aws-cdk-lib 2.176.0__py3-none-any.whl → 2.178.0__py3-none-any.whl

aws_cdk/aws_rds/__init__.py

@@ -1434,7 +1434,7 @@ rds.ServerlessClusterFromSnapshot(self, "Cluster",
 
 You can access your Aurora DB cluster using the built-in Data API. The Data API doesn't require a persistent connection to the DB cluster. Instead, it provides a secure HTTP endpoint and integration with AWS SDKs.
 
-The following example shows granting Data API access to a Lamba function.
+The following example shows granting Data API access to a Lambda function.
 
 ```python
 # vpc: ec2.Vpc
@@ -3923,6 +3923,12 @@ class AuroraPostgresEngineVersion(
         '''Version "16.6".'''
         return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_16_6"))
 
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="VER_16_6_LIMITLESS")
+    def VER_16_6_LIMITLESS(cls) -> "AuroraPostgresEngineVersion":
+        '''Version "16.6 limitless".'''
+        return typing.cast("AuroraPostgresEngineVersion", jsii.sget(cls, "VER_16_6_LIMITLESS"))
+
     @jsii.python.classproperty
     @jsii.member(jsii_name="VER_17_1")
     def VER_17_1(cls) -> "AuroraPostgresEngineVersion":
@@ -5075,7 +5081,7 @@ class CfnDBCluster(
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS issues an error.
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
+        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining an Amazon Aurora DB cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
@@ -7269,7 +7275,7 @@ class CfnDBClusterProps:
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS issues an error.
         :param port: The port number on which the DB instances in the DB cluster accept connections. Default: - When ``EngineMode`` is ``provisioned`` , ``3306`` (for both Aurora MySQL and Aurora PostgreSQL) - When ``EngineMode`` is ``serverless`` : - ``3306`` when ``Engine`` is ``aurora`` or ``aurora-mysql`` - ``5432`` when ``Engine`` is ``aurora-postgresql`` .. epigraph:: The ``No interruption`` on update behavior only applies to DB clusters. If you are updating a DB instance, see `Port <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port>`_ for the AWS::RDS::DBInstance resource. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param preferred_backup_window: The daily time range during which automated backups are created. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow>`_ in the *Amazon Aurora User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Valid for: Aurora DB clusters and Multi-AZ DB clusters
-        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
+        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining an Amazon Aurora DB cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.* Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. Constraints: Minimum 30-minute window. Valid for: Aurora DB clusters and Multi-AZ DB clusters
         :param publicly_accessible: Specifies whether the DB cluster is publicly accessible. When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it. When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address. Valid for Cluster Type: Multi-AZ DB clusters only Default: The default behavior varies depending on whether ``DBSubnetGroupName`` is specified. If ``DBSubnetGroupName`` isn't specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private. - If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public. If ``DBSubnetGroupName`` is specified, and ``PubliclyAccessible`` isn't specified, the following applies: - If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private. - If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
         :param replication_source_identifier: The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica. Valid for: Aurora DB clusters only
         :param restore_to_time: The date and time to restore the DB cluster to. Valid Values: Value must be a time in Universal Coordinated Time (UTC) format Constraints: - Must be before the latest restorable time for the DB instance - Must be specified if ``UseLatestRestorableTime`` parameter isn't provided - Can't be specified if the ``UseLatestRestorableTime`` parameter is enabled - Can't be specified if the ``RestoreType`` parameter is ``copy-on-write`` This property must be used with ``SourceDBClusterIdentifier`` property. The resulting cluster will have the identifier that matches the value of the ``DBclusterIdentifier`` property. Example: ``2015-03-07T23:45:00Z`` Valid for: Aurora DB clusters and Multi-AZ DB clusters
@@ -8308,7 +8314,7 @@ class CfnDBClusterProps:
 
         Format: ``ddd:hh24:mi-ddd:hh24:mi``
 
-        The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Cluster Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.*
+        The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining an Amazon Aurora DB cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora>`_ in the *Amazon Aurora User Guide.*
 
         Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
 
@@ -8860,7 +8866,7 @@ class CfnDBInstance(
         :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
-        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an unencrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
+        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties, and the point-in-time recovery properties ``RestoreTime`` and ``UseLatestRestorableTime`` . For information about the properties that you can specify, see the ```RestoreDBInstanceFromDBSnapshot`` <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html>`_ action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an unencrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
         :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Amazon VPC and Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
         :param db_system_id: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB`` . The Oracle SID is also the name of your CDB.
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
@@ -8897,7 +8903,7 @@ class CfnDBInstance(
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
         :param port: The port number on which the database accepts connections. This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. Valid Values: ``1150-65535`` Default: - RDS for Db2 - ``50000`` - RDS for MariaDB - ``3306`` - RDS for Microsoft SQL Server - ``1433`` - RDS for MySQL - ``3306`` - RDS for Oracle - ``1521`` - RDS for PostgreSQL - ``5432`` Constraints: - For RDS for Microsoft SQL Server, the value can't be ``1234`` , ``1434`` , ``3260`` , ``3343`` , ``3389`` , ``47001`` , or ``49152-49156`` .
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
-        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
+        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining a DB instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
         :param promotion_tier: The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see `Fault Tolerance for an Aurora DB Cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance>`_ in the *Amazon Aurora User Guide* . This setting doesn't apply to RDS Custom DB instances. Default: ``1`` Valid Values: ``0 - 15``
         :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the `CreateDBInstance <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html>`_ in the *Amazon RDS API Reference* .
@@ -8909,7 +8915,7 @@ class CfnDBInstance(
         :param source_dbi_resource_id: The resource ID of the source DB instance from which to restore.
         :param source_region: The ID of the region that contains the source DB instance for the read replica.
         :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
-        :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
+        :param storage_throughput: Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
         :param tags: Tags to assign to the DB instance.
         :param tde_credential_arn: 
@@ -9058,12 +9064,7 @@ class CfnDBInstance(
     @builtins.property
     @jsii.member(jsii_name="attrDatabaseInsightsMode")
     def attr_database_insights_mode(self) -> builtins.str:
-        '''The mode of Database Insights to enable for the DB instance.
-
-        This setting only applies to Amazon Aurora DB instances.
-        .. epigraph::
-
-           Currently, this value is inherited from the DB cluster and can't be changed.
+        '''The mode of Database Insights that is enabled for the instance.
 
         :cloudformationAttribute: DatabaseInsightsMode
         '''
@@ -10199,10 +10200,7 @@ class CfnDBInstance(
     @builtins.property
     @jsii.member(jsii_name="storageThroughput")
     def storage_throughput(self) -> typing.Optional[jsii.Number]:
-        '''Specifies the storage throughput value for the DB instance.
-
-        This setting applies only to the ``gp3`` storage type.
-        '''
+        '''Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance.'''
         return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "storageThroughput"))
 
     @storage_throughput.setter
@@ -10918,7 +10916,7 @@ class CfnDBInstanceProps:
         :param db_name: The meaning of this parameter differs according to the database engine you use. .. epigraph:: If you specify the ``[DBSnapshotIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsnapshotidentifier)`` property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: - Must contain 1 to 64 letters or numbers. - Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default ``postgres`` database is created in the DB instance. Constraints: - Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). - Must contain 1 to 63 characters. - Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify ``null`` , the default value ``ORCL`` is used. You can't specify the string NULL, or any other reserved word, for ``DBName`` . Default: ``ORCL`` Constraints: - Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
         :param db_parameter_group_name: The name of an existing DB parameter group or a reference to an `AWS::RDS::DBParameterGroup <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html>`_ resource created in the template. To list all of the available DB parameter group names, use the following command: ``aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text`` .. epigraph:: If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for ``DBParameterGroupName`` property, the default DB parameter group for the specified engine and engine version is used.
         :param db_security_groups: A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. .. epigraph:: If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: - ``AllocatedStorage`` - ``AutoMinorVersionUpgrade`` - ``AvailabilityZone`` - ``BackupRetentionPeriod`` - ``CharacterSetName`` - ``DBInstanceClass`` - ``DBName`` - ``DBParameterGroupName`` - ``DBSecurityGroups`` - ``DBSubnetGroupName`` - ``Engine`` - ``EngineVersion`` - ``Iops`` - ``LicenseModel`` - ``MasterUsername`` - ``MasterUserPassword`` - ``MultiAZ`` - ``OptionGroupName`` - ``PreferredBackupWindow`` - ``PreferredMaintenanceWindow`` All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as ``StorageType`` , ``StorageEncrypted`` , or ``KmsKeyId`` . If you're already using the ``DBSecurityGroups`` property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
-        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an unencrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
+        :param db_snapshot_identifier: The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties, and the point-in-time recovery properties ``RestoreTime`` and ``UseLatestRestorableTime`` . For information about the properties that you can specify, see the ```RestoreDBInstanceFromDBSnapshot`` <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html>`_ action in the *Amazon RDS API Reference* . After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted. If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: - ``CharacterSetName`` - ``DBClusterIdentifier`` - ``DBName`` - ``KmsKeyId`` - ``MasterUsername`` - ``MasterUserPassword`` - ``PromotionTier`` - ``SourceDBInstanceIdentifier`` - ``SourceRegion`` - ``StorageEncrypted`` (for an unencrypted snapshot) - ``Timezone`` *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
         :param db_subnet_group_name: A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see `Amazon VPC and Amazon RDS <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html>`_ in the *Amazon RDS User Guide* . This setting doesn't apply to Amazon Aurora DB instances. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
         :param db_system_id: The Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to ``RDSCDB`` . The Oracle SID is also the name of your CDB.
         :param dedicated_log_volume: Indicates whether the DB instance has a dedicated log volume (DLV) enabled.
@@ -10955,7 +10953,7 @@ class CfnDBInstanceProps:
         :param performance_insights_retention_period: The number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: - ``7`` - *month* * 31, where *month* is a number of months from 1-23. Examples: ``93`` (3 months * 31), ``341`` (11 months * 31), ``589`` (19 months * 31) - ``731`` Default: ``7`` days If you specify a retention period that isn't valid, such as ``94`` , Amazon RDS returns an error.
         :param port: The port number on which the database accepts connections. This setting doesn't apply to Aurora DB instances. The port number is managed by the cluster. Valid Values: ``1150-65535`` Default: - RDS for Db2 - ``50000`` - RDS for MariaDB - ``3306`` - RDS for Microsoft SQL Server - ``1433`` - RDS for MySQL - ``3306`` - RDS for Oracle - ``1521`` - RDS for PostgreSQL - ``5432`` Constraints: - For RDS for Microsoft SQL Server, the value can't be ``1234`` , ``1434`` , ``3260`` , ``3343`` , ``3389`` , ``47001`` , or ``49152-49156`` .
         :param preferred_backup_window: The daily time range during which automated backups are created if automated backups are enabled, using the ``BackupRetentionPeriod`` parameter. For more information, see `Backup Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow>`_ in the *Amazon RDS User Guide.* Constraints: - Must be in the format ``hh24:mi-hh24:mi`` . - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
-        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
+        :param preferred_maintenance_window: The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ``ddd:hh24:mi-ddd:hh24:mi`` The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining a DB instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.* .. epigraph:: This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
         :param processor_features: The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
         :param promotion_tier: The order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see `Fault Tolerance for an Aurora DB Cluster <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance>`_ in the *Amazon Aurora User Guide* . This setting doesn't apply to RDS Custom DB instances. Default: ``1`` Valid Values: ``0 - 15``
         :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. The default behavior value depends on your VPC setup and the database subnet group. For more information, see the ``PubliclyAccessible`` parameter in the `CreateDBInstance <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html>`_ in the *Amazon RDS API Reference* .
@@ -10967,7 +10965,7 @@ class CfnDBInstanceProps:
         :param source_dbi_resource_id: The resource ID of the source DB instance from which to restore.
         :param source_region: The ID of the region that contains the source DB instance for the read replica.
         :param storage_encrypted: A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the ``KmsKeyId`` property, then you must enable encryption. If you specify the ``SourceDBInstanceIdentifier`` or ``SourceDbiResourceId`` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified ``KmsKeyId`` property is used. If you specify the ``SourceDBInstanceAutomatedBackupsArn`` property, don't specify this property. The value is inherited from the source DB instance automated backup. If you specify ``DBSnapshotIdentifier`` property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
-        :param storage_throughput: Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
+        :param storage_throughput: Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance. This setting applies only to the ``gp3`` storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
         :param storage_type: The storage type to associate with the DB instance. If you specify ``io1`` , ``io2`` , or ``gp3`` , you must also include a value for the ``Iops`` parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: ``gp2 | gp3 | io1 | io2 | standard`` Default: ``io1`` , if the ``Iops`` parameter is specified. Otherwise, ``gp2`` .
         :param tags: Tags to assign to the DB instance.
         :param tde_credential_arn: 
@@ -11786,7 +11784,7 @@ class CfnDBInstanceProps:
 
         By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.
 
-        Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference* .
+        Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties, and the point-in-time recovery properties ``RestoreTime`` and ``UseLatestRestorableTime`` . For information about the properties that you can specify, see the ```RestoreDBInstanceFromDBSnapshot`` <https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html>`_ action in the *Amazon RDS API Reference* .
 
         After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.
 
@@ -12560,7 +12558,7 @@ class CfnDBInstanceProps:
 
         Format: ``ddd:hh24:mi-ddd:hh24:mi``
 
-        The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Adjusting the Preferred DB Instance Maintenance Window <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.*
+        The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see `Maintaining a DB instance <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow>`_ in the *Amazon RDS User Guide.*
         .. epigraph::
 
            This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.
@@ -12750,7 +12748,9 @@ class CfnDBInstanceProps:
 
     @builtins.property
     def storage_throughput(self) -> typing.Optional[jsii.Number]:
-        '''Specifies the storage throughput value for the DB instance. This setting applies only to the ``gp3`` storage type.
+        '''Specifies the storage throughput value, in mebibyte per second (MiBps), for the DB instance.
+
+        This setting applies only to the ``gp3`` storage type.
 
         This setting doesn't apply to RDS Custom or Amazon Aurora.
 
@@ -17438,7 +17438,7 @@ class CfnIntegration(
         *,
         source_arn: builtins.str,
         target_arn: builtins.str,
-        additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         data_filter: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         integration_name: typing.Optional[builtins.str] = None,
@@ -17563,14 +17563,14 @@ class CfnIntegration(
     @jsii.member(jsii_name="additionalEncryptionContext")
     def additional_encryption_context(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''An optional set of non-secret key–value pairs that contains additional contextual information about the data.'''
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "additionalEncryptionContext"))
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "additionalEncryptionContext"))
 
     @additional_encryption_context.setter
     def additional_encryption_context(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f7fbdfa17cddec711beb6235c912d759435b5df9d3a68892f8c59ac577e099e8)
@@ -17663,7 +17663,7 @@ class CfnIntegrationProps:
         *,
         source_arn: builtins.str,
         target_arn: builtins.str,
-        additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         data_filter: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
         integration_name: typing.Optional[builtins.str] = None,
@@ -17758,7 +17758,7 @@ class CfnIntegrationProps:
     @builtins.property
     def additional_encryption_context(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''An optional set of non-secret key–value pairs that contains additional contextual information about the data.
 
         For more information, see `Encryption context <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context>`_ in the *AWS Key Management Service Developer Guide* .
@@ -17768,7 +17768,7 @@ class CfnIntegrationProps:
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-integration.html#cfn-rds-integration-additionalencryptioncontext
         '''
         result = self._values.get("additional_encryption_context")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
 
     @builtins.property
     def data_filter(self) -> typing.Optional[builtins.str]:
@@ -30834,7 +30834,7 @@ class LicenseModel(enum.Enum):
     LICENSE_INCLUDED = "LICENSE_INCLUDED"
     '''License included.'''
     BRING_YOUR_OWN_LICENSE = "BRING_YOUR_OWN_LICENSE"
-    '''Bring your own licencse.'''
+    '''Bring your own license.'''
     GENERAL_PUBLIC_LICENSE = "GENERAL_PUBLIC_LICENSE"
     '''General public license.'''
 
@@ -38191,7 +38191,7 @@ class ServerlessV2ClusterInstanceProps(ClusterInstanceOptions):
         :param performance_insight_retention: The amount of time, in days, to retain Performance Insights data. Default: 7
         :param preferred_maintenance_window: A preferred maintenance window day/time range. Should be specified as a range ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). Example: 'Sun:23:45-Mon:00:15' Default: - 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.
         :param publicly_accessible: Indicates whether the DB instance is an internet-facing instance. If not specified, the cluster's vpcSubnets will be used to determine if the instance is internet-facing or not. Default: - ``true`` if the cluster's ``vpcSubnets`` is ``subnetType: SubnetType.PUBLIC``, ``false`` otherwise
-        :param scale_with_writer: Only applicable to reader instances. If this is true then the instance will be placed in promotion tier 1, otherwise it will be placed in promotion tier 2. For serverless v2 instances this means: - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless) - false: The serverless v2 reader will scale with the read workfload on the instance Default: false
+        :param scale_with_writer: Only applicable to reader instances. If this is true then the instance will be placed in promotion tier 1, otherwise it will be placed in promotion tier 2. For serverless v2 instances this means: - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless) - false: The serverless v2 reader will scale with the read workload on the instance Default: false
 
         :exampleMetadata: infused
 
@@ -38441,7 +38441,7 @@ class ServerlessV2ClusterInstanceProps(ClusterInstanceOptions):
         For serverless v2 instances this means:
 
         - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless)
-        - false: The serverless v2 reader will scale with the read workfload on the instance
+        - false: The serverless v2 reader will scale with the read workload on the instance
 
         :default: false
         '''
@@ -40355,7 +40355,7 @@ class ClusterInstance(
         '''Add a serverless v2 instance to the cluster.
 
         :param id: -
-        :param scale_with_writer: Only applicable to reader instances. If this is true then the instance will be placed in promotion tier 1, otherwise it will be placed in promotion tier 2. For serverless v2 instances this means: - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless) - false: The serverless v2 reader will scale with the read workfload on the instance Default: false
+        :param scale_with_writer: Only applicable to reader instances. If this is true then the instance will be placed in promotion tier 1, otherwise it will be placed in promotion tier 2. For serverless v2 instances this means: - true: The serverless v2 reader will scale to match the writer instance (provisioned or serverless) - false: The serverless v2 reader will scale with the read workload on the instance Default: false
         :param allow_major_version_upgrade: Whether to allow upgrade of major version for the DB instance. Default: - false
         :param auto_minor_version_upgrade: Whether to enable automatic upgrade of minor version for the DB instance. Default: - true
         :param ca_certificate: The identifier of the CA certificate for this DB cluster's instances. Specifying or updating this property triggers a reboot. For RDS DB engines: Default: - RDS will choose a certificate authority
@@ -48969,7 +48969,7 @@ def _typecheckingstub__0596ec891883071cc8cc2bad7e4e8120eefe68f759bfc17fdbfc1a525
     *,
     source_arn: builtins.str,
     target_arn: builtins.str,
-    additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     data_filter: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     integration_name: typing.Optional[builtins.str] = None,
@@ -49004,7 +49004,7 @@ def _typecheckingstub__6dd8ff906d13523a9100f3e1da8891fd48222fa9aef07e443b5b2ab9f
     pass
 
 def _typecheckingstub__f7fbdfa17cddec711beb6235c912d759435b5df9d3a68892f8c59ac577e099e8(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -49043,7 +49043,7 @@ def _typecheckingstub__69f4caa1fd2b447a305e7c18241756ad629a86b97bd052f17e677fc84
     *,
     source_arn: builtins.str,
     target_arn: builtins.str,
-    additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     data_filter: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
     integration_name: typing.Optional[builtins.str] = None,

aws_cdk/aws_redshift/__init__.py

@@ -249,7 +249,7 @@ class CfnCluster(
         :param defer_maintenance_start_time: A timestamp indicating the start time for the deferred maintenance window.
         :param destination_region: The destination region that snapshots are automatically copied to when cross-region snapshot copy is enabled.
         :param elastic_ip: The Elastic IP (EIP) address for the cluster. Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible through an Internet gateway. Don't specify the Elastic IP address for a publicly accessible cluster with availability zone relocation turned on. For more information about provisioning clusters in EC2-VPC, go to `Supported Platforms to Launch Your Cluster <https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#cluster-platforms>`_ in the Amazon Redshift Cluster Management Guide.
-        :param encrypted: If ``true`` , the data in the cluster is encrypted at rest. Default: false
+        :param encrypted: If ``true`` , the data in the cluster is encrypted at rest. If you set the value on this parameter to ``false`` , the request will fail. Default: true
         :param endpoint: The connection endpoint.
         :param enhanced_vpc_routing: An option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. For more information, see `Enhanced VPC Routing <https://docs.aws.amazon.com/redshift/latest/mgmt/enhanced-vpc-routing.html>`_ in the Amazon Redshift Cluster Management Guide. If this option is ``true`` , enhanced VPC routing is enabled. Default: false
         :param hsm_client_certificate_identifier: Specifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM.
@@ -268,7 +268,7 @@ class CfnCluster(
         :param owner_account: The AWS account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.
         :param port: The port number on which the cluster accepts incoming connections. The cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections. Default: ``5439`` Valid Values: - For clusters with ra3 nodes - Select a port within the ranges ``5431-5455`` or ``8191-8215`` . (If you have an existing cluster with ra3 nodes, it isn't required that you change the port to these ranges.) - For clusters with dc2 nodes - Select a port within the range ``1150-65535`` .
         :param preferred_maintenance_window: The weekly time range (in UTC) during which automated cluster maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. For more information about the time blocks for each region, see `Maintenance Windows <https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#rs-maintenance-windows>`_ in Amazon Redshift Cluster Management Guide. Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun Constraints: Minimum 30-minute window.
-        :param publicly_accessible: If ``true`` , the cluster can be accessed from a public network.
+        :param publicly_accessible: If ``true`` , the cluster can be accessed from a public network. Default: false
         :param resource_action: The Amazon Redshift operation to be performed. Supported operations are ``pause-cluster`` , ``resume-cluster`` , and ``failover-primary-compute`` .
         :param revision_target: Describes a ``RevisionTarget`` object.
         :param rotate_encryption_key: Rotates the encryption keys for a cluster.
@@ -1948,7 +1948,7 @@ class CfnClusterProps:
         :param defer_maintenance_start_time: A timestamp indicating the start time for the deferred maintenance window.
         :param destination_region: The destination region that snapshots are automatically copied to when cross-region snapshot copy is enabled.
         :param elastic_ip: The Elastic IP (EIP) address for the cluster. Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible through an Internet gateway. Don't specify the Elastic IP address for a publicly accessible cluster with availability zone relocation turned on. For more information about provisioning clusters in EC2-VPC, go to `Supported Platforms to Launch Your Cluster <https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#cluster-platforms>`_ in the Amazon Redshift Cluster Management Guide.
-        :param encrypted: If ``true`` , the data in the cluster is encrypted at rest. Default: false
+        :param encrypted: If ``true`` , the data in the cluster is encrypted at rest. If you set the value on this parameter to ``false`` , the request will fail. Default: true
         :param endpoint: The connection endpoint.
         :param enhanced_vpc_routing: An option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. For more information, see `Enhanced VPC Routing <https://docs.aws.amazon.com/redshift/latest/mgmt/enhanced-vpc-routing.html>`_ in the Amazon Redshift Cluster Management Guide. If this option is ``true`` , enhanced VPC routing is enabled. Default: false
         :param hsm_client_certificate_identifier: Specifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM.
@@ -1967,7 +1967,7 @@ class CfnClusterProps:
         :param owner_account: The AWS account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.
         :param port: The port number on which the cluster accepts incoming connections. The cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections. Default: ``5439`` Valid Values: - For clusters with ra3 nodes - Select a port within the ranges ``5431-5455`` or ``8191-8215`` . (If you have an existing cluster with ra3 nodes, it isn't required that you change the port to these ranges.) - For clusters with dc2 nodes - Select a port within the range ``1150-65535`` .
         :param preferred_maintenance_window: The weekly time range (in UTC) during which automated cluster maintenance can occur. Format: ``ddd:hh24:mi-ddd:hh24:mi`` Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. For more information about the time blocks for each region, see `Maintenance Windows <https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html#rs-maintenance-windows>`_ in Amazon Redshift Cluster Management Guide. Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun Constraints: Minimum 30-minute window.
-        :param publicly_accessible: If ``true`` , the cluster can be accessed from a public network.
+        :param publicly_accessible: If ``true`` , the cluster can be accessed from a public network. Default: false
         :param resource_action: The Amazon Redshift operation to be performed. Supported operations are ``pause-cluster`` , ``resume-cluster`` , and ``failover-primary-compute`` .
         :param revision_target: Describes a ``RevisionTarget`` object.
         :param rotate_encryption_key: Rotates the encryption keys for a cluster.
@@ -2516,7 +2516,9 @@ class CfnClusterProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''If ``true`` , the data in the cluster is encrypted at rest.
 
-        Default: false
+        If you set the value on this parameter to ``false`` , the request will fail.
+
+        Default: true
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-encrypted
         '''
@@ -2762,6 +2764,8 @@ class CfnClusterProps:
     ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
         '''If ``true`` , the cluster can be accessed from a public network.
 
+        Default: false
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-cluster.html#cfn-redshift-cluster-publiclyaccessible
         '''
         result = self._values.get("publicly_accessible")
@@ -5154,7 +5158,7 @@ class CfnIntegration(
         *,
         source_arn: builtins.str,
         target_arn: builtins.str,
-        additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         integration_name: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -5273,14 +5277,14 @@ class CfnIntegration(
     @jsii.member(jsii_name="additionalEncryptionContext")
     def additional_encryption_context(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''The encryption context for the integration.'''
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], jsii.get(self, "additionalEncryptionContext"))
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], jsii.get(self, "additionalEncryptionContext"))
 
     @additional_encryption_context.setter
     def additional_encryption_context(
         self,
-        value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+        value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
     ) -> None:
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__aa11884b39e9757aed26782736b9cc7a1beb8245295ed73bee247717d47e3404)
@@ -5345,7 +5349,7 @@ class CfnIntegrationProps:
         *,
         source_arn: builtins.str,
         target_arn: builtins.str,
-        additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+        additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
         integration_name: typing.Optional[builtins.str] = None,
         kms_key_id: typing.Optional[builtins.str] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -5428,7 +5432,7 @@ class CfnIntegrationProps:
     @builtins.property
     def additional_encryption_context(
         self,
-    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]]:
+    ) -> typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]]:
         '''The encryption context for the integration.
 
         For more information, see `Encryption context <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context>`_ in the *AWS Key Management Service Developer Guide* .
@@ -5436,7 +5440,7 @@ class CfnIntegrationProps:
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-redshift-integration.html#cfn-redshift-integration-additionalencryptioncontext
         '''
         result = self._values.get("additional_encryption_context")
-        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]], result)
+        return typing.cast(typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]], result)
 
     @builtins.property
     def integration_name(self) -> typing.Optional[builtins.str]:
@@ -7257,7 +7261,7 @@ def _typecheckingstub__195f43b15319a462222fa2f5a73df1bdd50a48d85ec97165e527a5a95
     *,
     source_arn: builtins.str,
     target_arn: builtins.str,
-    additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     integration_name: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -7290,7 +7294,7 @@ def _typecheckingstub__473e7fefd01e8847abdf871f505831761b00d033de772a1d8e2feb028
     pass
 
 def _typecheckingstub__aa11884b39e9757aed26782736b9cc7a1beb8245295ed73bee247717d47e3404(
-    value: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]],
+    value: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]],
 ) -> None:
     """Type checking stubs"""
     pass
@@ -7317,7 +7321,7 @@ def _typecheckingstub__0772e4da780df63d61457c13aa77602f5d56797dbd993866c48762708
     *,
     source_arn: builtins.str,
     target_arn: builtins.str,
-    additional_encryption_context: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, builtins.str]]] = None,
+    additional_encryption_context: typing.Optional[typing.Union[typing.Mapping[builtins.str, builtins.str], _IResolvable_da3f097b]] = None,
     integration_name: typing.Optional[builtins.str] = None,
     kms_key_id: typing.Optional[builtins.str] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,