aws-cdk-lib 2.149.0__py3-none-any.whl → 2.151.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -1150,6 +1150,7 @@ Data in S3 buckets can be imported to and exported from certain database engines
 functionality, set the `s3ImportBuckets` and `s3ExportBuckets` properties for import and export respectively. When
 configured, the CDK automatically creates and configures IAM roles as required.
 Additionally, the `s3ImportRole` and `s3ExportRole` properties can be used to set this role directly.
+Note: To use `s3ImportRole` and `s3ExportRole` with Aurora PostgreSQL, you must also enable the S3 import and export features when you create the DatabaseClusterEngine.
 
 You can read more about loading data to (or from) S3 here:
 
@@ -4452,7 +4453,7 @@ class CfnDBCluster(
        We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure:
 
        - Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance.
-       - Create a snapshot of the DB cluster. For more information, see `Creating a DB Cluster Snapshot <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CreateSnapshotCluster.html>`_ .
+       - Create a snapshot of the DB cluster. For more information, see `Creating a DB cluster snapshot <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CreateSnapshotCluster.html>`_ .
        - If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the ``SnapshotIdentifier`` property with the ID of the DB cluster snapshot that you want to use.
 
        After you restore a DB cluster with a ``SnapshotIdentifier`` property, you must specify the same ``SnapshotIdentifier`` property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify the ``SnapshotIdentifier`` property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specified ``SnapshotIdentifier`` property, and the original DB cluster is deleted.
@@ -4627,7 +4628,7 @@ class CfnDBCluster(
         :param associated_roles: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon Web Services on your behalf. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param auto_minor_version_upgrade: Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. Valid for Cluster Type: Multi-AZ DB clusters only
         :param availability_zones: A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see `Choosing the Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
-        :param backtrack_window: The target backtrack window, in seconds. To disable backtracking, set this value to 0. .. epigraph:: Currently, Backtrack is only supported for Aurora MySQL DB clusters. Default: 0 Constraints: - If specified, this value must be set to a number from 0 to 259,200 (72 hours). Valid for: Aurora MySQL DB clusters only Default: - 0
+        :param backtrack_window: The target backtrack window, in seconds. To disable backtracking, set this value to ``0`` . Valid for Cluster Type: Aurora MySQL DB clusters only Default: ``0`` Constraints: - If specified, this value must be set to a number from 0 to 259,200 (72 hours). Default: - 0
         :param backup_retention_period: The number of days for which automated backups are retained. Default: 1 Constraints: - Must be a value from 1 to 35 Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - 1
         :param copy_tags_to_snapshot: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param database_name: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see `Naming Constraints <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
@@ -4665,7 +4666,7 @@ class CfnDBCluster(
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
+        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - "full-copy"
@@ -4676,7 +4677,7 @@ class CfnDBCluster(
         :param source_region: The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, ``us-east-1`` . Valid for: Aurora DB clusters only
         :param storage_encrypted: Indicates whether the DB cluster is encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SnapshotIdentifier`` and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified ``KmsKeyId`` property is used. If you specify the ``SnapshotIdentifier`` and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB cluster is encrypted. Specify the ``KmsKeyId`` property for the KMS key to use for encryption. If you don't want the restored DB cluster to be encrypted, then don't set this property or set it to ``false`` . .. epigraph:: If you specify both the ``StorageEncrypted`` and ``SnapshotIdentifier`` properties without specifying the ``KmsKeyId`` property, then the restored DB cluster inherits the encryption settings from the DB snapshot that provide. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param storage_type: The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see `Storage configurations for Amazon Aurora DB clusters <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type>`_ . For information on storage types for Multi-AZ DB clusters, see `Settings for creating Multi-AZ DB clusters <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings>`_ . This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the ``Iops`` parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: - Aurora DB clusters - ``aurora | aurora-iopt1`` - Multi-AZ DB clusters - ``io1 | io2 | gp3`` Default: - Aurora DB clusters - ``aurora`` - Multi-AZ DB clusters - ``io1`` .. epigraph:: When you create an Aurora DB cluster with the storage type set to ``aurora-iopt1`` , the storage type is returned in the response. The storage type isn't returned when you set it to ``aurora`` .
-        :param tags: An optional array of key-value pairs to apply to this DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters
+        :param tags: Tags to assign to the DB cluster. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
         :param use_latest_restorable_time: A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param vpc_security_group_ids: A list of EC2 VPC security groups to associate with this DB cluster. If you plan to update the resource, don't specify VPC security groups in a shared VPC. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         '''
@@ -4947,7 +4948,7 @@ class CfnDBCluster(
     def backtrack_window(self) -> typing.Optional[jsii.Number]:
         '''The target backtrack window, in seconds.
 
-        To disable backtracking, set this value to 0.
+        To disable backtracking, set this value to ``0`` .
         '''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "backtrackWindow"))
 
@@ -5688,7 +5689,7 @@ class CfnDBCluster(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB cluster.'''
+        '''Tags to assign to the DB cluster.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -5894,7 +5895,7 @@ class CfnDBCluster(
             For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide* and `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html>`_ in the *Amazon Aurora User Guide.*
 
             :param kms_key_id: The AWS KMS key identifier that is used to encrypt the secret.
-            :param secret_arn: The Amazon Resource Name (ARN) of the secret.
+            :param secret_arn: The Amazon Resource Name (ARN) of the secret. This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#aws-resource-rds-dbcluster-return-values>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html
             :exampleMetadata: fixture=_generated
@@ -5933,6 +5934,8 @@ class CfnDBCluster(
         def secret_arn(self) -> typing.Optional[builtins.str]:
             '''The Amazon Resource Name (ARN) of the secret.
 
+            This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#aws-resource-rds-dbcluster-return-values>`_ .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html#cfn-rds-dbcluster-masterusersecret-secretarn
             '''
             result = self._values.get("secret_arn")
@@ -6283,7 +6286,7 @@ class CfnDBClusterParameterGroup(
 
        If you apply a parameter group to a DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting.
 
-       If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started.
+       If you apply a change to parameter group associated with a stopped DB cluster, then the updated stack waits until the DB cluster is started.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbclusterparametergroup.html
     :cloudformationResource: AWS::RDS::DBClusterParameterGroup
@@ -6325,11 +6328,11 @@ class CfnDBClusterParameterGroup(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param description: A friendly description for this DB cluster parameter group.
-        :param family: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family. .. epigraph:: The DB cluster parameter group family can't be changed when updating a DB cluster parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBClusterParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html)`` .
+        :param description: The description for the DB cluster parameter group.
+        :param family: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family. *Aurora MySQL* Example: ``aurora-mysql5.7`` , ``aurora-mysql8.0`` *Aurora PostgreSQL* Example: ``aurora-postgresql14`` *RDS for MySQL* Example: ``mysql8.0`` *RDS for PostgreSQL* Example: ``postgres13`` To list all of the available parameter group families for a DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>`` For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine aurora-postgresql`` .. epigraph:: The output contains duplicates. The following are the valid DB engine values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres``
         :param parameters: Provides a list of parameters for the DB cluster parameter group.
-        :param db_cluster_parameter_group_name: The name of the DB cluster parameter group. Constraints: - Must not match the name of an existing DB cluster parameter group. If you don't specify a value for ``DBClusterParameterGroupName`` property, a name is automatically created for the DB cluster parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param tags: An optional array of key-value pairs to apply to this DB cluster parameter group.
+        :param db_cluster_parameter_group_name: The name of the DB cluster parameter group. Constraints: - Must not match the name of an existing DB cluster parameter group. .. epigraph:: This value is stored as a lowercase string.
+        :param tags: Tags to assign to the DB cluster parameter group.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5d66d67784eaba0a01483098e06526f4c025b7ff96275fcc6e41e7d979aa520c)
@@ -6389,7 +6392,7 @@ class CfnDBClusterParameterGroup(
     @builtins.property
     @jsii.member(jsii_name="description")
     def description(self) -> builtins.str:
-        '''A friendly description for this DB cluster parameter group.'''
+        '''The description for the DB cluster parameter group.'''
         return typing.cast(builtins.str, jsii.get(self, "description"))
 
     @description.setter
@@ -6444,7 +6447,7 @@ class CfnDBClusterParameterGroup(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB cluster parameter group.'''
+        '''Tags to assign to the DB cluster parameter group.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -6478,11 +6481,11 @@ class CfnDBClusterParameterGroupProps:
     ) -> None:
         '''Properties for defining a ``CfnDBClusterParameterGroup``.
 
-        :param description: A friendly description for this DB cluster parameter group.
-        :param family: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family. .. epigraph:: The DB cluster parameter group family can't be changed when updating a DB cluster parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBClusterParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html)`` .
+        :param description: The description for the DB cluster parameter group.
+        :param family: The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family. *Aurora MySQL* Example: ``aurora-mysql5.7`` , ``aurora-mysql8.0`` *Aurora PostgreSQL* Example: ``aurora-postgresql14`` *RDS for MySQL* Example: ``mysql8.0`` *RDS for PostgreSQL* Example: ``postgres13`` To list all of the available parameter group families for a DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>`` For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine aurora-postgresql`` .. epigraph:: The output contains duplicates. The following are the valid DB engine values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``mysql`` - ``postgres``
         :param parameters: Provides a list of parameters for the DB cluster parameter group.
-        :param db_cluster_parameter_group_name: The name of the DB cluster parameter group. Constraints: - Must not match the name of an existing DB cluster parameter group. If you don't specify a value for ``DBClusterParameterGroupName`` property, a name is automatically created for the DB cluster parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param tags: An optional array of key-value pairs to apply to this DB cluster parameter group.
+        :param db_cluster_parameter_group_name: The name of the DB cluster parameter group. Constraints: - Must not match the name of an existing DB cluster parameter group. .. epigraph:: This value is stored as a lowercase string.
+        :param tags: Tags to assign to the DB cluster parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbclusterparametergroup.html
         :exampleMetadata: fixture=_generated
@@ -6527,7 +6530,7 @@ class CfnDBClusterParameterGroupProps:
 
     @builtins.property
     def description(self) -> builtins.str:
-        '''A friendly description for this DB cluster parameter group.
+        '''The description for the DB cluster parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbclusterparametergroup.html#cfn-rds-dbclusterparametergroup-description
         '''
@@ -6539,18 +6542,41 @@ class CfnDBClusterParameterGroupProps:
     def family(self) -> builtins.str:
         '''The DB cluster parameter group family name.
 
-        A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a DB engine and engine version compatible with that DB cluster parameter group family.
-        .. epigraph::
+        A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
+
+        *Aurora MySQL*
+
+        Example: ``aurora-mysql5.7`` , ``aurora-mysql8.0``
+
+        *Aurora PostgreSQL*
+
+        Example: ``aurora-postgresql14``
+
+        *RDS for MySQL*
+
+        Example: ``mysql8.0``
+
+        *RDS for PostgreSQL*
 
-           The DB cluster parameter group family can't be changed when updating a DB cluster parameter group.
+        Example: ``postgres13``
 
-        To list all of the available parameter group families, use the following command:
+        To list all of the available parameter group families for a DB engine, use the following command:
 
-        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"``
+        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>``
 
-        The output contains duplicates.
+        For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:
 
-        For more information, see ``[CreateDBClusterParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html)`` .
+        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine aurora-postgresql``
+        .. epigraph::
+
+           The output contains duplicates.
+
+        The following are the valid DB engine values:
+
+        - ``aurora-mysql``
+        - ``aurora-postgresql``
+        - ``mysql``
+        - ``postgres``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbclusterparametergroup.html#cfn-rds-dbclusterparametergroup-family
         '''
@@ -6576,7 +6602,6 @@ class CfnDBClusterParameterGroupProps:
 
         - Must not match the name of an existing DB cluster parameter group.
 
-        If you don't specify a value for ``DBClusterParameterGroupName`` property, a name is automatically created for the DB cluster parameter group.
         .. epigraph::
 
            This value is stored as a lowercase string.
@@ -6588,7 +6613,7 @@ class CfnDBClusterParameterGroupProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB cluster parameter group.
+        '''Tags to assign to the DB cluster parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbclusterparametergroup.html#cfn-rds-dbclusterparametergroup-tags
         '''
@@ -6736,7 +6761,7 @@ class CfnDBClusterProps:
         :param associated_roles: Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon Web Services on your behalf. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param auto_minor_version_upgrade: Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically. Valid for Cluster Type: Multi-AZ DB clusters only
         :param availability_zones: A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see `Choosing the Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters only
-        :param backtrack_window: The target backtrack window, in seconds. To disable backtracking, set this value to 0. .. epigraph:: Currently, Backtrack is only supported for Aurora MySQL DB clusters. Default: 0 Constraints: - If specified, this value must be set to a number from 0 to 259,200 (72 hours). Valid for: Aurora MySQL DB clusters only Default: - 0
+        :param backtrack_window: The target backtrack window, in seconds. To disable backtracking, set this value to ``0`` . Valid for Cluster Type: Aurora MySQL DB clusters only Default: ``0`` Constraints: - If specified, this value must be set to a number from 0 to 259,200 (72 hours). Default: - 0
         :param backup_retention_period: The number of days for which automated backups are retained. Default: 1 Constraints: - Must be a value from 1 to 35 Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - 1
         :param copy_tags_to_snapshot: A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param database_name: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see `Naming Constraints <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon Aurora User Guide* . Valid for: Aurora DB clusters and Multi-AZ DB clusters
@@ -6774,7 +6799,7 @@ class CfnDBClusterProps:
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
+        :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param restore_type: The type of restore to be performed. You can specify one of the following values:. - ``full-copy`` - The new DB cluster is restored as a full copy of the source DB cluster. - ``copy-on-write`` - The new DB cluster is restored as a clone of the source DB cluster. If you don't specify a ``RestoreType`` value, then the new DB cluster is restored as a full copy of the source DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters Default: - "full-copy"
@@ -6785,7 +6810,7 @@ class CfnDBClusterProps:
         :param source_region: The AWS Region which contains the source DB cluster when replicating a DB cluster. For example, ``us-east-1`` . Valid for: Aurora DB clusters only
         :param storage_encrypted: Indicates whether the DB cluster is encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBClusterIdentifier`` property, don't specify this property. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SnapshotIdentifier`` and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specified ``KmsKeyId`` property is used. If you specify the ``SnapshotIdentifier`` and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB cluster is encrypted. Specify the ``KmsKeyId`` property for the KMS key to use for encryption. If you don't want the restored DB cluster to be encrypted, then don't set this property or set it to ``false`` . .. epigraph:: If you specify both the ``StorageEncrypted`` and ``SnapshotIdentifier`` properties without specifying the ``KmsKeyId`` property, then the restored DB cluster inherits the encryption settings from the DB snapshot that provide. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param storage_type: The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see `Storage configurations for Amazon Aurora DB clusters <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.StorageReliability.html#aurora-storage-type>`_ . For information on storage types for Multi-AZ DB clusters, see `Settings for creating Multi-AZ DB clusters <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/create-multi-az-db-cluster.html#create-multi-az-db-cluster-settings>`_ . This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the ``Iops`` parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: - Aurora DB clusters - ``aurora | aurora-iopt1`` - Multi-AZ DB clusters - ``io1 | io2 | gp3`` Default: - Aurora DB clusters - ``aurora`` - Multi-AZ DB clusters - ``io1`` .. epigraph:: When you create an Aurora DB cluster with the storage type set to ``aurora-iopt1`` , the storage type is returned in the response. The storage type isn't returned when you set it to ``aurora`` .
-        :param tags: An optional array of key-value pairs to apply to this DB cluster. Valid for: Aurora DB clusters and Multi-AZ DB clusters
+        :param tags: Tags to assign to the DB cluster. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
         :param use_latest_restorable_time: A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param vpc_security_group_ids: A list of EC2 VPC security groups to associate with this DB cluster. If you plan to update the resource, don't specify VPC security groups in a shared VPC. Valid for: Aurora DB clusters and Multi-AZ DB clusters
 
@@ -7108,20 +7133,16 @@ class CfnDBClusterProps:
 
     @builtins.property
     def backtrack_window(self) -> typing.Optional[jsii.Number]:
-        '''The target backtrack window, in seconds. To disable backtracking, set this value to 0.
-
-        .. epigraph::
+        '''The target backtrack window, in seconds. To disable backtracking, set this value to ``0`` .
 
-           Currently, Backtrack is only supported for Aurora MySQL DB clusters.
+        Valid for Cluster Type: Aurora MySQL DB clusters only
 
-        Default: 0
+        Default: ``0``
 
         Constraints:
 
         - If specified, this value must be set to a number from 0 to 259,200 (72 hours).
 
-        Valid for: Aurora MySQL DB clusters only
-
         :default: - 0
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-backtrackwindow
@@ -7809,7 +7830,7 @@ class CfnDBClusterProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''Specifies whether the DB cluster is publicly accessible.
 
-        When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
+        When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
 
         When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.
 
@@ -8029,9 +8050,9 @@ class CfnDBClusterProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB cluster.
+        '''Tags to assign to the DB cluster.
 
-        Valid for: Aurora DB clusters and Multi-AZ DB clusters
+        Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-tags
         '''
@@ -8325,7 +8346,7 @@ class CfnDBInstance(
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_kms_key_id: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS Region , for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`` .
-        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
         :param availability_zone: The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see `Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ . For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. Default: A random, system-chosen Availability Zone in the endpoint's AWS Region . Constraints: - The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - The specified Availability Zone must be in the same AWS Region as the current endpoint. Example: ``us-east-1d``
         :param backup_retention_period: The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. *Amazon Aurora* Not applicable. The retention period for automated backups is managed by the DB cluster. Default: 1 Constraints: - Must be a value from 0 to 35 - Can't be set to 0 if the DB instance is a source to read replicas Default: - 1
@@ -8335,18 +8356,18 @@ class CfnDBInstance(
         :param character_set_name: For supported engines, indicates that the DB instance should be associated with the specified character set. *Amazon Aurora* Not applicable. The character set is managed by the DB cluster. For more information, see `AWS::RDS::DBCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html>`_ .
         :param copy_tags_to_snapshot: Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
         :param custom_iam_instance_profile: The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. This setting is required for RDS Custom. Constraints: - The profile must exist in your account. - The profile must have an IAM role that Amazon EC2 has permissions to assume. - The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom`` . For the list of permissions required for the IAM role, see `Configure IAM and your VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc>`_ in the *Amazon RDS User Guide* .
-        :param db_cluster_identifier: The identifier of the DB cluster that the instance will belong to.
+        :param db_cluster_identifier: The identifier of the DB cluster that this DB instance will belong to. This setting doesn't apply to RDS Custom DB instances.
         :param db_cluster_snapshot_identifier: The identifier for the Multi-AZ DB cluster snapshot to restore from. For more information on Multi-AZ DB clusters, see `Multi-AZ DB cluster deployments <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html>`_ in the *Amazon RDS User Guide* . Constraints: - Must match the identifier of an existing Multi-AZ DB cluster snapshot. - Can't be specified when ``DBSnapshotIdentifier`` is specified. - Must be specified when ``DBSnapshotIdentifier`` isn't specified. - If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - Can't be the identifier of an Aurora DB cluster snapshot.
         :param db_instance_class: The compute and memory capacity of the DB instance, for example ``db.m5.large`` . Not all DB instance classes are available in all AWS Regions , or for all database engines. For the full list of DB instance classes, and availability for your engine, see `DB instance classes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon RDS User Guide* or `Aurora DB instance classes <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon Aurora User Guide* .
         :param db_instance_identifier: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see `Name Type <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html>`_ . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
         :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
-        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``EnablePerformanceInsights`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
-        :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Using Amazon RDS with Amazon Virtual Private Cloud (VPC) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
+        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
+        :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Amazon VPC and Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
         :param delete_automated_backups: A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
-        :param deletion_protection: A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . *Amazon Aurora* Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
+        :param deletion_protection: Specifies whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
         :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
         :param domain_auth_secret_arn: The ARN for the Secrets Manager secret with the credentials for the user joining the domain. Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456``
         :param domain_dns_ips: The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: - Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Example: ``123.124.125.126,234.235.236.237``
@@ -8368,15 +8389,15 @@ class CfnDBInstance(
         :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *RDS for Db2* Must contain from 8 to 255 characters. *RDS for MariaDB* Constraints: Must contain from 8 to 41 characters. *RDS for Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *RDS for MySQL* Constraints: Must contain from 8 to 41 characters. *RDS for Oracle* Constraints: Must contain from 8 to 30 characters. *RDS for PostgreSQL* Constraints: Must contain from 8 to 128 characters.
         :param master_user_secret: The secret managed by RDS in AWS Secrets Manager for the master user password. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.*
         :param max_allocated_storage: The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see `Managing capacity automatically with Amazon RDS storage autoscaling <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to the following DB instances: - Amazon Aurora (Storage is managed by the DB cluster.) - RDS Custom
-        :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. This setting doesn't apply to RDS Custom. Valid Values: ``0, 1, 5, 10, 15, 30, 60`` Default: - 0
+        :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify ``0`` . If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0`` . This setting doesn't apply to RDS Custom DB instances. Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` Default: ``0`` Default: - 0
         :param monitoring_role_arn: The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess`` . For information on creating a monitoring role, see `Setting Up and Enabling Enhanced Monitoring <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling>`_ in the *Amazon RDS User Guide* . If ``MonitoringInterval`` is set to a value other than ``0`` , then you must supply a ``MonitoringRoleArn`` value. This setting doesn't apply to RDS Custom DB instances.
-        :param multi_az: Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. For more information, see `Multi-AZ deployments for high availability <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set.
+        :param multi_az: Specifies whether the DB instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment. This setting doesn't apply to the following DB instances: - Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.) - RDS Custom
         :param nchar_character_set_name: The name of the NCHAR character set for the Oracle DB instance. This setting doesn't apply to RDS Custom DB instances.
         :param network_type: The network type of the DB instance. Valid values: - ``IPV4`` - ``DUAL`` The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols ( ``DUAL`` ). For more information, see `Working with a DB instance in a VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html>`_ in the *Amazon RDS User Guide.*
         :param option_group_name: Indicates that the DB instance should be associated with the specified option group. Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
         :param performance_insights_kms_key_id: The AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. If you do not specify a value for ``PerformanceInsightsKMSKeyId`` , then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. For information about enabling Performance Insights, see `EnablePerformanceInsights <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights>`_ .
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
-        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster. *Db2* Default value: ``50000``
+        :param port: The port number on which the database accepts connections. This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. Valid Values: ``1150-65535`` Default: - RDS for Db2 - ``50000`` - RDS for MariaDB - ``3306`` - RDS for Microsoft SQL Server - ``1433`` - RDS for MySQL - ``3306`` - RDS for Oracle - ``1521`` - RDS for PostgreSQL - ``5432`` Constraints: - For RDS for Microsoft SQL Server, the value can't be ``1234`` , ``1434`` , ``3260`` , ``3343`` , ``3389`` , ``47001`` , or ``49152-49156`` .
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
@@ -8392,7 +8413,7 @@ class CfnDBInstance(
         :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
         :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
-        :param tags: An optional array of key-value pairs to apply to this DB instance.
+        :param tags: Tags to assign to the DB instance.
         :param tde_credential_arn: 
         :param tde_credential_password: 
         :param timezone: The time zone of the DB instance. The time zone parameter is currently supported only by `RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone>`_ and `RDS for SQL Server <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone>`_ .
@@ -8604,6 +8625,8 @@ class CfnDBInstance(
     def attr_master_user_secret_secret_arn(self) -> builtins.str:
         '''The Amazon Resource Name (ARN) of the secret.
 
+        This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
+
         :cloudformationAttribute: MasterUserSecret.SecretArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrMasterUserSecretSecretArn"))
@@ -8840,7 +8863,7 @@ class CfnDBInstance(
     @builtins.property
     @jsii.member(jsii_name="dbClusterIdentifier")
     def db_cluster_identifier(self) -> typing.Optional[builtins.str]:
-        '''The identifier of the DB cluster that the instance will belong to.'''
+        '''The identifier of the DB cluster that this DB instance will belong to.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "dbClusterIdentifier"))
 
     @db_cluster_identifier.setter
@@ -9001,7 +9024,7 @@ class CfnDBInstance(
     def deletion_protection(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''A value that indicates whether the DB instance has deletion protection enabled.'''
+        '''Specifies whether the DB instance has deletion protection enabled.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "deletionProtection"))
 
     @deletion_protection.setter
@@ -9351,7 +9374,7 @@ class CfnDBInstance(
     def multi_az(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether the database instance is a Multi-AZ DB instance deployment.'''
+        '''Specifies whether the DB instance is a Multi-AZ deployment.'''
         return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], jsii.get(self, "multiAz"))
 
     @multi_az.setter
@@ -9679,7 +9702,7 @@ class CfnDBInstance(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB instance.'''
+        '''Tags to assign to the DB instance.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -10047,7 +10070,7 @@ class CfnDBInstance(
             For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide* and `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html>`_ in the *Amazon Aurora User Guide.*
 
             :param kms_key_id: The AWS KMS key identifier that is used to encrypt the secret.
-            :param secret_arn: The Amazon Resource Name (ARN) of the secret.
+            :param secret_arn: The Amazon Resource Name (ARN) of the secret. This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbinstance-masterusersecret.html
             :exampleMetadata: fixture=_generated
@@ -10086,6 +10109,8 @@ class CfnDBInstance(
         def secret_arn(self) -> typing.Optional[builtins.str]:
             '''The Amazon Resource Name (ARN) of the secret.
 
+            This parameter is a return value that you can retrieve using the ``Fn::GetAtt`` intrinsic function. For more information, see `Return values <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#aws-resource-rds-dbinstance-return-values>`_ .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbinstance-masterusersecret.html#cfn-rds-dbinstance-masterusersecret-secretarn
             '''
             result = self._values.get("secret_arn")
@@ -10114,7 +10139,7 @@ class CfnDBInstance(
             name: typing.Optional[builtins.str] = None,
             value: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''The ``ProcessorFeature`` property type specifies the processor features of a DB instance class status.
+            '''The ``ProcessorFeature`` property type specifies the processor features of a DB instance class.
 
             :param name: The name of the processor feature. Valid names are ``coreCount`` and ``threadsPerCore`` .
             :param value: The value of a processor feature.
@@ -10348,7 +10373,7 @@ class CfnDBInstanceProps:
         :param allow_major_version_upgrade: A value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the ``EngineVersion`` parameter that is a different major version than the DB instance's current version.
         :param associated_roles: The AWS Identity and Access Management (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
         :param automatic_backup_replication_kms_key_id: The AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS Region , for example, ``arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE`` .
-        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        :param automatic_backup_replication_region: The destination region for the backup replication of the DB instance. For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
         :param auto_minor_version_upgrade: A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
         :param availability_zone: The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see `Regions and Availability Zones <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html>`_ . For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. Default: A random, system-chosen Availability Zone in the endpoint's AWS Region . Constraints: - The ``AvailabilityZone`` parameter can't be specified if the DB instance is a Multi-AZ deployment. - The specified Availability Zone must be in the same AWS Region as the current endpoint. Example: ``us-east-1d``
         :param backup_retention_period: The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. *Amazon Aurora* Not applicable. The retention period for automated backups is managed by the DB cluster. Default: 1 Constraints: - Must be a value from 0 to 35 - Can't be set to 0 if the DB instance is a source to read replicas Default: - 1
@@ -10358,18 +10383,18 @@ class CfnDBInstanceProps:
         :param character_set_name: For supported engines, indicates that the DB instance should be associated with the specified character set. *Amazon Aurora* Not applicable. The character set is managed by the DB cluster. For more information, see `AWS::RDS::DBCluster <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html>`_ .
         :param copy_tags_to_snapshot: Specifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
         :param custom_iam_instance_profile: The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. This setting is required for RDS Custom. Constraints: - The profile must exist in your account. - The profile must have an IAM role that Amazon EC2 has permissions to assume. - The instance profile name and the associated IAM role name must start with the prefix ``AWSRDSCustom`` . For the list of permissions required for the IAM role, see `Configure IAM and your VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc>`_ in the *Amazon RDS User Guide* .
-        :param db_cluster_identifier: The identifier of the DB cluster that the instance will belong to.
+        :param db_cluster_identifier: The identifier of the DB cluster that this DB instance will belong to. This setting doesn't apply to RDS Custom DB instances.
         :param db_cluster_snapshot_identifier: The identifier for the Multi-AZ DB cluster snapshot to restore from. For more information on Multi-AZ DB clusters, see `Multi-AZ DB cluster deployments <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html>`_ in the *Amazon RDS User Guide* . Constraints: - Must match the identifier of an existing Multi-AZ DB cluster snapshot. - Can't be specified when ``DBSnapshotIdentifier`` is specified. - Must be specified when ``DBSnapshotIdentifier`` isn't specified. - If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the ``DBClusterSnapshotIdentifier`` must be the ARN of the shared snapshot. - Can't be the identifier of an Aurora DB cluster snapshot.
         :param db_instance_class: The compute and memory capacity of the DB instance, for example ``db.m5.large`` . Not all DB instance classes are available in all AWS Regions , or for all database engines. For the full list of DB instance classes, and availability for your engine, see `DB instance classes <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon RDS User Guide* or `Aurora DB instance classes <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html>`_ in the *Amazon Aurora User Guide* .
         :param db_instance_identifier: A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see `Name Type <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html>`_ . For information about constraints that apply to DB instance identifiers, see `Naming constraints in Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints>`_ in the *Amazon RDS User Guide* . .. epigraph:: If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
         :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
-        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``EnablePerformanceInsights`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
-        :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Using Amazon RDS with Amazon Virtual Private Cloud (VPC) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
+        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``DeleteAutomatedBackups`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PerformanceInsightsKMSKeyId`` - ``PerformanceInsightsRetentionPeriod`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an encrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
+        :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Amazon VPC and Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
         :param delete_automated_backups: A value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
-        :param deletion_protection: A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . *Amazon Aurora* Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
+        :param deletion_protection: Specifies whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ . This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
         :param domain: The Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see `Kerberos Authentication <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html>`_ in the *Amazon RDS User Guide* .
         :param domain_auth_secret_arn: The ARN for the Secrets Manager secret with the credentials for the user joining the domain. Example: ``arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456``
         :param domain_dns_ips: The IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: - Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Example: ``123.124.125.126,234.235.236.237``
@@ -10391,15 +10416,15 @@ class CfnDBInstanceProps:
         :param master_user_password: The password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *RDS for Db2* Must contain from 8 to 255 characters. *RDS for MariaDB* Constraints: Must contain from 8 to 41 characters. *RDS for Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *RDS for MySQL* Constraints: Must contain from 8 to 41 characters. *RDS for Oracle* Constraints: Must contain from 8 to 30 characters. *RDS for PostgreSQL* Constraints: Must contain from 8 to 128 characters.
         :param master_user_secret: The secret managed by RDS in AWS Secrets Manager for the master user password. For more information, see `Password management with AWS Secrets Manager <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html>`_ in the *Amazon RDS User Guide.*
         :param max_allocated_storage: The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see `Managing capacity automatically with Amazon RDS storage autoscaling <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to the following DB instances: - Amazon Aurora (Storage is managed by the DB cluster.) - RDS Custom
-        :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0. This setting doesn't apply to RDS Custom. Valid Values: ``0, 1, 5, 10, 15, 30, 60`` Default: - 0
+        :param monitoring_interval: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify ``0`` . If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0`` . This setting doesn't apply to RDS Custom DB instances. Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60`` Default: ``0`` Default: - 0
         :param monitoring_role_arn: The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, ``arn:aws:iam:123456789012:role/emaccess`` . For information on creating a monitoring role, see `Setting Up and Enabling Enhanced Monitoring <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling>`_ in the *Amazon RDS User Guide* . If ``MonitoringInterval`` is set to a value other than ``0`` , then you must supply a ``MonitoringRoleArn`` value. This setting doesn't apply to RDS Custom DB instances.
-        :param multi_az: Specifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true. For more information, see `Multi-AZ deployments for high availability <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html>`_ in the *Amazon RDS User Guide* . *Amazon Aurora* Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set.
+        :param multi_az: Specifies whether the DB instance is a Multi-AZ deployment. You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment. This setting doesn't apply to the following DB instances: - Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.) - RDS Custom
         :param nchar_character_set_name: The name of the NCHAR character set for the Oracle DB instance. This setting doesn't apply to RDS Custom DB instances.
         :param network_type: The network type of the DB instance. Valid values: - ``IPV4`` - ``DUAL`` The network type is determined by the ``DBSubnetGroup`` specified for the DB instance. A ``DBSubnetGroup`` can support only the IPv4 protocol or the IPv4 and IPv6 protocols ( ``DUAL`` ). For more information, see `Working with a DB instance in a VPC <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html>`_ in the *Amazon RDS User Guide.*
         :param option_group_name: Indicates that the DB instance should be associated with the specified option group. Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
         :param performance_insights_kms_key_id: The AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. If you do not specify a value for ``PerformanceInsightsKMSKeyId`` , then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. For information about enabling Performance Insights, see `EnablePerformanceInsights <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights>`_ .
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
-        :param port: The port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster. *Db2* Default value: ``50000``
+        :param port: The port number on which the database accepts connections. This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. Valid Values: ``1150-65535`` Default: - RDS for Db2 - ``50000`` - RDS for MariaDB - ``3306`` - RDS for Microsoft SQL Server - ``1433`` - RDS for MySQL - ``3306`` - RDS for Oracle - ``1521`` - RDS for PostgreSQL - ``5432`` Constraints: - For RDS for Microsoft SQL Server, the value can't be ``1234`` , ``1434`` , ``3260`` , ``3343`` , ``3389`` , ``47001`` , or ``49152-49156`` .
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
         :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
@@ -10415,7 +10440,7 @@ class CfnDBInstanceProps:
         :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
         :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
-        :param tags: An optional array of key-value pairs to apply to this DB instance.
+        :param tags: Tags to assign to the DB instance.
         :param tde_credential_arn: 
         :param tde_credential_password: 
         :param timezone: The time zone of the DB instance. The time zone parameter is currently supported only by `RDS for Db2 <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone>`_ and `RDS for SQL Server <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone>`_ .
@@ -10885,7 +10910,7 @@ class CfnDBInstanceProps:
     def automatic_backup_replication_region(self) -> typing.Optional[builtins.str]:
         '''The destination region for the backup replication of the DB instance.
 
-        For more info, see `Replicating automated backups to another AWS Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide* .
+        For more info, see `Replicating automated backups to another Region <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html>`_ in the *Amazon RDS User Guide*.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-automaticbackupreplicationregion
         '''
@@ -11045,7 +11070,9 @@ class CfnDBInstanceProps:
 
     @builtins.property
     def db_cluster_identifier(self) -> typing.Optional[builtins.str]:
-        '''The identifier of the DB cluster that the instance will belong to.
+        '''The identifier of the DB cluster that this DB instance will belong to.
+
+        This setting doesn't apply to RDS Custom DB instances.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-dbclusteridentifier
         '''
@@ -11240,7 +11267,6 @@ class CfnDBInstanceProps:
         - ``DBClusterIdentifier``
         - ``DBName``
         - ``DeleteAutomatedBackups``
-        - ``EnablePerformanceInsights``
         - ``KmsKeyId``
         - ``MasterUsername``
         - ``MasterUserPassword``
@@ -11269,11 +11295,9 @@ class CfnDBInstanceProps:
 
         If there's no DB subnet group, then the DB instance isn't a VPC DB instance.
 
-        For more information about using Amazon RDS in a VPC, see `Using Amazon RDS with Amazon Virtual Private Cloud (VPC) <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* .
-
-        *Amazon Aurora*
+        For more information about using Amazon RDS in a VPC, see `Amazon VPC and Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* .
 
-        Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
+        This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-dbsubnetgroupname
         '''
@@ -11312,13 +11336,11 @@ class CfnDBInstanceProps:
     def deletion_protection(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''A value that indicates whether the DB instance has deletion protection enabled.
+        '''Specifies whether the DB instance has deletion protection enabled.
 
-        The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ .
+        The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see `Deleting a DB Instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html>`_ .
 
-        *Amazon Aurora*
-
-        Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
+        This setting doesn't apply to Amazon Aurora DB instances. You can enable or disable deletion protection for the DB cluster. For more information, see ``CreateDBCluster`` . DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-deletionprotection
         '''
@@ -11823,13 +11845,15 @@ class CfnDBInstanceProps:
     def monitoring_interval(self) -> typing.Optional[jsii.Number]:
         '''The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance.
 
-        To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.
+        To disable collection of Enhanced Monitoring metrics, specify ``0`` .
 
-        If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than 0.
+        If ``MonitoringRoleArn`` is specified, then you must set ``MonitoringInterval`` to a value other than ``0`` .
 
-        This setting doesn't apply to RDS Custom.
+        This setting doesn't apply to RDS Custom DB instances.
 
-        Valid Values: ``0, 1, 5, 10, 15, 30, 60``
+        Valid Values: ``0 | 1 | 5 | 10 | 15 | 30 | 60``
+
+        Default: ``0``
 
         :default: - 0
 
@@ -11857,15 +11881,14 @@ class CfnDBInstanceProps:
     def multi_az(
         self,
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
-        '''Specifies whether the database instance is a Multi-AZ DB instance deployment.
-
-        You can't set the ``AvailabilityZone`` parameter if the ``MultiAZ`` parameter is set to true.
+        '''Specifies whether the DB instance is a Multi-AZ deployment.
 
-        For more information, see `Multi-AZ deployments for high availability <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html>`_ in the *Amazon RDS User Guide* .
+        You can't set the ``AvailabilityZone`` parameter if the DB instance is a Multi-AZ deployment.
 
-        *Amazon Aurora*
+        This setting doesn't apply to the following DB instances:
 
-        Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the ``MultiAZ`` option to be set.
+        - Amazon Aurora (DB instance Availability Zones (AZs) are managed by the DB cluster.)
+        - RDS Custom
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-multiaz
         '''
@@ -11952,13 +11975,22 @@ class CfnDBInstanceProps:
     def port(self) -> typing.Optional[builtins.str]:
         '''The port number on which the database accepts connections.
 
-        *Amazon Aurora*
+        This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster.
 
-        Not applicable. The port number is managed by the DB cluster.
+        Valid Values: ``1150-65535``
 
-        *Db2*
+        Default:
+
+        - RDS for Db2 - ``50000``
+        - RDS for MariaDB - ``3306``
+        - RDS for Microsoft SQL Server - ``1433``
+        - RDS for MySQL - ``3306``
+        - RDS for Oracle - ``1521``
+        - RDS for PostgreSQL - ``5432``
 
-        Default value: ``50000``
+        Constraints:
+
+        - For RDS for Microsoft SQL Server, the value can't be ``1234`` , ``1434`` , ``3260`` , ``3343`` , ``3389`` , ``47001`` , or ``49152-49156`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-port
         '''
@@ -12211,7 +12243,7 @@ class CfnDBInstanceProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB instance.
+        '''Tags to assign to the DB instance.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-tags
         '''
@@ -12379,10 +12411,10 @@ class CfnDBParameterGroup(
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
         :param description: Provides the customer-specified description for this DB parameter group.
-        :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. .. epigraph:: The DB parameter group family can't be changed when updating a DB parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)`` .
+        :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family. To list all of the available parameter group families for a DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>`` For example, to list all of the available parameter group families for the MySQL DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine mysql`` .. epigraph:: The output contains duplicates. The following are the valid DB engine values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``db2-ae`` - ``db2-se`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param db_parameter_group_name: The name of the DB parameter group. Constraints: - Must be 1 to 255 letters, numbers, or hyphens. - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens If you don't specify a value for ``DBParameterGroupName`` property, a name is automatically created for the DB parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
-        :param tags: An optional array of key-value pairs to apply to this DB parameter group. .. epigraph:: Currently, this is the only property that supports drift detection.
+        :param parameters: An array of parameter names and values for the parameter update. You must specify at least one parameter name and value. For more information about parameter groups, see `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* , or `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
+        :param tags: Tags to assign to the DB parameter group.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c10aa78132a0eae6199258b5e55e45968fdce240e932138b48918eafb4c5da7b)
@@ -12503,7 +12535,7 @@ class CfnDBParameterGroup(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB parameter group.'''
+        '''Tags to assign to the DB parameter group.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -12538,10 +12570,10 @@ class CfnDBParameterGroupProps:
         '''Properties for defining a ``CfnDBParameterGroup``.
 
         :param description: Provides the customer-specified description for this DB parameter group.
-        :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. .. epigraph:: The DB parameter group family can't be changed when updating a DB parameter group. To list all of the available parameter group families, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"`` The output contains duplicates. For more information, see ``[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)`` .
+        :param family: The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family. To list all of the available parameter group families for a DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>`` For example, to list all of the available parameter group families for the MySQL DB engine, use the following command: ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine mysql`` .. epigraph:: The output contains duplicates. The following are the valid DB engine values: - ``aurora-mysql`` - ``aurora-postgresql`` - ``db2-ae`` - ``db2-se`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param db_parameter_group_name: The name of the DB parameter group. Constraints: - Must be 1 to 255 letters, numbers, or hyphens. - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens If you don't specify a value for ``DBParameterGroupName`` property, a name is automatically created for the DB parameter group. .. epigraph:: This value is stored as a lowercase string.
-        :param parameters: An array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* . For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
-        :param tags: An optional array of key-value pairs to apply to this DB parameter group. .. epigraph:: Currently, this is the only property that supports drift detection.
+        :param parameters: An array of parameter names and values for the parameter update. You must specify at least one parameter name and value. For more information about parameter groups, see `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* , or `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* . .. epigraph:: AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
+        :param tags: Tags to assign to the DB parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbparametergroup.html
         :exampleMetadata: fixture=_generated
@@ -12599,18 +12631,35 @@ class CfnDBParameterGroupProps:
     def family(self) -> builtins.str:
         '''The DB parameter group family name.
 
-        A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.
-        .. epigraph::
+        A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.
 
-           The DB parameter group family can't be changed when updating a DB parameter group.
+        To list all of the available parameter group families for a DB engine, use the following command:
 
-        To list all of the available parameter group families, use the following command:
+        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine <engine>``
 
-        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"``
+        For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:
 
-        The output contains duplicates.
+        ``aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine mysql``
+        .. epigraph::
+
+           The output contains duplicates.
 
-        For more information, see ``[CreateDBParameterGroup](https://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html)`` .
+        The following are the valid DB engine values:
+
+        - ``aurora-mysql``
+        - ``aurora-postgresql``
+        - ``db2-ae``
+        - ``db2-se``
+        - ``mysql``
+        - ``oracle-ee``
+        - ``oracle-ee-cdb``
+        - ``oracle-se2``
+        - ``oracle-se2-cdb``
+        - ``postgres``
+        - ``sqlserver-ee``
+        - ``sqlserver-se``
+        - ``sqlserver-ex``
+        - ``sqlserver-web``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbparametergroup.html#cfn-rds-dbparametergroup-family
         '''
@@ -12642,13 +12691,9 @@ class CfnDBParameterGroupProps:
     def parameters(self) -> typing.Any:
         '''An array of parameter names and values for the parameter update.
 
-        At least one parameter name and value must be supplied. Subsequent arguments are optional.
-
-        RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID ( ``rds.ibm_customer_id`` ) and site number ( ``rds.ibm_site_id`` ) before starting a Db2 instance.
-
-        For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see `Working with DB Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* .
+        You must specify at least one parameter name and value.
 
-        For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see `Working with DB Parameter Groups and DB Cluster Parameter Groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* .
+        For more information about parameter groups, see `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon RDS User Guide* , or `Working with parameter groups <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html>`_ in the *Amazon Aurora User Guide* .
         .. epigraph::
 
            AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
@@ -12660,11 +12705,7 @@ class CfnDBParameterGroupProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB parameter group.
-
-        .. epigraph::
-
-           Currently, this is the only property that supports drift detection.
+        '''Tags to assign to the DB parameter group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbparametergroup.html#cfn-rds-dbparametergroup-tags
         '''
@@ -12758,7 +12799,7 @@ class CfnDBProxy(
         :param id: Construct identifier for this resource (unique in its scope).
         :param auth: The authorization mechanism that the proxy uses.
         :param db_proxy_name: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region . An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
-        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
+        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` .
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.
         :param vpc_subnet_ids: One or more VPC subnet IDs to associate with the new proxy.
         :param debug_logging: Specifies whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.
@@ -12819,7 +12860,7 @@ class CfnDBProxy(
     @builtins.property
     @jsii.member(jsii_name="attrDbProxyArn")
     def attr_db_proxy_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) representing the target group.
+        '''The Amazon Resource Name (ARN) for the proxy.
 
         :cloudformationAttribute: DBProxyArn
         '''
@@ -12828,7 +12869,9 @@ class CfnDBProxy(
     @builtins.property
     @jsii.member(jsii_name="attrEndpoint")
     def attr_endpoint(self) -> builtins.str:
-        '''The writer endpoint for the RDS DB instance or Aurora DB cluster.
+        '''The endpoint that you can use to connect to the DB proxy.
+
+        You include the endpoint value in the connection string for a database client application.
 
         :cloudformationAttribute: Endpoint
         '''
@@ -13028,10 +13071,10 @@ class CfnDBProxy(
         ) -> None:
             '''Specifies the details of authentication used by a proxy to log in as a specific database user.
 
-            :param auth_scheme: The type of authentication that the proxy uses for connections from the proxy to the underlying database. Valid Values: ``SECRETS``
+            :param auth_scheme: The type of authentication that the proxy uses for connections from the proxy to the underlying database.
             :param client_password_auth_type: Specifies the details of authentication used by a proxy to log in as a specific database user.
             :param description: A user-specified description about the authentication used by a proxy to log in as a specific database user.
-            :param iam_auth: Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. The ``ENABLED`` value is valid only for proxies with RDS for Microsoft SQL Server. Valid Values: ``ENABLED | DISABLED | REQUIRED``
+            :param iam_auth: A value that indicates whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. The ``ENABLED`` value is valid only for proxies with RDS for Microsoft SQL Server.
             :param secret_arn: The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-authformat.html
@@ -13074,8 +13117,6 @@ class CfnDBProxy(
         def auth_scheme(self) -> typing.Optional[builtins.str]:
             '''The type of authentication that the proxy uses for connections from the proxy to the underlying database.
 
-            Valid Values: ``SECRETS``
-
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-authformat.html#cfn-rds-dbproxy-authformat-authscheme
             '''
             result = self._values.get("auth_scheme")
@@ -13101,12 +13142,10 @@ class CfnDBProxy(
 
         @builtins.property
         def iam_auth(self) -> typing.Optional[builtins.str]:
-            '''Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy.
+            '''A value that indicates whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy.
 
             The ``ENABLED`` value is valid only for proxies with RDS for Microsoft SQL Server.
 
-            Valid Values: ``ENABLED | DISABLED | REQUIRED``
-
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-authformat.html#cfn-rds-dbproxy-authformat-iamauth
             '''
             result = self._values.get("iam_auth")
@@ -13146,10 +13185,12 @@ class CfnDBProxy(
             key: typing.Optional[builtins.str] = None,
             value: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Metadata assigned to a DB proxy consisting of a key-value pair.
+            '''Metadata assigned to an Amazon RDS resource consisting of a key-value pair.
+
+            For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
 
-            :param key: A key is the required name of the tag. The string value can be 1-128 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-]*)$").
-            :param value: A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-]*)$").
+            :param key: A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-@]*)$").
+            :param value: A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-tagformat.html
             :exampleMetadata: fixture=_generated
@@ -13179,7 +13220,7 @@ class CfnDBProxy(
         def key(self) -> typing.Optional[builtins.str]:
             '''A key is the required name of the tag.
 
-            The string value can be 1-128 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-]*)$").
+            The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-tagformat.html#cfn-rds-dbproxy-tagformat-key
             '''
@@ -13190,7 +13231,7 @@ class CfnDBProxy(
         def value(self) -> typing.Optional[builtins.str]:
             '''A value is the optional value of the tag.
 
-            The string value can be 1-256 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-]*)$").
+            The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxy-tagformat.html#cfn-rds-dbproxy-tagformat-value
             '''
@@ -13265,7 +13306,7 @@ class CfnDBProxyEndpoint(
         :param db_proxy_name: The name of the DB proxy associated with the DB proxy endpoint that you create.
         :param vpc_subnet_ids: The VPC subnet IDs for the DB proxy endpoint that you create. You can specify a different set of subnet IDs than for the original DB proxy.
         :param tags: An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy.
-        :param target_role: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations. Valid Values: ``READ_WRITE | READ_ONLY``
+        :param target_role: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations.
         :param vpc_security_group_ids: The VPC security group IDs for the DB proxy endpoint that you create. You can specify a different set of security group IDs than for the original DB proxy. The default is the default security group for the VPC.
         '''
         if __debug__:
@@ -13316,7 +13357,7 @@ class CfnDBProxyEndpoint(
     @builtins.property
     @jsii.member(jsii_name="attrDbProxyEndpointArn")
     def attr_db_proxy_endpoint_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) representing the DB proxy endpoint.
+        '''The Amazon Resource Name (ARN) for the DB proxy endpoint.
 
         :cloudformationAttribute: DBProxyEndpointArn
         '''
@@ -13325,7 +13366,9 @@ class CfnDBProxyEndpoint(
     @builtins.property
     @jsii.member(jsii_name="attrEndpoint")
     def attr_endpoint(self) -> builtins.str:
-        '''The custom endpoint for the RDS DB instance or Aurora DB cluster.
+        '''The endpoint that you can use to connect to the DB proxy.
+
+        You include the endpoint value in the connection string for a database client application.
 
         :cloudformationAttribute: Endpoint
         '''
@@ -13334,7 +13377,7 @@ class CfnDBProxyEndpoint(
     @builtins.property
     @jsii.member(jsii_name="attrIsDefault")
     def attr_is_default(self) -> _IResolvable_da3f097b:
-        '''A value that indicates whether this endpoint is the default endpoint for the associated DB proxy.
+        '''Indicates whether this endpoint is the default endpoint for the associated DB proxy.
 
         Default DB proxy endpoints always have read/write capability. Other endpoints that you associate with the DB proxy can be either read/write or read-only.
 
@@ -13345,7 +13388,7 @@ class CfnDBProxyEndpoint(
     @builtins.property
     @jsii.member(jsii_name="attrVpcId")
     def attr_vpc_id(self) -> builtins.str:
-        '''The VPC ID of the DB proxy endpoint.
+        '''Provides the VPC ID of the DB proxy endpoint.
 
         :cloudformationAttribute: VpcId
         '''
@@ -13460,10 +13503,12 @@ class CfnDBProxyEndpoint(
             key: typing.Optional[builtins.str] = None,
             value: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Metadata assigned to a DB proxy endpoint consisting of a key-value pair.
+            '''Metadata assigned to an Amazon RDS resource consisting of a key-value pair.
+
+            For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
 
-            :param key: A value is the optional value of the tag. The string value can be 1-256 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-]*)$").
-            :param value: Metadata assigned to a DB instance consisting of a key-value pair.
+            :param key: A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-@]*)$").
+            :param value: A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+\\-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxyendpoint-tagformat.html
             :exampleMetadata: fixture=_generated
@@ -13491,9 +13536,9 @@ class CfnDBProxyEndpoint(
 
         @builtins.property
         def key(self) -> typing.Optional[builtins.str]:
-            '''A value is the optional value of the tag.
+            '''A key is the required name of the tag.
 
-            The string value can be 1-256 Unicode characters in length and can't be prefixed with ``aws:`` . The string can contain only the set of Unicode letters, digits, white-space, '*', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-]*)$").
+            The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxyendpoint-tagformat.html#cfn-rds-dbproxyendpoint-tagformat-key
             '''
@@ -13502,7 +13547,9 @@ class CfnDBProxyEndpoint(
 
         @builtins.property
         def value(self) -> typing.Optional[builtins.str]:
-            '''Metadata assigned to a DB instance consisting of a key-value pair.
+            '''A value is the optional value of the tag.
+
+            The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with ``aws:`` or ``rds:`` . The string can only contain only the set of Unicode letters, digits, white-space, '*', '.', ':', '/', '=', '+', '-', '@' (Java regex: "^([\\p{L}\\p{Z}\\p{N}*.:/=+-@]*)$").
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbproxyendpoint-tagformat.html#cfn-rds-dbproxyendpoint-tagformat-value
             '''
@@ -13550,7 +13597,7 @@ class CfnDBProxyEndpointProps:
         :param db_proxy_name: The name of the DB proxy associated with the DB proxy endpoint that you create.
         :param vpc_subnet_ids: The VPC subnet IDs for the DB proxy endpoint that you create. You can specify a different set of subnet IDs than for the original DB proxy.
         :param tags: An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy.
-        :param target_role: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations. Valid Values: ``READ_WRITE | READ_ONLY``
+        :param target_role: A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations.
         :param vpc_security_group_ids: The VPC security group IDs for the DB proxy endpoint that you create. You can specify a different set of security group IDs than for the original DB proxy. The default is the default security group for the VPC.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxyendpoint.html
@@ -13643,8 +13690,6 @@ class CfnDBProxyEndpointProps:
     def target_role(self) -> typing.Optional[builtins.str]:
         '''A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations.
 
-        Valid Values: ``READ_WRITE | READ_ONLY``
-
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxyendpoint.html#cfn-rds-dbproxyendpoint-targetrole
         '''
         result = self._values.get("target_role")
@@ -13708,7 +13753,7 @@ class CfnDBProxyProps:
 
         :param auth: The authorization mechanism that the proxy uses.
         :param db_proxy_name: The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region . An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
-        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` . *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
+        :param engine_family: The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` .
         :param role_arn: The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.
         :param vpc_subnet_ids: One or more VPC subnet IDs to associate with the new proxy.
         :param debug_logging: Specifies whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.
@@ -13810,8 +13855,6 @@ class CfnDBProxyProps:
 
         This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify ``MYSQL`` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify ``POSTGRESQL`` . For RDS for Microsoft SQL Server, specify ``SQLSERVER`` .
 
-        *Valid Values* : ``MYSQL`` | ``POSTGRESQL`` | ``SQLSERVER``
-
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxy.html#cfn-rds-dbproxy-enginefamily
         '''
         result = self._values.get("engine_family")
@@ -13975,7 +14018,7 @@ class CfnDBProxyTargetGroup(
         :param id: Construct identifier for this resource (unique in its scope).
         :param db_proxy_name: The identifier of the ``DBProxy`` that is associated with the ``DBProxyTargetGroup`` .
         :param target_group_name: The identifier for the target group. .. epigraph:: Currently, this property must be set to ``default`` .
-        :param connection_pool_configuration_info: Settings that control the size and behavior of the connection pool associated with a ``DBProxyTargetGroup`` .
+        :param connection_pool_configuration_info: Displays the settings that control the size and behavior of the connection pool associated with a ``DBProxyTarget`` .
         :param db_cluster_identifiers: One or more DB cluster identifiers.
         :param db_instance_identifiers: One or more DB instance identifiers.
         '''
@@ -14068,7 +14111,7 @@ class CfnDBProxyTargetGroup(
     def connection_pool_configuration_info(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDBProxyTargetGroup.ConnectionPoolConfigurationInfoFormatProperty"]]:
-        '''Settings that control the size and behavior of the connection pool associated with a ``DBProxyTargetGroup`` .'''
+        '''Displays the settings that control the size and behavior of the connection pool associated with a ``DBProxyTarget`` .'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDBProxyTargetGroup.ConnectionPoolConfigurationInfoFormatProperty"]], jsii.get(self, "connectionPoolConfigurationInfo"))
 
     @connection_pool_configuration_info.setter
@@ -14296,7 +14339,7 @@ class CfnDBProxyTargetGroupProps:
 
         :param db_proxy_name: The identifier of the ``DBProxy`` that is associated with the ``DBProxyTargetGroup`` .
         :param target_group_name: The identifier for the target group. .. epigraph:: Currently, this property must be set to ``default`` .
-        :param connection_pool_configuration_info: Settings that control the size and behavior of the connection pool associated with a ``DBProxyTargetGroup`` .
+        :param connection_pool_configuration_info: Displays the settings that control the size and behavior of the connection pool associated with a ``DBProxyTarget`` .
         :param db_cluster_identifiers: One or more DB cluster identifiers.
         :param db_instance_identifiers: One or more DB instance identifiers.
 
@@ -14371,7 +14414,7 @@ class CfnDBProxyTargetGroupProps:
     def connection_pool_configuration_info(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDBProxyTargetGroup.ConnectionPoolConfigurationInfoFormatProperty]]:
-        '''Settings that control the size and behavior of the connection pool associated with a ``DBProxyTargetGroup`` .
+        '''Displays the settings that control the size and behavior of the connection pool associated with a ``DBProxyTarget`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbproxytargetgroup.html#cfn-rds-dbproxytargetgroup-connectionpoolconfigurationinfo
         '''
@@ -14463,8 +14506,8 @@ class CfnDBSecurityGroup(
         :param id: Construct identifier for this resource (unique in its scope).
         :param db_security_group_ingress: Ingress rules to be applied to the DB security group.
         :param group_description: Provides the description of the DB security group.
-        :param ec2_vpc_id: The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to. .. epigraph:: The ``EC2VpcId`` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.
-        :param tags: An optional array of key-value pairs to apply to this DB security group.
+        :param ec2_vpc_id: The identifier of an Amazon virtual private cloud (VPC). This property indicates the VPC that this DB security group belongs to. .. epigraph:: This property is included for backwards compatibility and is no longer recommended for providing security information to an RDS DB instance.
+        :param tags: Metadata assigned to an Amazon RDS resource consisting of a key-value pair. For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b692ab00b4d5e8d1153b5156b9ec79e26f77bbcf930e94b43eb9adff11e07a12)
@@ -14562,10 +14605,7 @@ class CfnDBSecurityGroup(
     @builtins.property
     @jsii.member(jsii_name="ec2VpcId")
     def ec2_vpc_id(self) -> typing.Optional[builtins.str]:
-        '''The identifier of an Amazon VPC.
-
-        This property indicates the VPC that this DB security group belongs to.
-        '''
+        '''The identifier of an Amazon virtual private cloud (VPC).'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "ec2VpcId"))
 
     @ec2_vpc_id.setter
@@ -14578,7 +14618,7 @@ class CfnDBSecurityGroup(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB security group.'''
+        '''Metadata assigned to an Amazon RDS resource consisting of a key-value pair.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -15039,8 +15079,8 @@ class CfnDBSecurityGroupProps:
 
         :param db_security_group_ingress: Ingress rules to be applied to the DB security group.
         :param group_description: Provides the description of the DB security group.
-        :param ec2_vpc_id: The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to. .. epigraph:: The ``EC2VpcId`` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.
-        :param tags: An optional array of key-value pairs to apply to this DB security group.
+        :param ec2_vpc_id: The identifier of an Amazon virtual private cloud (VPC). This property indicates the VPC that this DB security group belongs to. .. epigraph:: This property is included for backwards compatibility and is no longer recommended for providing security information to an RDS DB instance.
+        :param tags: Metadata assigned to an Amazon RDS resource consisting of a key-value pair. For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsecuritygroup.html
         :exampleMetadata: fixture=_generated
@@ -15107,11 +15147,12 @@ class CfnDBSecurityGroupProps:
 
     @builtins.property
     def ec2_vpc_id(self) -> typing.Optional[builtins.str]:
-        '''The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.
+        '''The identifier of an Amazon virtual private cloud (VPC).
 
+        This property indicates the VPC that this DB security group belongs to.
         .. epigraph::
 
-           The ``EC2VpcId`` property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.
+           This property is included for backwards compatibility and is no longer recommended for providing security information to an RDS DB instance.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsecuritygroup.html#cfn-rds-dbsecuritygroup-ec2vpcid
         '''
@@ -15120,7 +15161,9 @@ class CfnDBSecurityGroupProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB security group.
+        '''Metadata assigned to an Amazon RDS resource consisting of a key-value pair.
+
+        For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide* or `Tagging Amazon Aurora and Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html>`_ in the *Amazon Aurora User Guide* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsecuritygroup.html#cfn-rds-dbsecuritygroup-tags
         '''
@@ -15189,8 +15232,8 @@ class CfnDBSubnetGroup(
         :param id: Construct identifier for this resource (unique in its scope).
         :param db_subnet_group_description: The description for the DB subnet group.
         :param subnet_ids: The EC2 Subnet IDs for the DB subnet group.
-        :param db_subnet_group_name: The name for the DB subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". Example: ``mysubnetgroup``
-        :param tags: An optional array of key-value pairs to apply to this DB subnet group.
+        :param db_subnet_group_name: The name for the DB subnet group. This value is stored as a lowercase string. Constraints: - Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. - Must not be default. - First character must be a letter. Example: ``mydbsubnetgroup``
+        :param tags: Tags to assign to the DB subnet group.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3437b6f3359034732d6fbef14006ac020c94fa5b18aa95cb4c8bb7332cc58dc7)
@@ -15291,7 +15334,7 @@ class CfnDBSubnetGroup(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB subnet group.'''
+        '''Tags to assign to the DB subnet group.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -15325,8 +15368,8 @@ class CfnDBSubnetGroupProps:
 
         :param db_subnet_group_description: The description for the DB subnet group.
         :param subnet_ids: The EC2 Subnet IDs for the DB subnet group.
-        :param db_subnet_group_name: The name for the DB subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". Example: ``mysubnetgroup``
-        :param tags: An optional array of key-value pairs to apply to this DB subnet group.
+        :param db_subnet_group_name: The name for the DB subnet group. This value is stored as a lowercase string. Constraints: - Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. - Must not be default. - First character must be a letter. Example: ``mydbsubnetgroup``
+        :param tags: Tags to assign to the DB subnet group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsubnetgroup.html
         :exampleMetadata: fixture=_generated
@@ -15388,9 +15431,13 @@ class CfnDBSubnetGroupProps:
     def db_subnet_group_name(self) -> typing.Optional[builtins.str]:
         '''The name for the DB subnet group. This value is stored as a lowercase string.
 
-        Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default".
+        Constraints:
+
+        - Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens.
+        - Must not be default.
+        - First character must be a letter.
 
-        Example: ``mysubnetgroup``
+        Example: ``mydbsubnetgroup``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsubnetgroup.html#cfn-rds-dbsubnetgroup-dbsubnetgroupname
         '''
@@ -15399,7 +15446,7 @@ class CfnDBSubnetGroupProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this DB subnet group.
+        '''Tags to assign to the DB subnet group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsubnetgroup.html#cfn-rds-dbsubnetgroup-tags
         '''
@@ -15473,8 +15520,8 @@ class CfnEventSubscription(
         :param sns_topic_arn: The Amazon Resource Name (ARN) of the SNS topic created for event notification. SNS automatically creates the ARN when you create a topic and subscribe to it. .. epigraph:: RDS doesn't support FIFO (first in, first out) topics. For more information, see `Message ordering and deduplication (FIFO topics) <https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html>`_ in the *Amazon Simple Notification Service Developer Guide* .
         :param enabled: Specifies whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active. Default: - true
         :param event_categories: A list of event categories for a particular source type ( ``SourceType`` ) that you want to subscribe to. You can see a list of the categories for a given source type in the "Amazon RDS event categories and event messages" section of the `*Amazon RDS User Guide* <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html>`_ or the `*Amazon Aurora User Guide* <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html>`_ . You can also see this list by using the ``DescribeEventCategories`` operation.
-        :param source_ids: The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. Constraints: - If a ``SourceIds`` value is supplied, ``SourceType`` must also be provided. - If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. - If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. - If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. - If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. - If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. - If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied.
-        :param source_type: The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to ``db-instance`` . If this value isn't specified, all events are returned. Valid values: ``db-instance`` | ``db-cluster`` | ``db-parameter-group`` | ``db-security-group`` | ``db-snapshot`` | ``db-cluster-snapshot``
+        :param source_ids: The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. Constraints: - If ``SourceIds`` are supplied, ``SourceType`` must also be provided. - If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. - If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. - If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. - If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. - If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. - If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied. - If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied.
+        :param source_type: The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance`` . For RDS Proxy events, specify ``db-proxy`` . If this value isn't specified, all events are returned. Valid Values: ``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment``
         :param subscription_name: The name of the subscription. Constraints: The name must be less than 255 characters.
         :param tags: An optional array of key-value pairs to apply to this subscription.
         '''
@@ -15665,8 +15712,8 @@ class CfnEventSubscriptionProps:
         :param sns_topic_arn: The Amazon Resource Name (ARN) of the SNS topic created for event notification. SNS automatically creates the ARN when you create a topic and subscribe to it. .. epigraph:: RDS doesn't support FIFO (first in, first out) topics. For more information, see `Message ordering and deduplication (FIFO topics) <https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html>`_ in the *Amazon Simple Notification Service Developer Guide* .
         :param enabled: Specifies whether to activate the subscription. If the event notification subscription isn't activated, the subscription is created but not active. Default: - true
         :param event_categories: A list of event categories for a particular source type ( ``SourceType`` ) that you want to subscribe to. You can see a list of the categories for a given source type in the "Amazon RDS event categories and event messages" section of the `*Amazon RDS User Guide* <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html>`_ or the `*Amazon Aurora User Guide* <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html>`_ . You can also see this list by using the ``DescribeEventCategories`` operation.
-        :param source_ids: The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. Constraints: - If a ``SourceIds`` value is supplied, ``SourceType`` must also be provided. - If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. - If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. - If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. - If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. - If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. - If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied.
-        :param source_type: The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, set this parameter to ``db-instance`` . If this value isn't specified, all events are returned. Valid values: ``db-instance`` | ``db-cluster`` | ``db-parameter-group`` | ``db-security-group`` | ``db-snapshot`` | ``db-cluster-snapshot``
+        :param source_ids: The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens. Constraints: - If ``SourceIds`` are supplied, ``SourceType`` must also be provided. - If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied. - If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied. - If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied. - If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied. - If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied. - If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied. - If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied.
+        :param source_type: The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance`` . For RDS Proxy events, specify ``db-proxy`` . If this value isn't specified, all events are returned. Valid Values: ``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment``
         :param subscription_name: The name of the subscription. Constraints: The name must be less than 255 characters.
         :param tags: An optional array of key-value pairs to apply to this subscription.
 
@@ -15768,13 +15815,14 @@ class CfnEventSubscriptionProps:
 
         Constraints:
 
-        - If a ``SourceIds`` value is supplied, ``SourceType`` must also be provided.
+        - If ``SourceIds`` are supplied, ``SourceType`` must also be provided.
         - If the source type is a DB instance, a ``DBInstanceIdentifier`` value must be supplied.
         - If the source type is a DB cluster, a ``DBClusterIdentifier`` value must be supplied.
         - If the source type is a DB parameter group, a ``DBParameterGroupName`` value must be supplied.
         - If the source type is a DB security group, a ``DBSecurityGroupName`` value must be supplied.
         - If the source type is a DB snapshot, a ``DBSnapshotIdentifier`` value must be supplied.
         - If the source type is a DB cluster snapshot, a ``DBClusterSnapshotIdentifier`` value must be supplied.
+        - If the source type is an RDS Proxy, a ``DBProxyName`` value must be supplied.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-eventsubscription.html#cfn-rds-eventsubscription-sourceids
         '''
@@ -15785,9 +15833,9 @@ class CfnEventSubscriptionProps:
     def source_type(self) -> typing.Optional[builtins.str]:
         '''The type of source that is generating the events.
 
-        For example, if you want to be notified of events generated by a DB instance, set this parameter to ``db-instance`` . If this value isn't specified, all events are returned.
+        For example, if you want to be notified of events generated by a DB instance, you set this parameter to ``db-instance`` . For RDS Proxy events, specify ``db-proxy`` . If this value isn't specified, all events are returned.
 
-        Valid values: ``db-instance`` | ``db-cluster`` | ``db-parameter-group`` | ``db-security-group`` | ``db-snapshot`` | ``db-cluster-snapshot``
+        Valid Values: ``db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot | db-proxy | zero-etl | custom-engine-version | blue-green-deployment``
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-eventsubscription.html#cfn-rds-eventsubscription-sourcetype
         '''
@@ -16297,7 +16345,7 @@ class CfnIntegration(
         :param description: A description of the integration.
         :param integration_name: The name of the integration.
         :param kms_key_id: The AWS Key Management System ( AWS KMS) key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, RDS uses a default AWS owned key.
-        :param tags: A list of tags. For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide.* .
+        :param tags: An optional array of key-value pairs to apply to this integration.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0596ec891883071cc8cc2bad7e4e8120eefe68f759bfc17fdbfc1a525466ae6e)
@@ -16474,7 +16522,7 @@ class CfnIntegration(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of tags.'''
+        '''An optional array of key-value pairs to apply to this integration.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -16521,7 +16569,7 @@ class CfnIntegrationProps:
         :param description: A description of the integration.
         :param integration_name: The name of the integration.
         :param kms_key_id: The AWS Key Management System ( AWS KMS) key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, RDS uses a default AWS owned key.
-        :param tags: A list of tags. For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide.* .
+        :param tags: An optional array of key-value pairs to apply to this integration.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-integration.html
         :exampleMetadata: fixture=_generated
@@ -16654,9 +16702,7 @@ class CfnIntegrationProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''A list of tags.
-
-        For more information, see `Tagging Amazon RDS Resources <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html>`_ in the *Amazon RDS User Guide.* .
+        '''An optional array of key-value pairs to apply to this integration.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-integration.html#cfn-rds-integration-tags
         '''
@@ -16738,9 +16784,9 @@ class CfnOptionGroup(
         :param engine_name: Specifies the name of the engine that this option group should be associated with. Valid Values: - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param major_engine_version: Specifies the major version of the engine that this option group should be associated with.
         :param option_group_description: The description of the option group.
-        :param option_configurations: A list of options and the settings for each option.
+        :param option_configurations: A list of all available options.
         :param option_group_name: The name of the option group to be created. Constraints: - Must be 1 to 255 letters, numbers, or hyphens - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens Example: ``myoptiongroup`` If you don't specify a value for ``OptionGroupName`` property, a name is automatically created for the option group. .. epigraph:: This value is stored as a lowercase string.
-        :param tags: An optional array of key-value pairs to apply to this option group.
+        :param tags: Tags to assign to the option group.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__160a45fe55c01086901039aa8bde8bd5ace11ff967acd2154abcc9137622aea0)
@@ -16842,7 +16888,7 @@ class CfnOptionGroup(
     def option_configurations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnOptionGroup.OptionConfigurationProperty"]]]]:
-        '''A list of options and the settings for each option.'''
+        '''A list of all available options.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnOptionGroup.OptionConfigurationProperty"]]]], jsii.get(self, "optionConfigurations"))
 
     @option_configurations.setter
@@ -16871,7 +16917,7 @@ class CfnOptionGroup(
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
     def tags_raw(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this option group.'''
+        '''Tags to assign to the option group.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tagsRaw"))
 
     @tags_raw.setter
@@ -17129,9 +17175,9 @@ class CfnOptionGroupProps:
         :param engine_name: Specifies the name of the engine that this option group should be associated with. Valid Values: - ``mariadb`` - ``mysql`` - ``oracle-ee`` - ``oracle-ee-cdb`` - ``oracle-se2`` - ``oracle-se2-cdb`` - ``postgres`` - ``sqlserver-ee`` - ``sqlserver-se`` - ``sqlserver-ex`` - ``sqlserver-web``
         :param major_engine_version: Specifies the major version of the engine that this option group should be associated with.
         :param option_group_description: The description of the option group.
-        :param option_configurations: A list of options and the settings for each option.
+        :param option_configurations: A list of all available options.
         :param option_group_name: The name of the option group to be created. Constraints: - Must be 1 to 255 letters, numbers, or hyphens - First character must be a letter - Can't end with a hyphen or contain two consecutive hyphens Example: ``myoptiongroup`` If you don't specify a value for ``OptionGroupName`` property, a name is automatically created for the option group. .. epigraph:: This value is stored as a lowercase string.
-        :param tags: An optional array of key-value pairs to apply to this option group.
+        :param tags: Tags to assign to the option group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-optiongroup.html
         :exampleMetadata: fixture=_generated
@@ -17236,7 +17282,7 @@ class CfnOptionGroupProps:
     def option_configurations(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnOptionGroup.OptionConfigurationProperty]]]]:
-        '''A list of options and the settings for each option.
+        '''A list of all available options.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-optiongroup.html#cfn-rds-optiongroup-optionconfigurations
         '''
@@ -17267,7 +17313,7 @@ class CfnOptionGroupProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''An optional array of key-value pairs to apply to this option group.
+        '''Tags to assign to the option group.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-optiongroup.html#cfn-rds-optiongroup-tags
         '''
@@ -19672,9 +19718,9 @@ class DatabaseClusterFromSnapshotProps:
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
         :param removal_policy: The removal policy to apply when the cluster and its instances are removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the cluster and instances, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportRole`` is used. For MySQL: Default: - None
-        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
+        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
-        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
+        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
         :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
@@ -20183,7 +20229,7 @@ class DatabaseClusterFromSnapshotProps:
         This feature is only supported by the Aurora database engine.
 
         This property must not be used if ``s3ExportBuckets`` is used.
-
+        To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine
         For MySQL:
 
         :default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -20215,7 +20261,7 @@ class DatabaseClusterFromSnapshotProps:
         This feature is only supported by the Aurora database engine.
 
         This property must not be used if ``s3ImportBuckets`` is used.
-
+        To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine
         For MySQL:
 
         :default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
@@ -20479,9 +20525,9 @@ class DatabaseClusterProps:
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
         :param removal_policy: The removal policy to apply when the cluster and its instances are removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the cluster and instances, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportRole`` is used. For MySQL: Default: - None
-        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
+        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
-        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
+        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
         :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
@@ -20970,7 +21016,7 @@ class DatabaseClusterProps:
         This feature is only supported by the Aurora database engine.
 
         This property must not be used if ``s3ExportBuckets`` is used.
-
+        To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine
         For MySQL:
 
         :default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
@@ -21002,7 +21048,7 @@ class DatabaseClusterProps:
         This feature is only supported by the Aurora database engine.
 
         This property must not be used if ``s3ImportBuckets`` is used.
-
+        To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine
         For MySQL:
 
         :default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
@@ -39281,9 +39327,9 @@ class DatabaseClusterFromSnapshot(
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
         :param removal_policy: The removal policy to apply when the cluster and its instances are removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the cluster and instances, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportRole`` is used. For MySQL: Default: - None
-        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
+        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
-        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
+        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
         :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
@@ -43276,9 +43322,9 @@ class DatabaseCluster(
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
         :param removal_policy: The removal policy to apply when the cluster and its instances are removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the cluster and instances, but retain a snapshot of the data)
         :param s3_export_buckets: S3 buckets that you want to load data into. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportRole`` is used. For MySQL: Default: - None
-        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
+        :param s3_export_role: Role that will be associated with this DB cluster to enable S3 export. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ExportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 export feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ExportBuckets`` is set, no role is defined otherwise
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
-        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
+        :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
         :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5