Amazon Relational Database Service
Command Line Interface Reference (API Version 2014-10-31)

API Command Line Tools Reference

The Amazon RDS Command Line Interface (RDS CLI) has been deprecated. Instead, use the AWS CLI for RDS. To learn how to download and use the AWS CLI, see AWS Command Line Interface User Guide. For RDS commands available in the AWS CLI, see AWS CLI Reference for Amazon RDS.

The AWS CLI does not currently support the DownloadCompleteDBLogFile REST API action. To download an entire log file at once, rather than in parts using the download-db-log-file-portion command, use the last published RDS CLI and the rds-download-db-logfile command.




Updates the configuration of an option in a specific option group.


rds-update-option-in-option-group option-group-name

--option-name value


[--security-groups value[,value2][,...]]

[--settings key1=value1;key2=value2;...]

[--port value]

[General Options]


Name Description Required

--option-group-name value

The option group that the option belongs to.

This parameter is the default parameter and can be passed as the first value in the command and without a parameter name, for example: rds-update-option-in-option-group my-option-group-name.




Name of the option to be updated into the option group.




Name of the security group or groups that will be applied to the port that the option uses for communication.

Yes if the option uses a port; otherwise, no.


If supplied, the option will be applied immediately for all associated DB instances. If not supplied, the option will be applied for each DB instance during its next maintenance window.




A list of option settings to apply to the option as a semi-colon separated list in the form 'key1=value1; mey2=value2; etc. If no settings are provided for an option that requires one, the default values will be used.



A non-default port that the option will use for communication.



The command returns a table with the following information:


Output values list the possible values returned by CLI commands. Not all values are returned for every call to a command. If a value is null or empty, it will not be included in the command output. For example, CLI commands to create or restore a DB instance will not return the Endpoint Address value because that value is null until the DB instance has finished being created or restored.

  • Group name—The name of the option group.

  • Engine—The name of the DB engine that the option group is associated with.

  • Major engine version—The major version ID of the DB engine.

  • Option group description—The description of the option group.

  • Option name—The name of the option that was added.

  • Port—The number of the port that the option will use.

  • Persistent—Indicates if this is a persistent option. A persistent option cannot be removed from the option group once the option group is used, but this option can be removed from the db instance while modifying the related data and assigning another option group without this option.

  • Permanent—Indicates if this is a permanent option. A permanent option cannot be removed from the option group once the option group is used, and it cannot be removed from the db instance after assigning an option group with this permanent option.

  • Option description—A description of the option.

  • Option status—The status of authorization.

  • Security group—The security group assigned to the port.

  • Authorization—Status of ingress authorization for the security group.

  • VPC Specific—Indicates if both VPC and non-VPC instances can join this option group.

  • VPC—Indicates if only instances in this VPC can join this option group.

  • Setting—The setting name that the option will use.

  • Setting Description—The description of the option setting.

  • Value—The value of the option setting.

  • Modifiable—Indicates if the option setting is modifiable.


This example updates settings of an option in the option group. If no settings are specified, default values for the settings are applied.

PROMPT> rds-update-option-in-option-group my-option-group -n NATIVE_NETWORK_ENCRYPTION --settings "SQLNET.ENCRYPTION_SERVER=REQUIRED; SQLNET.ENCRYPTION_TYPES_ SERVER=AES256,AES192,DES" OPTIONGROUP Group Name Engine Major Engine Version Description VpcSpecific OPTIONGROUP my-option-group oracle-ee 11.2 My option group n OPTION Name Persistent Permanent Description OPTION NATIVE_NETWORK_ENCRYPTION n n Oracle Advanced Security - Native Network Encryption OPTIONSETTING Name Description Value Modifiable OPTIONSETTING SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER Specifies list of checksumming algorithms in order of intended use SHA1,MD5 true OPTIONSETTING SQLNET.ENCRYPTION_TYPES_SERVER Specifies list of encryption algorithms in order of intended use AES256,AES192,DES true OPTIONSETTING SQLNET.ENCRYPTION_SERVER Specifies the desired encryption behavior REQUIRED true OPTIONSETTING SQLNET.CRYPTO_CHECKSUM_SERVER Specifies the desired data integrity behavior REQUESTED true

This example updates the port used by an option already in an option group and overwrites the security groups already in use for the option.

PROMPT> rds-update-option-in-option-group my-option-group -n OEM --port 5432 -sg default OPTIONGROUP my-option-group oracle-se 11.2 My option group OPTION OEM n 5432 Oracle Enterprise Manager SECGROUP default authorized