aws-cdk-lib 2.114.0__py3-none-any.whl → 2.115.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -688,11 +688,13 @@ rds.DatabaseInstance(self, "Instance",
 
 ## Setting Public Accessibility
 
-You can set public accessibility for the database instance or cluster using the `publiclyAccessible` property.
+You can set public accessibility for the `DatabaseInstance` or the `ClusterInstance` using the `publiclyAccessible` property.
 If you specify `true`, it creates an instance with a publicly resolvable DNS name, which resolves to a public IP address.
 If you specify `false`, it creates an internal instance with a DNS name that resolves to a private IP address.
-The default value depends on `vpcSubnets`.
-It will be `true` if `vpcSubnets` is `subnetType: SubnetType.PUBLIC`, `false` otherwise.
+
+The default value will be `true` if `vpcSubnets` is `subnetType: SubnetType.PUBLIC`, `false` otherwise. In the case of a
+cluster, the default value will be determined on the vpc placement of the `DatabaseCluster` otherwise it will be determined
+based on the vpc placement of standalone `DatabaseInstance`.
 
 ```python
 # vpc: ec2.Vpc
@@ -709,17 +711,17 @@ rds.DatabaseInstance(self, "Instance",
     publicly_accessible=True
 )
 
-# Setting public accessibility for DB cluster
+# Setting public accessibility for DB cluster instance
 rds.DatabaseCluster(self, "DatabaseCluster",
     engine=rds.DatabaseClusterEngine.aurora_mysql(
         version=rds.AuroraMysqlEngineVersion.VER_3_03_0
     ),
-    instance_props=rds.InstanceProps(
-        vpc=vpc,
-        vpc_subnets=ec2.SubnetSelection(
-            subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
-        ),
+    writer=rds.ClusterInstance.serverless_v2("Writer",
         publicly_accessible=True
+    ),
+    vpc=vpc,
+    vpc_subnets=ec2.SubnetSelection(
+        subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
     )
 )
 ```
@@ -7551,7 +7553,7 @@ class CfnDBInstance(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param allocated_storage: The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. .. epigraph:: If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). *Amazon Aurora* Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. *MySQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *MariaDB* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *PostgreSQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *Oracle* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 10 to 3072. *SQL Server* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Provisioned IOPS storage (io1): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Magnetic storage (standard): - Enterprise and Standard editions: Must be an integer from 20 to 1024. - Web and Express editions: Must be an integer from 20 to 1024.
+        :param allocated_storage: The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. .. epigraph:: If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). *Amazon Aurora* Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. *Db2* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. - Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. *MySQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *MariaDB* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *PostgreSQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *Oracle* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 10 to 3072. *SQL Server* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Provisioned IOPS storage (io1): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Magnetic storage (standard): - Enterprise and Standard editions: Must be an integer from 20 to 1024. - Web and Express editions: Must be an integer from 20 to 1024.
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
@@ -7568,7 +7570,7 @@ class CfnDBInstance(
         :param db_cluster_snapshot_identifier: The identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore from. For more information on Multi-AZ DB clusters, see `Multi-AZ DB cluster deployments <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html>`_ in the *Amazon RDS User Guide* . Constraints: - Must match the identifier of an existing Multi-AZ DB cluster snapshot. - Can't be specified when ``DBSnapshotIdentifier`` is specified. - Must be specified when ``DBSnapshotIdentifier`` isn't specified. - If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - Can't be the identifier of an Aurora DB cluster snapshot. - Can't be the identifier of an RDS for PostgreSQL Multi-AZ DB cluster snapshot.
         :param db_instance_class: The compute and memory capacity of the DB instance, for example, ``db.m4.large`` . Not all DB instance classes are available in all AWS Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see `DB Instance Class <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon RDS User Guide.* For more information about DB instance class pricing and AWS Region support for DB instance classes, see `Amazon RDS Pricing <https://docs.aws.amazon.com/rds/pricing/>`_ .
         :param db_instance_identifier: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see `Name Type <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html>`_ . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
-        :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
+        :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
         :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``EnablePerformanceInsights`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
@@ -7576,24 +7578,24 @@ class CfnDBInstance(
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
         :param delete_automated_backups: A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
         :param deletion_protection: A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . *Amazon Aurora* Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
-        :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
+        :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
         :param domain_auth_secret_arn: The ARN for the Secrets Manager secret with the credentials for the user joining the domain. Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456``
         :param domain_dns_ips: The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: - Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Example: ``123.124.125.126,234.235.236.237``
         :param domain_fqdn: The fully qualified domain name (FQDN) of an Active Directory domain. Constraints: - Can't be longer than 64 characters. Example: ``mymanagedADtest.mymanagedAD.mydomain``
         :param domain_iam_role_name: The name of the IAM role to use when making API calls to the Directory Service. This setting doesn't apply to the following DB instances: - Amazon Aurora (The domain is managed by the DB cluster.) - RDS Custom
         :param domain_ou: The Active Directory organizational unit for your DB instance to join. Constraints: - Must be in the distinguished name format. - Can't be longer than 64 characters. Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain``
-        :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see `Publishing Database Logs to Amazon CloudWatch Logs <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch>`_ in the *Amazon Relational Database Service User Guide* . *Amazon Aurora* Not applicable. CloudWatch Logs exports are managed by the DB cluster. *MariaDB* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Microsoft SQL Server* Valid values: ``agent`` , ``error`` *MySQL* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Oracle* Valid values: ``alert`` , ``audit`` , ``listener`` , ``trace`` , ``oemagent`` *PostgreSQL* Valid values: ``postgresql`` , ``upgrade``
+        :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see `Publishing Database Logs to Amazon CloudWatch Logs <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch>`_ in the *Amazon Relational Database Service User Guide* . *Amazon Aurora* Not applicable. CloudWatch Logs exports are managed by the DB cluster. *Db2* Valid values: ``diag.log`` , ``notify.log`` *MariaDB* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Microsoft SQL Server* Valid values: ``agent`` , ``error`` *MySQL* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Oracle* Valid values: ``alert`` , ``audit`` , ``listener`` , ``trace`` , ``oemagent`` *PostgreSQL* Valid values: ``postgresql`` , ``upgrade``
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see `IAM Database Authentication for MariaDB, MySQL, and PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon RDS User Guide.* *Amazon Aurora* Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
         :param enable_performance_insights: Specifies whether to enable Performance Insights for the DB instance. For more information, see `Using Amazon Performance Insights <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to RDS Custom DB instances.
         :param endpoint: The connection endpoint for the DB instance. .. epigraph:: The endpoint might not be shown for instances with the status of ``creating`` .
-        :param engine: The name of the database engine that you want to use for this DB instance. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
-        :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
-        :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property.
+        :param engine: The name of the database engine that you want to use for this DB instance. Not every database engine is available in every AWS Region. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
+        :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
+        :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
         :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
-        :param license_model: License model information for this DB instance. Valid values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - MariaDB - ``general-public-license`` - Microsoft SQL Server - ``license-included`` - MySQL - ``general-public-license`` - Oracle - ``bring-your-own-license`` or ``license-included`` - PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
+        :param license_model: License model information for this DB instance. Valid Values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - RDS for Db2 - ``bring-your-own-license`` . For more information about RDS for Db2 licensing, see ` <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html>`_ in the *Amazon RDS User Guide.* - RDS for MariaDB - ``general-public-license`` - RDS for Microsoft SQL Server - ``license-included`` - RDS for MySQL - ``general-public-license`` - RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - RDS for PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
         :param manage_master_user_password: Specifies whether to manage the master user password with AWS Secrets Manager. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.* Constraints: - Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified.
-        :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *MariaDB* Constraints: - Required for MariaDB. - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *Microsoft SQL Server* Constraints: - Required for SQL Server. - Must be 1 to 128 letters or numbers. - The first character must be a letter. - Can't be a reserved word for the chosen database engine. *MySQL* Constraints: - Required for MySQL. - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *Oracle* Constraints: - Required for Oracle. - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *PostgreSQL* Constraints: - Required for PostgreSQL. - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
-        :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *MariaDB* Constraints: Must contain from 8 to 41 characters. *Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *MySQL* Constraints: Must contain from 8 to 41 characters. *Oracle* Constraints: Must contain from 8 to 30 characters. *PostgreSQL* Constraints: Must contain from 8 to 128 characters.
+        :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *RDS for Db2* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MariaDB* Constraints: - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: - Must be 1 to 128 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
+        :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *RDS for Db2* Must contain from 8 to 255 characters. *RDS for MariaDB* Constraints: Must contain from 8 to 41 characters. *RDS for Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *RDS for MySQL* Constraints: Must contain from 8 to 41 characters. *RDS for Oracle* Constraints: Must contain from 8 to 30 characters. *RDS for PostgreSQL* Constraints: Must contain from 8 to 128 characters.
         :param master_user_secret: The secret managed by RDS in AWS Secrets Manager for the master user password. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.*
         :param max_allocated_storage: The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see `Managing capacity automatically with Amazon RDS storage autoscaling <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to the following DB instances: - Amazon Aurora (Storage is managed by the DB cluster.) - RDS Custom
         :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. This setting doesn't apply to RDS Custom. Valid Values: ``0, 1, 5, 10, 15, 30, 60`` Default: - 0
@@ -7604,7 +7606,7 @@ class CfnDBInstance(
         :param option_group_name: Indicates that the DB instance should be associated with the specified option group. Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
         :param performance_insights_kms_key_id: The AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. If you do not specify a value for ``PerformanceInsightsKMSKeyId`` , then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. For information about enabling Performance Insights, see `EnablePerformanceInsights <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights>`_ .
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
-        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster.
+        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster. *Db2* Default value: ``50000``
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
@@ -9535,7 +9537,7 @@ class CfnDBInstanceProps:
     ) -> None:
         '''Properties for defining a ``CfnDBInstance``.
 
-        :param allocated_storage: The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. .. epigraph:: If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). *Amazon Aurora* Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. *MySQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *MariaDB* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *PostgreSQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *Oracle* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 10 to 3072. *SQL Server* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Provisioned IOPS storage (io1): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Magnetic storage (standard): - Enterprise and Standard editions: Must be an integer from 20 to 1024. - Web and Express editions: Must be an integer from 20 to 1024.
+        :param allocated_storage: The amount of storage in gibibytes (GiB) to be initially allocated for the database instance. .. epigraph:: If any value is set in the ``Iops`` parameter, ``AllocatedStorage`` must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the ``Iops`` value (in 1,000 IOPS increments), then you must also increase the ``AllocatedStorage`` value (in 100-GiB increments). *Amazon Aurora* Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. *Db2* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. - Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. *MySQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *MariaDB* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *PostgreSQL* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 5 to 3072. *Oracle* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. - Magnetic storage (standard): Must be an integer from 10 to 3072. *SQL Server* Constraints to the amount of storage for each storage type are the following: - General Purpose (SSD) storage (gp2): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Provisioned IOPS storage (io1): - Enterprise and Standard editions: Must be an integer from 20 to 16384. - Web and Express editions: Must be an integer from 20 to 16384. - Magnetic storage (standard): - Enterprise and Standard editions: Must be an integer from 20 to 1024. - Web and Express editions: Must be an integer from 20 to 1024.
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
@@ -9552,7 +9554,7 @@ class CfnDBInstanceProps:
         :param db_cluster_snapshot_identifier: The identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore from. For more information on Multi-AZ DB clusters, see `Multi-AZ DB cluster deployments <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html>`_ in the *Amazon RDS User Guide* . Constraints: - Must match the identifier of an existing Multi-AZ DB cluster snapshot. - Can't be specified when ``DBSnapshotIdentifier`` is specified. - Must be specified when ``DBSnapshotIdentifier`` isn't specified. - If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - Can't be the identifier of an Aurora DB cluster snapshot. - Can't be the identifier of an RDS for PostgreSQL Multi-AZ DB cluster snapshot.
         :param db_instance_class: The compute and memory capacity of the DB instance, for example, ``db.m4.large`` . Not all DB instance classes are available in all AWS Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see `DB Instance Class <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon RDS User Guide.* For more information about DB instance class pricing and AWS Region support for DB instance classes, see `Amazon RDS Pricing <https://docs.aws.amazon.com/rds/pricing/>`_ .
         :param db_instance_identifier: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see `Name Type <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html>`_ . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
-        :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
+        :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
         :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``EnablePerformanceInsights`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
@@ -9560,24 +9562,24 @@ class CfnDBInstanceProps:
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
         :param delete_automated_backups: A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
         :param deletion_protection: A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . *Amazon Aurora* Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
-        :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
+        :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
         :param domain_auth_secret_arn: The ARN for the Secrets Manager secret with the credentials for the user joining the domain. Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456``
         :param domain_dns_ips: The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: - Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Example: ``123.124.125.126,234.235.236.237``
         :param domain_fqdn: The fully qualified domain name (FQDN) of an Active Directory domain. Constraints: - Can't be longer than 64 characters. Example: ``mymanagedADtest.mymanagedAD.mydomain``
         :param domain_iam_role_name: The name of the IAM role to use when making API calls to the Directory Service. This setting doesn't apply to the following DB instances: - Amazon Aurora (The domain is managed by the DB cluster.) - RDS Custom
         :param domain_ou: The Active Directory organizational unit for your DB instance to join. Constraints: - Must be in the distinguished name format. - Can't be longer than 64 characters. Example: ``OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain``
-        :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see `Publishing Database Logs to Amazon CloudWatch Logs <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch>`_ in the *Amazon Relational Database Service User Guide* . *Amazon Aurora* Not applicable. CloudWatch Logs exports are managed by the DB cluster. *MariaDB* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Microsoft SQL Server* Valid values: ``agent`` , ``error`` *MySQL* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Oracle* Valid values: ``alert`` , ``audit`` , ``listener`` , ``trace`` , ``oemagent`` *PostgreSQL* Valid values: ``postgresql`` , ``upgrade``
+        :param enable_cloudwatch_logs_exports: The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see `Publishing Database Logs to Amazon CloudWatch Logs <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch>`_ in the *Amazon Relational Database Service User Guide* . *Amazon Aurora* Not applicable. CloudWatch Logs exports are managed by the DB cluster. *Db2* Valid values: ``diag.log`` , ``notify.log`` *MariaDB* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Microsoft SQL Server* Valid values: ``agent`` , ``error`` *MySQL* Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery`` *Oracle* Valid values: ``alert`` , ``audit`` , ``listener`` , ``trace`` , ``oemagent`` *PostgreSQL* Valid values: ``postgresql`` , ``upgrade``
         :param enable_iam_database_authentication: A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see `IAM Database Authentication for MariaDB, MySQL, and PostgreSQL <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html>`_ in the *Amazon RDS User Guide.* *Amazon Aurora* Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
         :param enable_performance_insights: Specifies whether to enable Performance Insights for the DB instance. For more information, see `Using Amazon Performance Insights <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to RDS Custom DB instances.
         :param endpoint: The connection endpoint for the DB instance. .. epigraph:: The endpoint might not be shown for instances with the status of ``creating`` .
-        :param engine: The name of the database engine that you want to use for this DB instance. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
-        :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
-        :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property.
+        :param engine: The name of the database engine that you want to use for this DB instance. Not every database engine is available in every AWS Region. .. epigraph:: When you are creating a DB instance, the ``Engine`` property is required. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
+        :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
+        :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
         :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``SnapshotIdentifier`` property, the ``StorageEncrypted`` property value is inherited from the snapshot, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
-        :param license_model: License model information for this DB instance. Valid values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - MariaDB - ``general-public-license`` - Microsoft SQL Server - ``license-included`` - MySQL - ``general-public-license`` - Oracle - ``bring-your-own-license`` or ``license-included`` - PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
+        :param license_model: License model information for this DB instance. Valid Values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - RDS for Db2 - ``bring-your-own-license`` . For more information about RDS for Db2 licensing, see ` <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html>`_ in the *Amazon RDS User Guide.* - RDS for MariaDB - ``general-public-license`` - RDS for Microsoft SQL Server - ``license-included`` - RDS for MySQL - ``general-public-license`` - RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - RDS for PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
         :param manage_master_user_password: Specifies whether to manage the master user password with AWS Secrets Manager. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.* Constraints: - Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified.
-        :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *MariaDB* Constraints: - Required for MariaDB. - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *Microsoft SQL Server* Constraints: - Required for SQL Server. - Must be 1 to 128 letters or numbers. - The first character must be a letter. - Can't be a reserved word for the chosen database engine. *MySQL* Constraints: - Required for MySQL. - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *Oracle* Constraints: - Required for Oracle. - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *PostgreSQL* Constraints: - Required for PostgreSQL. - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
-        :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *MariaDB* Constraints: Must contain from 8 to 41 characters. *Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *MySQL* Constraints: Must contain from 8 to 41 characters. *Oracle* Constraints: Must contain from 8 to 30 characters. *PostgreSQL* Constraints: Must contain from 8 to 128 characters.
+        :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *RDS for Db2* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MariaDB* Constraints: - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: - Must be 1 to 128 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
+        :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *RDS for Db2* Must contain from 8 to 255 characters. *RDS for MariaDB* Constraints: Must contain from 8 to 41 characters. *RDS for Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *RDS for MySQL* Constraints: Must contain from 8 to 41 characters. *RDS for Oracle* Constraints: Must contain from 8 to 30 characters. *RDS for PostgreSQL* Constraints: Must contain from 8 to 128 characters.
         :param master_user_secret: The secret managed by RDS in AWS Secrets Manager for the master user password. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.*
         :param max_allocated_storage: The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see `Managing capacity automatically with Amazon RDS storage autoscaling <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to the following DB instances: - Amazon Aurora (Storage is managed by the DB cluster.) - RDS Custom
         :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. This setting doesn't apply to RDS Custom. Valid Values: ``0, 1, 5, 10, 15, 30, 60`` Default: - 0
@@ -9588,7 +9590,7 @@ class CfnDBInstanceProps:
         :param option_group_name: Indicates that the DB instance should be associated with the specified option group. Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
         :param performance_insights_kms_key_id: The AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. If you do not specify a value for ``PerformanceInsightsKMSKeyId`` , then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. For information about enabling Performance Insights, see `EnablePerformanceInsights <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights>`_ .
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
-        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster.
+        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster. *Db2* Default value: ``50000``
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
@@ -9963,6 +9965,13 @@ class CfnDBInstanceProps:
 
         Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.
 
+        *Db2*
+
+        Constraints to the amount of storage for each storage type are the following:
+
+        - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000.
+        - Provisioned IOPS storage (io1): Must be an integer from 100 to 64000.
+
         *MySQL*
 
         Constraints to the amount of storage for each storage type are the following:
@@ -10280,6 +10289,16 @@ class CfnDBInstanceProps:
 
         Not applicable. The database name is managed by the DB cluster.
 
+        *Db2*
+
+        The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
+
+        Constraints:
+
+        - Must contain 1 to 64 letters or numbers.
+        - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
+        - Can't be a word reserved by the specified database engine.
+
         *MySQL*
 
         The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
@@ -10491,7 +10510,7 @@ class CfnDBInstanceProps:
     def domain(self) -> typing.Optional[builtins.str]:
         '''The Active Directory directory ID to create the DB instance in.
 
-        Currently, only Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
+        Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
 
         For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
 
@@ -10583,6 +10602,10 @@ class CfnDBInstanceProps:
 
         Not applicable. CloudWatch Logs exports are managed by the DB cluster.
 
+        *Db2*
+
+        Valid values: ``diag.log`` , ``notify.log``
+
         *MariaDB*
 
         Valid values: ``audit`` , ``error`` , ``general`` , ``slowquery``
@@ -10661,6 +10684,7 @@ class CfnDBInstanceProps:
     def engine(self) -> typing.Optional[builtins.str]:
         '''The name of the database engine that you want to use for this DB instance.
 
+        Not every database engine is available in every AWS Region.
         .. epigraph::
 
            When you are creating a DB instance, the ``Engine`` property is required.
@@ -10674,6 +10698,8 @@ class CfnDBInstanceProps:
         - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances)
         - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances)
         - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances)
+        - ``db2-ae``
+        - ``db2-se``
         - ``mariadb``
         - ``mysql``
         - ``oracle-ee``
@@ -10703,6 +10729,10 @@ class CfnDBInstanceProps:
 
         Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
 
+        *Db2*
+
+        See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.*
+
         *MariaDB*
 
         See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.*
@@ -10739,6 +10769,11 @@ class CfnDBInstanceProps:
 
            If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property.
 
+        Constraints:
+
+        - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance.
+        - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-iops
         '''
         result = self._values.get("iops")
@@ -10771,15 +10806,16 @@ class CfnDBInstanceProps:
     def license_model(self) -> typing.Optional[builtins.str]:
         '''License model information for this DB instance.
 
-        Valid values:
+        Valid Values:
 
         - Aurora MySQL - ``general-public-license``
         - Aurora PostgreSQL - ``postgresql-license``
-        - MariaDB - ``general-public-license``
-        - Microsoft SQL Server - ``license-included``
-        - MySQL - ``general-public-license``
-        - Oracle - ``bring-your-own-license`` or ``license-included``
-        - PostgreSQL - ``postgresql-license``
+        - RDS for Db2 - ``bring-your-own-license`` . For more information about RDS for Db2 licensing, see ` <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html>`_ in the *Amazon RDS User Guide.*
+        - RDS for MariaDB - ``general-public-license``
+        - RDS for Microsoft SQL Server - ``license-included``
+        - RDS for MySQL - ``general-public-license``
+        - RDS for Oracle - ``bring-your-own-license`` or ``license-included``
+        - RDS for PostgreSQL - ``postgresql-license``
 
         .. epigraph::
 
@@ -10815,50 +10851,55 @@ class CfnDBInstanceProps:
 
            If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot.
 
+           When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name.
+
         *Amazon Aurora*
 
         Not applicable. The name for the master user is managed by the DB cluster.
 
-        *MariaDB*
+        *RDS for Db2*
 
         Constraints:
 
-        - Required for MariaDB.
         - Must be 1 to 16 letters or numbers.
+        - First character must be a letter.
         - Can't be a reserved word for the chosen database engine.
 
-        *Microsoft SQL Server*
+        *RDS for MariaDB*
+
+        Constraints:
+
+        - Must be 1 to 16 letters or numbers.
+        - Can't be a reserved word for the chosen database engine.
+
+        *RDS for Microsoft SQL Server*
 
         Constraints:
 
-        - Required for SQL Server.
         - Must be 1 to 128 letters or numbers.
-        - The first character must be a letter.
+        - First character must be a letter.
         - Can't be a reserved word for the chosen database engine.
 
-        *MySQL*
+        *RDS for MySQL*
 
         Constraints:
 
-        - Required for MySQL.
         - Must be 1 to 16 letters or numbers.
         - First character must be a letter.
         - Can't be a reserved word for the chosen database engine.
 
-        *Oracle*
+        *RDS for Oracle*
 
         Constraints:
 
-        - Required for Oracle.
         - Must be 1 to 30 letters or numbers.
         - First character must be a letter.
         - Can't be a reserved word for the chosen database engine.
 
-        *PostgreSQL*
+        *RDS for PostgreSQL*
 
         Constraints:
 
-        - Required for PostgreSQL.
         - Must be 1 to 63 letters or numbers.
         - First character must be a letter.
         - Can't be a reserved word for the chosen database engine.
@@ -10876,23 +10917,27 @@ class CfnDBInstanceProps:
 
         Not applicable. The password for the master user is managed by the DB cluster.
 
-        *MariaDB*
+        *RDS for Db2*
+
+        Must contain from 8 to 255 characters.
+
+        *RDS for MariaDB*
 
         Constraints: Must contain from 8 to 41 characters.
 
-        *Microsoft SQL Server*
+        *RDS for Microsoft SQL Server*
 
         Constraints: Must contain from 8 to 128 characters.
 
-        *MySQL*
+        *RDS for MySQL*
 
         Constraints: Must contain from 8 to 41 characters.
 
-        *Oracle*
+        *RDS for Oracle*
 
         Constraints: Must contain from 8 to 30 characters.
 
-        *PostgreSQL*
+        *RDS for PostgreSQL*
 
         Constraints: Must contain from 8 to 128 characters.
 
@@ -11067,6 +11112,10 @@ class CfnDBInstanceProps:
 
         Not applicable. The port number is managed by the DB cluster.
 
+        *Db2*
+
+        Default value: ``50000``
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-port
         '''
         result = self._values.get("port")
@@ -11494,7 +11543,7 @@ class CfnDBParameterGroup(
         :param description: Provides the customer-specified description for this DB parameter group.
         :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. .. epigraph:: The DB parameter group family can't be changed when updating a DB parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)`` .
         :param db_parameter_group_name: The name of the DB parameter group. Constraints: - Must be 1 to 255 letters, numbers, or hyphens. - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens If you don't specify a value for ``DBParameterGroupName`` property, a name is automatically created for the DB parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
+        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
         :param tags: An optional array of key-value pairs to apply to this DB parameter group. .. epigraph:: Currently, this is the only property that supports drift detection.
         '''
         if __debug__:
@@ -11653,7 +11702,7 @@ class CfnDBParameterGroupProps:
         :param description: Provides the customer-specified description for this DB parameter group.
         :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. .. epigraph:: The DB parameter group family can't be changed when updating a DB parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)`` .
         :param db_parameter_group_name: The name of the DB parameter group. Constraints: - Must be 1 to 255 letters, numbers, or hyphens. - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens If you don't specify a value for ``DBParameterGroupName`` property, a name is automatically created for the DB parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
+        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
         :param tags: An optional array of key-value pairs to apply to this DB parameter group. .. epigraph:: Currently, this is the only property that supports drift detection.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbparametergroup.html
@@ -11757,6 +11806,8 @@ class CfnDBParameterGroupProps:
 
         At least one parameter name and value must be supplied. Subsequent arguments are optional.
 
+        RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance.
+
         For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* .
 
         For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* .
@@ -11869,7 +11920,7 @@ class CfnDBProxy(
         :param id: Construct identifier for this resource (unique in its scope).
         :param auth: The authorization mechanism that the proxy uses.
         :param db_proxy_name: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region . An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
-        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
+        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.
         :param vpc_subnet_ids: One or more VPC subnet IDs to associate with the new proxy.
         :param debug_logging: Specifies whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.
@@ -12807,7 +12858,7 @@ class CfnDBProxyProps:
 
         :param auth: The authorization mechanism that the proxy uses.
         :param db_proxy_name: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region . An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
-        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
+        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.
         :param vpc_subnet_ids: One or more VPC subnet IDs to associate with the new proxy.
         :param debug_logging: Specifies whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.
@@ -12909,7 +12960,7 @@ class CfnDBProxyProps:
 
         This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` .
 
-        *Valid values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
+        *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxy.html#cfn-rds-dbproxy-enginefamily
         '''
@@ -16338,7 +16389,7 @@ class ClusterInstanceOptions:
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
 
         :exampleMetadata: fixture=_generated
 
@@ -16557,7 +16608,11 @@ class ClusterInstanceOptions:
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - true if the instance is placed in a public subnet
+        If not specified,
+        the cluster's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -16623,7 +16678,7 @@ class ClusterInstanceProps(ClusterInstanceOptions):
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param instance_type: The type of cluster instance to create. Can be either provisioned or serverless v2
         :param promotion_tier: The promotion tier of the cluster instance. This matters more for serverlessV2 instances. If a serverless instance is in tier 0-1 then it will scale with the writer. For provisioned instances this just determines the failover priority. If multiple instances have the same priority then one will be picked at random Default: 2
 
@@ -16855,7 +16910,11 @@ class ClusterInstanceProps(ClusterInstanceOptions):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - true if the instance is placed in a public subnet
+        If not specified,
+        the cluster's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -20052,7 +20111,7 @@ class DatabaseInstanceNewProps:
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -20603,7 +20662,11 @@ class DatabaseInstanceNewProps:
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        If not specified,
+        the instance's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -20883,7 +20946,7 @@ class DatabaseInstanceReadReplicaProps(DatabaseInstanceNewProps):
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -21387,7 +21450,11 @@ class DatabaseInstanceReadReplicaProps(DatabaseInstanceNewProps):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        If not specified,
+        the instance's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -21711,7 +21778,7 @@ class DatabaseInstanceSourceProps(DatabaseInstanceNewProps):
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -22305,7 +22372,11 @@ class DatabaseInstanceSourceProps(DatabaseInstanceNewProps):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        If not specified,
+        the instance's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -27368,6 +27439,12 @@ class MariaDbEngineVersion(
         '''Version "10.11.5".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_11_5"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_11_6")
+    def VER_10_11_6(cls) -> "MariaDbEngineVersion":
+        '''Version "10.11.6".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_11_6"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_2")
     def VER_10_2(cls) -> "MariaDbEngineVersion":
@@ -27640,6 +27717,12 @@ class MariaDbEngineVersion(
         '''Version "10.4.31".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_4_31"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_4_32")
+    def VER_10_4_32(cls) -> "MariaDbEngineVersion":
+        '''Version "10.4.32".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_4_32"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_4_8")
     def VER_10_4_8(cls) -> "MariaDbEngineVersion":
@@ -27712,6 +27795,12 @@ class MariaDbEngineVersion(
         '''Version "10.5.22".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_5_22"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_5_23")
+    def VER_10_5_23(cls) -> "MariaDbEngineVersion":
+        '''Version "10.5.23".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_5_23"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_5_8")
     def VER_10_5_8(cls) -> "MariaDbEngineVersion":
@@ -27766,6 +27855,12 @@ class MariaDbEngineVersion(
         '''Version "10.6.15".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_6_15"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_6_16")
+    def VER_10_6_16(cls) -> "MariaDbEngineVersion":
+        '''Version "10.6.16".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_6_16"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_6_5")
     def VER_10_6_5(cls) -> "MariaDbEngineVersion":
@@ -31151,7 +31246,7 @@ class ProvisionedClusterInstanceProps(ClusterInstanceOptions):
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param instance_type: The cluster instance type. Default: db.t3.medium
         :param promotion_tier: The promotion tier of the cluster instance. Can be between 0-15 For provisioned instances this just determines the failover priority. If multiple instances have the same priority then one will be picked at random Default: 2
 
@@ -31371,7 +31466,11 @@ class ProvisionedClusterInstanceProps(ClusterInstanceOptions):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - true if the instance is placed in a public subnet
+        If not specified,
+        the cluster's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -33317,7 +33416,7 @@ class ServerlessV2ClusterInstanceProps(ClusterInstanceOptions):
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param scale_with_writer: Only applicable to reader instances. If this is true then the instance will be placed in promotion tier 1, otherwise it will be placed in promotion tier 2. For serverless v2 instances this means: - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless) - false: The serverless v2 reader will scale with the read workfload on the instance Default: false
 
         :exampleMetadata: infused
@@ -33328,12 +33427,13 @@ class ServerlessV2ClusterInstanceProps(ClusterInstanceOptions):
             
             cluster = rds.DatabaseCluster(self, "Database",
                 engine=rds.DatabaseClusterEngine.aurora_mysql(version=rds.AuroraMysqlEngineVersion.VER_3_01_0),
-                writer=rds.ClusterInstance.serverless_v2("writer"),
+                writer=rds.ClusterInstance.provisioned("writer",
+                    ca_certificate=rds.CaCertificate.RDS_CA_RDS2048_G1
+                ),
                 readers=[
-                    # will be put in promotion tier 1 and will scale with the writer
-                    rds.ClusterInstance.serverless_v2("reader1", scale_with_writer=True),
-                    # will be put in promotion tier 2 and will not scale with the writer
-                    rds.ClusterInstance.serverless_v2("reader2")
+                    rds.ClusterInstance.serverless_v2("reader",
+                        ca_certificate=rds.CaCertificate.of("custom-ca")
+                    )
                 ],
                 vpc=vpc
             )
@@ -33529,7 +33629,11 @@ class ServerlessV2ClusterInstanceProps(ClusterInstanceOptions):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - true if the instance is placed in a public subnet
+        If not specified,
+        the cluster's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -34476,6 +34580,12 @@ class SqlServerEngineVersion(
         '''Version "16.00.4085.2.v1".'''
         return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_16_00_4085_2_V1"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_16_00_4095_4_V1")
+    def VER_16_00_4095_4_V1(cls) -> "SqlServerEngineVersion":
+        '''Version "16.00.4095.4.v1".'''
+        return typing.cast("SqlServerEngineVersion", jsii.sget(cls, "VER_16_00_4095_4_V1"))
+
     @builtins.property
     @jsii.member(jsii_name="sqlServerFullVersion")
     def sql_server_full_version(self) -> builtins.str:
@@ -35063,7 +35173,7 @@ class ClusterInstance(
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
 
         Example::
 
@@ -35125,7 +35235,7 @@ class ClusterInstance(
         :param parameters: The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None
         :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - true if the instance is placed in a public subnet
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
 
         Example::
 
@@ -37241,7 +37351,7 @@ class DatabaseInstanceFromSnapshot(
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -37643,7 +37753,7 @@ class DatabaseInstanceFromSnapshotProps(DatabaseInstanceSourceProps):
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -38171,7 +38281,11 @@ class DatabaseInstanceFromSnapshotProps(DatabaseInstanceSourceProps):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        If not specified,
+        the instance's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -38565,7 +38679,7 @@ class DatabaseInstanceProps(DatabaseInstanceSourceProps):
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -39112,7 +39226,11 @@ class DatabaseInstanceProps(DatabaseInstanceSourceProps):
     def publicly_accessible(self) -> typing.Optional[builtins.bool]:
         '''Indicates whether the DB instance is an internet-facing instance.
 
-        :default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        If not specified,
+        the instance's vpcSubnets will be used to determine if the instance is internet-facing
+        or not.
+
+        :default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         '''
         result = self._values.get("publicly_accessible")
         return typing.cast(typing.Optional[builtins.bool], result)
@@ -39489,7 +39607,7 @@ class DatabaseInstanceReadReplica(
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -40584,7 +40702,7 @@ class DatabaseInstance(
         :param preferred_backup_window: The daily time range during which automated backups are performed. Constraints: - Must be in the format ``hh24:mi-hh24:mi``. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
         :param processor_features: The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
-        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. Default: - ``true`` if ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
+        :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the instance's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
         :param removal_policy: The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This property must not be used if ``s3ExportRole`` is used. For Microsoft SQL Server: Default: - None
         :param s3_export_role: Role that will be associated with this DB instance to enable S3 export. This property must not be used if ``s3ExportBuckets`` is used. For Microsoft SQL Server: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise