Amazon RDS supports DB instances running one of several editions of Oracle Database. You can create DB instances and DB snapshots, point-in-time restores and automated or manual backups. DB instances running Oracle can be used inside a VPC. You can also enable various options to add additional features to your Oracle DB instance. Amazon RDS currently supports Multi-AZ deployments for Oracle as a high-availability, failover solution.
In order to deliver a managed service experience, Amazon RDS does not provide shell access to DB instances, and it restricts access to certain system procedures and tables that require advanced privileges. Amazon RDS supports access to databases on a DB instance using any standard SQL client application such as Oracle SQL Plus. Amazon RDS does not allow direct host access to a DB instance via Telnet or Secure Shell (SSH). When you create a DB instance, you create a master account that gets DBA privileges (with some limitations) and the SYS password or SYSDBA privileges are not provided.
Before creating a DB instance, you should complete the steps in the Setting Up for Amazon RDS section of this guide.
These are the common management tasks you perform with an Amazon RDS Oracle DB instance, with links to information about each task:
For planning information, such as Oracle versions, storage engines, security, and features supported in Amazon RDS, see Planning Your Amazon RDS Oracle DB Instance.
If you are creating a DB instance for production purposes, you should understand how instance classes, storage, and Provisioned IOPS work in Amazon RDS. For more information about DB instance classes, see DB Instance Class For more information about Amazon RDS storage, see Amazon RDS Storage Types. For more information about Provisioned IOPS, see Amazon RDS Provisioned IOPS Storage to Improve Performance.
A production DB instance should also use Multi-AZ deployments. All Multi-AZ deployments provide increased availability, data durability, and fault tolerance for DB instances. For more information about Multi-AZ deployments, see High Availability (Multi-AZ).
There are prerequisites you must complete before you create your DB instance. For example, DB instances are created by default with a firewall that prevents access to it. You therefore must create a security group with the correct IP addresses and network configuration you will use to access the DB instance. The security group you need to create will depend on what EC2 platform your DB instance is on, and whether you will be accessing your DB instance from an EC2 instance. For more information about the two EC2 platforms supported by Amazon RDS, EC2-VPC and EC2-Classic, see Determining Whether You are Using the EC2-VPC or EC2-Classic Platform. In general, if your DB instance is on the EC2-Classic platform, you will need to create a DB security group; if your DB instance is on the EC2-VPC platform, you will need to create a VPC security group. For more information about security groups, see Amazon RDS Security Groups or the Setting Up for Amazon RDS section of this guide.
If your AWS account has a default VPC (a default virtual private network), then your DB instance will automatically be created inside the default VPC. If your account does not have a default VPC and you want the DB instance to be inside a VPC, you must create the VPC and subnet groups before you create the DB instance. For more information about determining if your account has a default VPC, see Determining Whether You are Using the EC2-VPC or EC2-Classic Platform. For more information about using VPCs with Amazon RDS, see Using Amazon RDS with Amazon Virtual Private Cloud (VPC).
If your DB instance is going to require specific database parameters or options, you should create the parameter or option groups before you create the DB instance. For more information on parameter groups, see Working with DB Parameter Groups. For more information on options for Oracle, see Appendix: Options for Oracle Database Engine.
After creating a security group and associating it to a DB instance, you can connect to the DB instance using any standard SQL client application such as Oracle SQL Plus. For more information on connecting to a DB instance, see Connecting to a DB Instance Running the Oracle Database Engine.
You can configure your DB instance to take automated backups, or take manual snapshots, and then restore instances from the backups or snapshots. For information, see Backing Up and Restoring.
You can monitor an instance through actions such as viewing the Oracle logs, CloudWatch Amazon RDS metrics, and events. For information, see Monitoring Amazon RDS.
There are also several appendices with useful information about working with Oracle DB instances:
Amazon RDS supports DB instances running several editions of Oracle Database. This section shows how you can work with Oracle on Amazon RDS. You should also be aware of the limits for Oracle DB instances.
For information about importing Oracle data into a DB instance, see Importing Data Into Oracle on Amazon RDS.
The following list shows a subset of the key Oracle database engine features that are currently supported by Amazon RDS. The availability of the Oracle feature is dependent on the edition of Oracle that you choose. For example, OEM optional packs such as the Database Diagnostic Pack and the Database Tuning Pack are only available with Oracle Enterprise Edition.
Oracle version 12c brings over 500 new features and updates from the previous version. This section covers the features and changes important to using Oracle 12c on Amazon RDS. For a complete list of the changes, see the Oracle 12c documentation.
Oracle 12c includes sixteen new parameters that impact your Amazon RDS DB instance, as well as eighteen new system privileges, several no longer supported packages, and several new option group settings. The following sections provide more information on these changes.
Oracle 12c includes sixteen new parameters in addition to several parameters with new ranges and new default values.
The following table shows the new Amazon RDS parameters for Oracle 12c:
CONNECTION_BROKERS = broker_description[,...]
Specifies connection broker types, the number of connection brokers of each type, and the maximum number of connections per broker.
TABLESPACE, TABL, ALL, NONE
Displays the options that are set for table or tablespace level compression inheritance.
Specifies the cache section target size for automatic big table caching, as a percentage of the buffer cache.
Enables the database to track read and write access of all segments, as well as modification of database blocks, due to DMLs and DDLs.
INMEMORY_CLAUSE_DEFAULT enables you to specify a default In-Memory Column Store (IM column store) clause for new tables and materialized views.
NO MEMCOMPRESS,MEMCOMPRESS FOR DML,MEMCOMPRESS FOR QUERY, MEMCOMPRESS FOR QUERY LOW,MEMCOMPRESS FOR QUERY HIGH,MEMCOMPRESS FOR CAPACITY,MEMCOMPRESS FOR CAPACITY LOW,MEMCOMPRESS FOR CAPACITY HIGH
PRIORITY LOW,PRIORITY MEDIUM,PRIORITY HIGH,PRIORITY CRITICAL,PRIORITY NONE
INMEMORY_FORCE allows you to specify whether tables and materialized view that are specified as INMEMORY are populated into the In-Memory Column Store (IM column store) or not.
INMEMORY_MAX_POPULATE_SERVERS specifies the maximum number of background populate servers to use for In-Memory Column Store (IM column store) population, so that these servers do not overload the rest of the system.
ENABLE (defalt), DISABLE
INMEMORY_QUERY is used to enable or disable in-memory queries for the entire database at the session or system level.
INMEMORY_SIZE sets the size of the In-Memory Column Store (IM column store) on a database instance.
0 to 50
INMEMORY_TRICKLE_REPOPULATE_SERVERS_PERCENT limits the maximum number of background populate servers used for In-Memory Column Store (IM column store) repopulation, as trickle repopulation is designed to use only a small percentage of the populate servers.
STANDARD (default), EXTENDED
Controls the maximum size of VARCHAR2, NVARCHAR2, and RAW.
TRUE (default), FALSE
Enables or disables all of the adaptive optimizer features.
Controls reporting-only mode for adaptive optimizatons.
Maps names of existing files to new file names.
1-max of memory
Specifies a limit on the aggregate PGA memory consumed by the instance.
Instructs the database instance to run itself within the specified operating system processor group.
Enables or disables the spatial vector acceleration, part of spacial option.
Determines whether transactions within a particular session can have a temporary undo log.
Enables the multithreaded Oracle model, but prevents OS authentication.
1 MB - 30 MB
Specifies the size of SGA queue for unified auditing.
Determines how dedicated servers are spawned.
Several parameter have new value ranges for Oracle 12c on Amazon RDS. The following table shows the old and new value ranges:
os | db [, extended] | xml [, extended]
Starts with 11.0.0
Starts with 10.0.0
PERMITTED | PREFERRED | ALWAYS | IGNORE | FORCE
PERMITTED | ALWAYS | IGNORE | FORCE
8.0.0 to 220.127.116.11
8.0.0 to 18.104.22.168
0 to parallel_max_servers
CPU_COUNT * PARALLEL_THREADS_PER_CPU * 2 to parallel_max_servers
One parameters has a new default value for Oracle 12c on Amazon RDS. The following table shows the new default value:
Oracle 12c Default Value
Oracle 11g Default Value
Several new system privileges have been granted to the system account for Oracle 12c. These new system privileges include:
ALTER ANY CUBE BUILD PROCESS
ALTER ANY MEASURE FOLDER
ALTER ANY SQL TRANSLATION PROFILE
CREATE ANY SQL TRANSLATION PROFILE
CREATE SQL TRANSLATION PROFILE
DROP ANY SQL TRANSLATION PROFILE
EM EXPRESS CONNECT
EXEMPT DDL REDACTION POLICY
EXEMPT DML REDACTION POLICY
EXEMPT REDACTION POLICY
REDEFINE ANY TABLE
SELECT ANY CUBE BUILD PROCESS
SELECT ANY MEASURE FOLDER
USE ANY SQL TRANSLATION PROFILE
Several Oracle option changed between Oracle 11g and Oracle 12c, though most of the options remain the same between the two versions. The Oracle 12c changes include:
Oracle Enterprise Manager Express (EM Express) replaced Oracle Enterprise Manager DB Control. For more information see Oracle Database 12c: EM Database Express.
The option XMLDB is installed by default in Oracle 12c. It is no longer an option that you need to install.
The Oracle APEX Listener has been renamed to Oracle Rest Data Service (ORDS). ORDS is installed on a separate EC2 instance just as the APEX Listener was in version 11g. The process for installing ORDS is not the same as when installing APEX Listener. For instructions on installing ORDS, see Oracle APEX on Amazon RDS Oracle 12c.
APEX and APEX Dev no longer have a dependency on XMLDB since XMLDB is installed by default.
Oracle 12c includes a number of new built-in PL/SQL packages. The packages included with Amazon RDS Oracle 12c include the following:
The CTX_ANL package is used with AUTO_LEXER and provides procedures for adding and dropping a custom dictionary from the lexer.
The DBMS_APP_CONT package provides an interface to determine if the in-flight transaction on a now unavailable session committed or not, and if the last call on that session completed or not.
The DBMS_AUTO_REPORT package provides an interface to view SQL Monitoring and Real-time Automatic Database Diagnostic Monitor (ADDM) data that has been captured into Automatic Workload Repository (AWR).
The DBMS_GOLDENGATE_AUTH package provides subprograms for granting privileges to and revoking privileges from GoldenGate administrators.
The DBMS_HEAT_MAP package provides an interface to externalize heatmaps at various levels of storage including block, extent, segment, object and tablespace.
The DBMS_ILM package provides an interface for implementing Information Lifecycle Management (ILM) strategies using Automatic Data Optimization (ADO) policies.
The DBMS_ILM_ADMIN package provides an interface to customize Automatic Data Optimization (ADO) policy execution.
The DBMS_PART package provides an interface for maintenance and management operations on partitioned objects.
The DBMS_PRIVILEGE_CAPTURE package provides an interface to database privilege analysis.
The DBMS_QOPATCH package provides an interface to view the installed database patches.
The DBMS_REDACT package provides an interface to Oracle Data Redaction, which enables you to mask (redact) data that is returned from queries issued by low-privileged users or an application.
The DBMS_SPD package provides subprograms for managing SQL plan directives (SPD).
The DBMS_SQL_TRANSLATOR package provides an interface for creating, configuring, and using SQL translation profiles.
The DBMS_SQL_MONITOR package provides information about real-time SQL Monitoring and real-time Database Operation Monitoring.
The DBMS_SYNC_REFRESH package provides an interface to perform a synchronous refresh of materialized views.
The DBMS_TSDP_MANAGE package provides an interface to import and manage sensitive columns and sensitive column types in the database, and is used in conjunction with the DBMS_TSDP_PROTECT package with regard to transparent sensitive data protection (TSDP) policies. DBMS_TSDP_MANAGE is available with the Enterprise Edition only.
The DBMS_TSDP_PROTECT package provides an interface to configure transparent sensitive data protection (TSDP) policies in conjunction with the DBMS_TSDP_MANAGE package. DBMS_TSDP_PROTECT is available with the Enterprise Edition only.
The DBMS_XDB_CONFIG package provides an interface for configuring Oracle XML DB and its repository.
The DBMS_XDB_CONSTANTS package provides an interface to commonly used constants. Users should use constants instead of dynamic strings to avoid typographical errors.
The DBMS_XDB_REPOS package provides an interface to operate on the Oracle XML database Repository.
The DBMS_XMLSCHEMA_ANNOTATE package provides an interface to manage and configure the structured storage model, mainly through the use of pre-registration schema annotations.
The DBMS_XMLSTORAGE_MANAGE package provides an interface to manage and modify XML storage after schema registration has been completed.
The DBMS_XSTREAM_ADM package provides interfaces for streaming database changes between an Oracle database and other systems. XStream enables applications to stream out or stream in database changes.
The DBMS_XSTREAM_AUTH package provides subprograms for granting privileges to and revoking privileges from XStream administrators.
The UTL_CALL_STACK package provides an interface to provide information about currently executing subprograms.
Several Oracle 11g PL/SQL packages are not supported in Oracle 12c. These packages include:
The following list shows the Oracle 11g features supported by Amazon RDS; for a complete list of features supported by each Oracle 11g edition, go to Oracle Database 11g Editions.
Flashback Table, Query and Transaction Query
Virtual Private Database
Comprehensive support for Microsoft .NET, OLE DB, and ODBC
Automatic Memory Management
Automatic Undo Management
Star Query Optimization
Summary Management - Materialized View Query Rewrite
Oracle Data Redaction (version 22.214.171.124 or later)
Import/Export and sqlldr Support
Oracle Enterprise Manager Database Control
Oracle XML DB (without the XML DB Protocol Server)
Oracle Application Express
Automatic Workload Repository for Enterprise Edition (AWR). For more information, see Working with Automatic Workload Repository (AWR)
Datapump (network only)
Native network encryption (part of the Oracle Advanced Security feature)
Transparent data encryption (Oracle TDE, part of the Oracle Advanced Security feature)
Oracle database engine features that are not currently supported include the following:
Real Application Clusters (RAC)
Real Application Testing
Data Guard / Active Data Guard
Oracle Enterprise Manager Grid Control
Automated Storage Management
Oracle XML DB Protocol Server
Network access utilities such as utl_http, utl_tcp, utl_smtp, and utl_mail, are not supported at this time.
The Oracle database engine uses role-based security. A role is a collection of privileges that can be granted to or revoked from a user. A predefined role, named DBA, normally allows all administrative privileges on an Oracle database engine. The following privileges are not available for the DBA role on an Amazon RDS DB instance using the Oracle engine:
Create any directory
Drop any directory
Grant any privilege
Grant any role
While Amazon RDS Oracle does not support SSL/TLS encrypted connections, you can use the Oracle Native Network Encryption option to encrypt connections between your application and your Oracle DB instance. For more information about the Oracle Native Network Encryption option, see Oracle Native Network Encryption. Also, this change could be timed with the upcoming change to NNE support for SE1 and SE (it's no longer part of the Advanced Security option exclusive to Enterprise Edition):
DB Engine Version Management is a feature of Amazon RDS that enables you to control when and how the database engine software running your DB instances is patched and upgraded. This feature gives you the flexibility to maintain compatibility with database engine patch versions, test new patch versions to ensure they work effectively with your application before deploying in production, and perform version upgrades on your own terms and timelines.
Amazon RDS periodically aggregates official Oracle database patches using an Amazon RDS-specific DB Engine version. To see a list of which Oracle patches are contained in an Amazon RDS Oracle-specific engine version, go to Appendix: Oracle Database Engine Release Notes.
Taking advantage of the DB Engine Version Management feature of Amazon RDS is easily accomplished using the ModifyDBInstance API call or the rds-modify-db-instance command line utility. Your DB instances are upgraded to minor patches by default (you can override this setting).
There are two types of licensing options available for using Amazon RDS for Oracle.
In this licensing model, you can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS. To run a DB instance under the BYOL model, you must have the appropriate Oracle Database license (with Software Update License and Support) for the DB instance class and Oracle Database edition you wish to run. You must also follow Oracle's policies for licensing Oracle Database software in the cloud computing environment. For more information on Oracle's licensing policy for Amazon EC2, go to Licensing Oracle Software in the Cloud Computing Environment.
In the License Included service model, you do not need separately purchased Oracle licenses; AWS holds the license for the Oracle Database software.
Amazon RDS currently supports the following Oracle Database Editions under each of the licensing models below:
BYOL: Standard Edition One (SE1), Standard Edition (SE) and Enterprise Edition (EE)
To run a DB instance under the BYOL model, you must have the appropriate Oracle Database license (with Software Update License & Support) for the DB instance class and Oracle Database edition you wish to run.You must follow Oracle's policies for licensing Oracle Database software in the cloud computing environment. DB instances reside in the Amazon EC2 environment, and Oracle's licensing policy for Amazon EC2 is located here.
Under this model, you will continue to use your active Oracle support account and contact Oracle directly for Oracle Database specific service requests. If you have an active AWS Premium Support account, you can contact AWS Premium Support for Amazon RDS specific issues. Amazon Web Services and Oracle have multi-vendor support process for cases which require assistance from both organizations.
License Included: Standard Edition One (SE1)
In the "License Included" service model, you do not need separately purchased Oracle licenses; the Oracle Database software has been licensed by AWS.
In this model, if you have an active AWS Premium Support account, you should contact AWS Premium Support for both Amazon RDS and Oracle Database specific service requests.
Most Amazon RDS DB engines support option groups that allow you to select additional features for your DB instance. Oracle DB instances support several options, including OEM, TDE, APEX, and Native Network Encryption. For a complete list of supported Oracle options, see Appendix: Options for Oracle Database Engine. For more information about working with option groups, see Working with Option Groups.