Creating an Amazon RDS DB instance - Amazon Relational Database Service

Creating an Amazon RDS DB instance

The basic building block of Amazon RDS is the DB instance, where you create your databases. You choose the engine-specific characteristics of the DB instance when you create it. You also choose the storage capacity, CPU, memory, and so on of the AWS instance on which the database server runs.

DB instance prerequisites

Important

Before you can create an Amazon RDS DB instance, complete the tasks in Setting up for Amazon RDS.

The following are prerequisites for creating an RDS DB instance.

Configure the network for the DB instance

You can create an Amazon RDS DB instance only in a virtual private cloud (VPC) based on the Amazon VPC service. Also, it must be in an AWS Region that has at least two Availability Zones. The DB subnet group that you choose for the DB instance must cover at least two Availability Zones. This configuration ensures that you can configure a Multi-AZ deployment when you create the DB instance or easily move to one in the future.

To set up connectivity between your new DB instance and an Amazon EC2 instance in the same VPC, do so when you create the DB instance. To connect to your DB instance from resources other than EC2 instances in the same VPC, configure the network connections manually.

Configure automatic network connectivity with an EC2 instance

When you create an RDS DB instance, you can use the AWS Management Console to set up connectivity between an EC2 instance and the new DB instance. When you do so, RDS configures your VPC and network settings automatically. The DB instance is created in the same VPC as the EC2 instance so that the EC2 instance can access the DB instance.

The following are requirements for connecting an EC2 instance with the DB instance:

  • The EC2 instance must exist in the AWS Region before you create the DB instance.

    If no EC2 instances exist in the AWS Region, the console provides a link to create one.

  • The user who is creating the DB instance must have permissions to perform the following operations:

    • ec2:AssociateRouteTable

    • ec2:AuthorizeSecurityGroupEgress

    • ec2:AuthorizeSecurityGroupIngress

    • ec2:CreateRouteTable

    • ec2:CreateSubnet

    • ec2:CreateSecurityGroup

    • ec2:DescribeInstances

    • ec2:DescribeNetworkInterfaces

    • ec2:DescribeRouteTables

    • ec2:DescribeSecurityGroups

    • ec2:DescribeSubnets

    • ec2:ModifyNetworkInterfaceAttribute

    • ec2:RevokeSecurityGroupEgress

Using this option creates a private DB instance. The DB instance uses a DB subnet group with only private subnets to restrict access to resources within the VPC.

To connect an EC2 instance to the DB instance, choose Connect to an EC2 compute resource in the Connectivity section on the Create database page.


						Connect an EC2 instance

When you choose Connect to an EC2 compute resource, RDS sets the following options automatically. You can't change these settings unless you choose not to set up connectivity with an EC2 instance by choosing Don't connect to an EC2 compute resource.

Console option Automatic setting

Network type

RDS sets network type to IPv4. Currently, dual-stack mode isn't supported when you set up a connection between an EC2 instance and the DB instance.

Virtual Private Cloud (VPC)

RDS sets the VPC to the one associated with the EC2 instance.

DB subnet group

RDS requires a DB subnet group with a private subnet in the same Availability Zone as the EC2 instance. If a DB subnet group that meets this requirement exists, then RDS uses the existing DB subnet group. By default, this option is set to Automatic setup.

When you choose Automatic setup and there is no DB subnet group that meets this requirement, the following action happens. RDS uses three available private subnets in three Availability Zones where one of the Availability Zones is the same as the EC2 instance. If a private subnet isn’t available in an Availability Zone, RDS creates a private subnet in the Availability Zone. Then RDS creates the DB subnet group.

When a private subnet is available, RDS uses the route table associated with the subnet and adds any subnets it creates to this route table. When no private subnet is available, RDS creates a route table without internet gateway access and adds the subnets it creates to the route table.

RDS also allows you to use existing DB subnet groups. Select Choose existing if you want to use an existing DB subnet group of your choice.

Public access

RDS chooses No so that the DB instance isn't publicly accessible.

For security, it is a best practice to keep the database private and make sure it isn't accessible from the internet.

VPC security group (firewall)

RDS creates a new security group that is associated with the DB instance. The security group is named rds-ec2-n, where n is a number. This security group includes an inbound rule with the EC2 VPC security group (firewall) as the source. This security group that is associated with the DB instance allows the EC2 instance to access the DB instance.

RDS also creates a new security group that is associated with the EC2 instance. The security group is named ec2-rds-n, where n is a number. This security group includes an outbound rule with the VPC security group of the DB instance as the source. This security group allows the EC2 instance to send traffic to the DB instance.

You can add another new security group by choosing Create new and typing the name of the new security group.

You can add existing security groups by choosing Choose existing and selecting security groups to add.

Availability Zone

When you choose Single DB instance in Availability & durability (Single-AZ deployment), RDS chooses the Availability Zone of the EC2 instance.

When you choose Multi-AZ DB instance in Availability & durability (Multi-AZ DB instance deployment), RDS chooses the Availability Zone of the EC2 instance for one DB instance in the deployment. RDS randomly chooses a different Availability Zone for the other DB instance. Either the primary DB instance or the standby replica is created in the same Availability Zone as the EC2 instance. When you choose Multi-AZ DB instance, there is the possibility of cross Availability Zone costs if the DB instance and EC2 instance are in different Availability Zones.

For more information about these settings, see Settings for DB instances.

If you change these settings after the DB instance is created, the changes might affect the connection between the EC2 instance and the DB instance.

Configure the network manually

To connect to your DB instance from resources other than EC2 instances in the same VPC, configure the network connections manually. If you use the AWS Management Console to create your DB instance, you can have Amazon RDS automatically create a VPC for you. Or you can use an existing VPC or create a new VPC for your DB instance. With any approach, your VPC requires at least one subnet in each of at least two Availability Zones for use with an RDS DB instance.

By default, Amazon RDS creates the DB instance an Availability Zone automatically for you. To choose a specific Availability Zone, you need to change the Availability & durability setting to Single DB instance. Doing so exposes an Availability Zone setting that lets you choose from among the Availability Zones in your VPC. However, if you choose a Multi-AZ deployment, RDS chooses the Availability Zone of the primary or writer DB instance automatically, and the Availability Zone setting doesn't appear.

In some cases, you might not have a default VPC or haven't created a VPC. In these cases, you can have Amazon RDS automatically create a VPC for you when you create a DB instance using the console. Otherwise, do the following:

If you want to connect to a resource that isn't in the same VPC as the DB instance, see the appropriate scenarios in Scenarios for accessing a DB instance in a VPC.

Additional prerequisites

Before you create your DB instance, consider the following additional prerequisites:

  • If you are connecting to AWS using AWS Identity and Access Management (IAM) credentials, your AWS account must have certain IAM policies. These grant the permissions required to perform Amazon RDS operations. For more information, see Identity and access management for Amazon RDS.

    To use IAM to access the RDS console, sign in to the AWS Management Console with your IAM user credentials. Then go to the Amazon RDS console at https://console.aws.amazon.com/rds/.

  • To tailor the configuration parameters for your DB instance, specify a DB parameter group with the required parameter settings. For information about creating or modifying a DB parameter group, see Working with parameter groups.

    Important

    If you are using the BYOL model for RDS for Db2, before creating a DB instance, you must first create a custom parameter group that contains your IBM Site ID and IBM Customer ID. For more information, see Bring Your Own License.

  • Determine the TCP/IP port number to specify for your DB instance. The firewalls at some companies block connections to the default ports for RDS DB instances. If your company firewall blocks the default port, choose another port for your DB instance. The default ports for Amazon RDS DB engines are:

    RDS for Db2 RDS for MariaDB RDS for MySQL RDS for Oracle RDS for PostgreSQL RDS for SQL Server
    50000 3306 3306 1521 5432 1433

    For RDS for SQL Server, the following ports are reserved, and you can't use them when you create a DB instance: 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.

Creating a DB instance

You can create an Amazon RDS DB instance using the AWS Management Console, the AWS CLI, or the RDS API.

You can create a DB instance by using the AWS Management Console with Easy create enabled or not enabled. With Easy create enabled, you specify only the DB engine type, DB instance size, and DB instance identifier. Easy create uses the default setting for other configuration options. With Easy create not enabled, you specify more configuration options when you create a database, including ones for availability, security, backups, and maintenance.

Note

In the following procedure, Standard create is enabled, and Easy create isn't enabled. This procedure uses Microsoft SQL Server as an example.

For examples that use Easy create to walk you through creating and connecting to sample DB instances for each engine, see Getting started with Amazon RDS.

To create a DB instance
  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the upper-right corner of the Amazon RDS console, choose the AWS Region in which you want to create the DB instance.

  3. In the navigation pane, choose Databases.

  4. Choose Create database, then choose Standard create.

  5. For Engine type, choose IBM Db2, MariaDB, Microsoft SQL Server, MySQL, Oracle, or PostgreSQL.

    Microsoft SQL Server is shown here.

    
								Engine selection
  6. For Database management type, if you're using Oracle or SQL Server choose Amazon RDS or Amazon RDS Custom.

    Amazon RDS is shown here. For more information on RDS Custom, see Working with Amazon RDS Custom.

  7. For Edition, if you're using Db2, Oracle, or SQL Server, choose the DB engine edition that you want to use.

    MySQL has only one option for the edition, and MariaDB and PostgreSQL have none.

  8. For Version, choose the engine version.

  9. In Templates, choose the template that matches your use case. If you choose Production, the following are preselected in a later step:

    • Multi-AZ failover option

    • Provisioned IOPS SSD (io1) storage option

    • Enable deletion protection option

    We recommend these features for any production environment.

    Note

    Template choices vary by edition.

  10. To enter your master password, do the following:

    1. In the Settings section, open Credential Settings.

    2. If you want to specify a password, clear the Auto generate a password check box if it is selected.

    3. (Optional) Change the Master username value.

    4. Enter the same password in Master password and Confirm password.

  11. (Optional) Set up a connection to a compute resource for this DB instance.

    You can configure connectivity between an Amazon EC2 instance and the new DB instance during DB instance creation. For more information, see Configure automatic network connectivity with an EC2 instance.

  12. In the Connectivity section under VPC security group (firewall), if you select Create new, a VPC security group is created with an inbound rule that allows your local computer's IP address to access the database.

  13. For the remaining sections, specify your DB instance settings. For information about each setting, see Settings for DB instances.

  14. Choose Create database.

    If you chose to use an automatically generated password, the View credential details button appears on the Databases page.

    To view the master username and password for the DB instance, choose View credential details.

    To connect to the DB instance as the master user, use the username and password that appear.

    Important

    You can't view the master user password again. If you don't record it, you might have to change it. If you need to change the master user password after the DB instance is available, modify the DB instance to do so. For more information about modifying a DB instance, see Modifying an Amazon RDS DB instance.

  15. For Databases, choose the name of the new DB instance.

    On the RDS console, the details for the new DB instance appear. The DB instance has a status of Creating until the DB instance is created and ready for use. When the state changes to Available, you can connect to the DB instance. Depending on the DB instance class and storage allocated, it can take several minutes for the new instance to be available.

    
								My DB instances details

To create a DB instance by using the AWS CLI, call the create-db-instance command with the following parameters:

  • --db-instance-identifier

  • --db-instance-class

  • --vpc-security-group-ids

  • --db-subnet-group

  • --engine

  • --master-username

  • --master-user-password

  • --allocated-storage

  • --backup-retention-period

For information about each setting, see Settings for DB instances.

This example uses Microsoft SQL Server.

Example

For Linux, macOS, or Unix:

aws rds create-db-instance \ --engine sqlserver-se \ --db-instance-identifier mymsftsqlserver \ --allocated-storage 250 \ --db-instance-class db.t3.large \ --vpc-security-group-ids mysecuritygroup \ --db-subnet-group mydbsubnetgroup \ --master-username masterawsuser \ --manage-master-user-password \ --backup-retention-period 3

For Windows:

aws rds create-db-instance ^ --engine sqlserver-se ^ --db-instance-identifier mydbinstance ^ --allocated-storage 250 ^ --db-instance-class db.t3.large ^ --vpc-security-group-ids mysecuritygroup ^ --db-subnet-group mydbsubnetgroup ^ --master-username masterawsuser ^ --manage-master-user-password ^ --backup-retention-period 3

This command produces output similar to the following.

DBINSTANCE mydbinstance db.t3.large sqlserver-se 250 sa creating 3 **** n 10.50.2789 SECGROUP default active PARAMGRP default.sqlserver-se-14 in-sync

To create a DB instance by using the Amazon RDS API, call the CreateDBInstance operation.

For information about each setting, see Settings for DB instances.

Settings for DB instances

In the following table, you can find details about settings that you choose when you create a DB instance. The table also shows the DB engines for which each setting is supported.

You can create a DB instance using the console, the create-db-instance CLI command, or the CreateDBInstance RDS API operation.

Console setting Setting description CLI option and RDS API parameter Supported DB engines

Allocated storage

The amount of storage to allocate for your DB instance (in gibibytes). In some cases, allocating a higher amount of storage for your DB instance than the size of your database can improve I/O performance.

For more information, see Amazon RDS DB instance storage.

CLI option:

--allocated-storage

API parameter:

AllocatedStorage

All

Architecture settings

If you choose Oracle multitenant architecture, RDS for Oracle creates a container database (CDB). If you don't choose this option, RDS for Oracle creates a non-CDB. A non-CDB uses the traditional Oracle database architecture. A CDB can contain pluggable databases (PDBs) whereas a non-CDB cannot.

Oracle Database 21c uses the CDB architecture only. Oracle Database 19c can use either the CDB or non-CDB architecture. Releases lower than Oracle Database 19c use the non-CDB architecture only.

For more information, see Overview of RDS for Oracle CDBs.

CLI option:

--engine oracle-ee-cdb (Oracle multitenant)

--engine oracle-se2-cdb (Oracle multitenant)

--engine oracle-ee (traditional)

--engine oracle-se2 (traditional)

API parameter:

Engine

Oracle

Architecture configuration

These settings are only valid when you choose Oracle multitenant architecture for Architecture settings. Choose either of the following additional settings:

  • With the Multi-tenant configuration, your RDS for Oracle CDB instance can contain 1–30 tenant databases, depending on the database edition and any required option licenses. In the context of an Oracle database, a tenant database is a PDB. Application PDBs and proxy PDBs aren't supported.

    Your DB instance is created with 1 initial tenant database. Choose values for Tenant database name, Tenant database master username, Tenant database master password, and Tenant database character set.

    The multi-tenant configuration is permanent. Thus, you can't convert the multi-tenant configuration back to the single-tenant configuration. The minimum supported release update (RU) for the multi-tenant configuration is 19.0.0.0.ru-2022-01.rur-2022.r1.

    Note

    The Amazon RDS feature is called "multi-tenant" rather than "multitenant" because it is a capability of the RDS platform, not just the Oracle DB engine. The term "Oracle multitenant" refers exclusively to the Oracle database architecture, which is compatible with both on-premises and RDS deployments.

  • With the Single-tenant configuration, your RDS for Oracle CDB contains 1 PDB. This is the default configuration when you create a CDB. You can't delete the initial PDB or add more PDBs. You can later convert the single-tenant configuration of your CDB to the multi-tenant configuration, but you can't then convert back to the single-tenant configuration.

Regardless of which configuration you choose, your CDB contains a single initial PDB. In the multi-tenant configuration, you can create more PDBs later using RDS APIs.

For more information, see Overview of RDS for Oracle CDBs.

CLI option:

--multi-tenant (multi-tenant configuration)

--no-multi-tenant (single-tenant configuration)

API parameter:

MultiTenant

Oracle

Auto minor version upgrade

Choose Enable auto minor version upgrade to enable your DB instance to receive preferred minor DB engine version upgrades automatically when they become available. This is the default behavior. Amazon RDS performs automatic minor version upgrades in the maintenance window. If you don't choose Enable auto minor version upgrade, your DB instance isn't upgraded automatically when new minor versions become available.

For more information, see Automatically upgrading the minor engine version.

CLI option:

--auto-minor-version-upgrade

--no-auto-minor-version-upgrade

API parameter:

AutoMinorVersionUpgrade

All
Availability zone

The Availability Zone for your DB instance. Use the default value of No Preference unless you want to specify an Availability Zone.

For more information, see Regions, Availability Zones, and Local Zones.

CLI option:

--availability-zone

API parameter:

AvailabilityZone

All

AWS KMS key

Only available if Encryption is set to Enable encryption. Choose the AWS KMS key to use for encrypting this DB instance. For more information, see Encrypting Amazon RDS resources.

CLI option:

--kms-key-id

API parameter:

KmsKeyId

All
Backup replication

Choose Enable replication in another AWS Region to create backups in an additional Region for disaster recovery.

Then choose the Destination Region for the additional backups.

Not available when creating a DB instance. For information on enabling cross-Region backups using the AWS CLI or RDS API, see Enabling cross-Region automated backups.

Oracle

PostgreSQL

SQL Server

Backup retention period

The number of days that you want automatic backups of your DB instance to be retained. For any nontrivial DB instance, set this value to 1 or greater.

For more information, see Introduction to backups.

CLI option:

--backup-retention-period

API parameter:

BackupRetentionPeriod

All
Backup target

Choose AWS Cloud to store automated backups and manual snapshots in the parent AWS Region. Choose Outposts (on-premises) to store them locally on your Outpost.

This option setting applies only to RDS on Outposts. For more information, see Creating DB instances for Amazon RDS on AWS Outposts.

CLI option:

--backup-target

API parameter:

BackupTarget

MySQL, PostgreSQL, SQL Server
Backup window

The time period during which Amazon RDS automatically takes a backup of your DB instance. Unless you have a specific time that you want to have your database backed up, use the default of No Preference.

For more information, see Introduction to backups.

CLI option:

--preferred-backup-window

API parameter:

PreferredBackupWindow

All

Certificate authority

The certificate authority (CA) for the server certificate used by the DB instance.

For more information, see Using SSL/TLS to encrypt a connection to a DB instance or cluster.

CLI option:

--ca-certificate-identifier

RDS API parameter:

CACertificateIdentifier

All

Character set

The character set for your DB instance. The default value of AL32UTF8 for the DB character set is for the Unicode 5.0 UTF-8 Universal character set. You can't change the DB character set after you create the DB instance.

In a single-tenant configuration, a non-default DB character set affects only the PDB, not the CDB. For more information, see Single-tenant configuration of the CDB architecture.

The DB character set is different from the national character set, which is called the NCHAR character set. Unlike the DB character set, the NCHAR character set specifies the encoding for NCHAR data types (NCHAR, NVARCHAR2, and NCLOB) columns without affecting database metadata.

For more information, see RDS for Oracle character sets.

CLI option:

--character-set-name

API parameter:

CharacterSetName

Oracle
Collation

A server-level collation for your DB instance.

For more information, see Server-level collation for Microsoft SQL Server.

CLI option:

--character-set-name

API parameter:

CharacterSetName

SQL Server
Copy tags to snapshots

This option copies any DB instance tags to a DB snapshot when you create a snapshot.

For more information, see Tagging Amazon RDS resources.

CLI option:

--copy-tags-to-snapshot

--no-copy-tags-to-snapshot

RDS API parameter:

CopyTagsToSnapshot

All
Database authentication

The database authentication option that you want to use.

Choose Password authentication to authenticate database users with database passwords only.

Choose Password and IAM DB authentication to authenticate database users with database passwords and user credentials through users and roles. For more information, see IAM database authentication for MariaDB, MySQL, and PostgreSQL. This option is only supported for MySQL and PostgreSQL.

Choose Password and Kerberos authentication to authenticate database users with database passwords and Kerberos authentication through an AWS Managed Microsoft AD created with AWS Directory Service. Next, choose the directory or choose Create a new Directory.

For more information, see one of the following:

IAM:

CLI option:

--enable-iam-database-authentication

--no-enable-iam-database-authentication

RDS API parameter:

EnableIAMDatabaseAuthentication

Kerberos:

CLI option:

--domain

--domain-iam-role-name

RDS API parameter:

Domain

DomainIAMRoleName

Varies by authentication type

Database management type

Choose Amazon RDS if you don't need to customize your environment.

Choose Amazon RDS Custom if you want to customize the database, OS, and infrastructure. For more information, see Working with Amazon RDS Custom.

For the CLI and API, you specify the database engine type.

Oracle

SQL Server

Database port

The port that you want to access the DB instance through. The default port is shown.

Note

The firewalls at some companies block connections to the default MariaDB, MySQL, and PostgreSQL ports. If your company firewall blocks the default port, enter another port for your DB instance.

CLI option:

--port

RDS API parameter:

Port

All
DB engine version

The version of database engine that you want to use.

CLI option:

--engine-version

RDS API parameter:

EngineVersion

All
DB instance class

The configuration for your DB instance. For example, a db.t3.small DB instance class has 2 GiB memory, 2 vCPUs, 1 virtual core, a variable ECU, and a moderate I/O capacity.

If possible, choose a DB instance class large enough that a typical query working set can be held in memory. When working sets are held in memory, the system can avoid writing to disk, which improves performance. For more information, see DB instance classes.

In RDS for Oracle, you can select Include additional memory configurations. These configurations are optimized for a high ratio of memory to vCPU. For example, db.r5.6xlarge.tpc2.mem4x is a db.r5.8x DB instance that has 2 threads per core (tpc2) and 4x the memory of a standard db.r5.6xlarge DB instance. For more information, see RDS for Oracle instance classes.

CLI option:

--db-instance-class

RDS API parameter:

DBInstanceClass

All
DB instance identifier

The name for your DB instance. Name your DB instances in the same way that you name your on-premises servers. Your DB instance identifier can contain up to 63 alphanumeric characters, and must be unique for your account in the AWS Region you chose.

CLI option:

--db-instance-identifier

RDS API parameter:

DBInstanceIdentifier

All
DB parameter group

A parameter group for your DB instance. You can choose the default parameter group, or you can create a custom parameter group.

If you are using the BYOL model for RDS for Db2, before creating a DB instance, you must first create a custom parameter group that contains your IBM Site ID and IBM Customer ID. For more information, see Bring Your Own License.

For more information, see Working with parameter groups.

CLI option:

--db-parameter-group-name

RDS API parameter:

DBParameterGroupName

All
DB subnet group

The DB subnet group you want to use for the DB cluster.

Select Choose existing to use an existing DB subnet group. Then choose the required subnet group from the Existing DB subnet groups dropdown list.

Choose Automatic setup to let RDS select a compatible DB subnet group. If none exist, RDS creates a new subnet group for your cluster.

For more information, see Working with DB subnet groups.

CLI option:

--db-subnet-group-name

RDS API parameter:

DBSubnetGroupName

All
Dedicated Log Volume

Use a dedicated log volume (DLV) to store database transaction logs on a storage volume that's separate from the volume containing the database tables.

For more information, see Using a dedicated log volume (DLV).

CLI option:

--dedicated-log-volume

RDS API parameter:

DedicatedLogVolume

All
Deletion protection

Enable deletion protection to prevent your DB instance from being deleted. If you create a production DB instance with the AWS Management Console, deletion protection is enabled by default.

For more information, see Deleting a DB instance.

CLI option:

--deletion-protection

--no-deletion-protection

RDS API parameter:

DeletionProtection

All
Encryption

Enable Encryption to enable encryption at rest for this DB instance.

For more information, see Encrypting Amazon RDS resources.

CLI option:

--storage-encrypted

--no-storage-encrypted

RDS API parameter:

StorageEncrypted

All
Enhanced Monitoring

Enable enhanced monitoring to enable gathering metrics in real time for the operating system that your DB instance runs on.

For more information, see Monitoring OS metrics with Enhanced Monitoring.

CLI options:

--monitoring-interval

--monitoring-role-arn

RDS API parameters:

MonitoringInterval

MonitoringRoleArn

All
Engine type

Choose the database engine to be used for this DB instance.

CLI option:

--engine

RDS API parameter:

Engine

All
Initial database name

The name for the database on your DB instance. If you don't provide a name, Amazon RDS doesn't create a database on the DB instance (except for Oracle and PostgreSQL). The name can't be a word reserved by the database engine, and has other constraints depending on the DB engine.

Db2:

  • It must contain 1–8 alphanumeric characters.

  • It must start with a-z, A-Z, @, $, or #, and be followed by a-z, A-Z, 0-9, _, @, #, or $.

  • It can't contain spaces.

  • For more information, see Additional considerations.

MariaDB and MySQL:

  • It must contain 1–64 alphanumeric characters.

Oracle:

  • It must contain 1–8 alphanumeric characters.

  • It can't be NULL. The default value is ORCL.

  • It must begin with a letter.

PostgreSQL:

  • It must contain 1–63 alphanumeric characters.

  • It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0-9).

  • The initial database name is postgres.

CLI option:

--db-name

RDS API parameter:

DBName

All except SQL Server
License

Valid values for the license model:

  • bring-your-own-license for Db2.

  • general-public-license for MariaDB.

  • license-included for Microsoft SQL Server.

  • general-public-license for MySQL.

  • license-included or bring-your-own-license for Oracle.

  • postgresql-license for PostgreSQL.

CLI option:

--license-model

RDS API parameter:

LicenseModel

All

Log exports

The types of database log files to publish to Amazon CloudWatch Logs.

For more information, see Publishing database logs to Amazon CloudWatch Logs.

CLI option:

--enable-cloudwatch-logs-exports

RDS API parameter:

EnableCloudwatchLogsExports

All

Maintenance window

The 30-minute window in which pending modifications to your DB instance are applied. If the time period doesn't matter, choose No Preference.

For more information, see The Amazon RDS maintenance window.

CLI option:

--preferred-maintenance-window

RDS API parameter:

PreferredMaintenanceWindow

All
Manage master credentials in AWS Secrets Manager

Select Manage master credentials in AWS Secrets Manager to manage the master user password in a secret in Secrets Manager.

Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account.

For more information, see Password management with Amazon RDS and AWS Secrets Manager.

CLI option:

--manage-master-user-password | --no-manage-master-user-password

--master-user-secret-kms-key-id

RDS API parameter:

ManageMasterUserPassword

MasterUserSecretKmsKeyId

All
Master password

The password for your master user account. The password has the following number of printable ASCII characters (excluding /, ", a space, and @) depending on the DB engine:

  • Db2: 8–255

  • Oracle: 8–30

  • MariaDB and MySQL: 8–41

  • SQL Server and PostgreSQL: 8–128

CLI option:

--master-user-password

RDS API parameter:

MasterUserPassword

All
Master username

The name that you use as the master username to log in to your DB instance with all database privileges. Note the following naming restrictions:

  • The name can contain 1–16 alphanumeric characters and underscores.

  • The first character must be a letter.

  • The name can't be a word reserved by the database engine.

You can't change the master username after you create the DB instance.

For Db2, we recommend that you use the same master username as your self-managed Db2 instance name.

For more information on privileges granted to the master user, see Master user account privileges.

CLI option:

--master-username

RDS API parameter:

MasterUsername

All
Microsoft SQL Server Windows Authentication

Enable Microsoft SQL Server Windows authentication, then Browse Directory to choose the directory where you want to allow authorized domain users to authenticate with this SQL Server instance using Windows Authentication.

CLI options:

--domain

--domain-iam-role-name

RDS API parameters:

Domain

DomainIAMRoleName

SQL Server

Multi-AZ deployment

Create a standby instance to create a passive secondary replica of your DB instance in another Availability Zone for failover support. We recommend Multi-AZ for production workloads to maintain high availability.

For development and testing, you can choose Do not create a standby instance.

For more information, see Configuring and managing a Multi-AZ deployment.

CLI option:

--multi-az

--no-multi-az

RDS API parameter:

MultiAZ

All
National character set (NCHAR)

The national character set for your DB instance, commonly called the NCHAR character set. You can set the national character set to either AL16UTF16 (default) or UTF-8. You can't change the national character set after you create the DB instance.

The national character set is different from the DB character set. Unlike the DB character set, the national character set specifies the encoding only for NCHAR data types (NCHAR, NVARCHAR2, and NCLOB) columns without affecting database metadata.

For more information, see RDS for Oracle character sets.

CLI option:

--nchar-character-set-name

API parameter:

NcharCharacterSetName

Oracle
Network type

The IP addressing protocols supported by the DB instance.

IPv4 (the default) to specify that resources can communicate with the DB instance only over the Internet Protocol version 4 (IPv4) addressing protocol.

Dual-stack mode to specify that resources can communicate with the DB instance over IPv4, Internet Protocol version 6 (IPv6), or both. Use dual-stack mode if you have any resources that must communicate with your DB instance over the IPv6 addressing protocol. Also, make sure that you associate an IPv6 CIDR block with all subnets in the DB subnet group that you specify.

For more information, see Amazon RDS IP addressing.

CLI option:

--network-type

RDS API parameter:

NetworkType

All

Option group

An option group for your DB instance. You can choose the default option group or you can create a custom option group.

For more information, see Working with option groups.

CLI option:

--option-group-name

RDS API parameter:

OptionGroupName

All

Performance Insights

Enable Performance Insights to monitor your DB instance load so that you can analyze and troubleshoot your database performance.

Choose a retention period to determine how much Performance Insights data history to keep. The retention setting in the free tier is Default (7 days). To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see Pricing and data retention for Performance Insights.

Choose a KMS key to use to protect the key used to encrypt this database volume. Choose from the KMS keys in your account, or enter the key from a different account.

For more information, see Monitoring DB load with Performance Insights on Amazon RDS.

CLI options:

--enable-performance-insights

--no-enable-performance-insights

--performance-insights-retention-period

--performance-insights-kms-key-id

RDS API parameters:

EnablePerformanceInsights

PerformanceInsightsRetentionPeriod

PerformanceInsightsKMSKeyId

All except Db2

Provisioned IOPS

The Provisioned IOPS (I/O operations per second) value for the DB instance. This setting is available only if you choose one of the following for Storage type:

  • General purpose SSD (gp3)

  • Provisioned IOPS SSD (io1)

  • Provisioned IOPS SSD (io2)

For more information, see Amazon RDS DB instance storage.

CLI option:

--iops

RDS API parameter:

Iops

All

Public access

Yes to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC.

No to make the DB instance accessible only from inside the VPC.

For more information, see Hiding a DB instance in a VPC from the internet.

To connect to a DB instance from outside of its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group. In addition, other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance.

If your DB instance isn't publicly accessible, use an AWS Site-to-Site VPN connection or an AWS Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy.

CLI option:

--publicly-accessible

--no-publicly-accessible

RDS API parameter:

PubliclyAccessible

All

RDS Proxy

Choose Create an RDS Proxy to create a proxy for your DB instance. Amazon RDS automatically creates an IAM role and a Secrets Manager secret for the proxy.

For more information, see Using Amazon RDS Proxy.

Not available when creating a DB instance.

MariaDB

MySQL

PostgreSQL

Storage autoscaling

Enable storage autoscaling to enable Amazon RDS to automatically increase storage when needed to avoid having your DB instance run out of storage space.

Use Maximum storage threshold to set the upper limit for Amazon RDS to automatically increase storage for your DB instance. The default is 1,000 GiB.

For more information, see Managing capacity automatically with Amazon RDS storage autoscaling.

CLI option:

--max-allocated-storage

RDS API parameter:

MaxAllocatedStorage

All

Storage throughput

The storage throughput value for the DB instance. This setting is available only if you choose General purpose SSD (gp3) for Storage type.

For more information, see gp3 storage.

CLI option:

--storage-throughput

RDS API parameter:

StorageThroughput

All
Storage type

The storage type for your DB instance.

If you choose General Purpose SSD (gp3), you can provision additional provisioned IOPS and storage throughput under Advanced settings.

If you choose Provisioned IOPS SSD (io1) or Provisioned IOPS SSD (io2), enter the Provisioned IOPS value.

For more information, see Amazon RDS storage types.

CLI option:

--storage-type

RDS API parameter:

StorageType

All
Subnet group

A DB subnet group to associate with this DB instance.

For more information, see Working with DB subnet groups.

CLI option:

--db-subnet-group-name

RDS API parameter:

DBSubnetGroupName

All
Tenant database name

The name of your initial PDB in the multi-tenant configuration of the Oracle architecture. This setting is available only if you choose Multi-tenant configuration for Architecture configuration.

The tenant database name must differ from the name of your CDB, which is named RDSCDB. You can't change the CDB name.

CLI option:

--db-name

RDS API parameter:

DBName

Oracle

Tenant database master username

The name that you use as the master username to log in to your tenant database (PDB) with all database privileges. This setting is available only if you choose Multi-tenant configuration for Architecture configuration.

Note the following naming restrictions:

  • The name can contain 1–16 alphanumeric characters and underscores.

  • The first character must be a letter.

  • The name can't be a word reserved by the database engine.

You can't do the following:

  • Change the tenant master username after you create the tenant database.

  • Log in with the tenant master username to the CDB.

CLI option:

--master-username

RDS API parameter:

MasterUsername

Oracle

Tenant database master password

The password for the master user account of your tenant database (PDB). This setting is available only if you choose Multi-tenant configuration for Architecture configuration.

The password has 8–30 printable ASCII characters, excluding /, ", a space, and @.

CLI option:

--master-password

RDS API parameter:

MasterPassword

Oracle

Tenant database character set

The character set of the initial tenant database. This setting is available only if you choose Multi-tenant configuration for Architecture configuration. Only RDS for Oracle CDB instances are supported.

The default value of AL32UTF8 for the tenant database character set is for the Unicode 5.0 UTF-8 Universal character set. You can choose a tenant database character set that is different from the character set of the CDB.

For more information, see RDS for Oracle character sets.

CLI option:

--character-set-name

RDS API parameter:

CharacterSetName

Oracle

Tenant database national character set

The national character set for your tenant database, commonly called the NCHAR character set. This setting is available only if you choose Multi-tenant configuration for Architecture configuration. Only RDS for Oracle CDB instances are supported.

You can set the national character set to either AL16UTF16 (default) or UTF-8. You can't change the national character set after you create the tenant database.

The tenant database national character set is different from the tenant database character set. The national character set specifies the encoding only for columns that use the NCHAR data type (NCHAR, NVARCHAR2, and NCLOB) and doesn't affect database metadata.

For more information, see RDS for Oracle character sets.

CLI option:

--nchar-character-set-name

API parameter:

NcharCharacterSetName

Oracle

Time zone

The time zone for your DB instance. If you don't choose a time zone, your DB instance uses the default time zone. You can't change the time zone after the DB instance is created.

For more information, see Local time zone for Microsoft SQL Server DB instances.

CLI option:

--timezone

RDS API parameter:

Timezone

SQL Server

RDS Custom for SQL Server

Virtual Private Cloud (VPC)

A VPC based on the Amazon VPC service to associate with this DB instance.

For more information, see Amazon VPC VPCs and Amazon RDS.

For the CLI and API, you specify the VPC security group IDs.

All
VPC security group (firewall)

The security group to associate with the DB instance.

For more information, see Overview of VPC security groups.

CLI option:

--vpc-security-group-ids

RDS API parameter:

VpcSecurityGroupIds

All