aws-cdk-lib 2.141.0__py3-none-any.whl → 2.142.0__py3-none-any.whl

aws_cdk/aws_docdb/__init__.py

@@ -20,7 +20,8 @@ cluster = docdb.DatabaseCluster(self, "Database",
     vpc_subnets=ec2.SubnetSelection(
         subnet_type=ec2.SubnetType.PUBLIC
     ),
-    vpc=vpc
+    vpc=vpc,
+    copy_tags_to_snapshot=True
 )
 ```
 
@@ -261,6 +262,27 @@ cluster = docdb.DatabaseCluster(self, "Database",
     security_group_removal_policy=RemovalPolicy.RETAIN
 )
 ```
+
+## CA certificate
+
+Use the `caCertificate` property to specify the [CA certificate](https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html) to use for all instances inside the cluster:
+
+```python
+# vpc: ec2.Vpc
+
+
+cluster = docdb.DatabaseCluster(self, "Database",
+    master_user=docdb.Login(
+        username="myuser"
+    ),
+    instance_type=ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
+    vpc_subnets=ec2.SubnetSelection(
+        subnet_type=ec2.SubnetType.PUBLIC
+    ),
+    vpc=vpc,
+    ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
+)
+```
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -305,6 +327,7 @@ from ..aws_ec2 import (
 from ..aws_iam import IRole as _IRole_235f5d8e
 from ..aws_kms import IKey as _IKey_5f11635f
 from ..aws_logs import RetentionDays as _RetentionDays_070f99f0
+from ..aws_rds import CaCertificate as _CaCertificate_e77d2630
 from ..aws_secretsmanager import (
     ISecret as _ISecret_6e020e6a,
     ISecretAttachmentTarget as _ISecretAttachmentTarget_123e2df9,
@@ -400,6 +423,79 @@ class BackupProps:
         )
 
 
+class CaCertificate(
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_docdb.CaCertificate",
+):
+    '''The CA certificate used for a DB instance.
+
+    :see: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
+    '''
+
+    @jsii.member(jsii_name="of")
+    @builtins.classmethod
+    def of(cls, identifier: builtins.str) -> _CaCertificate_e77d2630:
+        '''Custom CA certificate.
+
+        :param identifier: - CA certificate identifier.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__12afe9cc79eeaf5e583167389fab10fd90ade8f1fee3c8f0119c02136d36047f)
+            check_type(argname="argument identifier", value=identifier, expected_type=type_hints["identifier"])
+        return typing.cast(_CaCertificate_e77d2630, jsii.sinvoke(cls, "of", [identifier]))
+
+    @jsii.member(jsii_name="toString")
+    def to_string(self) -> builtins.str:
+        '''Returns the CA certificate identifier as a string.'''
+        return typing.cast(builtins.str, jsii.invoke(self, "toString", []))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_2019")
+    def RDS_CA_2019(cls) -> _CaCertificate_e77d2630:
+        '''rds-ca-2019 certificate authority.'''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_2019"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_ECC384_G1")
+    def RDS_CA_ECC384_G1(cls) -> _CaCertificate_e77d2630:
+        '''rds-ca-ecc384-g1 certificate authority.'''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_ECC384_G1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_RDS2048_G1")
+    def RDS_CA_RDS2048_G1(cls) -> _CaCertificate_e77d2630:
+        '''(deprecated) rds-ca-rsa2048-g1 certificate authority.
+
+        :deprecated: use RDS_CA_RSA2048_G1 (slight misspelling)
+
+        :stability: deprecated
+        '''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_RDS2048_G1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_RDS4096_G1")
+    def RDS_CA_RDS4096_G1(cls) -> _CaCertificate_e77d2630:
+        '''(deprecated) rds-ca-rsa4096-g1 certificate authority.
+
+        :deprecated: use RDS_CA_RSA4096_G1 (slight misspelling)
+
+        :stability: deprecated
+        '''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_RDS4096_G1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_RSA2048_G1")
+    def RDS_CA_RSA2048_G1(cls) -> _CaCertificate_e77d2630:
+        '''rds-ca-rsa2048-g1 certificate authority.'''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_RSA2048_G1"))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="RDS_CA_RSA4096_G1")
+    def RDS_CA_RSA4096_G1(cls) -> _CaCertificate_e77d2630:
+        '''rds-ca-rsa4096-g1 certificate authority.'''
+        return typing.cast(_CaCertificate_e77d2630, jsii.sget(cls, "RDS_CA_RSA4096_G1"))
+
+
 @jsii.implements(_IInspectable_c2943556, _ITaggable_36806126)
 class CfnDBCluster(
     _CfnResource_9df397a6,
@@ -3343,8 +3439,10 @@ class DatabaseClusterAttributes:
         "master_user": "masterUser",
         "vpc": "vpc",
         "backup": "backup",
+        "ca_certificate": "caCertificate",
         "cloud_watch_logs_retention": "cloudWatchLogsRetention",
         "cloud_watch_logs_retention_role": "cloudWatchLogsRetentionRole",
+        "copy_tags_to_snapshot": "copyTagsToSnapshot",
         "db_cluster_name": "dbClusterName",
         "deletion_protection": "deletionProtection",
         "enable_performance_insights": "enablePerformanceInsights",
@@ -3373,8 +3471,10 @@ class DatabaseClusterProps:
         master_user: typing.Union["Login", typing.Dict[builtins.str, typing.Any]],
         vpc: _IVpc_f30d5663,
         backup: typing.Optional[typing.Union[BackupProps, typing.Dict[builtins.str, typing.Any]]] = None,
+        ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
         cloud_watch_logs_retention: typing.Optional[_RetentionDays_070f99f0] = None,
         cloud_watch_logs_retention_role: typing.Optional[_IRole_235f5d8e] = None,
+        copy_tags_to_snapshot: typing.Optional[builtins.bool] = None,
         db_cluster_name: typing.Optional[builtins.str] = None,
         deletion_protection: typing.Optional[builtins.bool] = None,
         enable_performance_insights: typing.Optional[builtins.bool] = None,
@@ -3400,8 +3500,10 @@ class DatabaseClusterProps:
         :param master_user: Username and password for the administrative user.
         :param vpc: What subnets to run the DocumentDB instances in. Must be at least 2 subnets in two different AZs.
         :param backup: Backup settings. Default: - Backup retention period for automated backups is 1 day. Backup preferred window is set to a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
+        :param ca_certificate: The identifier of the CA certificate used for the instances. Specifying or updating this property triggers a reboot. Default: - DocumentDB will choose a certificate authority
         :param cloud_watch_logs_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``Infinity``. Default: - logs never expire
         :param cloud_watch_logs_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - a new role is created.
+        :param copy_tags_to_snapshot: Whether to copy tags to the snapshot when a snapshot is created. Default: - false
         :param db_cluster_name: An optional identifier for the cluster. Default: - A name is automatically generated.
         :param deletion_protection: Specifies whether this cluster can be deleted. If deletionProtection is enabled, the cluster cannot be deleted unless it is modified and deletionProtection is disabled. deletionProtection protects clusters from being accidentally deleted. Default: - false
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the instances in the DB Cluster. Default: - false
@@ -3437,7 +3539,7 @@ class DatabaseClusterProps:
                     subnet_type=ec2.SubnetType.PUBLIC
                 ),
                 vpc=vpc,
-                removal_policy=RemovalPolicy.SNAPSHOT
+                ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
             )
         '''
         if isinstance(master_user, dict):
@@ -3452,8 +3554,10 @@ class DatabaseClusterProps:
             check_type(argname="argument master_user", value=master_user, expected_type=type_hints["master_user"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
             check_type(argname="argument backup", value=backup, expected_type=type_hints["backup"])
+            check_type(argname="argument ca_certificate", value=ca_certificate, expected_type=type_hints["ca_certificate"])
             check_type(argname="argument cloud_watch_logs_retention", value=cloud_watch_logs_retention, expected_type=type_hints["cloud_watch_logs_retention"])
             check_type(argname="argument cloud_watch_logs_retention_role", value=cloud_watch_logs_retention_role, expected_type=type_hints["cloud_watch_logs_retention_role"])
+            check_type(argname="argument copy_tags_to_snapshot", value=copy_tags_to_snapshot, expected_type=type_hints["copy_tags_to_snapshot"])
             check_type(argname="argument db_cluster_name", value=db_cluster_name, expected_type=type_hints["db_cluster_name"])
             check_type(argname="argument deletion_protection", value=deletion_protection, expected_type=type_hints["deletion_protection"])
             check_type(argname="argument enable_performance_insights", value=enable_performance_insights, expected_type=type_hints["enable_performance_insights"])
@@ -3479,10 +3583,14 @@ class DatabaseClusterProps:
         }
         if backup is not None:
             self._values["backup"] = backup
+        if ca_certificate is not None:
+            self._values["ca_certificate"] = ca_certificate
         if cloud_watch_logs_retention is not None:
             self._values["cloud_watch_logs_retention"] = cloud_watch_logs_retention
         if cloud_watch_logs_retention_role is not None:
             self._values["cloud_watch_logs_retention_role"] = cloud_watch_logs_retention_role
+        if copy_tags_to_snapshot is not None:
+            self._values["copy_tags_to_snapshot"] = copy_tags_to_snapshot
         if db_cluster_name is not None:
             self._values["db_cluster_name"] = db_cluster_name
         if deletion_protection is not None:
@@ -3559,6 +3667,19 @@ class DatabaseClusterProps:
         result = self._values.get("backup")
         return typing.cast(typing.Optional[BackupProps], result)
 
+    @builtins.property
+    def ca_certificate(self) -> typing.Optional[_CaCertificate_e77d2630]:
+        '''The identifier of the CA certificate used for the instances.
+
+        Specifying or updating this property triggers a reboot.
+
+        :default: - DocumentDB will choose a certificate authority
+
+        :see: https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html
+        '''
+        result = self._values.get("ca_certificate")
+        return typing.cast(typing.Optional[_CaCertificate_e77d2630], result)
+
     @builtins.property
     def cloud_watch_logs_retention(self) -> typing.Optional[_RetentionDays_070f99f0]:
         '''The number of days log events are kept in CloudWatch Logs.
@@ -3581,6 +3702,15 @@ class DatabaseClusterProps:
         result = self._values.get("cloud_watch_logs_retention_role")
         return typing.cast(typing.Optional[_IRole_235f5d8e], result)
 
+    @builtins.property
+    def copy_tags_to_snapshot(self) -> typing.Optional[builtins.bool]:
+        '''Whether to copy tags to the snapshot when a snapshot is created.
+
+        :default: - false
+        '''
+        result = self._values.get("copy_tags_to_snapshot")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def db_cluster_name(self) -> typing.Optional[builtins.str]:
         '''An optional identifier for the cluster.
@@ -3888,6 +4018,7 @@ class DatabaseInstanceAttributes:
         "instance_type": "instanceType",
         "auto_minor_version_upgrade": "autoMinorVersionUpgrade",
         "availability_zone": "availabilityZone",
+        "ca_certificate": "caCertificate",
         "db_instance_name": "dbInstanceName",
         "enable_performance_insights": "enablePerformanceInsights",
         "preferred_maintenance_window": "preferredMaintenanceWindow",
@@ -3902,6 +4033,7 @@ class DatabaseInstanceProps:
         instance_type: _InstanceType_f64915b9,
         auto_minor_version_upgrade: typing.Optional[builtins.bool] = None,
         availability_zone: typing.Optional[builtins.str] = None,
+        ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
         db_instance_name: typing.Optional[builtins.str] = None,
         enable_performance_insights: typing.Optional[builtins.bool] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
@@ -3913,6 +4045,7 @@ class DatabaseInstanceProps:
         :param instance_type: The name of the compute and memory capacity classes.
         :param auto_minor_version_upgrade: Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window. Default: true
         :param availability_zone: The name of the Availability Zone where the DB instance will be located. Default: - no preference
+        :param ca_certificate: The identifier of the CA certificate for this DB instance. Specifying or updating this property triggers a reboot. Default: - DocumentDB will choose a certificate authority
         :param db_instance_name: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. Default: - a CloudFormation generated name
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the DB Instance. Default: - false
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-maintain.html#maintenance-window
@@ -3927,7 +4060,9 @@ class DatabaseInstanceProps:
             import aws_cdk as cdk
             from aws_cdk import aws_docdb as docdb
             from aws_cdk import aws_ec2 as ec2
+            from aws_cdk import aws_rds as rds
             
+            # ca_certificate: rds.CaCertificate
             # database_cluster: docdb.DatabaseCluster
             # instance_type: ec2.InstanceType
             
@@ -3938,6 +4073,7 @@ class DatabaseInstanceProps:
                 # the properties below are optional
                 auto_minor_version_upgrade=False,
                 availability_zone="availabilityZone",
+                ca_certificate=ca_certificate,
                 db_instance_name="dbInstanceName",
                 enable_performance_insights=False,
                 preferred_maintenance_window="preferredMaintenanceWindow",
@@ -3950,6 +4086,7 @@ class DatabaseInstanceProps:
             check_type(argname="argument instance_type", value=instance_type, expected_type=type_hints["instance_type"])
             check_type(argname="argument auto_minor_version_upgrade", value=auto_minor_version_upgrade, expected_type=type_hints["auto_minor_version_upgrade"])
             check_type(argname="argument availability_zone", value=availability_zone, expected_type=type_hints["availability_zone"])
+            check_type(argname="argument ca_certificate", value=ca_certificate, expected_type=type_hints["ca_certificate"])
             check_type(argname="argument db_instance_name", value=db_instance_name, expected_type=type_hints["db_instance_name"])
             check_type(argname="argument enable_performance_insights", value=enable_performance_insights, expected_type=type_hints["enable_performance_insights"])
             check_type(argname="argument preferred_maintenance_window", value=preferred_maintenance_window, expected_type=type_hints["preferred_maintenance_window"])
@@ -3962,6 +4099,8 @@ class DatabaseInstanceProps:
             self._values["auto_minor_version_upgrade"] = auto_minor_version_upgrade
         if availability_zone is not None:
             self._values["availability_zone"] = availability_zone
+        if ca_certificate is not None:
+            self._values["ca_certificate"] = ca_certificate
         if db_instance_name is not None:
             self._values["db_instance_name"] = db_instance_name
         if enable_performance_insights is not None:
@@ -4003,6 +4142,19 @@ class DatabaseInstanceProps:
         result = self._values.get("availability_zone")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def ca_certificate(self) -> typing.Optional[_CaCertificate_e77d2630]:
+        '''The identifier of the CA certificate for this DB instance.
+
+        Specifying or updating this property triggers a reboot.
+
+        :default: - DocumentDB will choose a certificate authority
+
+        :see: https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html
+        '''
+        result = self._values.get("ca_certificate")
+        return typing.cast(typing.Optional[_CaCertificate_e77d2630], result)
+
     @builtins.property
     def db_instance_name(self) -> typing.Optional[builtins.str]:
         '''A name for the DB instance.
@@ -4569,7 +4721,7 @@ class Login:
                     subnet_type=ec2.SubnetType.PUBLIC
                 ),
                 vpc=vpc,
-                removal_policy=RemovalPolicy.SNAPSHOT
+                ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
             )
         '''
         if __debug__:
@@ -4845,7 +4997,7 @@ class DatabaseCluster(
                 subnet_type=ec2.SubnetType.PUBLIC
             ),
             vpc=vpc,
-            removal_policy=RemovalPolicy.SNAPSHOT
+            ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
         )
     '''
 
@@ -4858,8 +5010,10 @@ class DatabaseCluster(
         master_user: typing.Union[Login, typing.Dict[builtins.str, typing.Any]],
         vpc: _IVpc_f30d5663,
         backup: typing.Optional[typing.Union[BackupProps, typing.Dict[builtins.str, typing.Any]]] = None,
+        ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
         cloud_watch_logs_retention: typing.Optional[_RetentionDays_070f99f0] = None,
         cloud_watch_logs_retention_role: typing.Optional[_IRole_235f5d8e] = None,
+        copy_tags_to_snapshot: typing.Optional[builtins.bool] = None,
         db_cluster_name: typing.Optional[builtins.str] = None,
         deletion_protection: typing.Optional[builtins.bool] = None,
         enable_performance_insights: typing.Optional[builtins.bool] = None,
@@ -4886,8 +5040,10 @@ class DatabaseCluster(
         :param master_user: Username and password for the administrative user.
         :param vpc: What subnets to run the DocumentDB instances in. Must be at least 2 subnets in two different AZs.
         :param backup: Backup settings. Default: - Backup retention period for automated backups is 1 day. Backup preferred window is set to a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
+        :param ca_certificate: The identifier of the CA certificate used for the instances. Specifying or updating this property triggers a reboot. Default: - DocumentDB will choose a certificate authority
         :param cloud_watch_logs_retention: The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to ``Infinity``. Default: - logs never expire
         :param cloud_watch_logs_retention_role: The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - a new role is created.
+        :param copy_tags_to_snapshot: Whether to copy tags to the snapshot when a snapshot is created. Default: - false
         :param db_cluster_name: An optional identifier for the cluster. Default: - A name is automatically generated.
         :param deletion_protection: Specifies whether this cluster can be deleted. If deletionProtection is enabled, the cluster cannot be deleted unless it is modified and deletionProtection is disabled. deletionProtection protects clusters from being accidentally deleted. Default: - false
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the instances in the DB Cluster. Default: - false
@@ -4916,8 +5072,10 @@ class DatabaseCluster(
             master_user=master_user,
             vpc=vpc,
             backup=backup,
+            ca_certificate=ca_certificate,
             cloud_watch_logs_retention=cloud_watch_logs_retention,
             cloud_watch_logs_retention_role=cloud_watch_logs_retention_role,
+            copy_tags_to_snapshot=copy_tags_to_snapshot,
             db_cluster_name=db_cluster_name,
             deletion_protection=deletion_protection,
             enable_performance_insights=enable_performance_insights,
@@ -5127,7 +5285,9 @@ class DatabaseInstance(
         import aws_cdk as cdk
         from aws_cdk import aws_docdb as docdb
         from aws_cdk import aws_ec2 as ec2
+        from aws_cdk import aws_rds as rds
         
+        # ca_certificate: rds.CaCertificate
         # database_cluster: docdb.DatabaseCluster
         # instance_type: ec2.InstanceType
         
@@ -5138,6 +5298,7 @@ class DatabaseInstance(
             # the properties below are optional
             auto_minor_version_upgrade=False,
             availability_zone="availabilityZone",
+            ca_certificate=ca_certificate,
             db_instance_name="dbInstanceName",
             enable_performance_insights=False,
             preferred_maintenance_window="preferredMaintenanceWindow",
@@ -5154,6 +5315,7 @@ class DatabaseInstance(
         instance_type: _InstanceType_f64915b9,
         auto_minor_version_upgrade: typing.Optional[builtins.bool] = None,
         availability_zone: typing.Optional[builtins.str] = None,
+        ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
         db_instance_name: typing.Optional[builtins.str] = None,
         enable_performance_insights: typing.Optional[builtins.bool] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
@@ -5166,6 +5328,7 @@ class DatabaseInstance(
         :param instance_type: The name of the compute and memory capacity classes.
         :param auto_minor_version_upgrade: Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window. Default: true
         :param availability_zone: The name of the Availability Zone where the DB instance will be located. Default: - no preference
+        :param ca_certificate: The identifier of the CA certificate for this DB instance. Specifying or updating this property triggers a reboot. Default: - DocumentDB will choose a certificate authority
         :param db_instance_name: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. Default: - a CloudFormation generated name
         :param enable_performance_insights: A value that indicates whether to enable Performance Insights for the DB Instance. Default: - false
         :param preferred_maintenance_window: The weekly time range (in UTC) during which system maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-maintain.html#maintenance-window
@@ -5180,6 +5343,7 @@ class DatabaseInstance(
             instance_type=instance_type,
             auto_minor_version_upgrade=auto_minor_version_upgrade,
             availability_zone=availability_zone,
+            ca_certificate=ca_certificate,
             db_instance_name=db_instance_name,
             enable_performance_insights=enable_performance_insights,
             preferred_maintenance_window=preferred_maintenance_window,
@@ -5270,6 +5434,7 @@ class DatabaseInstance(
 
 __all__ = [
     "BackupProps",
+    "CaCertificate",
     "CfnDBCluster",
     "CfnDBClusterParameterGroup",
     "CfnDBClusterParameterGroupProps",
@@ -5308,6 +5473,12 @@ def _typecheckingstub__ee6fe0fa77944f4ac01bc65293ff8588d9093a5a1b3fa48a6bab1d3e7
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__12afe9cc79eeaf5e583167389fab10fd90ade8f1fee3c8f0119c02136d36047f(
+    identifier: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__7db61dc80f26049d79a38255d8a0b3abaf4b5019d7cbed64c937ec0f3e40056c(
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
@@ -5859,8 +6030,10 @@ def _typecheckingstub__bb24ec128a97ca07df15f55d4e96dda851d4300951806a7a3d7f391cc
     master_user: typing.Union[Login, typing.Dict[builtins.str, typing.Any]],
     vpc: _IVpc_f30d5663,
     backup: typing.Optional[typing.Union[BackupProps, typing.Dict[builtins.str, typing.Any]]] = None,
+    ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
     cloud_watch_logs_retention: typing.Optional[_RetentionDays_070f99f0] = None,
     cloud_watch_logs_retention_role: typing.Optional[_IRole_235f5d8e] = None,
+    copy_tags_to_snapshot: typing.Optional[builtins.bool] = None,
     db_cluster_name: typing.Optional[builtins.str] = None,
     deletion_protection: typing.Optional[builtins.bool] = None,
     enable_performance_insights: typing.Optional[builtins.bool] = None,
@@ -5898,6 +6071,7 @@ def _typecheckingstub__676d69b0db2a30b5f20b867ed1d439431b0f7d419a335b2a51aaaf208
     instance_type: _InstanceType_f64915b9,
     auto_minor_version_upgrade: typing.Optional[builtins.bool] = None,
     availability_zone: typing.Optional[builtins.str] = None,
+    ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
     db_instance_name: typing.Optional[builtins.str] = None,
     enable_performance_insights: typing.Optional[builtins.bool] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
@@ -5984,8 +6158,10 @@ def _typecheckingstub__3fef762ebf4d69195051e79f76d91c6d9e93e2a84a6c1e71f7b4a0b8c
     master_user: typing.Union[Login, typing.Dict[builtins.str, typing.Any]],
     vpc: _IVpc_f30d5663,
     backup: typing.Optional[typing.Union[BackupProps, typing.Dict[builtins.str, typing.Any]]] = None,
+    ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
     cloud_watch_logs_retention: typing.Optional[_RetentionDays_070f99f0] = None,
     cloud_watch_logs_retention_role: typing.Optional[_IRole_235f5d8e] = None,
+    copy_tags_to_snapshot: typing.Optional[builtins.bool] = None,
     db_cluster_name: typing.Optional[builtins.str] = None,
     deletion_protection: typing.Optional[builtins.bool] = None,
     enable_performance_insights: typing.Optional[builtins.bool] = None,
@@ -6052,6 +6228,7 @@ def _typecheckingstub__5817f4b16546e48d296754293847a6856ad12a571f11de701f04c2152
     instance_type: _InstanceType_f64915b9,
     auto_minor_version_upgrade: typing.Optional[builtins.bool] = None,
     availability_zone: typing.Optional[builtins.str] = None,
+    ca_certificate: typing.Optional[_CaCertificate_e77d2630] = None,
     db_instance_name: typing.Optional[builtins.str] = None,
     enable_performance_insights: typing.Optional[builtins.bool] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,

aws_cdk/aws_ec2/__init__.py

@@ -73587,8 +73587,7 @@ class InstanceType(
                 subnet_type=ec2.SubnetType.PUBLIC
             ),
             vpc=vpc,
-            removal_policy=RemovalPolicy.SNAPSHOT,
-            instance_removal_policy=RemovalPolicy.RETAIN
+            ca_certificate=docdb.CaCertificate.RDS_CA_RSA4096_G1
         )
     '''