Menu
Amazon Relational Database Service
API Reference (API Version 2014-10-31)

CreateDBInstanceReadReplica

Creates a DB instance for a DB instance running MySQL, MariaDB, or PostgreSQL that acts as a Read Replica of a source DB instance.

Note

Amazon Aurora does not support this action. You must call the CreateDBInstance action to create a DB instance for an Aurora DB cluster.

All Read Replica DB instances are created as Single-AZ deployments with backups disabled. All other DB instance attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance, except as specified below.

Important

The source DB instance must have backup retention enabled.

You can create an encrypted Read Replica in a different AWS Region than the source DB instance. In that case, the region where you call the CreateDBInstanceReadReplica action is the destination region of the encrypted Read Replica. The source DB instance must be encrypted.

To create an encrypted Read Replica in another AWS Region, you must provide the following values:

  • KmsKeyId - The AWS Key Management System (KMS) key identifier for the key to use to encrypt the Read Replica in the destination region.

  • PreSignedUrl - A URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API action in the AWS region that contains the source DB instance. The PreSignedUrl parameter must be used when encrypting a Read Replica from another AWS region.

    The presigned URL must be a valid request for the CreateDBInstanceReadReplica API action that can be executed in the source region that contains the encrypted DB instance. The presigned URL request must contain the following parameter values:

    • DestinationRegion - The AWS Region that the Read Replica is created in. This region is the same one where the CreateDBInstanceReadReplica action is called that contains this presigned URL.

      For example, if you create an encrypted Read Replica in the us-east-1 region, and the source DB instance is in the west-2 region, then you call the CreateDBInstanceReadReplica action in the us-east-1 region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica action in the us-west-2 region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 region.

    • KmsKeyId - The KMS key identifier for the key to use to encrypt the Read Replica in the destination region. This is the same identifier for both the CreateDBInstanceReadReplica action that is called in the destination region, and the action contained in the presigned URL.

    • SourceDBInstanceIdentifier - The DB instance identifier for the encrypted Read Replica to be created. This identifier must be in the Amazon Resource Name (ARN) format for the source region. For example, if you create an encrypted Read Replica from a DB instance in the us-west-2 region, then your SourceDBInstanceIdentifier would look like this example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-instance-20161115.

    To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (AWS Signature Version 4) and Signature Version 4 Signing Process.

  • DBInstanceIdentifier - The identifier for the encrypted Read Replica in the destination region.

  • SourceDBInstanceIdentifier - The DB instance identifier for the encrypted Read Replica. This identifier must be in the ARN format for the source region and is the same value as the SourceDBInstanceIdentifier in the presigned URL.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

AutoMinorVersionUpgrade

Indicates that minor engine upgrades will be applied automatically to the Read Replica during the maintenance window.

Default: Inherits from the source DB instance

Type: Boolean

Required: No

AvailabilityZone

The Amazon EC2 Availability Zone that the Read Replica will be created in.

Default: A random, system-chosen Availability Zone in the endpoint's region.

Example: us-east-1d

Type: String

Required: No

CopyTagsToSnapshot

True to copy all tags from the Read Replica to snapshots of the Read Replica; otherwise false. The default is false.

Type: Boolean

Required: No

DBInstanceClass

The compute and memory capacity of the Read Replica. Note that not all instance classes are available in all regions for all DB engines.

Valid Values: db.m1.small | db.m1.medium | db.m1.large | db.m1.xlarge | db.m2.xlarge |db.m2.2xlarge | db.m2.4xlarge | db.m3.medium | db.m3.large | db.m3.xlarge | db.m3.2xlarge | db.m4.large | db.m4.xlarge | db.m4.2xlarge | db.m4.4xlarge | db.m4.10xlarge | db.r3.large | db.r3.xlarge | db.r3.2xlarge | db.r3.4xlarge | db.r3.8xlarge | db.t2.micro | db.t2.small | db.t2.medium | db.t2.large

Default: Inherits from the source DB instance.

Type: String

Required: No

DBInstanceIdentifier

The DB instance identifier of the Read Replica. This identifier is the unique key that identifies a DB instance. This parameter is stored as a lowercase string.

Type: String

Required: Yes

DBSubnetGroupName

Specifies a DB subnet group for the DB instance. The new DB instance will be created in the VPC associated with the DB subnet group. If no DB subnet group is specified, then the new DB instance is not created in a VPC.

Constraints:

  • Can only be specified if the source DB instance identifier specifies a DB instance in another region.

  • The specified DB subnet group must be in the same region in which the operation is running.

  • All Read Replicas in one region that are created from the same source DB instance must either:>

    • Specify DB subnet groups from the same VPC. All these Read Replicas will be created in the same VPC.

    • Not specify a DB subnet group. All these Read Replicas will be created outside of any VPC.

Constraints: Must contain no more than 255 alphanumeric characters, periods, underscores, spaces, or hyphens. Must not be default.

Example: mySubnetgroup

Type: String

Required: No

EnableIAMDatabaseAuthentication

True to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts; otherwise false.

You can enable IAM database authentication for the following database engines

  • For MySQL 5.6, minor version 5.6.34 or higher

  • For MySQL 5.7, minor version 5.7.16 or higher

  • Aurora 5.6 or higher.

Default: false

Type: Boolean

Required: No

Iops

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance.

Type: Integer

Required: No

KmsKeyId

The AWS KMS key ID for an encrypted Read Replica. The KMS key ID is the Amazon Resource Name (ARN), KMS key identifier, or the KMS key alias for the KMS encryption key.

If you create an unencrypted Read Replica and specify a value for the KmsKeyId parameter, Amazon RDS encrypts the target Read Replica using the specified KMS encryption key.

If you create an encrypted Read Replica from your AWS account, you can specify a value for KmsKeyId to encrypt the Read Replica with a new KMS encryption key. If you don't specify a value for KmsKeyId, then the Read Replica is encrypted with the same KMS key as the source DB instance.

If you create an encrypted Read Replica in a different AWS region, then you must specify a KMS key for the destination AWS region. KMS encryption keys are specific to the region that they are created in, and you cannot use encryption keys from one region in another region.

Type: String

Required: No

MonitoringInterval

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the Read Replica. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.

Valid Values: 0, 1, 5, 10, 15, 30, 60

Type: Integer

Required: No

MonitoringRoleArn

The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to To create an IAM role for Amazon RDS Enhanced Monitoring.

If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.

Type: String

Required: No

OptionGroupName

The option group the DB instance will be associated with. If omitted, the default option group for the engine specified will be used.

Type: String

Required: No

Port

The port number that the DB instance uses for connections.

Default: Inherits from the source DB instance

Valid Values: 1150-65535

Type: Integer

Required: No

PreSignedUrl

The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API action in the AWS region that contains the source DB instance. The PreSignedUrl parameter must be used when encrypting a Read Replica from another AWS region.

The presigned URL must be a valid request for the CreateDBInstanceReadReplica API action that can be executed in the source region that contains the encrypted DB instance. The presigned URL request must contain the following parameter values:

  • DestinationRegion - The AWS Region that the Read Replica is created in. This region is the same one where the CreateDBInstanceReadReplica action is called that contains this presigned URL.

    For example, if you create an encrypted Read Replica in the us-east-1 region, and the source DB instance is in the west-2 region, then you call the CreateDBInstanceReadReplica action in the us-east-1 region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica action in the us-west-2 region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 region.

  • KmsKeyId - The KMS key identifier for the key to use to encrypt the Read Replica in the destination region. This is the same identifier for both the CreateDBInstanceReadReplica action that is called in the destination region, and the action contained in the presigned URL.

  • SourceDBInstanceIdentifier - The DB instance identifier for the encrypted Read Replica to be created. This identifier must be in the Amazon Resource Name (ARN) format for the source region. For example, if you create an encrypted Read Replica from a DB instance in the us-west-2 region, then your SourceDBInstanceIdentifier would look like this example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-instance-20161115.

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (AWS Signature Version 4) and Signature Version 4 Signing Process.

Type: String

Required: No

PubliclyAccessible

Specifies the accessibility options for the DB instance. A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address. A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

Default: The default behavior varies depending on whether a VPC has been requested or not. The following list shows the default behavior in each case.

  • Default VPC:true

  • VPC:false

If no DB subnet group has been specified as part of the request and the PubliclyAccessible value has not been set, the DB instance will be publicly accessible. If a specific DB subnet group has been specified as part of the request and the PubliclyAccessible value has not been set, the DB instance will be private.

Type: Boolean

Required: No

SourceDBInstanceIdentifier

The identifier of the DB instance that will act as the source for the Read Replica. Each DB instance can have up to five Read Replicas.

Constraints:

  • Must be the identifier of an existing MySQL, MariaDB, or PostgreSQL DB instance.

  • Can specify a DB instance that is a MySQL Read Replica only if the source is running MySQL 5.6.

  • Can specify a DB instance that is a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later.

  • The specified DB instance must have automatic backups enabled, its backup retention period must be greater than 0.

  • If the source DB instance is in the same region as the Read Replica, specify a valid DB instance identifier.

  • If the source DB instance is in a different region than the Read Replica, specify a valid DB instance ARN. For more information, go to Constructing a Amazon RDS Amazon Resource Name (ARN).

Type: String

Required: Yes

StorageType

Specifies the storage type to be associated with the Read Replica.

Valid values: standard | gp2 | io1

If you specify io1, you must also include a value for the Iops parameter.

Default: io1 if the Iops parameter is specified; otherwise standard

Type: String

Required: No

Tags.Tag.N

A list of tags.

Type: Array of Tag objects

Required: No

Response Elements

The following element is returned by the service.

DBInstance

Contains the result of a successful invocation of the following actions:

This data type is used as a response element in the DescribeDBInstances action.

Type: DBInstance object

Errors

For information about the errors that are common to all actions, see Common Errors.

DBInstanceAlreadyExists

User already has a DB instance with the given identifier.

HTTP Status Code: 400

DBInstanceNotFound

DBInstanceIdentifier does not refer to an existing DB instance.

HTTP Status Code: 404

DBParameterGroupNotFound

DBParameterGroupName does not refer to an existing DB parameter group.

HTTP Status Code: 404

DBSecurityGroupNotFound

DBSecurityGroupName does not refer to an existing DB security group.

HTTP Status Code: 404

DBSubnetGroupDoesNotCoverEnoughAZs

Subnets in the DB subnet group should cover at least two Availability Zones unless there is only one Availability Zone.

HTTP Status Code: 400

DBSubnetGroupNotAllowedFault

Indicates that the DBSubnetGroup should not be specified while creating read replicas that lie in the same region as the source instance.

HTTP Status Code: 400

DBSubnetGroupNotFoundFault

DBSubnetGroupName does not refer to an existing DB subnet group.

HTTP Status Code: 404

InstanceQuotaExceeded

Request would result in user exceeding the allowed number of DB instances.

HTTP Status Code: 400

InsufficientDBInstanceCapacity

Specified DB instance class is not available in the specified Availability Zone.

HTTP Status Code: 400

InvalidDBInstanceState

The specified DB instance is not in the available state.

HTTP Status Code: 400

InvalidDBSubnetGroupFault

Indicates the DBSubnetGroup does not belong to the same VPC as that of an existing cross region read replica of the same source instance.

HTTP Status Code: 400

InvalidSubnet

The requested subnet is invalid, or multiple subnets were requested that are not all in a common VPC.

HTTP Status Code: 400

InvalidVPCNetworkStateFault

DB subnet group does not cover all Availability Zones after it is created because users' change.

HTTP Status Code: 400

KMSKeyNotAccessibleFault

Error accessing KMS key.

HTTP Status Code: 400

OptionGroupNotFoundFault

The specified option group could not be found.

HTTP Status Code: 404

ProvisionedIopsNotAvailableInAZFault

Provisioned IOPS not available in the specified Availability Zone.

HTTP Status Code: 400

StorageQuotaExceeded

Request would result in user exceeding the allowed amount of storage available across all DB instances.

HTTP Status Code: 400

StorageTypeNotSupported

StorageType specified cannot be associated with the DB Instance.

HTTP Status Code: 400

Example

Sample Request

Copy
https://rds.us-east-1.amazonaws.com/ ?Action=CreateDBInstanceReadReplica &DBInstanceIdentifier=mysqldb-rr &SignatureMethod=HmacSHA256 &SignatureVersion=4 &SourceDBInstanceIdentifier=mysqldb &Version=2014-09-01 &X-Amz-Algorithm=AWS4-HMAC-SHA256 &X-Amz-Credential=AKIADQKE4SARGYLE/20140425/us-east-1/rds/aws4_request &X-Amz-Date=20140425T170525Z &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date &X-Amz-Signature=a5bc7bb9648272e9967c76fc582b308d3ee37d6c4f7a4eb62c2d885ec595c373

Sample Response

Copy
<CreateDBInstanceReadReplicaResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/"> <CreateDBInstanceReadReplicaResult> <DBInstance> <BackupRetentionPeriod>0</BackupRetentionPeriod> <MultiAZ>false</MultiAZ> <DBInstanceStatus>creating</DBInstanceStatus> <VpcSecurityGroups/> <DBInstanceIdentifier>mysqldb-rr</DBInstanceIdentifier> <PreferredBackupWindow>08:14-08:44</PreferredBackupWindow> <PreferredMaintenanceWindow>fri:04:50-fri:05:20</PreferredMaintenanceWindow> <ReadReplicaDBInstanceIdentifiers/> <Engine>mysql</Engine> <PendingModifiedValues/> <LicenseModel>general-public-license</LicenseModel> <EngineVersion>5.6.13</EngineVersion> <DBParameterGroups> <DBParameterGroup> <ParameterApplyStatus>in-sync</ParameterApplyStatus> <DBParameterGroupName>default.mysql5.6</DBParameterGroupName> </DBParameterGroup> </DBParameterGroups> <ReadReplicaSourceDBInstanceIdentifier>mysqldb</ReadReplicaSourceDBInstanceIdentifier> <OptionGroupMemberships> <OptionGroupMembership> <OptionGroupName>default:mysql-5-6</OptionGroupName> <Status>pending-apply</Status> </OptionGroupMembership> </OptionGroupMemberships> <PubliclyAccessible>true</PubliclyAccessible> <DBSecurityGroups> <DBSecurityGroup> <Status>active</Status> <DBSecurityGroupName>default</DBSecurityGroupName> </DBSecurityGroup> </DBSecurityGroups> <DBName>mysqldb</DBName> <AutoMinorVersionUpgrade>true</AutoMinorVersionUpgrade> <AllocatedStorage>100</AllocatedStorage> <MasterUsername>myawsuser</MasterUsername> <DBInstanceClass>db.m1.medium</DBInstanceClass> </DBInstance> </CreateDBInstanceReadReplicaResult> <ResponseMetadata> <RequestId>ba8dedf0-bb9a-11d3-855b-576787000e19</RequestId> </ResponseMetadata> </CreateDBInstanceReadReplicaResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: