aws-cdk-lib 2.162.1__py3-none-any.whl → 2.163.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -85,7 +85,8 @@ cluster = rds.DatabaseCluster(self, "Database",
 
 For more information about dual-stack mode, see [Working with a DB cluster in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html).
 
-If you want to issue read/write transactions directly on an Aurora Replica, you can use [local write forwarding](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-write-forwarding.html).
+If you want to issue read/write transactions directly on an Aurora Replica, you can use local write forwarding on [Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-write-forwarding.html)
+and [Aurora PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-postgresql-write-forwarding.html).
 Local write forwarding allows read replicas to accept write transactions and forward them to the writer DB instance to be committed.
 
 To enable local write forwarding, set the `enableLocalWriteForwarding` property to `true`:
@@ -105,7 +106,8 @@ rds.DatabaseCluster(self, "DatabaseCluster",
 )
 ```
 
-**Note**: Local write forwarding is only supported for Aurora MySQL 3.04 and higher.
+**Note**: Local write forwarding is supported only for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL
+16.4 or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14).
 
 Use `DatabaseClusterFromSnapshot` to create a cluster from a snapshot:
 
@@ -666,14 +668,14 @@ to use for the instance:
 
 
 iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
     vpc=vpc,
     storage_type=rds.StorageType.IO1,
     iops=5000
 )
 
 gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
-    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
     vpc=vpc,
     allocated_storage=500,
     storage_type=rds.StorageType.GP3,
@@ -694,7 +696,7 @@ to use for the instance:
 
 # Setting allocatedStorage for DatabaseInstance
 iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
     vpc=vpc,
     storage_type=rds.StorageType.IO1,
     iops=5000,
@@ -716,7 +718,7 @@ to use for the instance:
 
 
 rds.DatabaseInstance(self, "Instance",
-    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
     vpc=vpc,
     ca_certificate=rds.CaCertificate.RDS_CA_RSA2048_G1
 )
@@ -729,7 +731,7 @@ You can specify a custom CA certificate with:
 
 
 rds.DatabaseInstance(self, "Instance",
-    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
     vpc=vpc,
     ca_certificate=rds.CaCertificate.of("future-rds-ca")
 )
@@ -1493,6 +1495,93 @@ rds.DatabaseCluster(self, "DatabaseCluster",
     preferred_maintenance_window="Sat:22:15-Sat:22:45"
 )
 ```
+
+## Performance Insights
+
+You can enable Performance Insights for a clustered database or an instance database.
+
+### Clustered Database
+
+You can enable Performance Insights at cluster level or instance level.
+
+To enable Performance Insights at the cluster level, set the `enablePerformanceInsights` property for the `DatabaseCluster` to `true`.
+If you want to specify the detailed settings, you can use the `performanceInsightRetention` and `performanceInsightEncryptionKey` properties.
+
+The settings are then applied to all instances in the cluster.
+
+```python
+# vpc: ec2.Vpc
+# kms_key: kms.Key
+
+rds.DatabaseCluster(self, "Database",
+    engine=rds.DatabaseClusterEngine.AURORA,
+    vpc=vpc,
+    enable_performance_insights=True,
+    performance_insight_retention=rds.PerformanceInsightRetention.LONG_TERM,
+    performance_insight_encryption_key=kms_key,
+    writer=rds.ClusterInstance.provisioned("Writer",
+        instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G, ec2.InstanceSize.LARGE)
+    )
+)
+```
+
+To enable Performance Insights at the instance level, set the same properties for each instance of the `writer` and the `readers`.
+
+In this way, different settings can be applied to different instances in a cluster.
+
+**Note:** If Performance Insights is enabled at the cluster level, it is also automatically enabled for each instance. If specified, Performance Insights
+for each instance require the same retention period and encryption key as the cluster level.
+
+```python
+# vpc: ec2.Vpc
+# kms_key: kms.Key
+
+rds.DatabaseCluster(self, "Database",
+    engine=rds.DatabaseClusterEngine.AURORA,
+    vpc=vpc,
+    writer=rds.ClusterInstance.provisioned("Writer",
+        instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G, ec2.InstanceSize.LARGE),
+        enable_performance_insights=True,
+        performance_insight_retention=rds.PerformanceInsightRetention.LONG_TERM,
+        performance_insight_encryption_key=kms_key
+    ),
+    readers=[
+        rds.ClusterInstance.provisioned("Reader",
+            instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G, ec2.InstanceSize.LARGE),
+            enable_performance_insights=False
+        )
+    ]
+)
+```
+
+### Instance Database
+
+To enable Performance Insights for an instance database, set the `enablePerformanceInsights` property for the `DatabaseInstance` to `true`.
+If you want to specify the detailed settings, you can use the `performanceInsightRetention` and `performanceInsightEncryptionKey` properties.
+
+```python
+# vpc: ec2.Vpc
+# kms_key: kms.Key
+
+instance = rds.DatabaseInstance(self, "Instance",
+    engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
+    instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G, ec2.InstanceSize.LARGE),
+    vpc=vpc,
+    enable_performance_insights=True,
+    performance_insight_retention=rds.PerformanceInsightRetention.LONG_TERM,
+    performance_insight_encryption_key=kms_key
+)
+```
+
+### Supported Engines
+
+Performance Insights supports a limited number of engines.
+
+To see Amazon RDS DB engines that support Performance Insights, see [Amazon RDS DB engine, Region, and instance class support for Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.Engines.html).
+
+To see Amazon Aurora DB engines that support Performance Insights, see [Amazon Aurora DB engine, Region, and instance class support for Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.Overview.Engines.html).
+
+For more information about Performance Insights, see [Monitoring DB load with Performance Insights on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html).
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -19805,6 +19894,7 @@ class DatabaseClusterEngine(
         "domain_role": "domainRole",
         "enable_data_api": "enableDataApi",
         "enable_local_write_forwarding": "enableLocalWriteForwarding",
+        "enable_performance_insights": "enablePerformanceInsights",
         "iam_authentication": "iamAuthentication",
         "instance_identifier_base": "instanceIdentifierBase",
         "instance_props": "instanceProps",
@@ -19815,6 +19905,8 @@ class DatabaseClusterEngine(
         "network_type": "networkType",
         "parameter_group": "parameterGroup",
         "parameters": "parameters",
+        "performance_insight_encryption_key": "performanceInsightEncryptionKey",
+        "performance_insight_retention": "performanceInsightRetention",
         "port": "port",
         "preferred_maintenance_window": "preferredMaintenanceWindow",
         "readers": "readers",
@@ -19856,6 +19948,7 @@ class DatabaseClusterFromSnapshotProps:
         domain_role: typing.Optional[_IRole_235f5d8e] = None,
         enable_data_api: typing.Optional[builtins.bool] = None,
         enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+        enable_performance_insights: typing.Optional[builtins.bool] = None,
         iam_authentication: typing.Optional[builtins.bool] = None,
         instance_identifier_base: typing.Optional[builtins.str] = None,
         instance_props: typing.Optional[typing.Union["InstanceProps", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -19866,6 +19959,8 @@ class DatabaseClusterFromSnapshotProps:
         network_type: typing.Optional["NetworkType"] = None,
         parameter_group: typing.Optional["IParameterGroup"] = None,
         parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        performance_insight_retention: typing.Optional["PerformanceInsightRetention"] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence["IClusterInstance"]] = None,
@@ -19903,7 +19998,8 @@ class DatabaseClusterFromSnapshotProps:
         :param domain: Directory ID for associating the DB cluster with a specific Active Directory. Necessary for enabling Kerberos authentication. If specified, the DB cluster joins the given Active Directory, enabling Kerberos authentication. If not specified, the DB cluster will not be associated with any Active Directory, and Kerberos authentication will not be enabled. Default: - DB cluster is not associated with an Active Directory; Kerberos authentication is not enabled.
         :param domain_role: The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy ``AmazonRDSDirectoryServiceAccess`` or equivalent. Default: - If ``DatabaseClusterBaseProps.domain`` is specified, a role with the ``AmazonRDSDirectoryServiceAccess`` policy is automatically created.
         :param enable_data_api: Whether to enable the Data API for the cluster. Default: - false
-        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 and higher clusters. Default: false
+        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4 or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14). Default: false
+        :param enable_performance_insights: Whether to enable Performance Insights for the DB cluster. Default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
         :param iam_authentication: Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - clusterIdentifier is used with the word "Instance" appended. If clusterIdentifier is not provided, the identifier is automatically generated.
         :param instance_props: (deprecated) Settings for the individual instances that are launched.
@@ -19914,6 +20010,8 @@ class DatabaseClusterFromSnapshotProps:
         :param network_type: The network type of the DB instance. Default: - IPV4
         :param parameter_group: Additional parameters to pass to the database engine. Default: - No parameter group.
         :param parameters: The parameters in the DBClusterParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBClusterParameterGroup. Default: - None
+        :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
+        :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
         :param port: What port to listen on. Default: - The default for the engine is used.
         :param preferred_maintenance_window: A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). Example: 'Sun:23:45-Mon:00:15' Default: - 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
@@ -19923,7 +20021,7 @@ class DatabaseClusterFromSnapshotProps:
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
         :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
-        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
+        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 256. The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
         :param snapshot_credentials: Master user credentials. Note - It is not possible to change the master username for a snapshot; however, it is possible to provide (or generate) a new password. Default: - The existing username and password from the snapshot will be used.
         :param storage_encrypted: Whether to enable storage encryption. Default: - true if storageEncryptionKey is provided, false otherwise
@@ -19971,6 +20069,7 @@ class DatabaseClusterFromSnapshotProps:
             check_type(argname="argument domain_role", value=domain_role, expected_type=type_hints["domain_role"])
             check_type(argname="argument enable_data_api", value=enable_data_api, expected_type=type_hints["enable_data_api"])
             check_type(argname="argument enable_local_write_forwarding", value=enable_local_write_forwarding, expected_type=type_hints["enable_local_write_forwarding"])
+            check_type(argname="argument enable_performance_insights", value=enable_performance_insights, expected_type=type_hints["enable_performance_insights"])
             check_type(argname="argument iam_authentication", value=iam_authentication, expected_type=type_hints["iam_authentication"])
             check_type(argname="argument instance_identifier_base", value=instance_identifier_base, expected_type=type_hints["instance_identifier_base"])
             check_type(argname="argument instance_props", value=instance_props, expected_type=type_hints["instance_props"])
@@ -19981,6 +20080,8 @@ class DatabaseClusterFromSnapshotProps:
             check_type(argname="argument network_type", value=network_type, expected_type=type_hints["network_type"])
             check_type(argname="argument parameter_group", value=parameter_group, expected_type=type_hints["parameter_group"])
             check_type(argname="argument parameters", value=parameters, expected_type=type_hints["parameters"])
+            check_type(argname="argument performance_insight_encryption_key", value=performance_insight_encryption_key, expected_type=type_hints["performance_insight_encryption_key"])
+            check_type(argname="argument performance_insight_retention", value=performance_insight_retention, expected_type=type_hints["performance_insight_retention"])
             check_type(argname="argument port", value=port, expected_type=type_hints["port"])
             check_type(argname="argument preferred_maintenance_window", value=preferred_maintenance_window, expected_type=type_hints["preferred_maintenance_window"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
@@ -20032,6 +20133,8 @@ class DatabaseClusterFromSnapshotProps:
             self._values["enable_data_api"] = enable_data_api
         if enable_local_write_forwarding is not None:
             self._values["enable_local_write_forwarding"] = enable_local_write_forwarding
+        if enable_performance_insights is not None:
+            self._values["enable_performance_insights"] = enable_performance_insights
         if iam_authentication is not None:
             self._values["iam_authentication"] = iam_authentication
         if instance_identifier_base is not None:
@@ -20052,6 +20155,10 @@ class DatabaseClusterFromSnapshotProps:
             self._values["parameter_group"] = parameter_group
         if parameters is not None:
             self._values["parameters"] = parameters
+        if performance_insight_encryption_key is not None:
+            self._values["performance_insight_encryption_key"] = performance_insight_encryption_key
+        if performance_insight_retention is not None:
+            self._values["performance_insight_retention"] = performance_insight_retention
         if port is not None:
             self._values["port"] = port
         if preferred_maintenance_window is not None:
@@ -20266,15 +20373,25 @@ class DatabaseClusterFromSnapshotProps:
     def enable_local_write_forwarding(self) -> typing.Optional[builtins.bool]:
         '''Whether read replicas can forward write operations to the writer DB instance in the DB cluster.
 
-        This setting can only be enabled for Aurora MySQL 3.04 and higher clusters.
+        This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4
+        or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14).
 
         :default: false
 
-        :see: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-write-forwarding.html
+        :see: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-postgresql-write-forwarding.html
         '''
         result = self._values.get("enable_local_write_forwarding")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def enable_performance_insights(self) -> typing.Optional[builtins.bool]:
+        '''Whether to enable Performance Insights for the DB cluster.
+
+        :default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
+        '''
+        result = self._values.get("enable_performance_insights")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def iam_authentication(self) -> typing.Optional[builtins.bool]:
         '''Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.
@@ -20381,6 +20498,26 @@ class DatabaseClusterFromSnapshotProps:
         result = self._values.get("parameters")
         return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
 
+    @builtins.property
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.
+
+        :default: - default master key
+        '''
+        result = self._values.get("performance_insight_encryption_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
+    @builtins.property
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional["PerformanceInsightRetention"]:
+        '''The amount of time, in days, to retain Performance Insights data.
+
+        :default: 7
+        '''
+        result = self._values.get("performance_insight_retention")
+        return typing.cast(typing.Optional["PerformanceInsightRetention"], result)
+
     @builtins.property
     def port(self) -> typing.Optional[jsii.Number]:
         '''What port to listen on.
@@ -20502,7 +20639,7 @@ class DatabaseClusterFromSnapshotProps:
         '''The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster.
 
         You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on.
-        The largest value that you can use is 128 (256GB).
+        The largest value that you can use is 256.
 
         The maximum capacity must be higher than 0.5 ACUs.
 
@@ -20635,6 +20772,7 @@ class DatabaseClusterFromSnapshotProps:
         "domain_role": "domainRole",
         "enable_data_api": "enableDataApi",
         "enable_local_write_forwarding": "enableLocalWriteForwarding",
+        "enable_performance_insights": "enablePerformanceInsights",
         "iam_authentication": "iamAuthentication",
         "instance_identifier_base": "instanceIdentifierBase",
         "instance_props": "instanceProps",
@@ -20645,6 +20783,8 @@ class DatabaseClusterFromSnapshotProps:
         "network_type": "networkType",
         "parameter_group": "parameterGroup",
         "parameters": "parameters",
+        "performance_insight_encryption_key": "performanceInsightEncryptionKey",
+        "performance_insight_retention": "performanceInsightRetention",
         "port": "port",
         "preferred_maintenance_window": "preferredMaintenanceWindow",
         "readers": "readers",
@@ -20684,6 +20824,7 @@ class DatabaseClusterProps:
         domain_role: typing.Optional[_IRole_235f5d8e] = None,
         enable_data_api: typing.Optional[builtins.bool] = None,
         enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+        enable_performance_insights: typing.Optional[builtins.bool] = None,
         iam_authentication: typing.Optional[builtins.bool] = None,
         instance_identifier_base: typing.Optional[builtins.str] = None,
         instance_props: typing.Optional[typing.Union["InstanceProps", typing.Dict[builtins.str, typing.Any]]] = None,
@@ -20694,6 +20835,8 @@ class DatabaseClusterProps:
         network_type: typing.Optional["NetworkType"] = None,
         parameter_group: typing.Optional["IParameterGroup"] = None,
         parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        performance_insight_retention: typing.Optional["PerformanceInsightRetention"] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence["IClusterInstance"]] = None,
@@ -20729,7 +20872,8 @@ class DatabaseClusterProps:
         :param domain: Directory ID for associating the DB cluster with a specific Active Directory. Necessary for enabling Kerberos authentication. If specified, the DB cluster joins the given Active Directory, enabling Kerberos authentication. If not specified, the DB cluster will not be associated with any Active Directory, and Kerberos authentication will not be enabled. Default: - DB cluster is not associated with an Active Directory; Kerberos authentication is not enabled.
         :param domain_role: The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy ``AmazonRDSDirectoryServiceAccess`` or equivalent. Default: - If ``DatabaseClusterBaseProps.domain`` is specified, a role with the ``AmazonRDSDirectoryServiceAccess`` policy is automatically created.
         :param enable_data_api: Whether to enable the Data API for the cluster. Default: - false
-        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 and higher clusters. Default: false
+        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4 or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14). Default: false
+        :param enable_performance_insights: Whether to enable Performance Insights for the DB cluster. Default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
         :param iam_authentication: Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - clusterIdentifier is used with the word "Instance" appended. If clusterIdentifier is not provided, the identifier is automatically generated.
         :param instance_props: (deprecated) Settings for the individual instances that are launched.
@@ -20740,6 +20884,8 @@ class DatabaseClusterProps:
         :param network_type: The network type of the DB instance. Default: - IPV4
         :param parameter_group: Additional parameters to pass to the database engine. Default: - No parameter group.
         :param parameters: The parameters in the DBClusterParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBClusterParameterGroup. Default: - None
+        :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
+        :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
         :param port: What port to listen on. Default: - The default for the engine is used.
         :param preferred_maintenance_window: A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). Example: 'Sun:23:45-Mon:00:15' Default: - 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
@@ -20749,7 +20895,7 @@ class DatabaseClusterProps:
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
         :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
-        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
+        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 256. The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
         :param storage_encrypted: Whether to enable storage encryption. Default: - true if storageEncryptionKey is provided, false otherwise
         :param storage_encryption_key: The KMS key for storage encryption. If specified, ``storageEncrypted`` will be set to ``true``. Default: - if storageEncrypted is true then the default master key, no key otherwise
@@ -20804,6 +20950,7 @@ class DatabaseClusterProps:
             check_type(argname="argument domain_role", value=domain_role, expected_type=type_hints["domain_role"])
             check_type(argname="argument enable_data_api", value=enable_data_api, expected_type=type_hints["enable_data_api"])
             check_type(argname="argument enable_local_write_forwarding", value=enable_local_write_forwarding, expected_type=type_hints["enable_local_write_forwarding"])
+            check_type(argname="argument enable_performance_insights", value=enable_performance_insights, expected_type=type_hints["enable_performance_insights"])
             check_type(argname="argument iam_authentication", value=iam_authentication, expected_type=type_hints["iam_authentication"])
             check_type(argname="argument instance_identifier_base", value=instance_identifier_base, expected_type=type_hints["instance_identifier_base"])
             check_type(argname="argument instance_props", value=instance_props, expected_type=type_hints["instance_props"])
@@ -20814,6 +20961,8 @@ class DatabaseClusterProps:
             check_type(argname="argument network_type", value=network_type, expected_type=type_hints["network_type"])
             check_type(argname="argument parameter_group", value=parameter_group, expected_type=type_hints["parameter_group"])
             check_type(argname="argument parameters", value=parameters, expected_type=type_hints["parameters"])
+            check_type(argname="argument performance_insight_encryption_key", value=performance_insight_encryption_key, expected_type=type_hints["performance_insight_encryption_key"])
+            check_type(argname="argument performance_insight_retention", value=performance_insight_retention, expected_type=type_hints["performance_insight_retention"])
             check_type(argname="argument port", value=port, expected_type=type_hints["port"])
             check_type(argname="argument preferred_maintenance_window", value=preferred_maintenance_window, expected_type=type_hints["preferred_maintenance_window"])
             check_type(argname="argument readers", value=readers, expected_type=type_hints["readers"])
@@ -20863,6 +21012,8 @@ class DatabaseClusterProps:
             self._values["enable_data_api"] = enable_data_api
         if enable_local_write_forwarding is not None:
             self._values["enable_local_write_forwarding"] = enable_local_write_forwarding
+        if enable_performance_insights is not None:
+            self._values["enable_performance_insights"] = enable_performance_insights
         if iam_authentication is not None:
             self._values["iam_authentication"] = iam_authentication
         if instance_identifier_base is not None:
@@ -20883,6 +21034,10 @@ class DatabaseClusterProps:
             self._values["parameter_group"] = parameter_group
         if parameters is not None:
             self._values["parameters"] = parameters
+        if performance_insight_encryption_key is not None:
+            self._values["performance_insight_encryption_key"] = performance_insight_encryption_key
+        if performance_insight_retention is not None:
+            self._values["performance_insight_retention"] = performance_insight_retention
         if port is not None:
             self._values["port"] = port
         if preferred_maintenance_window is not None:
@@ -21072,15 +21227,25 @@ class DatabaseClusterProps:
     def enable_local_write_forwarding(self) -> typing.Optional[builtins.bool]:
         '''Whether read replicas can forward write operations to the writer DB instance in the DB cluster.
 
-        This setting can only be enabled for Aurora MySQL 3.04 and higher clusters.
+        This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4
+        or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14).
 
         :default: false
 
-        :see: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-write-forwarding.html
+        :see: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-postgresql-write-forwarding.html
         '''
         result = self._values.get("enable_local_write_forwarding")
         return typing.cast(typing.Optional[builtins.bool], result)
 
+    @builtins.property
+    def enable_performance_insights(self) -> typing.Optional[builtins.bool]:
+        '''Whether to enable Performance Insights for the DB cluster.
+
+        :default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
+        '''
+        result = self._values.get("enable_performance_insights")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def iam_authentication(self) -> typing.Optional[builtins.bool]:
         '''Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.
@@ -21187,6 +21352,26 @@ class DatabaseClusterProps:
         result = self._values.get("parameters")
         return typing.cast(typing.Optional[typing.Mapping[builtins.str, builtins.str]], result)
 
+    @builtins.property
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.
+
+        :default: - default master key
+        '''
+        result = self._values.get("performance_insight_encryption_key")
+        return typing.cast(typing.Optional[_IKey_5f11635f], result)
+
+    @builtins.property
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional["PerformanceInsightRetention"]:
+        '''The amount of time, in days, to retain Performance Insights data.
+
+        :default: 7
+        '''
+        result = self._values.get("performance_insight_retention")
+        return typing.cast(typing.Optional["PerformanceInsightRetention"], result)
+
     @builtins.property
     def port(self) -> typing.Optional[jsii.Number]:
         '''What port to listen on.
@@ -21308,7 +21493,7 @@ class DatabaseClusterProps:
         '''The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster.
 
         You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on.
-        The largest value that you can use is 128 (256GB).
+        The largest value that you can use is 256.
 
         The maximum capacity must be higher than 0.5 ACUs.
 
@@ -21561,14 +21746,14 @@ class DatabaseInstanceEngine(
         
         
         iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             storage_type=rds.StorageType.IO1,
             iops=5000
         )
         
         gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             allocated_storage=500,
             storage_type=rds.StorageType.GP3,
@@ -25692,7 +25877,7 @@ class IAuroraClusterInstance(_IResource_c80c4260, typing_extensions.Protocol):
     @builtins.property
     @jsii.member(jsii_name="tier")
     def tier(self) -> jsii.Number:
-        '''Te promotion tier the instance was created in.'''
+        '''The promotion tier the instance was created in.'''
         ...
 
     @builtins.property
@@ -25707,6 +25892,26 @@ class IAuroraClusterInstance(_IResource_c80c4260, typing_extensions.Protocol):
         '''The instance size if the instance is a provisioned type.'''
         ...
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightEncryptionKey")
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.'''
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightRetention")
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional["PerformanceInsightRetention"]:
+        '''The amount of time, in days, to retain Performance Insights data.'''
+        ...
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightsEnabled")
+    def performance_insights_enabled(self) -> typing.Optional[builtins.bool]:
+        '''Whether Performance Insights is enabled.'''
+        ...
+
 
 class _IAuroraClusterInstanceProxy(
     jsii.proxy_for(_IResource_c80c4260), # type: ignore[misc]
@@ -25742,7 +25947,7 @@ class _IAuroraClusterInstanceProxy(
     @builtins.property
     @jsii.member(jsii_name="tier")
     def tier(self) -> jsii.Number:
-        '''Te promotion tier the instance was created in.'''
+        '''The promotion tier the instance was created in.'''
         return typing.cast(jsii.Number, jsii.get(self, "tier"))
 
     @builtins.property
@@ -25757,6 +25962,26 @@ class _IAuroraClusterInstanceProxy(
         '''The instance size if the instance is a provisioned type.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "instanceSize"))
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightEncryptionKey")
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.'''
+        return typing.cast(typing.Optional[_IKey_5f11635f], jsii.get(self, "performanceInsightEncryptionKey"))
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightRetention")
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional["PerformanceInsightRetention"]:
+        '''The amount of time, in days, to retain Performance Insights data.'''
+        return typing.cast(typing.Optional["PerformanceInsightRetention"], jsii.get(self, "performanceInsightRetention"))
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightsEnabled")
+    def performance_insights_enabled(self) -> typing.Optional[builtins.bool]:
+        '''Whether Performance Insights is enabled.'''
+        return typing.cast(typing.Optional[builtins.bool], jsii.get(self, "performanceInsightsEnabled"))
+
 # Adding a "__jsii_proxy_class__(): typing.Type" function to the interface
 typing.cast(typing.Any, IAuroraClusterInstance).__jsii_proxy_class__ = lambda : _IAuroraClusterInstanceProxy
 
@@ -30095,6 +30320,12 @@ class MariaDbEngineVersion(
         '''
         return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_10_6_8"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_11_4_3")
+    def VER_11_4_3(cls) -> "MariaDbEngineVersion":
+        '''Version "11.4.3".'''
+        return typing.cast("MariaDbEngineVersion", jsii.sget(cls, "VER_11_4_3"))
+
     @builtins.property
     @jsii.member(jsii_name="mariaDbFullVersion")
     def maria_db_full_version(self) -> builtins.str:
@@ -30182,14 +30413,14 @@ class MySqlInstanceEngineProps:
             
             
             iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
                 vpc=vpc,
                 storage_type=rds.StorageType.IO1,
                 iops=5000
             )
             
             gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
-                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
                 vpc=vpc,
                 allocated_storage=500,
                 storage_type=rds.StorageType.GP3,
@@ -30236,14 +30467,14 @@ class MysqlEngineVersion(
         
         
         iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             storage_type=rds.StorageType.IO1,
             iops=5000
         )
         
         gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             allocated_storage=500,
             storage_type=rds.StorageType.GP3,
@@ -32874,6 +33105,24 @@ class PerformanceInsightRetention(enum.Enum):
     - 7 days (the default, free tier)
     - month * 31, where month is a number of months from 1-23
     - 731 (2 years)
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # vpc: ec2.Vpc
+        # kms_key: kms.Key
+        
+        rds.DatabaseCluster(self, "Database",
+            engine=rds.DatabaseClusterEngine.AURORA,
+            vpc=vpc,
+            enable_performance_insights=True,
+            performance_insight_retention=rds.PerformanceInsightRetention.LONG_TERM,
+            performance_insight_encryption_key=kms_key,
+            writer=rds.ClusterInstance.provisioned("Writer",
+                instance_type=ec2.InstanceType.of(ec2.InstanceClass.R7G, ec2.InstanceSize.LARGE)
+            )
+        )
     '''
 
     DEFAULT = "DEFAULT"
@@ -38173,14 +38422,14 @@ class StorageType(enum.Enum):
         
         
         iops_instance = rds.DatabaseInstance(self, "IopsInstance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             storage_type=rds.StorageType.IO1,
             iops=5000
         )
         
         gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
-            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_30),
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
             vpc=vpc,
             allocated_storage=500,
             storage_type=rds.StorageType.GP3,
@@ -39633,6 +39882,7 @@ class DatabaseClusterFromSnapshot(
         domain_role: typing.Optional[_IRole_235f5d8e] = None,
         enable_data_api: typing.Optional[builtins.bool] = None,
         enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+        enable_performance_insights: typing.Optional[builtins.bool] = None,
         iam_authentication: typing.Optional[builtins.bool] = None,
         instance_identifier_base: typing.Optional[builtins.str] = None,
         instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -39643,6 +39893,8 @@ class DatabaseClusterFromSnapshot(
         network_type: typing.Optional[NetworkType] = None,
         parameter_group: typing.Optional[IParameterGroup] = None,
         parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,
@@ -39681,7 +39933,8 @@ class DatabaseClusterFromSnapshot(
         :param domain: Directory ID for associating the DB cluster with a specific Active Directory. Necessary for enabling Kerberos authentication. If specified, the DB cluster joins the given Active Directory, enabling Kerberos authentication. If not specified, the DB cluster will not be associated with any Active Directory, and Kerberos authentication will not be enabled. Default: - DB cluster is not associated with an Active Directory; Kerberos authentication is not enabled.
         :param domain_role: The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy ``AmazonRDSDirectoryServiceAccess`` or equivalent. Default: - If ``DatabaseClusterBaseProps.domain`` is specified, a role with the ``AmazonRDSDirectoryServiceAccess`` policy is automatically created.
         :param enable_data_api: Whether to enable the Data API for the cluster. Default: - false
-        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 and higher clusters. Default: false
+        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4 or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14). Default: false
+        :param enable_performance_insights: Whether to enable Performance Insights for the DB cluster. Default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
         :param iam_authentication: Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - clusterIdentifier is used with the word "Instance" appended. If clusterIdentifier is not provided, the identifier is automatically generated.
         :param instance_props: (deprecated) Settings for the individual instances that are launched.
@@ -39692,6 +39945,8 @@ class DatabaseClusterFromSnapshot(
         :param network_type: The network type of the DB instance. Default: - IPV4
         :param parameter_group: Additional parameters to pass to the database engine. Default: - No parameter group.
         :param parameters: The parameters in the DBClusterParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBClusterParameterGroup. Default: - None
+        :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
+        :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
         :param port: What port to listen on. Default: - The default for the engine is used.
         :param preferred_maintenance_window: A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). Example: 'Sun:23:45-Mon:00:15' Default: - 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
@@ -39701,7 +39956,7 @@ class DatabaseClusterFromSnapshot(
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
         :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
-        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
+        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 256. The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
         :param snapshot_credentials: Master user credentials. Note - It is not possible to change the master username for a snapshot; however, it is possible to provide (or generate) a new password. Default: - The existing username and password from the snapshot will be used.
         :param storage_encrypted: Whether to enable storage encryption. Default: - true if storageEncryptionKey is provided, false otherwise
@@ -39733,6 +39988,7 @@ class DatabaseClusterFromSnapshot(
             domain_role=domain_role,
             enable_data_api=enable_data_api,
             enable_local_write_forwarding=enable_local_write_forwarding,
+            enable_performance_insights=enable_performance_insights,
             iam_authentication=iam_authentication,
             instance_identifier_base=instance_identifier_base,
             instance_props=instance_props,
@@ -39743,6 +39999,8 @@ class DatabaseClusterFromSnapshot(
             network_type=network_type,
             parameter_group=parameter_group,
             parameters=parameters,
+            performance_insight_encryption_key=performance_insight_encryption_key,
+            performance_insight_retention=performance_insight_retention,
             port=port,
             preferred_maintenance_window=preferred_maintenance_window,
             readers=readers,
@@ -39987,6 +40245,12 @@ class DatabaseClusterFromSnapshot(
     def _new_cfn_props(self) -> CfnDBClusterProps:
         return typing.cast(CfnDBClusterProps, jsii.get(self, "newCfnProps"))
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightsEnabled")
+    def performance_insights_enabled(self) -> builtins.bool:
+        '''Whether Performance Insights is enabled at cluster level.'''
+        return typing.cast(builtins.bool, jsii.get(self, "performanceInsightsEnabled"))
+
     @builtins.property
     @jsii.member(jsii_name="securityGroups")
     def _security_groups(self) -> typing.List[_ISecurityGroup_acf8a799]:
@@ -40028,6 +40292,20 @@ class DatabaseClusterFromSnapshot(
         '''
         return typing.cast(typing.Optional["IClusterEngine"], jsii.get(self, "engine"))
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightEncryptionKey")
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.'''
+        return typing.cast(typing.Optional[_IKey_5f11635f], jsii.get(self, "performanceInsightEncryptionKey"))
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightRetention")
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional[PerformanceInsightRetention]:
+        '''The amount of time, in days, to retain Performance Insights data.'''
+        return typing.cast(typing.Optional[PerformanceInsightRetention], jsii.get(self, "performanceInsightRetention"))
+
     @builtins.property
     @jsii.member(jsii_name="secret")
     def secret(self) -> typing.Optional[_ISecret_6e020e6a]:
@@ -42209,31 +42487,22 @@ class DatabaseInstanceProps(DatabaseInstanceSourceProps):
 
         Example::
 
-            # vpc: ec2.IVpc
+            # vpc: ec2.Vpc
             
             
-            instance1 = rds.DatabaseInstance(self, "PostgresInstance1",
-                engine=rds.DatabaseInstanceEngine.POSTGRES,
-                # Generate the secret with admin username `postgres` and random password
-                credentials=rds.Credentials.from_generated_secret("postgres"),
-                vpc=vpc
-            )
-            # Templated secret with username and password fields
-            templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
-                generate_secret_string=secretsmanager.SecretStringGenerator(
-                    secret_string_template=JSON.stringify({"username": "postgres"}),
-                    generate_string_key="password",
-                    exclude_characters="/@\""
-                )
+            iops_instance = rds.DatabaseInstance(self, "IopsInstance",
+                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
+                vpc=vpc,
+                storage_type=rds.StorageType.IO1,
+                iops=5000
             )
-            # Using the templated secret as credentials
-            instance2 = rds.DatabaseInstance(self, "PostgresInstance2",
-                engine=rds.DatabaseInstanceEngine.POSTGRES,
-                credentials={
-                    "username": templated_secret.secret_value_from_json("username").to_string(),
-                    "password": templated_secret.secret_value_from_json("password")
-                },
-                vpc=vpc
+            
+            gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
+                engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
+                vpc=vpc,
+                allocated_storage=500,
+                storage_type=rds.StorageType.GP3,
+                storage_throughput=500
             )
         '''
         if isinstance(processor_features, dict):
@@ -43635,6 +43904,7 @@ class DatabaseCluster(
         domain_role: typing.Optional[_IRole_235f5d8e] = None,
         enable_data_api: typing.Optional[builtins.bool] = None,
         enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+        enable_performance_insights: typing.Optional[builtins.bool] = None,
         iam_authentication: typing.Optional[builtins.bool] = None,
         instance_identifier_base: typing.Optional[builtins.str] = None,
         instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -43645,6 +43915,8 @@ class DatabaseCluster(
         network_type: typing.Optional[NetworkType] = None,
         parameter_group: typing.Optional[IParameterGroup] = None,
         parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+        performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+        performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
         port: typing.Optional[jsii.Number] = None,
         preferred_maintenance_window: typing.Optional[builtins.str] = None,
         readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,
@@ -43681,7 +43953,8 @@ class DatabaseCluster(
         :param domain: Directory ID for associating the DB cluster with a specific Active Directory. Necessary for enabling Kerberos authentication. If specified, the DB cluster joins the given Active Directory, enabling Kerberos authentication. If not specified, the DB cluster will not be associated with any Active Directory, and Kerberos authentication will not be enabled. Default: - DB cluster is not associated with an Active Directory; Kerberos authentication is not enabled.
         :param domain_role: The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy ``AmazonRDSDirectoryServiceAccess`` or equivalent. Default: - If ``DatabaseClusterBaseProps.domain`` is specified, a role with the ``AmazonRDSDirectoryServiceAccess`` policy is automatically created.
         :param enable_data_api: Whether to enable the Data API for the cluster. Default: - false
-        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 and higher clusters. Default: false
+        :param enable_local_write_forwarding: Whether read replicas can forward write operations to the writer DB instance in the DB cluster. This setting can only be enabled for Aurora MySQL 3.04 or higher, and for Aurora PostgreSQL 16.4 or higher (for version 16), 15.8 or higher (for version 15), and 14.13 or higher (for version 14). Default: false
+        :param enable_performance_insights: Whether to enable Performance Insights for the DB cluster. Default: - false, unless ``performanceInsightRetention`` or ``performanceInsightEncryptionKey`` is set.
         :param iam_authentication: Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Default: false
         :param instance_identifier_base: Base identifier for instances. Every replica is named by appending the replica number to this string, 1-based. Default: - clusterIdentifier is used with the word "Instance" appended. If clusterIdentifier is not provided, the identifier is automatically generated.
         :param instance_props: (deprecated) Settings for the individual instances that are launched.
@@ -43692,6 +43965,8 @@ class DatabaseCluster(
         :param network_type: The network type of the DB instance. Default: - IPV4
         :param parameter_group: Additional parameters to pass to the database engine. Default: - No parameter group.
         :param parameters: The parameters in the DBClusterParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBClusterParameterGroup. Default: - None
+        :param performance_insight_encryption_key: The AWS KMS key for encryption of Performance Insights data. Default: - default master key
+        :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
         :param port: What port to listen on. Default: - The default for the engine is used.
         :param preferred_maintenance_window: A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). Example: 'Sun:23:45-Mon:00:15' Default: - 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
         :param readers: A list of instances to create as cluster reader instances. Default: - no readers are created. The cluster will have a single writer/reader
@@ -43701,7 +43976,7 @@ class DatabaseCluster(
         :param s3_import_buckets: S3 buckets that you want to load data from. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportRole`` is used. For MySQL: Default: - None
         :param s3_import_role: Role that will be associated with this DB cluster to enable S3 import. This feature is only supported by the Aurora database engine. This property must not be used if ``s3ImportBuckets`` is used. To use this property with Aurora PostgreSQL, it must be configured with the S3 import feature enabled when creating the DatabaseClusterEngine For MySQL: Default: - New role is created if ``s3ImportBuckets`` is set, no role is defined otherwise
         :param security_groups: Security group. Default: a new security group is created.
-        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 128 (256GB). The maximum capacity must be higher than 0.5 ACUs. Default: 2
+        :param serverless_v2_max_capacity: The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 40, 40.5, 41, and so on. The largest value that you can use is 256. The maximum capacity must be higher than 0.5 ACUs. Default: 2
         :param serverless_v2_min_capacity: The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless v2 cluster. You can specify ACU values in half-step increments, such as 8, 8.5, 9, and so on. The smallest value that you can use is 0.5. Default: 0.5
         :param storage_encrypted: Whether to enable storage encryption. Default: - true if storageEncryptionKey is provided, false otherwise
         :param storage_encryption_key: The KMS key for storage encryption. If specified, ``storageEncrypted`` will be set to ``true``. Default: - if storageEncrypted is true then the default master key, no key otherwise
@@ -43731,6 +44006,7 @@ class DatabaseCluster(
             domain_role=domain_role,
             enable_data_api=enable_data_api,
             enable_local_write_forwarding=enable_local_write_forwarding,
+            enable_performance_insights=enable_performance_insights,
             iam_authentication=iam_authentication,
             instance_identifier_base=instance_identifier_base,
             instance_props=instance_props,
@@ -43741,6 +44017,8 @@ class DatabaseCluster(
             network_type=network_type,
             parameter_group=parameter_group,
             parameters=parameters,
+            performance_insight_encryption_key=performance_insight_encryption_key,
+            performance_insight_retention=performance_insight_retention,
             port=port,
             preferred_maintenance_window=preferred_maintenance_window,
             readers=readers,
@@ -44039,6 +44317,12 @@ class DatabaseCluster(
     def _new_cfn_props(self) -> CfnDBClusterProps:
         return typing.cast(CfnDBClusterProps, jsii.get(self, "newCfnProps"))
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightsEnabled")
+    def performance_insights_enabled(self) -> builtins.bool:
+        '''Whether Performance Insights is enabled at cluster level.'''
+        return typing.cast(builtins.bool, jsii.get(self, "performanceInsightsEnabled"))
+
     @builtins.property
     @jsii.member(jsii_name="securityGroups")
     def _security_groups(self) -> typing.List[_ISecurityGroup_acf8a799]:
@@ -44080,6 +44364,20 @@ class DatabaseCluster(
         '''
         return typing.cast(typing.Optional[IClusterEngine], jsii.get(self, "engine"))
 
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightEncryptionKey")
+    def performance_insight_encryption_key(self) -> typing.Optional[_IKey_5f11635f]:
+        '''The AWS KMS key for encryption of Performance Insights data.'''
+        return typing.cast(typing.Optional[_IKey_5f11635f], jsii.get(self, "performanceInsightEncryptionKey"))
+
+    @builtins.property
+    @jsii.member(jsii_name="performanceInsightRetention")
+    def performance_insight_retention(
+        self,
+    ) -> typing.Optional[PerformanceInsightRetention]:
+        '''The amount of time, in days, to retain Performance Insights data.'''
+        return typing.cast(typing.Optional[PerformanceInsightRetention], jsii.get(self, "performanceInsightRetention"))
+
     @builtins.property
     @jsii.member(jsii_name="secret")
     def secret(self) -> typing.Optional[_ISecret_6e020e6a]:
@@ -44130,31 +44428,22 @@ class DatabaseInstance(
 
     Example::
 
-        # vpc: ec2.IVpc
+        # vpc: ec2.Vpc
         
         
-        instance1 = rds.DatabaseInstance(self, "PostgresInstance1",
-            engine=rds.DatabaseInstanceEngine.POSTGRES,
-            # Generate the secret with admin username `postgres` and random password
-            credentials=rds.Credentials.from_generated_secret("postgres"),
-            vpc=vpc
-        )
-        # Templated secret with username and password fields
-        templated_secret = secretsmanager.Secret(self, "TemplatedSecret",
-            generate_secret_string=secretsmanager.SecretStringGenerator(
-                secret_string_template=JSON.stringify({"username": "postgres"}),
-                generate_string_key="password",
-                exclude_characters="/@\""
-            )
+        iops_instance = rds.DatabaseInstance(self, "IopsInstance",
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
+            vpc=vpc,
+            storage_type=rds.StorageType.IO1,
+            iops=5000
         )
-        # Using the templated secret as credentials
-        instance2 = rds.DatabaseInstance(self, "PostgresInstance2",
-            engine=rds.DatabaseInstanceEngine.POSTGRES,
-            credentials={
-                "username": templated_secret.secret_value_from_json("username").to_string(),
-                "password": templated_secret.secret_value_from_json("password")
-            },
-            vpc=vpc
+        
+        gp3_instance = rds.DatabaseInstance(self, "Gp3Instance",
+            engine=rds.DatabaseInstanceEngine.mysql(version=rds.MysqlEngineVersion.VER_8_0_39),
+            vpc=vpc,
+            allocated_storage=500,
+            storage_type=rds.StorageType.GP3,
+            storage_throughput=500
         )
     '''
 
@@ -47246,6 +47535,7 @@ def _typecheckingstub__1e44b5aef872ca17869a17181382f06cd0166bdbe07e2c33701d3bf1e
     domain_role: typing.Optional[_IRole_235f5d8e] = None,
     enable_data_api: typing.Optional[builtins.bool] = None,
     enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+    enable_performance_insights: typing.Optional[builtins.bool] = None,
     iam_authentication: typing.Optional[builtins.bool] = None,
     instance_identifier_base: typing.Optional[builtins.str] = None,
     instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -47256,6 +47546,8 @@ def _typecheckingstub__1e44b5aef872ca17869a17181382f06cd0166bdbe07e2c33701d3bf1e
     network_type: typing.Optional[NetworkType] = None,
     parameter_group: typing.Optional[IParameterGroup] = None,
     parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,
@@ -47296,6 +47588,7 @@ def _typecheckingstub__a32e21c90ab65d3cfdb3b7ef2a0d741ba1528ec8824cd1817d1e485b4
     domain_role: typing.Optional[_IRole_235f5d8e] = None,
     enable_data_api: typing.Optional[builtins.bool] = None,
     enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+    enable_performance_insights: typing.Optional[builtins.bool] = None,
     iam_authentication: typing.Optional[builtins.bool] = None,
     instance_identifier_base: typing.Optional[builtins.str] = None,
     instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -47306,6 +47599,8 @@ def _typecheckingstub__a32e21c90ab65d3cfdb3b7ef2a0d741ba1528ec8824cd1817d1e485b4
     network_type: typing.Optional[NetworkType] = None,
     parameter_group: typing.Optional[IParameterGroup] = None,
     parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,
@@ -48498,6 +48793,7 @@ def _typecheckingstub__d1a2e259091e12a41b0f5818df495769518e049ebcc89ed340ffc7ba4
     domain_role: typing.Optional[_IRole_235f5d8e] = None,
     enable_data_api: typing.Optional[builtins.bool] = None,
     enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+    enable_performance_insights: typing.Optional[builtins.bool] = None,
     iam_authentication: typing.Optional[builtins.bool] = None,
     instance_identifier_base: typing.Optional[builtins.str] = None,
     instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -48508,6 +48804,8 @@ def _typecheckingstub__d1a2e259091e12a41b0f5818df495769518e049ebcc89ed340ffc7ba4
     network_type: typing.Optional[NetworkType] = None,
     parameter_group: typing.Optional[IParameterGroup] = None,
     parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,
@@ -48981,6 +49279,7 @@ def _typecheckingstub__c6184cbbefaa372690b9776dafecbf5857cf9bfbab91d1666aad22c56
     domain_role: typing.Optional[_IRole_235f5d8e] = None,
     enable_data_api: typing.Optional[builtins.bool] = None,
     enable_local_write_forwarding: typing.Optional[builtins.bool] = None,
+    enable_performance_insights: typing.Optional[builtins.bool] = None,
     iam_authentication: typing.Optional[builtins.bool] = None,
     instance_identifier_base: typing.Optional[builtins.str] = None,
     instance_props: typing.Optional[typing.Union[InstanceProps, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -48991,6 +49290,8 @@ def _typecheckingstub__c6184cbbefaa372690b9776dafecbf5857cf9bfbab91d1666aad22c56
     network_type: typing.Optional[NetworkType] = None,
     parameter_group: typing.Optional[IParameterGroup] = None,
     parameters: typing.Optional[typing.Mapping[builtins.str, builtins.str]] = None,
+    performance_insight_encryption_key: typing.Optional[_IKey_5f11635f] = None,
+    performance_insight_retention: typing.Optional[PerformanceInsightRetention] = None,
     port: typing.Optional[jsii.Number] = None,
     preferred_maintenance_window: typing.Optional[builtins.str] = None,
     readers: typing.Optional[typing.Sequence[IClusterInstance]] = None,