with a DB instance in a
+    # VPC][2] in the *Amazon Aurora User Guide.*
+    #
+    # Valid Values: `IPV4 | DUAL`
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
+    # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
     # @return [String]
-    def aws_backup_recovery_point_arn
-      data[:aws_backup_recovery_point_arn]
+    def network_type
+      data[:network_type]
     end
 
     # The status of the database activity stream.
@@ -653,21 +696,32 @@ module Aws::RDS
       data[:activity_stream_engine_native_audit_fields_included]
     end
 
-    # The automation mode of the RDS Custom DB instance: `full` or `all
-    # paused`. If `full`, the DB instance automates monitoring and instance
-    # recovery. If `all paused`, the instance pauses automation for the
-    # duration set by `--resume-full-automation-mode-minutes`.
+    # The Amazon Resource Name (ARN) of the recovery point in Amazon Web
+    # Services Backup.
     # @return [String]
-    def automation_mode
-      data[:automation_mode]
+    def aws_backup_recovery_point_arn
+      data[:aws_backup_recovery_point_arn]
     end
 
-    # The number of minutes to pause the automation. When the time period
-    # ends, RDS Custom resumes full automation. The minimum value is 60
-    # (default). The maximum value is 1,440.
+    # The list of replicated automated backups associated with the DB
+    # instance.
+    # @return [Array<Types::DBInstanceAutomatedBackupsReplication>]
+    def db_instance_automated_backups_replications
+      data[:db_instance_automated_backups_replications]
+    end
+
+    # The location where automated backups and manual snapshots are stored:
+    # Dedicated Local Zones, Amazon Web Services Outposts or the Amazon Web
+    # Services Region.
+    # @return [String]
+    def backup_target
+      data[:backup_target]
+    end
+
+    # The time when a stopped DB instance is restarted automatically.
     # @return [Time]
-    def resume_full_automation_mode_time
-      data[:resume_full_automation_mode_time]
+    def automatic_restart_time
+      data[:automatic_restart_time]
     end
 
     # The instance profile associated with the underlying Amazon EC2
@@ -693,46 +747,16 @@ module Aws::RDS
       data[:custom_iam_instance_profile]
     end
 
-    # The location where automated backups and manual snapshots are stored:
-    # Amazon Web Services Outposts or the Amazon Web Services Region.
-    # @return [String]
-    def backup_target
-      data[:backup_target]
-    end
-
-    # The network type of the DB instance.
-    #
-    # The network type is determined by the `DBSubnetGroup` specified for
-    # the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
-    # or the IPv4 and the IPv6 protocols (`DUAL`).
-    #
-    # For more information, see [ Working with a DB instance in a VPC][1] in
-    # the *Amazon RDS User Guide* and [ Working with a DB instance in a
-    # VPC][2] in the *Amazon Aurora User Guide.*
-    #
-    # Valid Values: `IPV4 | DUAL`
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # @return [String]
-    def network_type
-      data[:network_type]
-    end
-
     # The status of the policy state of the activity stream.
     # @return [String]
     def activity_stream_policy_status
       data[:activity_stream_policy_status]
     end
 
-    # The storage throughput for the DB instance.
-    #
-    # This setting applies only to the `gp3` storage type.
-    # @return [Integer]
-    def storage_throughput
-      data[:storage_throughput]
+    # The details of the DB instance's server certificate.
+    # @return [Types::CertificateDetails]
+    def certificate_details
+      data[:certificate_details]
     end
 
     # The Oracle system ID (Oracle SID) for a container database (CDB). The
@@ -757,12 +781,6 @@ module Aws::RDS
       data[:master_user_secret]
     end
 
-    # The details of the DB instance's server certificate.
-    # @return [Types::CertificateDetails]
-    def certificate_details
-      data[:certificate_details]
-    end
-
     # The identifier of the source DB cluster if this DB instance is a read
     # replica.
     # @return [String]
@@ -776,6 +794,13 @@ module Aws::RDS
       data[:percent_progress]
     end
 
+    # Specifies whether the DB instance is in the multi-tenant configuration
+    # (TRUE) or the single-tenant configuration (FALSE).
+    # @return [Boolean]
+    def multi_tenant
+      data[:multi_tenant]
+    end
+
     # Indicates whether the DB instance has a dedicated log volume (DLV)
     # enabled.
     # @return [Boolean]
@@ -797,13 +822,6 @@ module Aws::RDS
       data[:is_storage_config_upgrade_available]
     end
 
-    # Specifies whether the DB instance is in the multi-tenant configuration
-    # (TRUE) or the single-tenant configuration (FALSE).
-    # @return [Boolean]
-    def multi_tenant
-      data[:multi_tenant]
-    end
-
     # The lifecycle type for the DB instance.
     #
     # For more information, see CreateDBInstance.
@@ -958,7 +976,7 @@ module Aws::RDS
     #     db_instance_class: "String", # required
     #     engine: "String", # required
     #     master_username: "String",
-    #     master_user_password: "String",
+    #     master_user_password: "SensitiveString",
     #     db_security_groups: ["String"],
     #     vpc_security_group_ids: ["String"],
     #     availability_zone: "String",
@@ -973,6 +991,7 @@ module Aws::RDS
     #     auto_minor_version_upgrade: false,
     #     license_model: "String",
     #     iops: 1,
+    #     storage_throughput: 1,
     #     option_group_name: "String",
     #     character_set_name: "String",
     #     nchar_character_set_name: "String",
@@ -986,7 +1005,7 @@ module Aws::RDS
     #     db_cluster_identifier: "String",
     #     storage_type: "String",
     #     tde_credential_arn: "String",
-    #     tde_credential_password: "String",
+    #     tde_credential_password: "SensitiveString",
     #     storage_encrypted: false,
     #     kms_key_id: "String",
     #     domain: "String",
@@ -1015,17 +1034,17 @@ module Aws::RDS
     #     deletion_protection: false,
     #     max_allocated_storage: 1,
     #     enable_customer_owned_ip: false,
-    #     custom_iam_instance_profile: "String",
-    #     backup_target: "String",
     #     network_type: "String",
-    #     storage_throughput: 1,
+    #     backup_target: "String",
+    #     custom_iam_instance_profile: "String",
+    #     db_system_id: "String",
+    #     ca_certificate_identifier: "String",
     #     manage_master_user_password: false,
     #     master_user_secret_kms_key_id: "String",
-    #     ca_certificate_identifier: "String",
-    #     db_system_id: "String",
-    #     dedicated_log_volume: false,
     #     multi_tenant: false,
+    #     dedicated_log_volume: false,
     #     engine_lifecycle_support: "String",
+    #     master_user_authentication_type: "password", # accepts password, iam-db-auth
     #   })
     # @param [Hash] options ({})
     # @option options [String] :db_name
@@ -1547,12 +1566,8 @@ module Aws::RDS
     #   set the `AvailabilityZone` parameter if the DB instance is a Multi-AZ
     #   deployment.
     #
-    #   This setting doesn't apply to the following DB instances:
-    #
-    #   * Amazon Aurora (DB instance Availability Zones (AZs) are managed by
-    #     the DB cluster.)
-    #
-    #   * RDS Custom
+    #   This setting doesn't apply to Amazon Aurora because the DB instance
+    #   Availability Zones (AZs) are managed by the DB cluster.
     # @option options [String] :engine_version
     #   The version number of the database engine to use.
     #
@@ -1639,7 +1654,7 @@ module Aws::RDS
     #   The license model information for this DB instance.
     #
     #   <note markdown="1"> License models for RDS for Db2 require additional configuration. The
-    #   Bring Your Own License (BYOL) model requires a custom parameter group
+    #   bring your own license (BYOL) model requires a custom parameter group
     #   and an Amazon Web Services License Manager self-managed license. The
     #   Db2 license through Amazon Web Services Marketplace model requires an
     #   Amazon Web Services Marketplace subscription. For more information,
@@ -1691,6 +1706,14 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html
+    # @option options [Integer] :storage_throughput
+    #   The storage throughput value, in mebibyte per second (MiBps), for the
+    #   DB instance.
+    #
+    #   This setting applies only to the `gp3` storage type.
+    #
+    #   This setting doesn't apply to Amazon Aurora or RDS Custom DB
+    #   instances.
     # @option options [String] :option_group_name
     #   The option group to associate the DB instance with.
     #
@@ -1720,37 +1743,28 @@ module Aws::RDS
     #   Specifies whether the DB instance is publicly accessible.
     #
     #   When the DB instance is publicly accessible and you connect from
-    #   outside of the DB instance's virtual private cloud (VPC), its Domain
-    #   Name System (DNS) endpoint resolves to the public IP address. When you
+    #   outside of the DB instance's virtual private cloud (VPC), its domain
+    #   name system (DNS) endpoint resolves to the public IP address. When you
     #   connect from within the same VPC as the DB instance, the endpoint
     #   resolves to the private IP address. Access to the DB instance is
-    #   ultimately controlled by the security group it uses. That public
-    #   access is not permitted if the security group assigned to the DB
-    #   instance doesn't permit it.
+    #   controlled by its security group settings.
     #
     #   When the DB instance isn't publicly accessible, it is an internal DB
     #   instance with a DNS name that resolves to a private IP address.
     #
-    #   Default: The default behavior varies depending on whether
-    #   `DBSubnetGroupName` is specified.
-    #
-    #   If `DBSubnetGroupName` isn't specified, and `PubliclyAccessible`
-    #   isn't specified, the following applies:
-    #
-    #   * If the default VPC in the target Region doesn’t have an internet
-    #     gateway attached to it, the DB instance is private.
+    #   The default behavior when `PubliclyAccessible` is not specified
+    #   depends on whether a `DBSubnetGroup` is specified.
     #
-    #   * If the default VPC in the target Region has an internet gateway
-    #     attached to it, the DB instance is public.
+    #   If `DBSubnetGroup` isn't specified, `PubliclyAccessible` defaults to
+    #   `false` for Aurora instances and `true` for non-Aurora instances.
     #
-    #   If `DBSubnetGroupName` is specified, and `PubliclyAccessible` isn't
-    #   specified, the following applies:
+    #   If `DBSubnetGroup` is specified, `PubliclyAccessible` defaults to
+    #   `false` unless the value of `DBSubnetGroup` is `default`, in which
+    #   case `PubliclyAccessible` defaults to `true`.
     #
-    #   * If the subnets are part of a VPC that doesn’t have an internet
-    #     gateway attached to it, the DB instance is private.
-    #
-    #   * If the subnets are part of a VPC that has an internet gateway
-    #     attached to it, the DB instance is public.
+    #   If `PubliclyAccessible` is true and the VPC that the `DBSubnetGroup`
+    #   is in doesn't have an internet gateway attached to it, Amazon RDS
+    #   returns an error.
     # @option options [Array<Types::Tag>] :tags
     #   Tags to assign to the DB instance.
     # @option options [String] :db_cluster_identifier
@@ -2094,33 +2108,28 @@ module Aws::RDS
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
     #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
-    # @option options [String] :custom_iam_instance_profile
-    #   The instance profile associated with the underlying Amazon EC2
-    #   instance of an RDS Custom DB instance.
-    #
-    #   This setting is required for RDS Custom.
-    #
-    #   Constraints:
-    #
-    #   * The profile must exist in your account.
+    # @option options [String] :network_type
+    #   The network type of the DB instance.
     #
-    #   * The profile must have an IAM role that Amazon EC2 has permissions to
-    #     assume.
+    #   The network type is determined by the `DBSubnetGroup` specified for
+    #   the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
+    #   or the IPv4 and the IPv6 protocols (`DUAL`).
     #
-    #   * The instance profile name and the associated IAM role name must
-    #     start with the prefix `AWSRDSCustom`.
+    #   For more information, see [ Working with a DB instance in a VPC][1] in
+    #   the *Amazon RDS User Guide.*
     #
-    #   For the list of permissions required for the IAM role, see [ Configure
-    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
+    #   Valid Values: `IPV4 | DUAL`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
     # @option options [String] :backup_target
     #   The location for storing automated backups and manual snapshots.
     #
     #   Valid Values:
     #
+    #   * `local` (Dedicated Local Zone)
+    #
     #   * `outposts` (Amazon Web Services Outposts)
     #
     #   * `region` (Amazon Web Services Region)
@@ -2133,42 +2142,63 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
-    # @option options [String] :network_type
-    #   The network type of the DB instance.
-    #
-    #   The network type is determined by the `DBSubnetGroup` specified for
-    #   the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
-    #   or the IPv4 and the IPv6 protocols (`DUAL`).
+    # @option options [String] :custom_iam_instance_profile
+    #   The instance profile associated with the underlying Amazon EC2
+    #   instance of an RDS Custom DB instance.
     #
-    #   For more information, see [ Working with a DB instance in a VPC][1] in
-    #   the *Amazon RDS User Guide.*
+    #   This setting is required for RDS Custom.
     #
-    #   Valid Values: `IPV4 | DUAL`
+    #   Constraints:
     #
+    #   * The profile must exist in your account.
     #
+    #   * The profile must have an IAM role that Amazon EC2 has permissions to
+    #     assume.
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # @option options [Integer] :storage_throughput
-    #   The storage throughput value, in mebibyte per second (MiBps), for the
-    #   DB instance.
+    #   * The instance profile name and the associated IAM role name must
+    #     start with the prefix `AWSRDSCustom`.
     #
-    #   This setting applies only to the `gp3` storage type.
+    #   For the list of permissions required for the IAM role, see [ Configure
+    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
     #
-    #   This setting doesn't apply to Amazon Aurora or RDS Custom DB
-    #   instances.
-    # @option options [Boolean] :manage_master_user_password
-    #   Specifies whether to manage the master user password with Amazon Web
-    #   Services Secrets Manager.
     #
-    #   For more information, see [Password management with Amazon Web
-    #   Services Secrets Manager][1] in the *Amazon RDS User Guide.*
     #
-    #   Constraints:
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
+    # @option options [String] :db_system_id
+    #   The Oracle system identifier (SID), which is the name of the Oracle
+    #   database instance that manages your database files. In this context,
+    #   the term "Oracle database instance" refers exclusively to the system
+    #   global area (SGA) and Oracle background processes. If you don't
+    #   specify a SID, the value defaults to `RDSCDB`. The Oracle SID is also
+    #   the name of your CDB.
+    # @option options [String] :ca_certificate_identifier
+    #   The CA certificate identifier to use for the DB instance's server
+    #   certificate.
     #
-    #   * Can't manage the master user password with Amazon Web Services
-    #     Secrets Manager if `MasterUserPassword` is specified.
+    #   This setting doesn't apply to RDS Custom DB instances.
     #
-    #   ^
+    #   For more information, see [Using SSL/TLS to encrypt a connection to a
+    #   DB instance][1] in the *Amazon RDS User Guide* and [ Using SSL/TLS to
+    #   encrypt a connection to a DB cluster][2] in the *Amazon Aurora User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
+    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html
+    # @option options [Boolean] :manage_master_user_password
+    #   Specifies whether to manage the master user password with Amazon Web
+    #   Services Secrets Manager.
+    #
+    #   For more information, see [Password management with Amazon Web
+    #   Services Secrets Manager][1] in the *Amazon RDS User Guide.*
+    #
+    #   Constraints:
+    #
+    #   * Can't manage the master user password with Amazon Web Services
+    #     Secrets Manager if `MasterUserPassword` is specified.
+    #
+    #   ^
     #
     #
     #
@@ -2195,31 +2225,6 @@ module Aws::RDS
     #   There is a default KMS key for your Amazon Web Services account. Your
     #   Amazon Web Services account has a different default KMS key for each
     #   Amazon Web Services Region.
-    # @option options [String] :ca_certificate_identifier
-    #   The CA certificate identifier to use for the DB instance's server
-    #   certificate.
-    #
-    #   This setting doesn't apply to RDS Custom DB instances.
-    #
-    #   For more information, see [Using SSL/TLS to encrypt a connection to a
-    #   DB instance][1] in the *Amazon RDS User Guide* and [ Using SSL/TLS to
-    #   encrypt a connection to a DB cluster][2] in the *Amazon Aurora User
-    #   Guide*.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
-    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html
-    # @option options [String] :db_system_id
-    #   The Oracle system identifier (SID), which is the name of the Oracle
-    #   database instance that manages your database files. In this context,
-    #   the term "Oracle database instance" refers exclusively to the system
-    #   global area (SGA) and Oracle background processes. If you don't
-    #   specify a SID, the value defaults to `RDSCDB`. The Oracle SID is also
-    #   the name of your CDB.
-    # @option options [Boolean] :dedicated_log_volume
-    #   Indicates whether the DB instance has a dedicated log volume (DLV)
-    #   enabled.
     # @option options [Boolean] :multi_tenant
     #   Specifies whether to use the multi-tenant configuration or the
     #   single-tenant configuration (default). This parameter only applies to
@@ -2235,6 +2240,9 @@ module Aws::RDS
     #   * If you specify the multi-tenant configuration when you create your
     #     DB instance, you can't later modify this DB instance to use the
     #     single-tenant configuration.
+    # @option options [Boolean] :dedicated_log_volume
+    #   Indicates whether the DB instance has a dedicated log volume (DLV)
+    #   enabled.
     # @option options [String] :engine_lifecycle_support
     #   The life cycle type for this DB instance.
     #
@@ -2266,6 +2274,19 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html
+    # @option options [String] :master_user_authentication_type
+    #   Specifies the authentication type for the master user. With IAM master
+    #   user authentication, you can configure the master DB user with IAM
+    #   database authentication when you create a DB instance.
+    #
+    #   You can specify one of the following values:
+    #
+    #   * `password` - Use standard database authentication with a password.
+    #
+    #   * `iam-db-auth` - Use IAM database authentication for the master user.
+    #
+    #   This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL
+    #   engines.
     # @return [DBInstance]
     def create(options = {})
       options = options.merge(db_instance_identifier: @id)
@@ -2289,6 +2310,7 @@ module Aws::RDS
     #     multi_az: false,
     #     auto_minor_version_upgrade: false,
     #     iops: 1,
+    #     storage_throughput: 1,
     #     option_group_name: "String",
     #     db_parameter_group_name: "String",
     #     publicly_accessible: false,
@@ -2305,7 +2327,7 @@ module Aws::RDS
     #     monitoring_interval: 1,
     #     monitoring_role_arn: "String",
     #     kms_key_id: "String",
-    #     pre_signed_url: "String",
+    #     pre_signed_url: "SensitiveString",
     #     enable_iam_database_authentication: false,
     #     database_insights_mode: "standard", # accepts standard, advanced
     #     enable_performance_insights: false,
@@ -2327,11 +2349,11 @@ module Aws::RDS
     #     domain_auth_secret_arn: "String",
     #     domain_dns_ips: ["String"],
     #     replica_mode: "open-read-only", # accepts open-read-only, mounted
+    #     enable_customer_owned_ip: false,
+    #     network_type: "String",
     #     max_allocated_storage: 1,
+    #     backup_target: "String",
     #     custom_iam_instance_profile: "String",
-    #     network_type: "String",
-    #     storage_throughput: 1,
-    #     enable_customer_owned_ip: false,
     #     allocated_storage: 1,
     #     source_db_cluster_identifier: "String",
     #     dedicated_log_volume: false,
@@ -2396,6 +2418,11 @@ module Aws::RDS
     # @option options [Integer] :iops
     #   The amount of Provisioned IOPS (input/output operations per second) to
     #   initially allocate for the DB instance.
+    # @option options [Integer] :storage_throughput
+    #   Specifies the storage throughput value for the read replica.
+    #
+    #   This setting doesn't apply to RDS Custom or Amazon Aurora DB
+    #   instances.
     # @option options [String] :option_group_name
     #   The option group to associate the DB instance with. If not specified,
     #   RDS uses the option group associated with the source DB instance or
@@ -2411,6 +2438,16 @@ module Aws::RDS
     #   The name of the DB parameter group to associate with this read replica
     #   DB instance.
     #
+    #   For the Db2 DB engine, if your source DB instance uses the bring your
+    #   own license (BYOL) model, then a custom parameter group must be
+    #   associated with the replica. For a same Amazon Web Services Region
+    #   replica, if you don't specify a custom parameter group, Amazon RDS
+    #   associates the custom parameter group associated with the source DB
+    #   instance. For a cross-Region replica, you must specify a custom
+    #   parameter group. This custom parameter group must include your IBM
+    #   Site ID and IBM Customer ID. For more information, see [IBM IDs for
+    #   bring your own license (BYOL) for Db2][1].
+    #
     #   For Single-AZ or Multi-AZ DB instance read replica instances, if you
     #   don't specify a value for `DBParameterGroupName`, then Amazon RDS
     #   uses the `DBParameterGroup` of the source DB instance for a same
@@ -2423,9 +2460,9 @@ module Aws::RDS
     #
     #   Specifying a parameter group for this operation is only supported for
     #   MySQL DB instances for cross-Region read replicas, for Multi-AZ DB
-    #   cluster read replica instances, and for Oracle DB instances. It isn't
-    #   supported for MySQL DB instances for same Region read replicas or for
-    #   RDS Custom.
+    #   cluster read replica instances, for Db2 DB instances, and for Oracle
+    #   DB instances. It isn't supported for MySQL DB instances for same
+    #   Region read replicas or for RDS Custom.
     #
     #   Constraints:
     #
@@ -2434,6 +2471,10 @@ module Aws::RDS
     #   * First character must be a letter.
     #
     #   * Can't end with a hyphen or contain two consecutive hyphens.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html#db2-prereqs-ibm-info
     # @option options [Boolean] :publicly_accessible
     #   Specifies whether the DB instance is publicly accessible.
     #
@@ -2782,63 +2823,68 @@ module Aws::RDS
     #
     #   Example: `123.124.125.126,234.235.236.237`
     # @option options [String] :replica_mode
-    #   The open mode of the replica database: mounted or read-only.
-    #
-    #   <note markdown="1"> This parameter is only supported for Oracle DB instances.
+    #   The open mode of the replica database.
     #
-    #    </note>
-    #
-    #   Mounted DB replicas are included in Oracle Database Enterprise
-    #   Edition. The main use case for mounted replicas is cross-Region
-    #   disaster recovery. The primary database doesn't use Active Data Guard
-    #   to transmit information to the mounted replica. Because it doesn't
-    #   accept user connections, a mounted replica can't serve a read-only
-    #   workload.
+    #   This parameter is only supported for Db2 DB instances and Oracle DB
+    #   instances.
     #
-    #   You can create a combination of mounted and read-only DB replicas for
-    #   the same primary DB instance. For more information, see [Working with
-    #   Oracle Read Replicas for Amazon RDS][1] in the *Amazon RDS User
-    #   Guide*.
+    #   Db2
     #
-    #   For RDS Custom, you must specify this parameter and set it to
-    #   `mounted`. The value won't be set by default. After replica creation,
-    #   you can manage the open mode manually.
+    #   : Standby DB replicas are included in Db2 Advanced Edition (AE) and
+    #     Db2 Standard Edition (SE). The main use case for standby replicas is
+    #     cross-Region disaster recovery. Because it doesn't accept user
+    #     connections, a standby replica can't serve a read-only workload.
     #
+    #     You can create a combination of standby and read-only DB replicas
+    #     for the same primary DB instance. For more information, see [Working
+    #     with replicas for Amazon RDS for Db2][1] in the *Amazon RDS User
+    #     Guide*.
     #
+    #     To create standby DB replicas for RDS for Db2, set this parameter to
+    #     `mounted`.
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
-    # @option options [Integer] :max_allocated_storage
-    #   The upper limit in gibibytes (GiB) to which Amazon RDS can
-    #   automatically scale the storage of the DB instance.
+    #   Oracle
     #
-    #   For more information about this setting, including limitations that
-    #   apply to it, see [ Managing capacity automatically with Amazon RDS
-    #   storage autoscaling][1] in the *Amazon RDS User Guide*.
+    #   : Mounted DB replicas are included in Oracle Database Enterprise
+    #     Edition. The main use case for mounted replicas is cross-Region
+    #     disaster recovery. The primary database doesn't use Active Data
+    #     Guard to transmit information to the mounted replica. Because it
+    #     doesn't accept user connections, a mounted replica can't serve a
+    #     read-only workload.
     #
+    #     You can create a combination of mounted and read-only DB replicas
+    #     for the same primary DB instance. For more information, see [Working
+    #     with read replicas for Amazon RDS for Oracle][2] in the *Amazon RDS
+    #     User Guide*.
     #
+    #     For RDS Custom, you must specify this parameter and set it to
+    #     `mounted`. The value won't be set by default. After replica
+    #     creation, you can manage the open mode manually.
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling
-    # @option options [String] :custom_iam_instance_profile
-    #   The instance profile associated with the underlying Amazon EC2
-    #   instance of an RDS Custom DB instance. The instance profile must meet
-    #   the following requirements:
     #
-    #   * The profile must exist in your account.
     #
-    #   * The profile must have an IAM role that Amazon EC2 has permissions to
-    #     assume.
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-replication.html
+    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
+    # @option options [Boolean] :enable_customer_owned_ip
+    #   Specifies whether to enable a customer-owned IP address (CoIP) for an
+    #   RDS on Outposts read replica.
     #
-    #   * The instance profile name and the associated IAM role name must
-    #     start with the prefix `AWSRDSCustom`.
+    #   A *CoIP* provides local or external connectivity to resources in your
+    #   Outpost subnets through your on-premises network. For some use cases,
+    #   a CoIP can provide lower latency for connections to the read replica
+    #   from outside of its virtual private cloud (VPC) on your local network.
     #
-    #   For the list of permissions required for the IAM role, see [ Configure
-    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
+    #   For more information about RDS on Outposts, see [Working with Amazon
+    #   RDS on Amazon Web Services Outposts][1] in the *Amazon RDS User
+    #   Guide*.
     #
-    #   This setting is required for RDS Custom DB instances.
+    #   For more information about CoIPs, see [Customer-owned IP addresses][2]
+    #   in the *Amazon Web Services Outposts User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
+    #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
     # @option options [String] :network_type
     #   The network type of the DB instance.
     #
@@ -2858,31 +2904,46 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # @option options [Integer] :storage_throughput
-    #   Specifies the storage throughput value for the read replica.
+    # @option options [Integer] :max_allocated_storage
+    #   The upper limit in gibibytes (GiB) to which Amazon RDS can
+    #   automatically scale the storage of the DB instance.
     #
-    #   This setting doesn't apply to RDS Custom or Amazon Aurora DB
-    #   instances.
-    # @option options [Boolean] :enable_customer_owned_ip
-    #   Specifies whether to enable a customer-owned IP address (CoIP) for an
-    #   RDS on Outposts read replica.
+    #   For more information about this setting, including limitations that
+    #   apply to it, see [ Managing capacity automatically with Amazon RDS
+    #   storage autoscaling][1] in the *Amazon RDS User Guide*.
     #
-    #   A *CoIP* provides local or external connectivity to resources in your
-    #   Outpost subnets through your on-premises network. For some use cases,
-    #   a CoIP can provide lower latency for connections to the read replica
-    #   from outside of its virtual private cloud (VPC) on your local network.
     #
-    #   For more information about RDS on Outposts, see [Working with Amazon
-    #   RDS on Amazon Web Services Outposts][1] in the *Amazon RDS User
-    #   Guide*.
     #
-    #   For more information about CoIPs, see [Customer-owned IP addresses][2]
-    #   in the *Amazon Web Services Outposts User Guide*.
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling
+    # @option options [String] :backup_target
+    #   The location where RDS stores automated backups and manual snapshots.
     #
+    #   Valid Values:
     #
+    #   * `local` for Dedicated Local Zones
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
-    #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
+    #   * `region` for Amazon Web Services Region
+    # @option options [String] :custom_iam_instance_profile
+    #   The instance profile associated with the underlying Amazon EC2
+    #   instance of an RDS Custom DB instance. The instance profile must meet
+    #   the following requirements:
+    #
+    #   * The profile must exist in your account.
+    #
+    #   * The profile must have an IAM role that Amazon EC2 has permissions to
+    #     assume.
+    #
+    #   * The instance profile name and the associated IAM role name must
+    #     start with the prefix `AWSRDSCustom`.
+    #
+    #   For the list of permissions required for the IAM role, see [ Configure
+    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
+    #
+    #   This setting is required for RDS Custom DB instances.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
     # @option options [Integer] :allocated_storage
     #   The amount of storage (in gibibytes) to allocate initially for the
     #   read replica. Follow the allocation rules specified in
@@ -3075,7 +3136,7 @@ module Aws::RDS
     #     db_security_groups: ["String"],
     #     vpc_security_group_ids: ["String"],
     #     apply_immediately: false,
-    #     master_user_password: "String",
+    #     master_user_password: "SensitiveString",
     #     db_parameter_group_name: "String",
     #     backup_retention_period: 1,
     #     preferred_backup_window: "String",
@@ -3086,24 +3147,25 @@ module Aws::RDS
     #     auto_minor_version_upgrade: false,
     #     license_model: "String",
     #     iops: 1,
+    #     storage_throughput: 1,
     #     option_group_name: "String",
     #     new_db_instance_identifier: "String",
     #     storage_type: "String",
     #     tde_credential_arn: "String",
-    #     tde_credential_password: "String",
+    #     tde_credential_password: "SensitiveString",
     #     ca_certificate_identifier: "String",
     #     domain: "String",
     #     domain_fqdn: "String",
     #     domain_ou: "String",
     #     domain_auth_secret_arn: "String",
     #     domain_dns_ips: ["String"],
+    #     disable_domain: false,
     #     copy_tags_to_snapshot: false,
     #     monitoring_interval: 1,
     #     db_port_number: 1,
     #     publicly_accessible: false,
     #     monitoring_role_arn: "String",
     #     domain_iam_role_name: "String",
-    #     disable_domain: false,
     #     promotion_tier: 1,
     #     enable_iam_database_authentication: false,
     #     database_insights_mode: "standard", # accepts standard, advanced
@@ -3125,18 +3187,18 @@ module Aws::RDS
     #     max_allocated_storage: 1,
     #     certificate_rotation_restart: false,
     #     replica_mode: "open-read-only", # accepts open-read-only, mounted
-    #     enable_customer_owned_ip: false,
-    #     aws_backup_recovery_point_arn: "AwsBackupRecoveryPointArn",
     #     automation_mode: "full", # accepts full, all-paused
     #     resume_full_automation_mode_minutes: 1,
+    #     enable_customer_owned_ip: false,
     #     network_type: "String",
-    #     storage_throughput: 1,
+    #     aws_backup_recovery_point_arn: "AwsBackupRecoveryPointArn",
     #     manage_master_user_password: false,
     #     rotate_master_user_password: false,
     #     master_user_secret_kms_key_id: "String",
-    #     engine: "String",
-    #     dedicated_log_volume: false,
     #     multi_tenant: false,
+    #     dedicated_log_volume: false,
+    #     engine: "String",
+    #     master_user_authentication_type: "password", # accepts password, iam-db-auth
     #   })
     # @param [Hash] options ({})
     # @option options [Integer] :allocated_storage
@@ -3560,6 +3622,13 @@ module Aws::RDS
     #     `AllocatedStorage`.
     #
     #   Default: Uses existing setting
+    # @option options [Integer] :storage_throughput
+    #   The storage throughput value for the DB instance.
+    #
+    #   This setting applies only to the `gp3` storage type.
+    #
+    #   This setting doesn't apply to Amazon Aurora or RDS Custom DB
+    #   instances.
     # @option options [String] :option_group_name
     #   The option group to associate the DB instance with.
     #
@@ -3678,7 +3747,7 @@ module Aws::RDS
     #
     #   * Must be in the distinguished name format.
     #
-    #   * Can't be longer than 64 characters.
+    #   ^
     #
     #   Example:
     #   `OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain`
@@ -3701,6 +3770,9 @@ module Aws::RDS
     #   ^
     #
     #   Example: `123.124.125.126,234.235.236.237`
+    # @option options [Boolean] :disable_domain
+    #   Specifies whether to remove the DB instance from the Active Directory
+    #   domain.
     # @option options [Boolean] :copy_tags_to_snapshot
     #   Specifies whether to copy all tags from the DB instance to snapshots
     #   of the DB instance. By default, tags aren't copied.
@@ -3799,9 +3871,6 @@ module Aws::RDS
     #   Service.
     #
     #   This setting doesn't apply to RDS Custom DB instances.
-    # @option options [Boolean] :disable_domain
-    #   Specifies whether to remove the DB instance from the Active Directory
-    #   domain.
     # @option options [Integer] :promotion_tier
     #   The order of priority in which an Aurora Replica is promoted to the
     #   primary instance after a failure of the existing primary instance. For
@@ -3986,51 +4055,48 @@ module Aws::RDS
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html
     #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html
     # @option options [String] :replica_mode
-    #   A value that sets the open mode of a replica database to either
-    #   mounted or read-only.
-    #
-    #   <note markdown="1"> Currently, this parameter is only supported for Oracle DB instances.
-    #
-    #    </note>
+    #   The open mode of a replica database.
     #
-    #   Mounted DB replicas are included in Oracle Enterprise Edition. The
-    #   main use case for mounted replicas is cross-Region disaster recovery.
-    #   The primary database doesn't use Active Data Guard to transmit
-    #   information to the mounted replica. Because it doesn't accept user
-    #   connections, a mounted replica can't serve a read-only workload. For
-    #   more information, see [Working with Oracle Read Replicas for Amazon
-    #   RDS][1] in the *Amazon RDS User Guide*.
+    #   This parameter is only supported for Db2 DB instances and Oracle DB
+    #   instances.
     #
-    #   This setting doesn't apply to RDS Custom DB instances.
+    #   Db2
     #
+    #   : Standby DB replicas are included in Db2 Advanced Edition (AE) and
+    #     Db2 Standard Edition (SE). The main use case for standby replicas is
+    #     cross-Region disaster recovery. Because it doesn't accept user
+    #     connections, a standby replica can't serve a read-only workload.
     #
+    #     You can create a combination of standby and read-only DB replicas
+    #     for the same primary DB instance. For more information, see [Working
+    #     with replicas for Amazon RDS for Db2][1] in the *Amazon RDS User
+    #     Guide*.
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
-    # @option options [Boolean] :enable_customer_owned_ip
-    #   Specifies whether to enable a customer-owned IP address (CoIP) for an
-    #   RDS on Outposts DB instance.
+    #     To create standby DB replicas for RDS for Db2, set this parameter to
+    #     `mounted`.
     #
-    #   A *CoIP* provides local or external connectivity to resources in your
-    #   Outpost subnets through your on-premises network. For some use cases,
-    #   a CoIP can provide lower latency for connections to the DB instance
-    #   from outside of its virtual private cloud (VPC) on your local network.
+    #   Oracle
     #
-    #   For more information about RDS on Outposts, see [Working with Amazon
-    #   RDS on Amazon Web Services Outposts][1] in the *Amazon RDS User
-    #   Guide*.
+    #   : Mounted DB replicas are included in Oracle Database Enterprise
+    #     Edition. The main use case for mounted replicas is cross-Region
+    #     disaster recovery. The primary database doesn't use Active Data
+    #     Guard to transmit information to the mounted replica. Because it
+    #     doesn't accept user connections, a mounted replica can't serve a
+    #     read-only workload.
     #
-    #   For more information about CoIPs, see [Customer-owned IP addresses][2]
-    #   in the *Amazon Web Services Outposts User Guide*.
+    #     You can create a combination of mounted and read-only DB replicas
+    #     for the same primary DB instance. For more information, see [Working
+    #     with read replicas for Amazon RDS for Oracle][2] in the *Amazon RDS
+    #     User Guide*.
     #
+    #     For RDS Custom, you must specify this parameter and set it to
+    #     `mounted`. The value won't be set by default. After replica
+    #     creation, you can manage the open mode manually.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
-    #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
-    # @option options [String] :aws_backup_recovery_point_arn
-    #   The Amazon Resource Name (ARN) of the recovery point in Amazon Web
-    #   Services Backup.
     #
-    #   This setting doesn't apply to RDS Custom DB instances.
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-replication.html
+    #   [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html
     # @option options [String] :automation_mode
     #   The automation mode of the RDS Custom DB instance. If `full`, the DB
     #   instance automates monitoring and instance recovery. If `all paused`,
@@ -4047,6 +4113,26 @@ module Aws::RDS
     #   * Must be at least 60.
     #
     #   * Must be no more than 1,440.
+    # @option options [Boolean] :enable_customer_owned_ip
+    #   Specifies whether to enable a customer-owned IP address (CoIP) for an
+    #   RDS on Outposts DB instance.
+    #
+    #   A *CoIP* provides local or external connectivity to resources in your
+    #   Outpost subnets through your on-premises network. For some use cases,
+    #   a CoIP can provide lower latency for connections to the DB instance
+    #   from outside of its virtual private cloud (VPC) on your local network.
+    #
+    #   For more information about RDS on Outposts, see [Working with Amazon
+    #   RDS on Amazon Web Services Outposts][1] in the *Amazon RDS User
+    #   Guide*.
+    #
+    #   For more information about CoIPs, see [Customer-owned IP addresses][2]
+    #   in the *Amazon Web Services Outposts User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
+    #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
     # @option options [String] :network_type
     #   The network type of the DB instance.
     #
@@ -4062,13 +4148,11 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # @option options [Integer] :storage_throughput
-    #   The storage throughput value for the DB instance.
-    #
-    #   This setting applies only to the `gp3` storage type.
+    # @option options [String] :aws_backup_recovery_point_arn
+    #   The Amazon Resource Name (ARN) of the recovery point in Amazon Web
+    #   Services Backup.
     #
-    #   This setting doesn't apply to Amazon Aurora or RDS Custom DB
-    #   instances.
+    #   This setting doesn't apply to RDS Custom DB instances.
     # @option options [Boolean] :manage_master_user_password
     #   Specifies whether to manage the master user password with Amazon Web
     #   Services Secrets Manager.
@@ -4155,6 +4239,25 @@ module Aws::RDS
     #   There is a default KMS key for your Amazon Web Services account. Your
     #   Amazon Web Services account has a different default KMS key for each
     #   Amazon Web Services Region.
+    # @option options [Boolean] :multi_tenant
+    #   Specifies whether the to convert your DB instance from the
+    #   single-tenant configuration to the multi-tenant configuration. This
+    #   parameter is supported only for RDS for Oracle CDB instances.
+    #
+    #   During the conversion, RDS creates an initial tenant database and
+    #   associates the DB name, master user name, character set, and national
+    #   character set metadata with this database. The tags associated with
+    #   the instance also propagate to the initial tenant database. You can
+    #   add more tenant databases to your DB instance by using the
+    #   `CreateTenantDatabase` operation.
+    #
+    #   The conversion to the multi-tenant configuration is permanent and
+    #   irreversible, so you can't later convert back to the single-tenant
+    #   configuration. When you specify this parameter, you must also specify
+    #   `ApplyImmediately`.
+    # @option options [Boolean] :dedicated_log_volume
+    #   Indicates whether the DB instance has a dedicated log volume (DLV)
+    #   enabled.
     # @option options [String] :engine
     #   The target Oracle DB engine when you convert a non-CDB to a CDB. This
     #   intermediate step is necessary to upgrade an Oracle Database 19c
@@ -4182,25 +4285,19 @@ module Aws::RDS
     #     parameter group. To avoid reverting to the default, specify a new
     #     parameter group with `--db-parameter-group-name` and a new option
     #     group with `--option-group-name`.
-    # @option options [Boolean] :dedicated_log_volume
-    #   Indicates whether the DB instance has a dedicated log volume (DLV)
-    #   enabled.
-    # @option options [Boolean] :multi_tenant
-    #   Specifies whether the to convert your DB instance from the
-    #   single-tenant configuration to the multi-tenant configuration. This
-    #   parameter is supported only for RDS for Oracle CDB instances.
+    # @option options [String] :master_user_authentication_type
+    #   Specifies the authentication type for the master user. With IAM master
+    #   user authentication, you can change the master DB user to use IAM
+    #   database authentication.
     #
-    #   During the conversion, RDS creates an initial tenant database and
-    #   associates the DB name, master user name, character set, and national
-    #   character set metadata with this database. The tags associated with
-    #   the instance also propagate to the initial tenant database. You can
-    #   add more tenant databases to your DB instance by using the
-    #   `CreateTenantDatabase` operation.
+    #   You can specify one of the following values:
     #
-    #   The conversion to the multi-tenant configuration is permanent and
-    #   irreversible, so you can't later convert back to the single-tenant
-    #   configuration. When you specify this parameter, you must also specify
-    #   `ApplyImmediately`.
+    #   * `password` - Use standard database authentication with a password.
+    #
+    #   * `iam-db-auth` - Use IAM database authentication for the master user.
+    #
+    #   This option is only valid for RDS for PostgreSQL and Aurora PostgreSQL
+    #   engines.
     # @return [DBInstance]
     def modify(options = {})
       options = options.merge(db_instance_identifier: @id)
@@ -4310,6 +4407,7 @@ module Aws::RDS
     #     db_name: "String",
     #     engine: "String",
     #     iops: 1,
+    #     storage_throughput: 1,
     #     option_group_name: "String",
     #     copy_tags_to_snapshot: false,
     #     tags: [
@@ -4320,7 +4418,7 @@ module Aws::RDS
     #     ],
     #     storage_type: "String",
     #     tde_credential_arn: "String",
-    #     tde_credential_password: "String",
+    #     tde_credential_password: "SensitiveString",
     #     vpc_security_group_ids: ["String"],
     #     domain: "String",
     #     domain_iam_role_name: "String",
@@ -4341,12 +4439,11 @@ module Aws::RDS
     #     deletion_protection: false,
     #     source_dbi_resource_id: "String",
     #     max_allocated_storage: 1,
-    #     source_db_instance_automated_backups_arn: "String",
     #     enable_customer_owned_ip: false,
-    #     custom_iam_instance_profile: "String",
-    #     backup_target: "String",
     #     network_type: "String",
-    #     storage_throughput: 1,
+    #     source_db_instance_automated_backups_arn: "String",
+    #     backup_target: "String",
+    #     custom_iam_instance_profile: "String",
     #     allocated_storage: 1,
     #     dedicated_log_volume: false,
     #     ca_certificate_identifier: "String",
@@ -4475,7 +4572,7 @@ module Aws::RDS
     #   The license model information for the restored DB instance.
     #
     #   <note markdown="1"> License models for RDS for Db2 require additional configuration. The
-    #   Bring Your Own License (BYOL) model requires a custom parameter group
+    #   bring your own license (BYOL) model requires a custom parameter group
     #   and an Amazon Web Services License Manager self-managed license. The
     #   Db2 license through Amazon Web Services Marketplace model requires an
     #   Amazon Web Services Marketplace subscription. For more information,
@@ -4569,6 +4666,10 @@ module Aws::RDS
     #   * Must be an integer greater than 1000.
     #
     #   ^
+    # @option options [Integer] :storage_throughput
+    #   The storage throughput value for the DB instance.
+    #
+    #   This setting doesn't apply to RDS Custom or Amazon Aurora.
     # @option options [String] :option_group_name
     #   The name of the option group to use for the restored DB instance.
     #
@@ -4762,12 +4863,6 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling
-    # @option options [String] :source_db_instance_automated_backups_arn
-    #   The Amazon Resource Name (ARN) of the replicated automated backups
-    #   from which to restore, for example,
-    #   `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
-    #
-    #   This setting doesn't apply to RDS Custom.
     # @option options [Boolean] :enable_customer_owned_ip
     #   Specifies whether to enable a customer-owned IP address (CoIP) for an
     #   RDS on Outposts DB instance.
@@ -4790,33 +4885,39 @@ module Aws::RDS
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
     #   [2]: https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing
-    # @option options [String] :custom_iam_instance_profile
-    #   The instance profile associated with the underlying Amazon EC2
-    #   instance of an RDS Custom DB instance. The instance profile must meet
-    #   the following requirements:
+    # @option options [String] :network_type
+    #   The network type of the DB instance.
     #
-    #   * The profile must exist in your account.
+    #   The network type is determined by the `DBSubnetGroup` specified for
+    #   the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
+    #   or the IPv4 and the IPv6 protocols (`DUAL`).
     #
-    #   * The profile must have an IAM role that Amazon EC2 has permissions to
-    #     assume.
+    #   For more information, see [ Working with a DB instance in a VPC][1] in
+    #   the *Amazon RDS User Guide.*
     #
-    #   * The instance profile name and the associated IAM role name must
-    #     start with the prefix `AWSRDSCustom`.
+    #   Valid Values:
     #
-    #   For the list of permissions required for the IAM role, see [ Configure
-    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
+    #   * `IPV4`
     #
-    #   This setting is required for RDS Custom.
+    #   * `DUAL`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
+    # @option options [String] :source_db_instance_automated_backups_arn
+    #   The Amazon Resource Name (ARN) of the replicated automated backups
+    #   from which to restore, for example,
+    #   `arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`.
+    #
+    #   This setting doesn't apply to RDS Custom.
     # @option options [String] :backup_target
     #   The location for storing automated backups and manual snapshots for
     #   the restored DB instance.
     #
     #   Valid Values:
     #
+    #   * `local` (Dedicated Local Zone)
+    #
     #   * `outposts` (Amazon Web Services Outposts)
     #
     #   * `region` (Amazon Web Services Region)
@@ -4829,29 +4930,27 @@ module Aws::RDS
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html
-    # @option options [String] :network_type
-    #   The network type of the DB instance.
-    #
-    #   The network type is determined by the `DBSubnetGroup` specified for
-    #   the DB instance. A `DBSubnetGroup` can support only the IPv4 protocol
-    #   or the IPv4 and the IPv6 protocols (`DUAL`).
+    # @option options [String] :custom_iam_instance_profile
+    #   The instance profile associated with the underlying Amazon EC2
+    #   instance of an RDS Custom DB instance. The instance profile must meet
+    #   the following requirements:
     #
-    #   For more information, see [ Working with a DB instance in a VPC][1] in
-    #   the *Amazon RDS User Guide.*
+    #   * The profile must exist in your account.
     #
-    #   Valid Values:
+    #   * The profile must have an IAM role that Amazon EC2 has permissions to
+    #     assume.
     #
-    #   * `IPV4`
+    #   * The instance profile name and the associated IAM role name must
+    #     start with the prefix `AWSRDSCustom`.
     #
-    #   * `DUAL`
+    #   For the list of permissions required for the IAM role, see [ Configure
+    #   IAM and your VPC][1] in the *Amazon RDS User Guide*.
     #
+    #   This setting is required for RDS Custom.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
-    # @option options [Integer] :storage_throughput
-    #   The storage throughput value for the DB instance.
     #
-    #   This setting doesn't apply to RDS Custom or Amazon Aurora.
+    #   [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc
     # @option options [Integer] :allocated_storage
     #   The amount of storage (in gibibytes) to allocate initially for the DB
     #   instance. Follow the allocation rules specified in `CreateDBInstance`.