AWS CloudFormation
User Guide (Version )

AWS::DocDB::DBCluster

The AWS::DocDB::DBCluster Amazon DocumentDB (with MongoDB compatibility) resource describes a DBCluster. Amazon DocumentDB is a fully managed, MongoDB-compatible document database engine. For more information, see DBCluster in the Amazon DocumentDB Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::DocDB::DBCluster", "Properties" : { "AvailabilityZones" : [ String, ... ], "BackupRetentionPeriod" : Integer, "DBClusterIdentifier" : String, "DBClusterParameterGroupName" : String, "DBSubnetGroupName" : String, "EnableCloudwatchLogsExports" : [ String, ... ], "EngineVersion" : String, "KmsKeyId" : String, "MasterUsername" : String, "MasterUserPassword" : String, "Port" : Integer, "PreferredBackupWindow" : String, "PreferredMaintenanceWindow" : String, "SnapshotIdentifier" : String, "StorageEncrypted" : Boolean, "Tags" : [ Tag, ... ], "VpcSecurityGroupIds" : [ String, ... ] } }

YAML

Type: AWS::DocDB::DBCluster Properties: AvailabilityZones: - String BackupRetentionPeriod: Integer DBClusterIdentifier: String DBClusterParameterGroupName: String DBSubnetGroupName: String EnableCloudwatchLogsExports: - String EngineVersion: String KmsKeyId: String MasterUsername: String MasterUserPassword: String Port: Integer PreferredBackupWindow: String PreferredMaintenanceWindow: String SnapshotIdentifier: String StorageEncrypted: Boolean Tags: - Tag VpcSecurityGroupIds: - String

Properties

AvailabilityZones

A list of Amazon EC2 Availability Zones that instances in the cluster can be created in.

Required: No

Type: List of String

Update requires: Replacement

BackupRetentionPeriod

The number of days for which automated backups are retained. You must specify a minimum value of 1.

Default: 1

Constraints:

  • Must be a value from 1 to 35.

Required: No

Type: Integer

Update requires: No interruption

DBClusterIdentifier

The cluster identifier. This parameter is stored as a lowercase string.

Constraints:

  • Must contain from 1 to 63 letters, numbers, or hyphens.

  • The first character must be a letter.

  • Cannot end with a hyphen or contain two consecutive hyphens.

Example: my-cluster

Required: No

Type: String

Update requires: Replacement

DBClusterParameterGroupName

The name of the cluster parameter group to associate with this cluster.

Required: No

Type: String

Update requires: No interruption

DBSubnetGroupName

A subnet group to associate with this cluster.

Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.

Example: mySubnetgroup

Required: No

Type: String

Update requires: Replacement

EnableCloudwatchLogsExports

A list of log types that need to be enabled for exporting to Amazon CloudWatch Logs.

Required: No

Type: List of String

Update requires: No interruption

EngineVersion

The version number of the database engine to use.

Required: No

Type: String

Update requires: Replacement

KmsKeyId

The AWS KMS key identifier for an encrypted cluster.

The AWS KMS key identifier is the Amazon Resource Name (ARN) for the AWS KMS encryption key. If you are creating a cluster using the same AWS account that owns the AWS KMS encryption key that is used to encrypt the new cluster, you can use the AWS KMS key alias instead of the ARN for the AWS KMS encryption key.

If an encryption key is not specified in KmsKeyId:

  • If ReplicationSourceIdentifier identifies an encrypted source, then Amazon DocumentDB uses the encryption key that is used to encrypt the source. Otherwise, Amazon DocumentDB uses your default encryption key.

  • If the StorageEncrypted parameter is true and ReplicationSourceIdentifier is not specified, Amazon DocumentDB uses your default encryption key.

AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS Region.

If you create a replica of an encrypted cluster in another AWS Region, you must set KmsKeyId to a KMS key ID that is valid in the destination AWS Region. This key is used to encrypt the replica in that AWS Region.

Required: No

Type: String

Update requires: Replacement

MasterUsername

The name of the master user for the cluster.

Constraints:

  • Must be from 1 to 63 letters or numbers.

  • The first character must be a letter.

  • Cannot be a reserved word for the chosen database engine.

Required: Conditional

Type: String

Update requires: Replacement

MasterUserPassword

The password for the master database user. This password can contain any printable ASCII character except forward slash (/), double quote ("), or the "at" symbol (@).

Constraints: Must contain from 8 to 100 characters.

Required: Conditional

Type: String

Update requires: No interruption

Port

Specifies the port that the database engine is listening on.

Required: No

Type: Integer

Update requires: No interruption

PreferredBackupWindow

The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.

The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region.

Constraints:

  • Must be in the format hh24:mi-hh24:mi.

  • Must be in Universal Coordinated Time (UTC).

  • Must not conflict with the preferred maintenance window.

  • Must be at least 30 minutes.

Required: No

Type: String

Update requires: No interruption

PreferredMaintenanceWindow

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Format: ddd:hh24:mi-ddd:hh24:mi

The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.

Valid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun

Constraints: Minimum 30-minute window.

Required: No

Type: String

Update requires: No interruption

SnapshotIdentifier

The identifier for the snapshot or cluster snapshot to restore from.

You can use either the name or the Amazon Resource Name (ARN) to specify a cluster snapshot. However, you can use only the ARN to specify a snapshot.

Constraints:

  • Must match the identifier of an existing snapshot.

Required: No

Type: String

Update requires: Replacement

StorageEncrypted

Specifies whether the cluster is encrypted.

Required: Conditional

Type: Boolean

Update requires: Replacement

Tags

The tags to be assigned to the cluster.

Required: No

Type: List of Tag

Update requires: No interruption

VpcSecurityGroupIds

A list of EC2 VPC security groups to associate with this cluster.

Required: No

Type: List of String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the DBClusterIdentifier, such as mycluster.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

ClusterResourceId

The resource id for the cluster; for example: cluster-ABCD1234EFGH5678IJKL90MNOP. The cluster ID uniquely identifies the cluster and is used in things like IAM authentication policies.

Endpoint

The connection endpoint for the cluster, such as sample-cluster.cluster-cozrlsfrcjoc.us-east-1.docdb.amazonaws.com.

Port

The port number on which the cluster accepts connections. For example: 27017.

ReadEndpoint

The reader endpoint for the cluster. For example: sample-cluster.cluster-ro-cozrlsfrcjoc.us-east-1.docdb.amazonaws.com.

Examples

JSON

{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDBInstance" : { "Type" : "AWS::DocDB::DBCluster", "Properties" : { "BackupRetentionPeriod" : 8, "DBClusterIdentifier" : "sample-cluster", "DBClusterParameterGroupName" : "default.docdb3.6", "DBSubnetGroupName" : "default", "KmsKeyId" : "your-kms-key-id", "MasterUsername" : "your-master-username", "MasterUserPassword" : "your-master-user-password", "Port" : "27017", "PreferredBackupWindow" : "07:34-08:04", "PreferredMaintenanceWindow" : "sat:04:51-sat:05:21", "SnapshotIdentifier" : "sample-cluster-snapshot-id", "StorageEncrypted" : true, "Tags" : [ {"Key" : "String", "Value" : "String"} ] } } } }

YAML

AWSTemplateFormatVersion: "2010-09-09" Resources: myDBInstance: Type: "AWS::DocDB::DBCluster" Properties: BackupRetentionPeriod : 8 DBClusterIdentifier : "sample-cluster" DBClusterParameterGroupName : "default.docdb3.6" DBSubnetGroupName : "default" KmsKeyId : "your-kms-key-id" MasterUsername : "your-master-username" MasterUserPassword : "your-master-user-password" Port : "27017" PreferredBackupWindow : "07:34-08:04" PreferredMaintenanceWindow : "sat:04:51-sat:05:21" SnapshotIdentifier : "sample-cluster-snapshot-id" StorageEncrypted : true Tags: - Key: "String" Value: "String"

See Also