aws-cdk-lib 2.145.0__py3-none-any.whl → 2.147.0__py3-none-any.whl

aws_cdk/aws_quicksight/__init__.py

@@ -142932,15 +142932,14 @@ class CfnDataSource(
             database_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
             database_user: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            For more information on the redshift:GetClusterCredentials API, see
-            GetClusterCredentials
-            .
+            '''A structure that grants Amazon QuickSight access to your cluster and make a call to the ``redshift:GetClusterCredentials`` API.
+
+            For more information on the ``redshift:GetClusterCredentials`` API, see ```GetClusterCredentials`` <https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html>`_ .
 
-            :param role_arn:  The calling principal must have iam:PassRole access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.
-            :param auto_create_database_user:  If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Amazon QuickSight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user. Default: - false
-            :param database_groups:  These permissions are combined with the permissions granted to Amazon QuickSight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.
-            :param database_user:  If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.
+            :param role_arn: Use the ``RoleArn`` structure to allow Amazon QuickSight to call ``redshift:GetClusterCredentials`` on your cluster. The calling principal must have ``iam:PassRole`` access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.
+            :param auto_create_database_user: Automatically creates a database user. If your database doesn't have a ``DatabaseUser`` , set this parameter to ``True`` . If there is no ``DatabaseUser`` , Amazon QuickSight can't connect to your cluster. The ``RoleArn`` that you use for this operation must grant access to ``redshift:CreateClusterUser`` to successfully create the user. Default: - false
+            :param database_groups: A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster. These permissions are combined with the permissions granted to Amazon QuickSight by the ``DatabaseUser`` . If you choose to include this parameter, the ``RoleArn`` must grant access to ``redshift:JoinGroup`` .
+            :param database_user: The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster. If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of ``AutoCreateDatabaseUser`` to ``True`` to create a new user with PUBLIC permissions.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-datasource-redshiftiamparameters.html
             :exampleMetadata: fixture=_generated
@@ -142978,8 +142977,9 @@ class CfnDataSource(
 
         @builtins.property
         def role_arn(self) -> builtins.str:
-            '''
-            The calling principal must have iam:PassRole access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.
+            '''Use the ``RoleArn`` structure to allow Amazon QuickSight to call ``redshift:GetClusterCredentials`` on your cluster.
+
+            The calling principal must have ``iam:PassRole`` access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-datasource-redshiftiamparameters.html#cfn-quicksight-datasource-redshiftiamparameters-rolearn
             '''
@@ -142991,8 +142991,9 @@ class CfnDataSource(
         def auto_create_database_user(
             self,
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-            '''
-            If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Amazon QuickSight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user.
+            '''Automatically creates a database user.
+
+            If your database doesn't have a ``DatabaseUser`` , set this parameter to ``True`` . If there is no ``DatabaseUser`` , Amazon QuickSight can't connect to your cluster. The ``RoleArn`` that you use for this operation must grant access to ``redshift:CreateClusterUser`` to successfully create the user.
 
             :default: - false
 
@@ -143003,8 +143004,9 @@ class CfnDataSource(
 
         @builtins.property
         def database_groups(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''
-            These permissions are combined with the permissions granted to Amazon QuickSight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.
+            '''A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster.
+
+            These permissions are combined with the permissions granted to Amazon QuickSight by the ``DatabaseUser`` . If you choose to include this parameter, the ``RoleArn`` must grant access to ``redshift:JoinGroup`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-datasource-redshiftiamparameters.html#cfn-quicksight-datasource-redshiftiamparameters-databasegroups
             '''
@@ -143013,8 +143015,9 @@ class CfnDataSource(
 
         @builtins.property
         def database_user(self) -> typing.Optional[builtins.str]:
-            '''
-            If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.
+            '''The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster.
+
+            If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of ``AutoCreateDatabaseUser`` to ``True`` to create a new user with PUBLIC permissions.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-datasource-redshiftiamparameters.html#cfn-quicksight-datasource-redshiftiamparameters-databaseuser
             '''
@@ -143062,7 +143065,7 @@ class CfnDataSource(
             :param database: Database.
             :param cluster_id: Cluster ID. This field can be blank if the ``Host`` and ``Port`` are provided.
             :param host: Host. This field can be blank if ``ClusterId`` is provided.
-            :param iam_parameters:  For more information on the redshift:GetClusterCredentials API, see GetClusterCredentials .
+            :param iam_parameters: An optional parameter that uses IAM authentication to grant Amazon QuickSight access to your cluster. This parameter can be used instead of `DataSourceCredentials <https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DataSourceCredentials.html>`_ .
             :param identity_center_configuration: An optional parameter that configures IAM Identity Center authentication to grant Amazon QuickSight access to your cluster. This parameter can only be specified if your Amazon QuickSight account is configured with IAM Identity Center.
             :param port: Port. This field can be blank if the ``ClusterId`` is provided. Default: - 0
 
@@ -143153,10 +143156,9 @@ class CfnDataSource(
         def iam_parameters(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataSource.RedshiftIAMParametersProperty"]]:
-            '''
-            For more information on the redshift:GetClusterCredentials API, see
-            GetClusterCredentials
-            .
+            '''An optional parameter that uses IAM authentication to grant Amazon QuickSight access to your cluster.
+
+            This parameter can be used instead of `DataSourceCredentials <https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DataSourceCredentials.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-quicksight-datasource-redshiftparameters.html#cfn-quicksight-datasource-redshiftparameters-iamparameters
             '''

aws_cdk/aws_rds/__init__.py

@@ -2584,6 +2584,12 @@ class AuroraMysqlEngineVersion(
         '''Version "8.0.mysql_aurora.3.06.0".'''
         return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_06_0"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_3_07_0")
+    def VER_3_07_0(cls) -> "AuroraMysqlEngineVersion":
+        '''Version "8.0.mysql_aurora.3.07.0".'''
+        return typing.cast("AuroraMysqlEngineVersion", jsii.sget(cls, "VER_3_07_0"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_5_7_12")
     def VER_5_7_12(cls) -> "AuroraMysqlEngineVersion":
@@ -3489,6 +3495,12 @@ class AuroraPostgresEngineVersion(
         '''Version "15.5".'''
         return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_15_5"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_15_6")
+    def VER_15_6(cls) -> "AuroraPostgresEngineVersion":
+        '''Version "15.6".'''
+        return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_15_6"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_16_0")
     def VER_16_0(cls) -> "AuroraPostgresEngineVersion":
@@ -6136,13 +6148,13 @@ class CfnDBCluster(
 
             For more information, see `Using Amazon Aurora Serverless v2 <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html>`_ in the *Amazon Aurora User Guide* .
 
-            If you have an Aurora cluster, you must set the ``ScalingConfigurationInfo`` attribute before you add a DB instance that uses the ``db.serverless`` DB instance class. For more information, see `Clusters that use Aurora Serverless v2 must have a capacity range specified <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range>`_ in the *Amazon Aurora User Guide* .
+            If you have an Aurora cluster, you must set this attribute before you add a DB instance that uses the ``db.serverless`` DB instance class. For more information, see `Clusters that use Aurora Serverless v2 must have a capacity range specified <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html#aurora-serverless-v2.requirements.capacity-range>`_ in the *Amazon Aurora User Guide* .
 
             This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, use the ``ScalingConfiguration`` property.
 
             Valid for: Aurora Serverless v2 DB clusters
 
-            :param max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128. The maximum capacity must be higher than 0.5 ACUs. For more information, see `Choosing the maximum Aurora Serverless v2 capacity setting for a cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.setting-capacity.html#aurora-serverless-v2.max_capacity_considerations>`_ in the *Amazon Aurora User Guide* .
+            :param max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128. The maximum capacity must be higher than 0.5 ACUs. For more information, see `Choosing the maximum Aurora Serverless v2 capacity setting for a cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.setting-capacity.html#aurora-serverless-v2.max_capacity_considerations>`_ in the *Amazon Aurora User Guide* . Aurora automatically sets certain parameters for Aurora Serverless V2 DB instances to values that depend on the maximum ACU value in the capacity range. When you update the maximum capacity value, the ``ParameterApplyStatus`` value for the DB instance changes to ``pending-reboot`` . You can update the parameter values by rebooting the DB instance after changing the capacity range.
             :param min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-serverlessv2scalingconfiguration.html
@@ -6177,6 +6189,8 @@ class CfnDBCluster(
 
             The maximum capacity must be higher than 0.5 ACUs. For more information, see `Choosing the maximum Aurora Serverless v2 capacity setting for a cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.setting-capacity.html#aurora-serverless-v2.max_capacity_considerations>`_ in the *Amazon Aurora User Guide* .
 
+            Aurora automatically sets certain parameters for Aurora Serverless V2 DB instances to values that depend on the maximum ACU value in the capacity range. When you update the maximum capacity value, the ``ParameterApplyStatus`` value for the DB instance changes to ``pending-reboot`` . You can update the parameter values by rebooting the DB instance after changing the capacity range.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-serverlessv2scalingconfiguration.html#cfn-rds-dbcluster-serverlessv2scalingconfiguration-maxcapacity
             '''
             result = self._values.get("max_capacity")
@@ -8240,7 +8254,7 @@ class CfnDBInstance(
         :param engine: The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. This property is required when creating a DB instance. .. epigraph:: You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb`` . Converting to the CDB architecture requires an interruption. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
         :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
-        :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
+        :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified ``KmsKeyId`` property is used. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
         :param license_model: License model information for this DB instance. Valid Values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - RDS for Db2 - ``bring-your-own-license`` . For more information about RDS for Db2 licensing, see ` <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html>`_ in the *Amazon RDS User Guide.* - RDS for MariaDB - ``general-public-license`` - RDS for Microsoft SQL Server - ``license-included`` - RDS for MySQL - ``general-public-license`` - RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - RDS for PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
         :param manage_master_user_password: Specifies whether to manage the master user password with AWS Secrets Manager. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.* Constraints: - Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified.
         :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *RDS for Db2* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MariaDB* Constraints: - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: - Must be 1 to 128 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
@@ -8265,10 +8279,10 @@ class CfnDBInstance(
         :param restore_time: The date and time to restore from. Constraints: - Must be a time in Universal Coordinated Time (UTC) format. - Must be before the latest restorable time for the DB instance. - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. Example: ``2009-09-07T23:45:00Z``
         :param source_db_cluster_identifier: The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. Constraints: - Must be the identifier of an existing Multi-AZ DB cluster. - Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. - The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. - The source DB cluster must be in the same AWS Region as the read replica. Cross-Region replication isn't supported.
         :param source_db_instance_automated_backups_arn: The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`` . This setting doesn't apply to RDS Custom.
-        :param source_db_instance_identifier: If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see `Working with Read Replicas <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html>`_ in the *Amazon RDS User Guide* . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. .. epigraph:: - If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - If you specify ``SourceDBInstanceIdentifier`` , don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - Don't set the ``BackupRetentionPeriod`` , ``DBName`` , ``MasterUsername`` , ``MasterUserPassword`` , and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion`` , and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier`` . For more information, see `Constructing a Amazon RDS Amazon Resource Name (ARN) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN>`_ in the *Amazon RDS User Guide* . - For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
+        :param source_db_instance_identifier: If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see `Working with Read Replicas <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html>`_ in the *Amazon RDS User Guide* . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the read replica to a standalone DB instance. If you specify the ``UseLatestRestorableTime`` or ``RestoreTime`` properties in conjunction with the ``SourceDBInstanceIdentifier`` property, RDS restores the DB instance to the requested point in time, thereby creating a new DB instance. .. epigraph:: - If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - If you specify ``SourceDBInstanceIdentifier`` , don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - Don't set the ``BackupRetentionPeriod`` , ``DBName`` , ``MasterUsername`` , ``MasterUserPassword`` , and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion`` , and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier`` . For more information, see `Constructing a Amazon RDS Amazon Resource Name (ARN) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN>`_ in the *Amazon RDS User Guide* . - For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
         :param source_dbi_resource_id: The resource ID of the source DB instance from which to restore.
         :param source_region: The ID of the region that contains the source DB instance for the read replica.
-        :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
+        :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
         :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
         :param tags: An optional array of key-value pairs to apply to this DB instance.
@@ -10246,7 +10260,7 @@ class CfnDBInstanceProps:
         :param engine: The name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. This property is required when creating a DB instance. .. epigraph:: You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the ``Engine`` value in your templates from ``oracle-ee`` to ``oracle-ee-cdb`` or from ``oracle-se2`` to ``oracle-se2-cdb`` . Converting to the CDB architecture requires an interruption. Valid Values: - ``aurora-mysql`` (for Aurora MySQL DB instances) - ``aurora-postgresql`` (for Aurora PostgreSQL DB instances) - ``custom-oracle-ee`` (for RDS Custom for Oracle DB instances) - ``custom-oracle-ee-cdb`` (for RDS Custom for Oracle DB instances) - ``custom-sqlserver-ee`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-se`` (for RDS Custom for SQL Server DB instances) - ``custom-sqlserver-web`` (for RDS Custom for SQL Server DB instances) - ``db2-ae`` - ``db2-se`` - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param engine_version: The version number of the database engine to use. For a list of valid engine versions, use the ``DescribeDBEngineVersions`` action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See `Amazon RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *MariaDB* See `MariaDB on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Microsoft SQL Server* See `Microsoft SQL Server Versions on Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport>`_ in the *Amazon RDS User Guide.* *MySQL* See `MySQL on Amazon RDS Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt>`_ in the *Amazon RDS User Guide.* *Oracle* See `Oracle Database Engine Release Notes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html>`_ in the *Amazon RDS User Guide.* *PostgreSQL* See `Supported PostgreSQL Database Versions <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions>`_ in the *Amazon RDS User Guide.*
         :param iops: The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see `Amazon RDS Provisioned IOPS Storage to Improve Performance <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify ``io1`` for the ``StorageType`` property, then you must also specify the ``Iops`` property. Constraints: - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. - For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
-        :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
+        :param kms_key_id: The ARN of the AWS KMS key that's used to encrypt the DB instance, such as ``arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef`` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified ``KmsKeyId`` property is used. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the ``DBSnapshotIdentifier`` property, don't specify this property. The ``StorageEncrypted`` property value is inherited from the snapshot. If the DB instance is encrypted, the specified ``KmsKeyId`` property is also inherited from the snapshot. If you specify ``DBSecurityGroups`` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see `Using Amazon RDS with Amazon VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
         :param license_model: License model information for this DB instance. Valid Values: - Aurora MySQL - ``general-public-license`` - Aurora PostgreSQL - ``postgresql-license`` - RDS for Db2 - ``bring-your-own-license`` . For more information about RDS for Db2 licensing, see ` <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html>`_ in the *Amazon RDS User Guide.* - RDS for MariaDB - ``general-public-license`` - RDS for Microsoft SQL Server - ``license-included`` - RDS for MySQL - ``general-public-license`` - RDS for Oracle - ``bring-your-own-license`` or ``license-included`` - RDS for PostgreSQL - ``postgresql-license`` .. epigraph:: If you've specified ``DBSecurityGroups`` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
         :param manage_master_user_password: Specifies whether to manage the master user password with AWS Secrets Manager. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.* Constraints: - Can't manage the master user password with AWS Secrets Manager if ``MasterUserPassword`` is specified.
         :param master_username: The master user name for the DB instance. .. epigraph:: If you specify the ``SourceDBInstanceIdentifier`` or ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the source DB instance or snapshot. When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *RDS for Db2* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MariaDB* Constraints: - Must be 1 to 16 letters or numbers. - Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: - Must be 1 to 128 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: - Must be 1 to 16 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: - Must be 1 to 30 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: - Must be 1 to 63 letters or numbers. - First character must be a letter. - Can't be a reserved word for the chosen database engine.
@@ -10271,10 +10285,10 @@ class CfnDBInstanceProps:
         :param restore_time: The date and time to restore from. Constraints: - Must be a time in Universal Coordinated Time (UTC) format. - Must be before the latest restorable time for the DB instance. - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled. Example: ``2009-09-07T23:45:00Z``
         :param source_db_cluster_identifier: The identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. Constraints: - Must be the identifier of an existing Multi-AZ DB cluster. - Can't be specified if the ``SourceDBInstanceIdentifier`` parameter is also specified. - The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. - The source DB cluster must be in the same AWS Region as the read replica. Cross-Region replication isn't supported.
         :param source_db_instance_automated_backups_arn: The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, ``arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE`` . This setting doesn't apply to RDS Custom.
-        :param source_db_instance_identifier: If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see `Working with Read Replicas <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html>`_ in the *Amazon RDS User Guide* . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. .. epigraph:: - If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - If you specify ``SourceDBInstanceIdentifier`` , don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - Don't set the ``BackupRetentionPeriod`` , ``DBName`` , ``MasterUsername`` , ``MasterUserPassword`` , and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion`` , and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier`` . For more information, see `Constructing a Amazon RDS Amazon Resource Name (ARN) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN>`_ in the *Amazon RDS User Guide* . - For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
+        :param source_db_instance_identifier: If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see `Working with Read Replicas <https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html>`_ in the *Amazon RDS User Guide* . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the read replica to a standalone DB instance. If you specify the ``UseLatestRestorableTime`` or ``RestoreTime`` properties in conjunction with the ``SourceDBInstanceIdentifier`` property, RDS restores the DB instance to the requested point in time, thereby creating a new DB instance. .. epigraph:: - If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. - Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. - If you specify ``SourceDBInstanceIdentifier`` , don't specify the ``DBSnapshotIdentifier`` property. You can't create a read replica from a snapshot. - Don't set the ``BackupRetentionPeriod`` , ``DBName`` , ``MasterUsername`` , ``MasterUserPassword`` , and ``PreferredBackupWindow`` properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. - If the source DB instance is in a different region than the read replica, specify the source region in ``SourceRegion`` , and specify an ARN for a valid DB instance in ``SourceDBInstanceIdentifier`` . For more information, see `Constructing a Amazon RDS Amazon Resource Name (ARN) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN>`_ in the *Amazon RDS User Guide* . - For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
         :param source_dbi_resource_id: The resource ID of the source DB instance from which to restore.
         :param source_region: The ID of the region that contains the source DB instance for the read replica.
-        :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
+        :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
         :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
         :param tags: An optional array of key-value pairs to apply to this DB instance.
@@ -11464,7 +11478,9 @@ class CfnDBInstanceProps:
 
         If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true.
 
-        If you specify the ``SourceDBInstanceIdentifier`` property, the value is inherited from the source DB instance if the read replica is created in the same region.
+        If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID.
+
+        If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified ``KmsKeyId`` property is used.
 
         If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region.
 
@@ -11958,7 +11974,9 @@ class CfnDBInstanceProps:
 
         For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* .
 
-        The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance.
+        The ``SourceDBInstanceIdentifier`` property determines whether a DB instance is a read replica. If you remove the ``SourceDBInstanceIdentifier`` property from your template and then update your stack, AWS CloudFormation promotes the read replica to a standalone DB instance.
+
+        If you specify the ``UseLatestRestorableTime`` or ``RestoreTime`` properties in conjunction with the ``SourceDBInstanceIdentifier`` property, RDS restores the DB instance to the requested point in time, thereby creating a new DB instance.
         .. epigraph::
 
            - If you specify a source DB instance that uses VPC security groups, we recommend that you specify the ``VPCSecurityGroups`` property. If you don't specify the property, the read replica inherits the value of the ``VPCSecurityGroups`` property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's ``VPCSecurityGroups`` property to the default value because it's not defined in the stack's template. This change might cause unexpected issues.
@@ -11999,7 +12017,9 @@ class CfnDBInstanceProps:
 
         If you specify the ``KmsKeyId`` property, then you must enable encryption.
 
-        If you specify the ``SourceDBInstanceIdentifier`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used.
+        If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used.
+
+        If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup.
 
         If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot.
 
@@ -28888,6 +28908,12 @@ class MariaDbEngineVersion(
         '''Version "10.11.7".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_11_7"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_11_8")
+    def VER_10_11_8(cls) -> "MariaDbEngineVersion":
+        '''Version "10.11.8".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_11_8"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_2")
     def VER_10_2(cls) -> "MariaDbEngineVersion":
@@ -29299,6 +29325,12 @@ class MariaDbEngineVersion(
         '''Version "10.4.33".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_4_33"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_4_34")
+    def VER_10_4_34(cls) -> "MariaDbEngineVersion":
+        '''Version "10.4.34".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_4_34"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_4_8")
     def VER_10_4_8(cls) -> "MariaDbEngineVersion":
@@ -29413,6 +29445,12 @@ class MariaDbEngineVersion(
         '''Version "10.5.24".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_5_24"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_5_25")
+    def VER_10_5_25(cls) -> "MariaDbEngineVersion":
+        '''Version "10.5.25".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_5_25"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_5_8")
     def VER_10_5_8(cls) -> "MariaDbEngineVersion":
@@ -29489,6 +29527,12 @@ class MariaDbEngineVersion(
         '''Version "10.6.17".'''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_6_17"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_10_6_18")
+    def VER_10_6_18(cls) -> "MariaDbEngineVersion":
+        '''Version "10.6.18".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_6_18"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_10_6_5")
     def VER_10_6_5(cls) -> "MariaDbEngineVersion":

aws_cdk/aws_refactorspaces/__init__.py

@@ -62,7 +62,7 @@ class CfnApplication(
 ):
     '''Creates an AWS Migration Hub Refactor Spaces application.
 
-    The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway , API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
+    The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions an Amazon API Gateway, API Gateway VPC link, and Network Load Balancer for the application proxy inside your account.
 
     In environments created with a `CreateEnvironment:NetworkFabricType <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/APIReference/API_CreateEnvironment.html#migrationhubrefactorspaces-CreateEnvironment-request-NetworkFabricType>`_ of ``NONE`` you need to configure `VPC to VPC connectivity <https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/amazon-vpc-to-amazon-vpc-connectivity-options.html>`_ between your service VPC and the application proxy VPC to route traffic through the application proxy to a service with a private URL endpoint. For more information, see `Create an application <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/getting-started-create-application.html>`_ in the *Refactor Spaces User Guide* .
 
@@ -343,7 +343,7 @@ class CfnApplication(
         ) -> None:
             '''A wrapper object holding the Amazon API Gateway endpoint input.
 
-            :param endpoint_type: The type of endpoint to use for the API Gateway proxy. If no value is specified in the request, the value is set to ``REGIONAL`` by default. If the value is set to ``PRIVATE`` in the request, this creates a private API endpoint that is isolated from the public internet. The private endpoint can only be accessed by using Amazon Virtual Private Cloud ( Amazon VPC ) interface endpoints for the Amazon API Gateway that has been granted access. For more information about creating a private connection with Refactor Spaces and interface endpoint ( AWS PrivateLink ) availability, see `Access Refactor Spaces using an interface endpoint ( AWS PrivateLink ) <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/vpc-interface-endpoints.html>`_ .
+            :param endpoint_type: The type of endpoint to use for the API Gateway proxy. If no value is specified in the request, the value is set to ``REGIONAL`` by default. If the value is set to ``PRIVATE`` in the request, this creates a private API endpoint that is isolated from the public internet. The private endpoint can only be accessed by using Amazon Virtual Private Cloud (Amazon VPC) interface endpoints for the Amazon API Gateway that has been granted access. For more information about creating a private connection with Refactor Spaces and interface endpoint ( AWS PrivateLink ) availability, see `Access Refactor Spaces using an interface endpoint ( AWS PrivateLink ) <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/vpc-interface-endpoints.html>`_ .
             :param stage_name: The name of the API Gateway stage. The name defaults to ``prod`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-refactorspaces-application-apigatewayproxyinput.html
@@ -376,7 +376,7 @@ class CfnApplication(
 
             If no value is specified in the request, the value is set to ``REGIONAL`` by default.
 
-            If the value is set to ``PRIVATE`` in the request, this creates a private API endpoint that is isolated from the public internet. The private endpoint can only be accessed by using Amazon Virtual Private Cloud ( Amazon VPC ) interface endpoints for the Amazon API Gateway that has been granted access. For more information about creating a private connection with Refactor Spaces and interface endpoint ( AWS PrivateLink ) availability, see `Access Refactor Spaces using an interface endpoint ( AWS PrivateLink ) <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/vpc-interface-endpoints.html>`_ .
+            If the value is set to ``PRIVATE`` in the request, this creates a private API endpoint that is isolated from the public internet. The private endpoint can only be accessed by using Amazon Virtual Private Cloud (Amazon VPC) interface endpoints for the Amazon API Gateway that has been granted access. For more information about creating a private connection with Refactor Spaces and interface endpoint ( AWS PrivateLink ) availability, see `Access Refactor Spaces using an interface endpoint ( AWS PrivateLink ) <https://docs.aws.amazon.com/migrationhub-refactor-spaces/latest/userguide/vpc-interface-endpoints.html>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-refactorspaces-application-apigatewayproxyinput.html#cfn-refactorspaces-application-apigatewayproxyinput-endpointtype
             '''