Menu
Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Working with Option Groups

Some DB engines offer additional features that make it easier to manage data and databases, and to provide additional security for your database. Amazon RDS uses option groups to enable and configure these features. An option group can specify features, called options, that are available for a particular Amazon RDS DB instance. Options can have settings that specify how the option works. When you associate a DB instance with an option group, the specified options and option settings are enabled for that DB instance.

Amazon RDS supports options for the following database engines:

Option Groups Overview

Amazon RDS provides an empty default option group for each new DB instance. You cannot modify this default option group, but any new option group that you create derives its settings from the default option group. To apply an option to a DB instance, you must do the following:

  1. Create a new option group, or copy or modify an existing option group.

  2. Add one or more options to the option group.

  3. Associate the option group with the DB instance.

Both DB instances and DB snapshots can be associated with an option group. When you restore from a DB snapshot or perform a point-in-time restore for a DB instance, the option group associated with the DB snapshot or DB instance will, by default, be associated with the restored DB instance. You can associate a different option group with a restored DB instance. However, the new option group must contain any persistent or permanent options that were included in the original option group. Persistent and permanent options are described following.

Options require additional memory to run on a DB instance, so you might need to launch a larger instance to use them, depending on your current use of your DB instance. For example, Oracle Enterprise Manager Database Control uses about 300 MB of RAM; if you enable this option for a small DB instance, you might encounter performance problems or out-of-memory errors.

Each DB instance indicates the status of its association with an option group. For example, a status of active indicates the DB instance is associated with that option group, and a status of invalid indicates that the option group associated with the DB instance does not contain the options the DB instance requires. If you query a DB instance for the status of its associated option group, Amazon RDS can also return a status such as pending or applying when it is attempting to change the association from one state to another. For example, the status of the association of a DB instance in an option group can be creating/pending.

Persistent and Permanent Options

Two types of options, persistent and permanent, require special consideration when you add them to an option group.

Persistent options, such as the TDE option for Microsoft SQL Server transparent data encryption (TDE), cannot be removed from an option group while DB instances are associated with the option group. You must disassociate all DB instances from the option group before a persistent option can be removed from the option group. When you restore or perform a point-in-time restore from a DB snapshot, if the option group associated with that DB snapshot contains a persistent option, you can only associate the restored DB instance with that option group.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can never be removed from an option group, and the option group cannot be disassociated from the DB instance. When you restore or perform a point-in-time restore from a DB snapshot, if the option group associated with that DB snapshot contains a permanent option, you can only associate the restored DB instance with an option group with that permanent option.

VPC and Platform Considerations

When an option group is assigned to a DB instance, it is linked to the platform that the DB instance is on. That platform can either be a VPC supported by the Amazon Virtual Private Cloud (Amazon VPC) service, or EC2-Classic (non-VPC) supported by the Amazon Elastic Compute Cloud (Amazon EC2) service. For details on these two platforms, see Amazon EC2 and Amazon Virtual Private Cloud.

If a DB instance is in a VPC, the option group associated with the instance is linked to that VPC. This means that you cannot use the option group assigned to a DB instance if you attempt to restore the instance into a different VPC or onto a different platform. If you restore a DB instance into a different VPC or onto a different platform, you must either assign the default option group to the DB instance, assign an option group that is linked to that VPC or platform, or create a new option group and assign it to the DB instance. Note that with persistent or permanent options, such as Oracle TDE, you must create a new option group that includes the persistent or permanent option when restoring a DB instance into a different VPC.

Option settings control the behavior of an option. For example, the Oracle Advanced Security option NATIVE_NETWORK_ENCRYPTION has a setting that you can use to specify the encryption algorithm for network traffic to and from the DB instance. Some options settings are optimized for use with Amazon RDS and cannot be changed.

Mutually Exclusive Options

Some options are mutually exclusive. You can use one or the other, but not both at the same time. The following options are mutually exclusive:

Creating an Option Group

You can create a new option group that derives its settings from the default option group, and then add one or more options to the new option group. Alternatively, if you already have an existing option group, you can copy that option group with all of its options to a new option group. For more information, see Making a Copy of an Option Group.

After you create a new option group, it has no options. To learn how to add options to the option group, see Adding an Option to an Option Group. After you have added the options you want, you can then associate the option group with a DB instance so that the options become available on the DB instance. For information about associating an option group with a DB instance, see the documentation for your specific engine listed at Working with Option Groups.

AWS Management Console

One way of creating on option group is by using the AWS Management Console.

To create a new option group by using the console

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Option Groups.

  3. Choose Create Group.

  4. In the Create Option Group dialog box, do the following:

    1. For Name, type a name for the option group that is unique within your AWS account. The name can contain only letters, digits, and hyphens.

    2. For Description, type a brief description of the option group. The description is used for display purposes.

    3. For Engine, choose the DB engine that you want.

    4. For Major Engine Version, choose the major version of the DB engine that you want.

  5. To continue, choose Yes, Create. To cancel the operation instead, choose Cancel.

CLI

To create an option group, use the AWS CLI create-option-group command with the following required parameters.

  • --option-group-name

  • --engine-name

  • --major-engine-version

  • --option-group-description

Example

The following example creates an option group named TestOptionGroup, which is associated with the Oracle Enterprise Edition DB engine. The description is enclosed in quotation marks.

For Linux, OS X, or Unix:

aws rds create-option-group \
    --option-group-name testoptiongroup \
    -–engine-name oracle-ee \
    -–major-engine-version 11.2 \
    --option-group-description "Test option group" 

For Windows:

aws rds create-option-group ^
    --option-group-name testoptiongroup ^
    -–engine-name oracle-ee ^
    -–major-engine-version 11.2 ^
    --option-group-description "Test option group" 

API

To create an option group, call the Amazon RDS API CreateOptionGroup action. Include the following parameters:

  • OptionGroupName = testoptiongroup

  • EngineName = oracle-ee

  • MajorEngineVersion = 11.2

  • OptionGroupDescription = Test%20option%20group

Example

https://rds.us-east-1.amazonaws.com/
   ?Action=CreateOptionGroup
   &EngineName=oracle-ee
   &MajorEngineVersion=11.2
   &OptionGroupDescription=test%20option%20group
   &OptionGroupName=testoptiongroup
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &Version=2014-09-01
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140425/us-east-1/rds/aws4_request
   &X-Amz-Date=20140425T174519Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=d3a89afa4511d0c4ecab046d6dc760a72bfe6bb15999cce053adeb2617b60384

Making a Copy of an Option Group

You can use the AWS CLI or the Amazon RDS API to make a copy of an option group. Copying an option group is a convenient solution when you have already created an option group and you want to include most of the custom parameters and values from that group in a new option group. You can also make a copy of an option group that you use in production and then modify the copy to test other option settings.

CLI

To copy an option group, use the AWS CLI copy-option-group command. Include the following required parameters:

  • --source-option-group-identifier

  • --target-option-group-identifier

  • --target-option-group-description

Example

The following example creates an option group named new-local-option-group, which is a local copy of the option group my-remote-option-group.

For Linux, OS X, or Unix:

aws rds copy-option-group \
    --source-option-group-identifier arn:aws:rds:us-west-2:815981987263%3og:my-remote-option-group \
    --target-option-group-identifier new-local-option-group \
    --target-option-group-description "Option group 2"

For Windows:

aws rds copy-option-group ^
    --source-option-group-identifier arn:aws:rds:us-west-2:815981987263%3og:my-remote-option-group ^
    --target-option-group-identifier new-local-option-group ^
    --target-option-group-description "Option group 2"

API

To copy an option group, call the Amazon RDS API CopyOptionGroup action. Include the following required parameters.

  • SourceOptionGroupIdentifier = arn%3Aaws%3Ards%3Aus-west-2%3A815981987263%3og%3Amy-remote-option-group

  • TargetOptionGroupIdentifier = new-local-option-group

  • TargetOptionGroupDescription = Option%20group%202

Example

The following example creates an option group named new-local-option-group, which is a local copy of the option group my-remote-option-group.

https://rds.us-east-1.amazonaws.com/
   ?Action=CopyOptionGroup
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &SourceOptionGroupIdentifier=arn%3Aaws%3Ards%3Aus-west-2%3A815981987263%3og%3Amy-remote-option-group
   &TargetOptionGroupDescription=New%20option%20group
   &TargetOptionGroupIdentifier=new-local-option-group
   &Version=2014-09-01
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140429/us-east-1/rds/aws4_request
   &X-Amz-Date=20140429T175351Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=9164337efa99caf850e874a1cb7ef62f3cea29d0b448b9e0e7c53b288ddffed2

Adding an Option to an Option Group

You can add an option to an existing option group. After you have added the options you want, you can then associate the option group with a DB instance so that the options become available on the DB instance. For information about associating an option group with a DB instance, see the documentation for your specific DB engine listed at Working with Option Groups.

Option group changes must be applied immediately in two cases:

  • When you add an option that adds or updates a port value, such as the OEM option.

  • When you add or remove an option group with an option that includes a port value.

In these cases, you must select the Apply Immediately option in the console, or include the Apply-Immediately option when using the AWS CLI or set the Apply-Immediately parameter to true when using the Amazon RDS API. Options that don't include port values can be applied immediately, or can be applied during the next maintenance window for the DB instance.

AWS Management Console

You can use the AWS Management Console to add an option to an option group.

To add an option to an option group by using the console

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Option Groups.

  3. Select the option group that you want to modify, and then choose Add Option.

    Console option group
  4. In the Add Option dialog box, do the following:

    1. Choose the option that you want to add. You might need to provide additional values, depending on the option that you select. For example, when you choose the OEM option, you must also type a port value and specify a DB security group.

    2. To enable the option on all associated DB instances as soon as you add it, for Apply Immediately, choose Yes. If you choose No (the default), the option is enabled for each associated DB instance during its next maintenance window.

    Console option group
  5. When the settings are as you want them, choose Add Option.

CLI

To add an option to an option group, run the AWS CLI add-option-to-option-group command with the option that you want to add. To enable the new option immediately on all associated DB instances, include the --apply-immediately parameter. By default, the option is enabled for each associated DB instance during its next maintenance window. Include the following required parameter:

  • --option-group-name

Example

The following example adds the Oracle Enterprise Manager Database Control (OEM) option to an option group named TestOptionGroup and immediately enables it. Note that even if you use the default security group, you must specify that security group.

For Linux, OS X, or Unix:

aws rds add-option-to-option-group \
--option-group-name TestOptionGroup \
-–option-name OEM \
--security-groups default \
--apply-immediately

For Windows:

aws rds add-option-to-option-group \
--option-group-name TestOptionGroup \
-–option-name OEM \
--security-groups default \
--apply-immediately

Command output is similar to the following:

OPTIONGROUP testoptiongroup oracle-ee 11.2 Test option group
    OPTION OEM 1158 Oracle Enterprise Manager
        SECGROUP default authorized

Example

The following example adds the Oracle OEM option to an option group, specifies a custom port, and specifies a pair of Amazon EC2 VPC security groups to use for that port.

For Linux, OS X, or Unix:

aws rds add-option-to-option-group \
    --option-group-name my-option-group \
    --option-name OEM \
    --port 5432 \
    --vpcsg sg-454fa22a,sg-5da54932

For Windows:

aws rds add-option-to-option-group ^
    --option-group-name my-option-group ^
    --option-name OEM ^
    --port 5432 ^
    --vpcsg sg-454fa22a,sg-5da54932

Command output is similar to the following:

OPTIONGROUP  my-option-group  oracle-se  11.2  My option group
OPTION  OEM  n  5432  Oracle Enterprise Manager
VPCSECGROUP  sg-454fa22a  active
VPCSECGROUP  sg-5da54932  active

Example

The following example adds the Oracle option NATIVE_NETWORK_ENCRYPTION to an option group and specifies the option settings. If no option settings are specified, default values are used.

For Linux, OS X, or Unix:

aws rds add-option-to-option-group \
    --option-group-name my-option-group \
    --options NATIVE_NETWORK_ENCRYPTION \
    --settings "SQLNET.ENCRYPTION_SERVER=REQUIRED; SQLNET.ENCRYPTION_TYPES_SERVER=AES256,AES192,DES"

For Windows:

aws rds add-option-to-option-group ^
    --option-group-name my-option-group ^
    --options NATIVE_NETWORK_ENCRYPTION ^
    --settings "SQLNET.ENCRYPTION_SERVER=REQUIRED; SQLNET.ENCRYPTION_TYPES_SERVER=AES256,AES192,DES"

Command output is similar to the following:

OPTIONGROUP  Group Name       Engine     Major Engine Version  Description      VpcSpecific
OPTIONGROUP  my-option-group  oracle-ee  11.2                  My option group  n          
    OPTION  Name                        Persistent Permanent Description
    OPTION  NATIVE_NETWORK_ENCRYPTION   n          n         Oracle Advanced Security - Native Network Encryption
      OPTIONSETTING  Name                                 Description                                                         Value              Modifiable
      OPTIONSETTING  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER  Specifies list of checksumming algorithms in order of intended use  SHA1,MD5           true
      OPTIONSETTING  SQLNET.ENCRYPTION_TYPES_SERVER       Specifies list of encryption algorithms in order of intended use    AES256,AES192,DES  true
      OPTIONSETTING  SQLNET.ENCRYPTION_SERVER             Specifies the desired encryption behavior                           REQUIRED           true
      OPTIONSETTING  SQLNET.CRYPTO_CHECKSUM_SERVER        Specifies the desired data integrity behavior                       REQUESTED          true

API

To add an option to an option group using the Amazon RDS API, call the ModifyOptionGroup action with the option that you want to add. To enable the new option immediately on all associated DB instances, include the ApplyImmediatelye parameter and set it to true. By default, the option will be enabled for each associated DB instance during its next maintenance window. Include the following required parameter:

  • OptionGroupName

Example

https://rds.us-east-1.amazonaws.com/
    ?Action=ModifyOptionGroup
    &ApplyImmediately=true
    &OptionGroupName=myawsuser-og02
    &OptionsToInclude.member.1.DBSecurityGroupMemberships.member.1=default
    &OptionsToInclude.member.1.OptionName=MEMCACHED
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &Version=2014-09-01
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20140501/us-east-1/rds/aws4_request
    &X-Amz-Date=20140501T230529Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=4b278baae6294738704a9948e355af0e9bd4fa0913d5b35b0a9a3c916925aced

Listing the Options and Option Settings for an Option Group

You can list all the options and option settings for an option group.

AWS Management Console

You can use the AWS Management Console to list all of the options and option settings for an option group.

To list the options and option settings for an option group

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Option Groups. The Options column in the table shows the options and option settings in the option group.

CLI

To list the options and option settings for an option group, use the AWS CLI describe-option-groups command. Specify the name of the option group whose options and settings you want to view. If you don't specify an option group name, all option groups are described.

Example

The following example lists the options and option settings for all option groups.

aws rds describe-option-groups

Example

The following example lists the options and option settings for an option group named TestOptionGroup.

aws rds describe-option-groups --option-group-name TestOptionGroup

API

To list the options and option settings for an option group, use the Amazon RDS API DescribeOptionGroups action. Specify the name of the option group whose options and settings you want to view. If you don't specify an option group name, all option groups are described.

Example

The following example lists the options and option settings for all option groups.

https://rds.us-west-2.amazonaws.com/
    ?Action=DescribeOptionGroups
    &MaxRecords=100
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &Version=2014-09-01
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20140613/us-west-2/rds/aws4_request
    &X-Amz-Date=20140613T223341Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=5ae331adcd684c27d66e0b794a51933effe32a4c026eba2e994ae483ee47a0ba

The output from the preceding action is similar to the following:

<DescribeOptionGroupsResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/">
  <DescribeOptionGroupsResult>
    <OptionGroupsList>
      <OptionGroup>
        <OptionGroupName>default:mysql-5-5</OptionGroupName>
        <AllowsVpcAndNonVpcInstanceMemberships>true</AllowsVpcAndNonVpcInstanceMemberships>
        <MajorEngineVersion>5.5</MajorEngineVersion>
        <EngineName>mysql</EngineName>
        <OptionGroupDescription>Default option group for mysql 5.5</OptionGroupDescription>
        <Options/>
      </OptionGroup>
      
      <!-- some output omitted for brevity -->
      
      <OptionGroup>
        <OptionGroupName>default:postgres-9-3</OptionGroupName>
        <AllowsVpcAndNonVpcInstanceMemberships>true</AllowsVpcAndNonVpcInstanceMemberships>
        <MajorEngineVersion>9.3</MajorEngineVersion>
        <EngineName>postgres</EngineName>
        <OptionGroupDescription>Default option group for postgres 9.3</OptionGroupDescription>
        <Options/>
      </OptionGroup>
    </OptionGroupsList>
  </DescribeOptionGroupsResult>
  <ResponseMetadata>
    <RequestId>b2ce0772-f55a-11e3-bd0f-bb88ac05a37c</RequestId>
  </ResponseMetadata>
</DescribeOptionGroupsResponse>

Example

The following example lists the options and option settings for an option group named myawsuser-grp1.

https://rds.us-east-1.amazonaws.com/
   ?Action=DescribeOptionGroups
   &MaxRecords=100
   &OptionGroupName=myawsuser-grp1
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &Version=2014-09-01
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140421/us-east-1/rds/aws4_request
   &X-Amz-Date=20140421T231357Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=fabfbeb85c44e3f151d44211790c5135a9074fdb8d85ec117788ac6cfab6c5bc

The output from the preceding action is similar to the following:

<DescribeOptionGroupsResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/">
  <DescribeOptionGroupsResult>
    <OptionGroupsList>
      <OptionGroup>
        <AllowsVpcAndNonVpcInstanceMemberships>true</AllowsVpcAndNonVpcInstanceMemberships>
        <MajorEngineVersion>5.6</MajorEngineVersion>
        <OptionGroupName>myawsuser-grp1</OptionGroupName>
        <EngineName>mysql</EngineName>
        <OptionGroupDescription>my test option group</OptionGroupDescription>
        <Options/>
      </OptionGroup>
    </OptionGroupsList>
  </DescribeOptionGroupsResult>
  <ResponseMetadata>
    <RequestId>8c6201fc-b9ff-11d3-f92b-31fa5e8dbc99</RequestId>
  </ResponseMetadata>
</DescribeOptionGroupsResponse>

Modifying an Option Setting

After you have added an option that has modifiable option settings, you can modify the settings at any time. If you change options or option settings in an option group, those changes are applied to all DB instances that are associated with that option group. For more information on what settings are available for the various options, see the documentation for your specific engine listed at Working with Option Groups.

Option group changes must be applied immediately in two cases:

  • When you add an option that adds or updates a port value, such as the OEM option.

  • When you add or remove an option group with an option that includes a port value.

In these cases, you must select the Apply Immediately option in the console, or include the Apply-Immediately option when using the AWS CLI or set the Apply-Immediately parameter to true when using the Amazon RDS API. Options that don't include port values can be applied immediately, or can be applied during the next maintenance window for the DB instance.

AWS Management Console

You can use the AWS Management Console to modify an option setting.

To modify an option setting by using the console

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Option Groups.

  3. Select the option group whose option that you want to modify, and then choose Modify Option.

  4. In the Modify Option dialog box, from Installed Options, choose the option whose setting you want to modify. Make the changes that you want.

  5. To enable the option as soon as you add it, for Apply Immediately, choose Yes. If you choose No (the default), the option is enabled for each associated DB instance during its next maintenance window.

  6. When the settings are as you want them, choose Modify Option.

CLI

To modify an option setting, use the AWS CLI add-option-to-option-group command with the option group and option that you want to modify. By default, the option will be enabled for each associated DB instance during its next maintenance window. To apply the change immediately to all associated DB instances, include the --apply-immediately parameter. To modify an option setting, use the --settings argument.

Example

The following example modifies the port that the Oracle Enterprise Manager Database Control (OEM) uses in an option group named TestOptionGroup and immediately applies the change.

For Linux, OS X, or Unix:

aws rds add-option-to-option-group \
    --option-group-name TestOptionGroup \
    -–option-name OEM \
    --port 5432 \
    --apply-immediately

For Windows:

aws rds add-option-to-option-group ^
    --option-group-name TestOptionGroup ^
    -–option-name OEM ^
    --port 5432 ^
    --apply-immediately

Command output is similar to the following:

OPTIONGROUP testoptiongroup oracle-ee 11.2 Test Option Group
    OPTION OEM 5432 Oracle Enterprise Manager
        SECGROUP default authorized

Example

The following example modifies the Oracle option NATIVE_NETWORK_ENCRYPTION and changes the option settings.

For Linux, OS X, or Unix:

aws rds add-option-to-option-group \
    --option-group-name my-option-group \
    --option-name NATIVE_NETWORK_ENCRYPTION \
    --settings "SQLNET.ENCRYPTION_SERVER=REQUIRED; SQLNET.ENCRYPTION_TYPES_SERVER=AES256,AES192,DES"

For Windows:

aws rds add-option-to-option-group ^
    --option-group-name my-option-group ^
    --option-name NATIVE_NETWORK_ENCRYPTION ^
    --settings "SQLNET.ENCRYPTION_SERVER=REQUIRED; SQLNET.ENCRYPTION_TYPES_SERVER=AES256,AES192,DES"

Command output is similar to the following:

OPTIONGROUP  Group Name       Engine     Major Engine Version  Description      VpcSpecific
OPTIONGROUP  my-option-group  oracle-ee  11.2                  My option group  n          
    OPTION  Name                        Persistent Permanent Description
    OPTION  NATIVE_NETWORK_ENCRYPTION   n          n         Oracle Advanced Security - Native Network Encryption
      OPTIONSETTING  Name                                 Description                                                         Value              Modifiable
      OPTIONSETTING  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER  Specifies list of checksumming algorithms in order of intended use  SHA1,MD5           true
      OPTIONSETTING  SQLNET.ENCRYPTION_TYPES_SERVER       Specifies list of encryption algorithms in order of intended use    AES256,AES192,DES  true
      OPTIONSETTING  SQLNET.ENCRYPTION_SERVER             Specifies the desired encryption behavior                           REQUIRED           true
      OPTIONSETTING  SQLNET.CRYPTO_CHECKSUM_SERVER        Specifies the desired data integrity behavior                       REQUESTED          true

API

To modify an option setting, use the Amazon RDS API ModifyOptionGroup command with the option group and option that you want to modify. By default, the option will be enabled for each associated DB instance during its next maintenance window. To apply the change immediately to all associated DB instances, include the ApplyImmediately parameter and set it to true.

Example

https://rds.us-east-1.amazonaws.com/
    ?Action=ModifyOptionGroup
    &ApplyImmediately=true
    &OptionGroupName=myawsuser-og02
    &OptionsToInclude.member.1.DBSecurityGroupMemberships.member.1=default
    &OptionsToInclude.member.1.OptionName=MEMCACHED
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &Version=2014-09-01
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20140501/us-east-1/rds/aws4_request
    &X-Amz-Date=20140501T230529Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=4b278baae6294738704a9948e355af0e9bd4fa0913d5b35b0a9a3c916925aced

Output from the preceding action should look similar to the following:

<ModifyOptionGroupResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/">
  <ModifyOptionGroupResult>
    <OptionGroup>
      <OptionGroupName>myawsuser-og02</OptionGroupName>
      <MajorEngineVersion>5.6</MajorEngineVersion>
      <AllowsVpcAndNonVpcInstanceMemberships>false</AllowsVpcAndNonVpcInstanceMemberships>
      <EngineName>mysql</EngineName>
      <OptionGroupDescription>my second og</OptionGroupDescription>
      <Options>
        <Option>
          <Port>11211</Port>
          <OptionName>MEMCACHED</OptionName>
          <OptionDescription>Innodb Memcached for MySQL</OptionDescription>
          <Persistent>false</Persistent>
          <OptionSettings>
            <OptionSetting>
              <DataType>BOOLEAN</DataType>
              <IsModifiable>true</IsModifiable>
              <IsCollection>false</IsCollection>
              <Description>If enabled when there is no more memory to store items, memcached will return an error rather than evicting items.</Description>
              <Name>ERROR_ON_MEMORY_EXHAUSTED</Name>
              <Value>0</Value>
              <ApplyType>STATIC</ApplyType>
              <AllowedValues>0,1</AllowedValues>
              <DefaultValue>0</DefaultValue>
            </OptionSetting>
            <OptionSetting>
              <DataType>INTEGER</DataType>
              <IsModifiable>true</IsModifiable>
              <IsCollection>false</IsCollection>
              <Description>The backlog queue configures how many network connections can be waiting to be processed by memcached</Description>
              <Name>BACKLOG_QUEUE_LIMIT</Name>
              <Value>1024</Value>
              <ApplyType>STATIC</ApplyType>
              <AllowedValues>1-2048</AllowedValues>
              <DefaultValue>1024</DefaultValue>
            </OptionSetting>
          </OptionSettings>
          <VpcSecurityGroupMemberships/>
          <Permanent>false</Permanent>
          <DBSecurityGroupMemberships>
            <DBSecurityGroup>
              <Status>authorized</Status>
              <DBSecurityGroupName>default</DBSecurityGroupName>
            </DBSecurityGroup>
          </DBSecurityGroupMemberships>
        </Option>
      </Options>
    </OptionGroup>
  </ModifyOptionGroupResult>
  <ResponseMetadata>
    <RequestId>073cfb45-c184-11d3-a537-cef97546330c</RequestId>
  </ResponseMetadata>
</ModifyOptionGroupResponse>

Removing an Option from an Option Group

Some options can be removed from an option group, and some cannot. A persistent option cannot be removed from an option group until all DB instances associated with that option group are disassociated. A permanent option can never be removed from an option group. For more information about what options are removable, see the documentation for your specific engine listed at Working with Option Groups.

If you remove all options from an option group, Amazon RDS doesn't delete the option group. DB instances that are associated with the empty option group continue to be associated with it; they just won’t have any active options. Alternatively, to remove all options from a DB instance, you can associate the DB instance with the default (empty) option group.

AWS Management Console

You can use the AWS Management Console to remove an option from an option group.

To remove an option from an option group by using the console

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Option Groups.

  3. Select the option group whose option you want to remove, and then choose Delete Option.

    Console remove option db
  4. In the Delete Option dialog box, do the following:

    • Select the check box for the option that you want to delete.

    • For the deletion to take effect as soon as you make it, for Apply Immediately, choose Yes. If you choose No (the default), the option is deleted for each associated DB instance during its next maintenance window.

    Console Tags edit db
  5. When the settings are as you want them, choose Yes, Delete.

CLI

To remove an option from an option group, use the AWS CLI remove-option-from-option-group command with the option that you want to delete. By default, the option is removed from each associated DB instance during its next maintenance window. To apply the change immediately, include the --apply-immediately parameter.

Example

The following example removes the Oracle Enterprise Manager Database Control (OEM) option from an option group named TestOptionGroup and immediately applies the change.

For Linux, OS X, or Unix:

aws rds remove-option-from-option-group \
    --option-group-name TestOptionGroup \
    -–options OEM \
    --apply-immediately

For Windows:

aws rds remove-option-from-option-group ^
    --option-group-name TestOptionGroup ^
    -–options OEM ^
    --apply-immediately

Command output is similar to the following:

OPTIONGROUP    testoptiongroup oracle-ee   11.2    Test option group

API

To remove an option from an option group, use the Amazon RDS API ModifyOptionGroup action. By default, the option is removed from each associated DB instance during its next maintenance window. To apply the change immediately, include the ApplyImmediately parameter and set it to true.

Include the following parameters:

  • OptionGroupName = myawsuser-og02

  • OptionsToRemove.OptionName = OEM

Example

The following example removes the Oracle Enterprise Manager Database Control (OEM) option from an option group named TestOptionGroup and immediately applies the change.

https://rds.us-east-1.amazonaws.com/
    ?Action=ModifyOptionGroup
    &ApplyImmediately=true
    &OptionGroupName=myawsuser-og02
    &OptionsToRemove.OptionName=OEM
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &Version=2014-09-01
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20140501/us-east-1/rds/aws4_request
    &X-Amz-Date=20140501T231731Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=fd7ee924d39f1014488eb3444a8fdfb028e958b97703f95845a5addc435c1399

The output from the preceding command should look something like the following:

<ModifyOptionGroupResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/">
  <ModifyOptionGroupResult>
    <OptionGroup>
      <OptionGroupName>myawsuser-og02</OptionGroupName>
      <AllowsVpcAndNonVpcInstanceMemberships>true</AllowsVpcAndNonVpcInstanceMemberships>
      <MajorEngineVersion>5.6</MajorEngineVersion>
      <EngineName>mysql</EngineName>
      <OptionGroupDescription>my second og</OptionGroupDescription>
      <Options/>
    </OptionGroup>
  </ModifyOptionGroupResult>
  <ResponseMetadata>
    <RequestId>b5f134f3-c185-11d3-f4c6-37db295f7674</RequestId>
  </ResponseMetadata>
</ModifyOptionGroupResponse>