Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::RDS::DBInstance

The AWS::RDS::DBInstance type creates an Amazon Relational Database Service (Amazon RDS) DB instance. For detailed information about configuring RDS DB instances, see CreateDBInstance.

Important

If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see Prevent Updates to Stack Resources.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RDS::DBInstance",
  "Properties" :
  {
    "AllocatedStorage" : String,
    "AllowMajorVersionUpgrade" : Boolean,
    "AutoMinorVersionUpgrade" : Boolean,
    "AvailabilityZone" : String,
    "BackupRetentionPeriod" : String,
    "CharacterSetName" : String,
    "CopyTagsToSnapshot" : Boolean,
    "DBClusterIdentifier" : String,
    "DBInstanceClass" : String,
    "DBInstanceIdentifier" : String,
    "DBName" : String,
    "DBParameterGroupName" : String,
    "DBSecurityGroups" : [ String, ... ],
    "DBSnapshotIdentifier" : String,
    "DBSubnetGroupName" : String,
    "Domain" : String,
    "DomainIAMRoleName" : String,
    "Engine" : String,
    "EngineVersion" : String,
    "Iops" : Number,
    "KmsKeyId" : String,
    "LicenseModel" : String,
    "MasterUsername" : String,
    "MasterUserPassword" : String,
    "MonitoringInterval" : Integer,
    "MonitoringRoleArn" : String,
    "MultiAZ" : Boolean,
    "OptionGroupName" : String,
    "Port" : String,
    "PreferredBackupWindow" : String,
    "PreferredMaintenanceWindow" : String,
    "PubliclyAccessible" : Boolean,
    "SourceDBInstanceIdentifier" : String,
    "StorageEncrypted" : Boolean,
    "StorageType" : String,
    "Tags" : [ Resource Tag, ... ],
    "VPCSecurityGroups" : [ String, ... ]
  }
}

YAML

Type: "AWS::RDS::DBInstance"
Properties:
  AllocatedStorage: String
  AllowMajorVersionUpgrade: Boolean
  AutoMinorVersionUpgrade: Boolean
  AvailabilityZone: String
  BackupRetentionPeriod: String
  CharacterSetName: String
  CopyTagsToSnapshot: Boolean
  DBClusterIdentifier: String
  DBInstanceClass: String
  DBInstanceIdentifier: String
  DBName: String
  DBParameterGroupName: String
  DBSecurityGroups:
    - String
  DBSnapshotIdentifier: String
  DBSubnetGroupName: String
  Domain: String,
  DomainIAMRoleName: String,
  Engine: String
  EngineVersion: String
  Iops: Number
  KmsKeyId: String
  LicenseModel: String
  MasterUsername: String
  MasterUserPassword: String
  MonitoringInterval: Integer,
  MonitoringRoleArn: String,
  MultiAZ: Boolean
  OptionGroupName: String
  Port: String
  PreferredBackupWindow: String
  PreferredMaintenanceWindow: String
  PubliclyAccessible: Boolean
  SourceDBInstanceIdentifier: String
  StorageEncrypted: Boolean
  StorageType: String
  Tags:
    Resource Tag
  VPCSecurityGroups:
    - String

Properties

AllocatedStorage

The allocated storage size, specified in gigabytes (GB).

If any value is set in the Iops parameter, AllocatedStorage must be at least 100 GB, which corresponds to the minimum Iops value of 1,000. If you increase the Iops value (in 1,000 IOPS increments), then you must also increase the AllocatedStorage value (in 100 GB increments).

Required: Conditional. This property is required unless you specify the DBClusterIdentifier property. In that case, do not specify this property.

Type: String

Update requires: No interruption

AllowMajorVersionUpgrade

Indicates whether major version upgrades are allowed. Setting this parameter does not result in an outage, and the change is applied asynchronously as soon as possible.

Constraints: Set this parameter to true when you specify an EngineVersion that differs from the DB instance's current major version.

Required: No

Type: Boolean

Update requires: No interruption

AutoMinorVersionUpgrade

Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window. The default value is true.

Required: No

Type: Boolean

Update requires: No interruption or some interruptions. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

AvailabilityZone

The name of the Availability Zone where the DB instance is located. You cannot set the AvailabilityZone parameter if the MultiAZ parameter is set to true.

Required: No

Type: String

Update requires: Replacement

BackupRetentionPeriod

The number of days during which automatic DB snapshots are retained.

Important

If this DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots.

Required: No

Type: String

Update requires: No interruption or some interruptions. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

CharacterSetName

For supported engines, specifies the character set to associate with the DB instance. For more information, see Appendix: Oracle Character Sets Supported in Amazon RDS in the Amazon Relational Database Service User Guide.

If you specify the DBSnapshotIdentifier or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the snapshot or source DB instance.

Required: No

Type: String

Update requires: Replacement

CopyTagsToSnapshot

Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. By default, Amazon RDS doesn't copy tags to snapshots. Amazon RDS doesn't copy tags with the aws:: prefix unless it's the DB instance's final snapshot (the snapshot when you delete the DB instance).

Required: No

Type: Boolean

Update requires: No interruption

DBClusterIdentifier

The name of an existing DB cluster that this instance will be associated with. If you specify this property, specify aurora for the Engine property and do not specify any of the following properties: AllocatedStorage, BackupRetentionPeriod, CharacterSetName, DBSecurityGroups, PreferredBackupWindow, PreferredMaintenanceWindow, Port, SourceDBInstanceIdentifier, or StorageType.

Amazon RDS assigns the first DB instance in the cluster as the primary, and additional DB instances as replicas.

Required: No

Type: String

Update requires: Replacement

DBInstanceClass

The name of the compute and memory capacity classes of the DB instance.

Required: Yes

Type: String

Update requires: Some interruptions

DBInstanceIdentifier

A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lower case. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see Name Type.

Important

If you specify a name, you cannot do updates that require this resource to be replaced. You can still do updates that require no or some interruption. If you must replace the resource, specify a new name.

Required: No

Type: String

Update requires: Replacement

DBName

The name of the DB instance that was provided at the time of creation, if one was specified. This same name is returned for the life of the DB instance.

Note

If you restore DB instances from snapshots, specify this property for the MySQL or MariaDB engines.

Required: No

Type: String

Update requires: Replacement

DBParameterGroupName

The name of an existing DB parameter group or a reference to an AWS::RDS::DBParameterGroup resource created in the template.

Required: No

Type: String

Update requires: No interruption or some interruptions. If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, causing some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.

DBSecurityGroups

A list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template.

If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice-versa.

Important

If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS:

  • AllocatedStorage

  • AutoMinorVersionUpgrade

  • AvailabilityZone

  • BackupRetentionPeriod

  • CharacterSetName

  • DbInstanceClass

  • DbName

  • DbParameterGroupName

  • DbSecurityGroups

  • DbSubnetGroupName

  • Engine

  • EngineVersion

  • Iops

  • LicenseModel

  • MasterUsername

  • MasterUserPassword

  • MultiAZ

  • OptionGroupName

  • PreferredBackupWindow

  • PreferredMaintenanceWindow

All other properties are ignored. Specify a VPC security group if you want to submit other properties, such as StorageType, StorageEncrypted, or KmsKeyId.

Required: No

Type: List of strings

Update requires: No interruption

DBSnapshotIdentifier

The name or ARN of the DB snapshot used to restore the DB instance. If you are restoring from a shared manual DB snapshot, you must specify the Amazon Resource Name (ARN) of the snapshot.

By specifying this property, you can create a DB instance from the specified DB snapshot. If the DBSnapshotIdentifier property is an empty string or the AWS::RDS::DBInstance declaration has no DBSnapshotIdentifier property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name does not exist, AWS CloudFormation can't create the database and it rolls the back the stack.

Some DB instance properties are not valid when you restore from a snapshot, such as the MasterUsername and MasterUserPassword properties. For information about the properties that you can specify, see the RestoreDBInstanceFromDBSnapshot action in the Amazon Relational Database Service API Reference.

Required: No

Type: String

Update requires: Replacement

DBSubnetGroupName

A DB subnet group to associate with the DB instance.

If there is no DB subnet group, then the instance is not a VPC DB instance.

For more information about using Amazon RDS in a VPC, see Using Amazon RDS with Amazon Virtual Private Cloud (VPC) in the Amazon Relational Database Service Developer Guide.

Required: No

Type: String

Update requires: Replacement

Domain

For an Amazon RDS DB instance that is running Microsoft SQL Server, the Active Directory directory ID to create the instance in. Amazon RDS uses Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon Relational Database Service User Guide.

If you specify this property, you must specify a SQL Server engine for the Engine property.

Required: No

Type: String

Update requires: No interruption

DomainIAMRoleName

The name of an IAM role that Amazon RDS uses when calling the Directory Service APIs.

Required: No

Type: String

Update requires: No interruption

Engine

The database engine that the DB instance uses. This property is optional when you specify the DBSnapshotIdentifier property to create DB instances.

For valid values, see the Engine parameter of the CreateDBInstance action in the Amazon Relational Database Service API Reference.

Required: Conditional

Type: String

Update requires: Replacement

EngineVersion

The version number of the database engine that the DB instance uses.

Required: No

Type: String

Update requires: Some interruptions

Iops

The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000.

If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GB of storage (a ratio of 5:1) or specify 2000 IOPS with 200 GB of storage (a ratio of 10:1). For more information, see Amazon RDS Provisioned IOPS Storage to Improve Performance in the Amazon Relational Database Service User Guide.

Required: Conditional. If you specify io1 for the StorageType property, you must specify this property.

Type: Number

Update requires: No interruption

KmsKeyId

The ARN of the AWS Key Management Service (AWS KMS) master key that is used to encrypt the DB instance, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default master key. If you specify this property, you must set the StorageEncrypted property to true.

If you specify the DBSnapshotIdentifier or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the snapshot or source database instance.

Note

If you specify DBSecurityGroups, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide.

Required: No

Type: String

Update requires: Replacement

LicenseModel

The license model of the DB instance.

Required: No

Type: String

Update requires: Replacement

MasterUsername

The master user name for the DB instance.

Note

If you specify the SourceDBInstanceIdentifier or DBSnapshotIdentifier property, do not specify this property. The value is inherited from the source DB instance or snapshot.

Required: Conditional

Type: String

Update requires: Replacement

MasterUserPassword

The master password for the DB instance.

Note

If you specify the SourceDBInstanceIdentifier or DBSnapshotIdentifier property, do not specify this property. The value is inherited from the source DB instance or snapshot.

Required: Conditional

Type: String

Update requires: No interruption

MonitoringInterval

The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance. To disable metrics collection, specify 0.

For default and valid values, see the MonitoringInterval parameter for the CreateDBInstance action in the Amazon Relational Database Service API Reference.

Required: Conditional. If you specify the MonitoringRoleArn property, specify a value other than 0 for MonitoringInterval.

Type: Integer

Update requires: No interruption or some interruptions. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

MonitoringRoleArn

The ARN of the AWS Identity and Access Management (IAM) role that permits Amazon RDS to send enhanced monitoring metrics to Amazon CloudWatch, for example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon Relational Database Service User Guide.

Required: Conditional. If you specify a value other than 0 for the MonitoringInterval property, specify a value for MonitoringRoleArn.

Type: String

Update requires: No interruption

MultiAZ

Specifies if the database instance is a multiple Availability Zone deployment. You cannot set the AvailabilityZone parameter if the MultiAZ parameter is set to true.

Required: No

Type: Boolean

Update requires: No interruption

OptionGroupName

The option group that this DB instance is associated with.

Required: No

Type: String

Update requires: No interruption

Port

The port for the instance.

Required: No

Type: String

Update requires: Replacement

PreferredBackupWindow

The daily time range during which automated backups are performed if automated backups are enabled, as determined by the BackupRetentionPeriod property. For valid values, see the PreferredBackupWindow parameter for the CreateDBInstance action in the Amazon Relational Database Service API Reference.

Required: No

Type: String

Update requires: No interruption

PreferredMaintenanceWindow

The weekly time range (in UTC) during which system maintenance can occur. For valid values, see the PreferredMaintenanceWindow parameter for the CreateDBInstance action in the Amazon Relational Database Service API Reference.

Note

This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.

Required: No

Type: String

Update requires: No interruption or some interruptions. For more information, see ModifyDBInstance in the Amazon Relational Database Service API Reference.

PubliclyAccessible

Indicates whether the DB instance is an Internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address.

The default behavior value depends on your VPC setup and the database subnet group. For more information, see the PubliclyAccessible parameter in CreateDBInstance in the Amazon Relational Database Service API Reference.

If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment. For more information, see DependsOn Attribute.

Note

If you specify DBSecurityGroups, AWS CloudFormation ignores this property. To specify a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide.

Required: No

Type: Boolean

Update requires: Replacement

SourceDBInstanceIdentifier

If you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see Working with Read Replicas in the Amazon Relational Database Service Developer Guide.

The SourceDBInstanceIdentifier property determines whether a DB instance is a read replica. If you remove the SourceDBInstanceIdentifier property from your template and then update your stack, AWS CloudFormation deletes the read replica and creates a new DB instance (not a read replica).

Important

  • Read replicas do not support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica.

  • If you specify SourceDBInstanceIdentifier, do not set the MultiAZ property to true and do not specify the DBSnapshotIdentifier property. You cannot deploy read replicas in multiple Availability Zones, and you cannot create a read replica from a snapshot.

  • Do not set the BackupRetentionPeriod, DBName, MasterUsername, MasterUserPassword, and PreferredBackupWindow properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas.

  • If the source DB instance is in a different region than the read replica, specify an ARN for a valid DB instance. For more information, see Constructing a Amazon RDS Amazon Resource Name (ARN) in the Amazon Relational Database Service User Guide.

  • For DB instances in Amazon Aurora clusters, do not specify this property. Amazon RDS automatically assigns writer and reader DB instances.

Required: No

Type: String

Update requires: Replacement

StorageEncrypted

Indicates whether the DB instance is encrypted.

If you specify the DBClusterIdentifier, DBSnapshotIdentifier, or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the cluster, snapshot, or source DB instance.

Required: Conditional. If you specify the KmsKeyId property, you must enable encryption.

Type: Boolean

Update requires: Replacement

StorageType

The storage type associated with this DB instance.

For the default and valid values, see the StorageType parameter of the CreateDBInstance action in the Amazon Relational Database Service API Reference.

Required: No

Type: String

Update requires: Some interruptions

Tags

An arbitrary set of tags (key–value pairs) for this DB instance.

Required: No

Type: AWS CloudFormation Resource Tags

Update requires: No interruption

VPCSecurityGroups

A list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to AWS::EC2::SecurityGroup resources created in the template.

If you set VPCSecurityGroups, you must not set DBSecurityGroups, and vice versa.

Important

You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind:

  • You cannot revert to using an RDS security group after you establish a VPC security group membership.

  • When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instance update fails, or because an update fails in another AWS CloudFormation resource, the rollback will fail because it cannot revert to an RDS security group.

To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template.

Required: No

Type: List of strings

Update requires: No interruption

Updating and Deleting AWS::RDS::DBInstance Resources

When properties labeled "Update requires: Replacement" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance.

Important

We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you will lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure:

  1. Deactivate any applications that are using the DB instance so that there is no activity on the DB instance.

  2. Create a snapshot of the DB instance. For more information about creating DB snapshots, see Creating a DB snapshot.

  3. If you want to restore your instance using a DB snapshot, modify the updated template with your DB instance changes and add the DBSnapshotIdentifier property with the ID of the DB snapshot that you want to use.

  4. Update the stack.

For more information about updating other properties of this resource, see ModifyDBInstance. For more information about updating stacks, see AWS CloudFormation Stacks Updates.

You can set a deletion policy for your DB instance to control how AWS CloudFormation handles the instance when the stack is deleted. For Amazon RDS DB instances, you can choose to retain the instance, to delete the instance, or to create a snapshot of the instance. For more information, see DeletionPolicy Attribute.

Return Values

Ref

When you provide the RDS DB instance's logical name to the Ref intrinsic function, Ref will return the DBInstanceIdentifier. For example: mystack-mydb-ea5ugmfvuaxg.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and sample return values.

  • Endpoint.Address

    The connection endpoint for the database. For example: mystack-mydb-1apw1j4phylrk.cg034hpkmmjt.us-east-1.rds.amazonaws.com.

  • Endpoint.Port

    The port number on which the database accepts connections. For example: 3306.

For more information about using Fn::GetAtt, see Fn::GetAtt.

Examples

DBInstance with a set MySQL version, Tags and DeletionPolicy

This example shows how to set the MySQL version that has a DeletionPolicy Attribute set. With the DeletionPolicy set to Snapshot, AWS CloudFormation will take a snapshot of this DB instance before deleting it during stack deletion. A tag that contains a friendly name for the database is also set.

JSON


"MyDB" : {
   "Type" : "AWS::RDS::DBInstance",
   "Properties" : {
      "DBName" : { "Ref" : "DBName" },
      "AllocatedStorage" : { "Ref" : "DBAllocatedStorage" },
      "DBInstanceClass" : { "Ref" : "DBInstanceClass" },
      "Engine" : "MySQL",
      "EngineVersion" : "5.5",
      "MasterUsername" : { "Ref" : "DBUser" },
      "MasterUserPassword" : { "Ref" : "DBPassword" },
      "Tags" : [ { "Key" : "Name", "Value" : "My SQL Database" } ]
   },
   "DeletionPolicy" : "Snapshot"
}         

YAML

MyDB: 
  Type: "AWS::RDS::DBInstance"
  Properties: 
    DBName: 
      Ref: "DBName"
    AllocatedStorage: 
      Ref: "DBAllocatedStorage"
    DBInstanceClass: 
      Ref: "DBInstanceClass"
    Engine: "MySQL"
    EngineVersion: "5.5"
    MasterUsername: 
      Ref: "DBUser"
    MasterUserPassword: 
      Ref: "DBPassword"
    Tags: 
      - 
        Key: "Name"
        Value: "My SQL Database"
  DeletionPolicy: "Snapshot"

DBInstance with provisioned IOPS

This example sets a provisioned IOPS value in the Iops property. Note that the AllocatedStorage property is set according to the 10:1 ratio between IOPS and GiBs of storage.

JSON


"MyDB" : {
   "Type" : "AWS::RDS::DBInstance",
   "Properties" : {
      "AllocatedStorage" : "100",
      "DBInstanceClass" : "db.m1.small",
      "Engine" : "MySQL",
      "EngineVersion" : "5.5",
      "Iops" : "1000",
      "MasterUsername" : { "Ref" : "DBUser" },
      "MasterUserPassword" : { "Ref" : "DBPassword" }
   }
}        

YAML

MyDB: 
  Type: "AWS::RDS::DBInstance"
  Properties: 
    AllocatedStorage: "100"
    DBInstanceClass: "db.m1.small"
    Engine: "MySQL"
    EngineVersion: "5.5"
    Iops: "1000"
    MasterUsername: 
      Ref: "DBUser"
    MasterUserPassword: 
      Ref: "DBPassword"

Read replica DBInstance

This example creates a read replica named MyDBreadreplica for the MyDB DB instance.

JSON

"MyDB" : {
   "Type" : "AWS::RDS::DBInstance",
   "Properties" : {
      "DBName" : { "Ref" : "DBName" },
      "AllocatedStorage" : { "Ref" : "DBAllocatedStorage" },
      "DBInstanceClass" : { "Ref" : "DBInstanceClass" },
      "Engine" : "MySQL",
      "EngineVersion" : "5.5",
      "MasterUsername" : { "Ref" : "DBUser" },
      "MasterUserPassword" : { "Ref" : "DBPassword" },
      "Tags" : [ { "Key" : "Name", "Value" : "My SQL Database" } ]
   },
   "DeletionPolicy" : "Snapshot"
}

YAML

MyDB: 
  Type: "AWS::RDS::DBInstance"
  Properties: 
    DBName: 
      Ref: "DBName"
    AllocatedStorage: 
      Ref: "DBAllocatedStorage"
    DBInstanceClass: 
      Ref: "DBInstanceClass"
    Engine: "MySQL"
    EngineVersion: "5.5"
    MasterUsername: 
      Ref: "DBUser"
    MasterUserPassword: 
      Ref: "DBPassword"
    Tags: 
      - 
        Key: "Name"
        Value: "My SQL Database"
  DeletionPolicy: "Snapshot"