@aws-sdk/client-rds 3.787.0 → 3.796.0

package/dist-cjs/index.js

@@ -10404,6 +10404,12 @@ var se_CreateTenantDatabaseMessage = /* @__PURE__ */ __name((input, context) =>
   if (input[_NCSN] != null) {
     entries[_NCSN] = input[_NCSN];
   }
+  if (input[_MMUP] != null) {
+    entries[_MMUP] = input[_MMUP];
+  }
+  if (input[_MUSKKI] != null) {
+    entries[_MUSKKI] = input[_MUSKKI];
+  }
   if (input[_T] != null) {
     const memberEntries = se_TagList(input[_T], context);
     if (input[_T]?.length === 0) {
@@ -12789,6 +12795,15 @@ var se_ModifyTenantDatabaseMessage = /* @__PURE__ */ __name((input, context) =>
   if (input[_NTDBN] != null) {
     entries[_NTDBN] = input[_NTDBN];
   }
+  if (input[_MMUP] != null) {
+    entries[_MMUP] = input[_MMUP];
+  }
+  if (input[_RMUP] != null) {
+    entries[_RMUP] = input[_RMUP];
+  }
+  if (input[_MUSKKI] != null) {
+    entries[_MUSKKI] = input[_MUSKKI];
+  }
   return entries;
 }, "se_ModifyTenantDatabaseMessage");
 var se_OptionConfiguration = /* @__PURE__ */ __name((input, context) => {
@@ -13830,6 +13845,12 @@ var se_RestoreDBInstanceFromDBSnapshotMessage = /* @__PURE__ */ __name((input, c
   if (input[_ELS] != null) {
     entries[_ELS] = input[_ELS];
   }
+  if (input[_MMUP] != null) {
+    entries[_MMUP] = input[_MMUP];
+  }
+  if (input[_MUSKKI] != null) {
+    entries[_MUSKKI] = input[_MUSKKI];
+  }
   return entries;
 }, "se_RestoreDBInstanceFromDBSnapshotMessage");
 var se_RestoreDBInstanceFromS3Message = /* @__PURE__ */ __name((input, context) => {
@@ -14202,6 +14223,12 @@ var se_RestoreDBInstanceToPointInTimeMessage = /* @__PURE__ */ __name((input, co
   if (input[_ELS] != null) {
     entries[_ELS] = input[_ELS];
   }
+  if (input[_MMUP] != null) {
+    entries[_MMUP] = input[_MMUP];
+  }
+  if (input[_MUSKKI] != null) {
+    entries[_MUSKKI] = input[_MUSKKI];
+  }
   return entries;
 }, "se_RestoreDBInstanceToPointInTimeMessage");
 var se_RevokeDBSecurityGroupIngressMessage = /* @__PURE__ */ __name((input, context) => {
@@ -20439,6 +20466,9 @@ var de_TenantDatabase = /* @__PURE__ */ __name((output, context) => {
   if (output[_PMV] != null) {
     contents[_PMV] = de_TenantDatabasePendingModifiedValues(output[_PMV], context);
   }
+  if (output[_MUS] != null) {
+    contents[_MUS] = de_MasterUserSecret(output[_MUS], context);
+  }
   if (output.TagList === "") {
     contents[_TL] = [];
   } else if (output[_TL] != null && output[_TL][_Tag] != null) {

package/dist-es/protocols/Aws_query.js

@@ -6974,6 +6974,12 @@ const se_CreateTenantDatabaseMessage = (input, context) => {
     if (input[_NCSN] != null) {
         entries[_NCSN] = input[_NCSN];
     }
+    if (input[_MMUP] != null) {
+        entries[_MMUP] = input[_MMUP];
+    }
+    if (input[_MUSKKI] != null) {
+        entries[_MUSKKI] = input[_MUSKKI];
+    }
     if (input[_T] != null) {
         const memberEntries = se_TagList(input[_T], context);
         if (input[_T]?.length === 0) {
@@ -9361,6 +9367,15 @@ const se_ModifyTenantDatabaseMessage = (input, context) => {
     if (input[_NTDBN] != null) {
         entries[_NTDBN] = input[_NTDBN];
     }
+    if (input[_MMUP] != null) {
+        entries[_MMUP] = input[_MMUP];
+    }
+    if (input[_RMUP] != null) {
+        entries[_RMUP] = input[_RMUP];
+    }
+    if (input[_MUSKKI] != null) {
+        entries[_MUSKKI] = input[_MUSKKI];
+    }
     return entries;
 };
 const se_OptionConfiguration = (input, context) => {
@@ -10402,6 +10417,12 @@ const se_RestoreDBInstanceFromDBSnapshotMessage = (input, context) => {
     if (input[_ELS] != null) {
         entries[_ELS] = input[_ELS];
     }
+    if (input[_MMUP] != null) {
+        entries[_MMUP] = input[_MMUP];
+    }
+    if (input[_MUSKKI] != null) {
+        entries[_MUSKKI] = input[_MUSKKI];
+    }
     return entries;
 };
 const se_RestoreDBInstanceFromS3Message = (input, context) => {
@@ -10774,6 +10795,12 @@ const se_RestoreDBInstanceToPointInTimeMessage = (input, context) => {
     if (input[_ELS] != null) {
         entries[_ELS] = input[_ELS];
     }
+    if (input[_MMUP] != null) {
+        entries[_MMUP] = input[_MMUP];
+    }
+    if (input[_MUSKKI] != null) {
+        entries[_MUSKKI] = input[_MUSKKI];
+    }
     return entries;
 };
 const se_RevokeDBSecurityGroupIngressMessage = (input, context) => {
@@ -17329,6 +17356,9 @@ const de_TenantDatabase = (output, context) => {
     if (output[_PMV] != null) {
         contents[_PMV] = de_TenantDatabasePendingModifiedValues(output[_PMV], context);
     }
+    if (output[_MUS] != null) {
+        contents[_MUS] = de_MasterUserSecret(output[_MUS], context);
+    }
     if (output.TagList === "") {
         contents[_TL] = [];
     }

package/dist-types/commands/CreateTenantDatabaseCommand.d.ts

@@ -39,9 +39,11 @@ declare const CreateTenantDatabaseCommand_base: {
  *   DBInstanceIdentifier: "STRING_VALUE", // required
  *   TenantDBName: "STRING_VALUE", // required
  *   MasterUsername: "STRING_VALUE", // required
- *   MasterUserPassword: "STRING_VALUE", // required
+ *   MasterUserPassword: "STRING_VALUE",
  *   CharacterSetName: "STRING_VALUE",
  *   NcharCharacterSetName: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  *   Tags: [ // TagList
  *     { // Tag
  *       Key: "STRING_VALUE",
@@ -68,6 +70,11 @@ declare const CreateTenantDatabaseCommand_base: {
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",
@@ -92,6 +99,9 @@ declare const CreateTenantDatabaseCommand_base: {
  * @throws {@link InvalidDBInstanceStateFault} (client fault)
  *  <p>The DB instance isn't in a valid state.</p>
  *
+ * @throws {@link KMSKeyNotAccessibleFault} (client fault)
+ *  <p>An error occurred accessing an Amazon Web Services KMS key.</p>
+ *
  * @throws {@link TenantDatabaseAlreadyExistsFault} (client fault)
  *  <p>You attempted to either create a tenant database that already exists or
  *                 modify a tenant database to use the name of an existing tenant database.</p>

package/dist-types/commands/DeleteTenantDatabaseCommand.d.ts

@@ -62,6 +62,11 @@ declare const DeleteTenantDatabaseCommand_base: {
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",

package/dist-types/commands/DescribeTenantDatabasesCommand.d.ts

@@ -70,6 +70,11 @@ declare const DescribeTenantDatabasesCommand_base: {
  * //         MasterUserPassword: "STRING_VALUE",
  * //         TenantDBName: "STRING_VALUE",
  * //       },
+ * //       MasterUserSecret: { // MasterUserSecret
+ * //         SecretArn: "STRING_VALUE",
+ * //         SecretStatus: "STRING_VALUE",
+ * //         KmsKeyId: "STRING_VALUE",
+ * //       },
  * //       TagList: [ // TagList
  * //         { // Tag
  * //           Key: "STRING_VALUE",

package/dist-types/commands/ModifyTenantDatabaseCommand.d.ts

@@ -41,6 +41,9 @@ declare const ModifyTenantDatabaseCommand_base: {
  *   TenantDBName: "STRING_VALUE", // required
  *   MasterUserPassword: "STRING_VALUE",
  *   NewTenantDBName: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   RotateMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new ModifyTenantDatabaseCommand(input);
  * const response = await client.send(command);
@@ -61,6 +64,11 @@ declare const ModifyTenantDatabaseCommand_base: {
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",
@@ -85,6 +93,9 @@ declare const ModifyTenantDatabaseCommand_base: {
  * @throws {@link InvalidDBInstanceStateFault} (client fault)
  *  <p>The DB instance isn't in a valid state.</p>
  *
+ * @throws {@link KMSKeyNotAccessibleFault} (client fault)
+ *  <p>An error occurred accessing an Amazon Web Services KMS key.</p>
+ *
  * @throws {@link TenantDatabaseAlreadyExistsFault} (client fault)
  *  <p>You attempted to either create a tenant database that already exists or
  *                 modify a tenant database to use the name of an existing tenant database.</p>

package/dist-types/commands/RestoreDBInstanceFromDBSnapshotCommand.d.ts

@@ -109,6 +109,8 @@ declare const RestoreDBInstanceFromDBSnapshotCommand_base: {
  *   DedicatedLogVolume: true || false,
  *   CACertificateIdentifier: "STRING_VALUE",
  *   EngineLifecycleSupport: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceFromDBSnapshotCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/RestoreDBInstanceToPointInTimeCommand.d.ts

@@ -106,6 +106,8 @@ declare const RestoreDBInstanceToPointInTimeCommand_base: {
  *   DedicatedLogVolume: true || false,
  *   CACertificateIdentifier: "STRING_VALUE",
  *   EngineLifecycleSupport: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceToPointInTimeCommand(input);
  * const response = await client.send(command);

package/dist-types/models/models_0.d.ts

@@ -4450,7 +4450,8 @@ export interface CreateDBClusterMessage {
     /**
      * <p>Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window.
      *             By default, minor engine upgrades are applied automatically.</p>
-     *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster</p>
+     *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -5511,6 +5512,7 @@ export interface DBCluster {
     /**
      * <p>Indicates whether minor version patches are applied automatically.</p>
      *          <p>This setting is for Aurora DB clusters and Multi-AZ DB clusters.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -6947,6 +6949,7 @@ export interface CreateDBInstanceMessage {
      *           By default, minor engine upgrades are applied automatically.</p>
      *          <p>If you create an RDS Custom DB instance, you must set <code>AutoMinorVersionUpgrade</code> to
      *           <code>false</code>.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -8193,6 +8196,7 @@ export interface DBInstance {
     EngineVersion?: string | undefined;
     /**
      * <p>Indicates whether minor version patches are applied automatically.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -8810,6 +8814,7 @@ export interface CreateDBInstanceReadReplicaMessage {
      *             read replica during the maintenance window.</p>
      *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
      *          <p>Default: Inherits the value from the source DB instance.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -9586,7 +9591,21 @@ export interface UserAuthConfig {
      */
     IAMAuth?: IAMAuthMode | undefined;
     /**
-     * <p>The type of authentication the proxy uses for connections from clients.</p>
+     * <p>The type of authentication the proxy uses for connections from clients. The following values are defaults for the corresponding engines:</p>
+     *          <ul>
+     *             <li>
+     *                <p>RDS for MySQL: <code>MYSQL_CACHING_SHA2_PASSWORD</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>RDS for SQL Server: <code>SQL_SERVER_AUTHENTICATION</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>RDS for PostgreSQL: <code>POSTGRES_SCRAM_SHA2_256</code>
+     *                </p>
+     *             </li>
+     *          </ul>
      * @public
      */
     ClientPasswordAuthType?: ClientPasswordAuthType | undefined;
@@ -11386,10 +11405,14 @@ export interface CreateTenantDatabaseMessage {
      *                     (<code>/</code>), double quote (<code>"</code>), at symbol (<code>@</code>),
      *                     ampersand (<code>&</code>), or single quote (<code>'</code>).</p>
      *             </li>
+     *             <li>
+     *                <p>Can't be specified when <code>ManageMasterUserPassword</code> is
+     *                     enabled.</p>
+     *             </li>
      *          </ul>
      * @public
      */
-    MasterUserPassword: string | undefined;
+    MasterUserPassword?: string | undefined;
     /**
      * <p>The character set for your tenant database. If you don't specify a value, the
      *             character set name defaults to <code>AL32UTF8</code>.</p>
@@ -11401,6 +11424,37 @@ export interface CreateTenantDatabaseMessage {
      * @public
      */
     NcharCharacterSetName?: string | undefined;
+    /**
+     * <p>Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide.</i>
+     *          </p>
+     *          <p>Constraints:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Can't manage the master user password with Amazon Web Services Secrets Manager if <code>MasterUserPassword</code>
+     *                     is specified.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ManageMasterUserPassword?: boolean | undefined;
+    /**
+     * <p>The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and
+     *             managed in Amazon Web Services Secrets Manager.</p>
+     *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
+     *             Manager for the DB instance.</p>
+     *          <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
+     *             To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p>
+     *          <p>If you don't specify <code>MasterUserSecretKmsKeyId</code>, then the <code>aws/secretsmanager</code>
+     *             KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't
+     *             use the <code>aws/secretsmanager</code> KMS key to encrypt the secret, and you must use a customer
+     *             managed KMS key.</p>
+     *          <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account
+     *             has a different default KMS key for each Amazon Web Services Region.</p>
+     * @public
+     */
+    MasterUserSecretKmsKeyId?: string | undefined;
     /**
      * <p>A list of tags.</p>
      *          <p>For more information, see
@@ -11494,6 +11548,15 @@ export interface TenantDatabase {
      * @public
      */
     PendingModifiedValues?: TenantDatabasePendingModifiedValues | undefined;
+    /**
+     * <p>Contains the secret managed by RDS in Amazon Web Services Secrets Manager for the master user password.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide</i> and <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon Aurora User Guide.</i>
+     *          </p>
+     * @public
+     */
+    MasterUserSecret?: MasterUserSecret | undefined;
     /**
      * <p>A list of tags.</p>
      *          <p>For more information, see

package/dist-types/models/models_1.d.ts

@@ -7124,7 +7124,8 @@ export interface ModifyDBClusterMessage {
     /**
      * <p>Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window.
      *             By default, minor engine upgrades are applied automatically.</p>
-     *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters</p>
+     *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -7690,12 +7691,18 @@ export interface ModifyDBInstanceMessage {
      *          <p>This setting doesn't apply to the following DB instances:</p>
      *          <ul>
      *             <li>
-     *                <p>Amazon Aurora (The password for the master user is managed by the DB cluster. For
-     *             more information, see <code>ModifyDBCluster</code>.)</p>
+     *                <p>Amazon Aurora</p>
+     *                <p>The password for the master user is managed by the DB cluster. For more
+     *                     information, see <code>ModifyDBCluster</code>.</p>
      *             </li>
      *             <li>
      *                <p>RDS Custom</p>
      *             </li>
+     *             <li>
+     *                <p>RDS for Oracle CDBs in the multi-tenant configuration</p>
+     *                <p>Specify the master password in <code>ModifyTenantDatabase</code>
+     *                     instead.</p>
+     *             </li>
      *          </ul>
      *          <p>Default: Uses existing setting</p>
      *          <p>Constraints:</p>
@@ -7905,6 +7912,7 @@ export interface ModifyDBInstanceMessage {
      *          <p>If any of the preceding conditions isn't met, Amazon RDS applies the change as soon as possible and
      *       doesn't cause an outage.</p>
      *          <p>For an RDS Custom DB instance, don't enable this setting. Otherwise, the operation returns an error.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -8495,6 +8503,14 @@ export interface ModifyDBInstanceMessage {
      *                <p>Can't manage the master user password with Amazon Web Services Secrets Manager if <code>MasterUserPassword</code>
      *                     is specified.</p>
      *             </li>
+     *             <li>
+     *                <p>Can't specify for RDS for Oracle CDB instances in the multi-tenant
+     *                     configuration. Use <code>ModifyTenantDatabase</code> instead.</p>
+     *             </li>
+     *             <li>
+     *                <p>Can't specify the parameters <code>ManageMasterUserPassword</code> and
+     *                         <code>MultiTenant</code> in the same operation.</p>
+     *             </li>
      *          </ul>
      * @public
      */
@@ -8503,7 +8519,7 @@ export interface ModifyDBInstanceMessage {
      * <p>Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the
      *             master user password.</p>
      *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
-     *             Manager for the DB cluster. The secret value contains the updated password.</p>
+     *             Manager for the DB instance. The secret value contains the updated password.</p>
      *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
      *             in the <i>Amazon RDS User Guide.</i>
      *          </p>
@@ -9455,6 +9471,88 @@ export interface ModifyTenantDatabaseMessage {
      * @public
      */
     NewTenantDBName?: string | undefined;
+    /**
+     * <p>Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.</p>
+     *          <p>If the tenant database doesn't manage the master user password with Amazon Web Services Secrets
+     *             Manager, you can turn on this management. In this case, you can't specify
+     *                 <code>MasterUserPassword</code>.</p>
+     *          <p>If the tenant database already manages the master user password with Amazon Web Services Secrets
+     *             Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets
+     *             Manager, then you must specify <code>MasterUserPassword</code>. In this case, Amazon RDS
+     *             deletes the secret and uses the new password for the master user specified by
+     *                 <code>MasterUserPassword</code>.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide.</i>
+     *          </p>
+     *          <p>Constraints:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Can't manage the master user password with Amazon Web Services Secrets Manager if <code>MasterUserPassword</code>
+     *                     is specified.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ManageMasterUserPassword?: boolean | undefined;
+    /**
+     * <p>Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the
+     *             master user password.</p>
+     *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
+     *             Manager for the DB instance. The secret value contains the updated password.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide.</i>
+     *          </p>
+     *          <p>Constraints:</p>
+     *          <ul>
+     *             <li>
+     *                <p>You must apply the change immediately when rotating the master user password.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    RotateMasterUserPassword?: boolean | undefined;
+    /**
+     * <p>The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and
+     *             managed in Amazon Web Services Secrets Manager.</p>
+     *          <p>This setting is valid only if both of the following conditions are met:</p>
+     *          <ul>
+     *             <li>
+     *                <p>The tenant database doesn't manage the master user password in Amazon Web Services Secrets Manager.</p>
+     *                <p>If the tenant database already manages the master user password in Amazon Web Services Secrets Manager,
+     *                     you can't change the KMS key used to encrypt the secret.</p>
+     *             </li>
+     *             <li>
+     *                <p>You're turning on <code>ManageMasterUserPassword</code> to manage the master user password
+     *                     in Amazon Web Services Secrets Manager.</p>
+     *                <p>If you're turning on <code>ManageMasterUserPassword</code> and don't specify
+     *                     <code>MasterUserSecretKmsKeyId</code>, then the <code>aws/secretsmanager</code>
+     *                     KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't
+     *                     use the <code>aws/secretsmanager</code> KMS key to encrypt the secret, and you must use a self-managed
+     *                     KMS key.</p>
+     *             </li>
+     *          </ul>
+     *          <p>The Amazon Web Services KMS key identifier is any of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Key ARN</p>
+     *             </li>
+     *             <li>
+     *                <p>Key ID</p>
+     *             </li>
+     *             <li>
+     *                <p>Alias ARN</p>
+     *             </li>
+     *             <li>
+     *                <p>Alias name for the KMS key</p>
+     *             </li>
+     *          </ul>
+     *          <p>To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias
+     *             ARN.</p>
+     *          <p>A default KMS key exists for your Amazon Web Services account. Your Amazon Web Services account has a different
+     *             default KMS key for each Amazon Web Services Region.</p>
+     * @public
+     */
+    MasterUserSecretKmsKeyId?: string | undefined;
 }
 /**
  * @public
@@ -11598,6 +11696,7 @@ export interface RestoreDBInstanceFromDBSnapshotMessage {
      * <p>Specifies whether to automatically apply minor version upgrades to the DB instance
      *           during the maintenance window.</p>
      *          <p>If you restore an RDS Custom DB instance, you must disable this parameter.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -12076,6 +12175,36 @@ export interface RestoreDBInstanceFromDBSnapshotMessage {
      * @public
      */
     EngineLifecycleSupport?: string | undefined;
+    /**
+     * <p>Specifies whether to manage the master user password with Amazon Web Services Secrets Manager in the
+     *             restored DB instance.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide</i>.</p>
+     *          <p>Constraints:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Applies to RDS for Oracle only.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ManageMasterUserPassword?: boolean | undefined;
+    /**
+     * <p>The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and
+     *             managed in Amazon Web Services Secrets Manager.</p>
+     *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
+     *             Manager for the DB instance.</p>
+     *          <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
+     *             To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p>
+     *          <p>If you don't specify <code>MasterUserSecretKmsKeyId</code>, then the <code>aws/secretsmanager</code>
+     *             KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't
+     *             use the <code>aws/secretsmanager</code> KMS key to encrypt the secret, and you must use a customer
+     *             managed KMS key.</p>
+     *          <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account
+     *             has a different default KMS key for each Amazon Web Services Region.</p>
+     * @public
+     */
+    MasterUserSecretKmsKeyId?: string | undefined;
 }
 /**
  * @public
@@ -12326,6 +12455,7 @@ export interface RestoreDBInstanceFromS3Message {
      * <p>Specifies whether to automatically apply minor engine upgrades
      *             to the DB instance during the maintenance window. By default, minor engine upgrades
      *             are not applied automatically.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -12837,6 +12967,7 @@ export interface RestoreDBInstanceToPointInTimeMessage {
      * <p>Specifies whether minor version upgrades are applied automatically to the
      *           DB instance during the maintenance window.</p>
      *          <p>This setting doesn't apply to RDS Custom.</p>
+     *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
      * @public
      */
     AutoMinorVersionUpgrade?: boolean | undefined;
@@ -13336,6 +13467,36 @@ export interface RestoreDBInstanceToPointInTimeMessage {
      * @public
      */
     EngineLifecycleSupport?: string | undefined;
+    /**
+     * <p>Specifies whether to manage the master user password with Amazon Web Services Secrets Manager in the
+     *             restored DB instance.</p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+     *             in the <i>Amazon RDS User Guide</i>.</p>
+     *          <p>Constraints:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Applies to RDS for Oracle only.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ManageMasterUserPassword?: boolean | undefined;
+    /**
+     * <p>The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and
+     *             managed in Amazon Web Services Secrets Manager.</p>
+     *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
+     *             Manager for the DB instance.</p>
+     *          <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
+     *             To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p>
+     *          <p>If you don't specify <code>MasterUserSecretKmsKeyId</code>, then the <code>aws/secretsmanager</code>
+     *             KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't
+     *             use the <code>aws/secretsmanager</code> KMS key to encrypt the secret, and you must use a customer
+     *             managed KMS key.</p>
+     *          <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account
+     *             has a different default KMS key for each Amazon Web Services Region.</p>
+     * @public
+     */
+    MasterUserSecretKmsKeyId?: string | undefined;
 }
 /**
  * @public

package/dist-types/ts3.4/models/models_0.d.ts

@@ -2172,9 +2172,11 @@ export interface CreateTenantDatabaseMessage {
   DBInstanceIdentifier: string | undefined;
   TenantDBName: string | undefined;
   MasterUsername: string | undefined;
-  MasterUserPassword: string | undefined;
+  MasterUserPassword?: string | undefined;
   CharacterSetName?: string | undefined;
   NcharCharacterSetName?: string | undefined;
+  ManageMasterUserPassword?: boolean | undefined;
+  MasterUserSecretKmsKeyId?: string | undefined;
   Tags?: Tag[] | undefined;
 }
 export interface TenantDatabasePendingModifiedValues {
@@ -2194,6 +2196,7 @@ export interface TenantDatabase {
   NcharCharacterSetName?: string | undefined;
   DeletionProtection?: boolean | undefined;
   PendingModifiedValues?: TenantDatabasePendingModifiedValues | undefined;
+  MasterUserSecret?: MasterUserSecret | undefined;
   TagList?: Tag[] | undefined;
 }
 export interface CreateTenantDatabaseResult {

package/dist-types/ts3.4/models/models_1.d.ts

@@ -1422,6 +1422,9 @@ export interface ModifyTenantDatabaseMessage {
   TenantDBName: string | undefined;
   MasterUserPassword?: string | undefined;
   NewTenantDBName?: string | undefined;
+  ManageMasterUserPassword?: boolean | undefined;
+  RotateMasterUserPassword?: boolean | undefined;
+  MasterUserSecretKmsKeyId?: string | undefined;
 }
 export interface ModifyTenantDatabaseResult {
   TenantDatabase?: TenantDatabase | undefined;
@@ -1761,6 +1764,8 @@ export interface RestoreDBInstanceFromDBSnapshotMessage {
   DedicatedLogVolume?: boolean | undefined;
   CACertificateIdentifier?: string | undefined;
   EngineLifecycleSupport?: string | undefined;
+  ManageMasterUserPassword?: boolean | undefined;
+  MasterUserSecretKmsKeyId?: string | undefined;
 }
 export interface RestoreDBInstanceFromDBSnapshotResult {
   DBInstance?: DBInstance | undefined;
@@ -1879,6 +1884,8 @@ export interface RestoreDBInstanceToPointInTimeMessage {
   DedicatedLogVolume?: boolean | undefined;
   CACertificateIdentifier?: string | undefined;
   EngineLifecycleSupport?: string | undefined;
+  ManageMasterUserPassword?: boolean | undefined;
+  MasterUserSecretKmsKeyId?: string | undefined;
 }
 export interface RestoreDBInstanceToPointInTimeResult {
   DBInstance?: DBInstance | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-rds",
   "description": "AWS SDK for JavaScript Rds Client for Node.js, Browser and React Native",
-  "version": "3.787.0",
+  "version": "3.796.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-rds",
@@ -20,18 +20,18 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.775.0",
-    "@aws-sdk/credential-provider-node": "3.787.0",
+    "@aws-sdk/core": "3.796.0",
+    "@aws-sdk/credential-provider-node": "3.796.0",
     "@aws-sdk/middleware-host-header": "3.775.0",
     "@aws-sdk/middleware-logger": "3.775.0",
     "@aws-sdk/middleware-recursion-detection": "3.775.0",
-    "@aws-sdk/middleware-sdk-rds": "3.775.0",
-    "@aws-sdk/middleware-user-agent": "3.787.0",
+    "@aws-sdk/middleware-sdk-rds": "3.796.0",
+    "@aws-sdk/middleware-user-agent": "3.796.0",
     "@aws-sdk/region-config-resolver": "3.775.0",
     "@aws-sdk/types": "3.775.0",
     "@aws-sdk/util-endpoints": "3.787.0",
     "@aws-sdk/util-user-agent-browser": "3.775.0",
-    "@aws-sdk/util-user-agent-node": "3.787.0",
+    "@aws-sdk/util-user-agent-node": "3.796.0",
     "@smithy/config-resolver": "^4.1.0",
     "@smithy/core": "^3.2.0",
     "@smithy/fetch-http-handler": "^5.0.2",