Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Using the SOAP API

WSDL and Schema Definitions

You can access the Amazon Relational Database Service using the SOAP web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document, which defines the operations and security model for the particular service. The WSDL references an XML Schema document, which strictly defines the data types that might appear in SOAP requests and responses. For more information on WSDL and SOAP, see Web Services References.


Amazon RDS supports SOAP only through HTTPS.

All schemas have a version number. The version number appears in the URL of a schema file and in a schema's target namespace. This makes upgrading easy by differentiating requests based on the version number.

The current versions of the Amazon RDS WSDL are available at the following locations:

Region WSDL Location
US East (N. Virginia) Region
US East (Ohio) Region
US West (N. California) Region
US West (Oregon) Region
Asia Pacific (Mumbai) Region
Asia Pacific (Seoul) Region
Asia Pacific (Singapore) Region
Asia Pacific (Sydney) Region
Asia Pacific (Tokyo) Region
Canada (Central) Region
EU (Frankfurt) Region
EU (Ireland) Region
EU (London) Region
South America (São Paulo) Region

Programming Language Support

Since the SOAP requests and responses in Amazon RDS follow current standards, any programming language with the appropriate library support can be used. Languages known to have this support include C++, C#, Java, Perl, Python and Ruby.

Request Authentication

Amazon RDS complies with the current WS-Security standard, which requires you to hash and sign SOAP requests for integrity and non-repudiation. WS-Security defines profiles which are used to implement various levels of security. Secure SOAP messages use the BinarySecurityToken profile, consisting of an X.509 certificate with an RSA public key.

The following is the content of an insecure DescribeDBInstances operation:

<DescribeDBInstances> <MaxRecords>100<MaxRecords> </DescribeDBInstances>

To secure the request, we add the BinarySecurityToken element.

The secure version of the request begins with the following:

<soap:Envelope xmlns:soap="" xmlns:xsd="" xmlns:xsi=""> <soap:Header> <wsse:Security xmlns:wsse=""> <wsu:Timestamp xmlns:wsu="" wsu:Id="Timestamp-2"> <wsu:Created>2009-10-28T18:41:59.597Z</wsu:Created> <wsu:Expires>2009-10-28T18:46:59.597Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken xmlns:wsu="" EncodingType="" ValueType="" wsu:Id="CertId-5992FC58FDECA60AF912567553195531" xmlns:wsse=""> ....many, many lines of base64 encoded X.509 certificate... </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="" Id="Signature-1"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=""/> <ds:SignatureMethod Algorithm=""/> <ds:Reference URI="#Timestamp-2"> <ds:Transforms> <ds:Transform Algorithm=""/> </ds:Transforms> <ds:DigestMethod Algorithm=""/> <ds:DigestValue>DLFQyK61qWoJiMyC9w34siRELAM=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm=""/> </ds:Transforms> <ds:DigestMethod Algorithm=""/> <ds:DigestValue>gUnvvoUezxgt56eBl2kW/y5diMk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>OMoJJqqDnahRt/9H2n8obJolyVprpziAzlFRZ9KbdwXJoD1Rl2sAikZ0IJW7/VS9q8GH4JDsT2v1 UoUogKgRSWy3sU4943g1T0vhyigbUm4vNxE/qUKmSIXx2ed/8buaF9oRiB8zYDu0/qRT+QQ73rdaoyn2YRNkSi2+6P2FHmE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-5992FC58FDECA60AF912567553195672"> <wsse:SecurityTokenReference xmlns:wsu="" wsu:Id="STRId-5992FC58FDECA60AF912567553195703" xmlns:wsse=""> <wsse:Reference URI="#CertId-5992FC58FDECA60AF912567553195531" ValueType="" xmlns:wsse=""/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soap:Header>

If you are matching this against requests generated by Amazon RDS supplied libraries, or those of another vendor, the following are the most important elements.


  • BinarySecurityToken—Contains the X.509 certificate in base64 encoded PEM format

  • Signature—Contains an XML digital signature created using the canonicalization, signature algorithm, and digest method

  • Timestamp—Requests to Amazon RDS are valid within 5 minutes of this value to help prevent replay attacks

Response Structure

In response to a request, the Amazon RDS service returns an XML data structure that conforms to an XML schema defined as part of the Amazon RDS WSDL. The structure of an XML response is specific to the associated request.

The following is an example response:

<DescribeDBInstancesResponse xmlns=""> <DescribeDBInstancesResult> <DBInstances/> </DescribeDBInstancesResult> <ResponseMetadata> <RequestId>946cda70-c3f1-11de-807a-79c03c55f7d4</RequestId> </ResponseMetadata> </DescribeDBInstancesResponse>

Web Services References

For more information about using web services, go to any of the following resources: