AWS::RDS::DBCluster
The AWS::RDS::DBCluster
resource creates an Amazon Aurora DB cluster or Multi-AZ DB cluster.
For more information about creating an Aurora DB cluster, see Creating an Amazon Aurora DB cluster in the Amazon Aurora User Guide.
For more information about creating a Multi-AZ DB cluster, see Creating a Multi-AZ DB cluster in the Amazon RDS User Guide.
Note
You can only create this resource in AWS Regions where Amazon Aurora or Multi-AZ DB clusters are supported.
Updating DB clusters
When properties labeled "Update requires: Replacement" are updated, AWS CloudFormation first creates a replacement DB cluster, then changes references from other dependent resources to point to the replacement DB cluster, and finally deletes the old DB cluster.
Important
We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB cluster. To preserve your data, perform the following procedure:
-
Deactivate any applications that are using the DB cluster so that there's no activity on the DB instance.
-
Create a snapshot of the DB cluster. For more information, see Creating a DB cluster snapshot.
-
If you want to restore your DB cluster using a DB cluster snapshot, modify the updated template with your DB cluster changes and add the
SnapshotIdentifier
property with the ID of the DB cluster snapshot that you want to use.After you restore a DB cluster with a
SnapshotIdentifier
property, you must specify the sameSnapshotIdentifier
property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the DB cluster snapshot again, and the data in the database is not changed. However, if you don't specify theSnapshotIdentifier
property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specifiedSnapshotIdentifier
property, and the original DB cluster is deleted. -
Update the stack.
Currently, when you are updating the stack for an Aurora Serverless DB cluster, you can't include changes to
any other properties when you specify one of the following properties: PreferredBackupWindow
,
PreferredMaintenanceWindow
, and Port
. This limitation doesn't apply to provisioned
DB clusters.
For more information about updating other properties of this resource, see
ModifyDBCluster
. For more information about updating stacks, see
AWS
CloudFormation Stacks Updates.
Deleting DB clusters
The default DeletionPolicy
for AWS::RDS::DBCluster
resources
is Snapshot
. For more information about how AWS CloudFormation deletes
resources, see
DeletionPolicy Attribute.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::RDS::DBCluster", "Properties" : { "AllocatedStorage" :
Integer
, "AssociatedRoles" :[ DBClusterRole, ... ]
, "AutoMinorVersionUpgrade" :Boolean
, "AvailabilityZones" :[ String, ... ]
, "BacktrackWindow" :Integer
, "BackupRetentionPeriod" :Integer
, "CopyTagsToSnapshot" :Boolean
, "DatabaseName" :String
, "DBClusterIdentifier" :String
, "DBClusterInstanceClass" :String
, "DBClusterParameterGroupName" :String
, "DBInstanceParameterGroupName" :String
, "DBSubnetGroupName" :String
, "DBSystemId" :String
, "DeletionProtection" :Boolean
, "Domain" :String
, "DomainIAMRoleName" :String
, "EnableCloudwatchLogsExports" :[ String, ... ]
, "EnableGlobalWriteForwarding" :Boolean
, "EnableHttpEndpoint" :Boolean
, "EnableIAMDatabaseAuthentication" :Boolean
, "EnableLocalWriteForwarding" :Boolean
, "Engine" :String
, "EngineLifecycleSupport" :String
, "EngineMode" :String
, "EngineVersion" :String
, "GlobalClusterIdentifier" :String
, "Iops" :Integer
, "KmsKeyId" :String
, "ManageMasterUserPassword" :Boolean
, "MasterUsername" :String
, "MasterUserPassword" :String
, "MasterUserSecret" :MasterUserSecret
, "MonitoringInterval" :Integer
, "MonitoringRoleArn" :String
, "NetworkType" :String
, "PerformanceInsightsEnabled" :Boolean
, "PerformanceInsightsKmsKeyId" :String
, "PerformanceInsightsRetentionPeriod" :Integer
, "Port" :Integer
, "PreferredBackupWindow" :String
, "PreferredMaintenanceWindow" :String
, "PubliclyAccessible" :Boolean
, "ReadEndpoint" :ReadEndpoint
, "ReplicationSourceIdentifier" :String
, "RestoreToTime" :String
, "RestoreType" :String
, "ScalingConfiguration" :ScalingConfiguration
, "ServerlessV2ScalingConfiguration" :ServerlessV2ScalingConfiguration
, "SnapshotIdentifier" :String
, "SourceDBClusterIdentifier" :String
, "SourceRegion" :String
, "StorageEncrypted" :Boolean
, "StorageType" :String
, "Tags" :[ Tag, ... ]
, "UseLatestRestorableTime" :Boolean
, "VpcSecurityGroupIds" :[ String, ... ]
} }
YAML
Type: AWS::RDS::DBCluster Properties: AllocatedStorage:
Integer
AssociatedRoles:- DBClusterRole
AutoMinorVersionUpgrade:Boolean
AvailabilityZones:- String
BacktrackWindow:Integer
BackupRetentionPeriod:Integer
CopyTagsToSnapshot:Boolean
DatabaseName:String
DBClusterIdentifier:String
DBClusterInstanceClass:String
DBClusterParameterGroupName:String
DBInstanceParameterGroupName:String
DBSubnetGroupName:String
DBSystemId:String
DeletionProtection:Boolean
Domain:String
DomainIAMRoleName:String
EnableCloudwatchLogsExports:- String
EnableGlobalWriteForwarding:Boolean
EnableHttpEndpoint:Boolean
EnableIAMDatabaseAuthentication:Boolean
EnableLocalWriteForwarding:Boolean
Engine:String
EngineLifecycleSupport:String
EngineMode:String
EngineVersion:String
GlobalClusterIdentifier:String
Iops:Integer
KmsKeyId:String
ManageMasterUserPassword:Boolean
MasterUsername:String
MasterUserPassword:String
MasterUserSecret:MasterUserSecret
MonitoringInterval:Integer
MonitoringRoleArn:String
NetworkType:String
PerformanceInsightsEnabled:Boolean
PerformanceInsightsKmsKeyId:String
PerformanceInsightsRetentionPeriod:Integer
Port:Integer
PreferredBackupWindow:String
PreferredMaintenanceWindow:String
PubliclyAccessible:Boolean
ReadEndpoint:ReadEndpoint
ReplicationSourceIdentifier:String
RestoreToTime:String
RestoreType:String
ScalingConfiguration:ScalingConfiguration
ServerlessV2ScalingConfiguration:ServerlessV2ScalingConfiguration
SnapshotIdentifier:String
SourceDBClusterIdentifier:String
SourceRegion:String
StorageEncrypted:Boolean
StorageType:String
Tags:- Tag
UseLatestRestorableTime:Boolean
VpcSecurityGroupIds:- String
Properties
AllocatedStorage
-
The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.
Valid for Cluster Type: Multi-AZ DB clusters only
This setting is required to create a Multi-AZ DB cluster.
Required: No
Type: Integer
Update requires: No interruption
AssociatedRoles
-
Provides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other Amazon Web Services on your behalf.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Array of DBClusterRole
Update requires: No interruption
AutoMinorVersionUpgrade
-
Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.
Valid for Cluster Type: Multi-AZ DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
AvailabilityZones
-
A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
Required: No
Type: Array of String
Update requires: Replacement
BacktrackWindow
-
The target backtrack window, in seconds. To disable backtracking, set this value to
0
.Valid for Cluster Type: Aurora MySQL DB clusters only
Default:
0
Constraints:
-
If specified, this value must be set to a number from 0 to 259,200 (72 hours).
Required: No
Type: Integer
Minimum:
0
Update requires: No interruption
-
BackupRetentionPeriod
-
The number of days for which automated backups are retained.
Default: 1
Constraints:
-
Must be a value from 1 to 35
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Integer
Minimum:
1
Update requires: No interruption
-
-
A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Boolean
Update requires: No interruption
DatabaseName
-
The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. For naming constraints, see Naming Constraints in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
DBClusterIdentifier
-
The DB cluster identifier. This parameter is stored as a lowercase string.
Constraints:
-
Must contain from 1 to 63 letters, numbers, or hyphens.
-
First character must be a letter.
-
Can't end with a hyphen or contain two consecutive hyphens.
Example:
my-cluster1
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Pattern:
^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$
Minimum:
1
Maximum:
63
Update requires: Replacement
-
DBClusterInstanceClass
-
The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example
db.m6gd.xlarge
. Not all DB instance classes are available in all AWS Regions, or for all database engines.For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.
This setting is required to create a Multi-AZ DB cluster.
Valid for Cluster Type: Multi-AZ DB clusters only
Required: No
Type: String
Update requires: No interruption
DBClusterParameterGroupName
-
The name of the DB cluster parameter group to associate with this DB cluster.
Important
If you apply a parameter group to an existing DB cluster, then its DB instances might need to reboot. This can result in an outage while the DB instances are rebooting.
If you apply a change to parameter group associated with a stopped DB cluster, then the update stack waits until the DB cluster is started.
To list all of the available DB cluster parameter group names, use the following command:
aws rds describe-db-cluster-parameter-groups --query "DBClusterParameterGroups[].DBClusterParameterGroupName" --output text
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: No interruption
DBInstanceParameterGroupName
-
The name of the DB parameter group to apply to all instances of the DB cluster.
Note
When you apply a parameter group using the
DBInstanceParameterGroupName
parameter, the DB cluster isn't rebooted automatically. Also, parameter changes are applied immediately rather than during the next maintenance window.Valid for Cluster Type: Aurora DB clusters only
Default: The existing name setting
Constraints:
-
The DB parameter group must be in the same DB parameter group family as this DB cluster.
-
The
DBInstanceParameterGroupName
parameter is valid in combination with theAllowMajorVersionUpgrade
parameter for a major version upgrade only.
Required: No
Type: String
Update requires: No interruption
-
DBSubnetGroupName
-
A DB subnet group that you want to associate with this DB cluster.
If you are restoring a DB cluster to a point in time with
RestoreType
set tocopy-on-write
, and don't specify a DB subnet group name, then the DB cluster is restored with a default DB subnet group.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
DBSystemId
-
Reserved for future use.
Required: No
Type: String
Update requires: Replacement
DeletionProtection
-
A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Boolean
Update requires: No interruption
Domain
-
Indicates the directory ID of the Active Directory to create the DB cluster.
For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster.
For more information, see Kerberos authentication in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
Required: No
Type: String
Update requires: No interruption
DomainIAMRoleName
-
Specifies the name of the IAM role to use when making API calls to the Directory Service.
Valid for: Aurora DB clusters only
Required: No
Type: String
Update requires: No interruption
EnableCloudwatchLogsExports
-
The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
Aurora MySQL
Valid values:
audit
,error
,general
,slowquery
Aurora PostgreSQL
Valid values:
postgresql
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Array of String
Update requires: No interruption
EnableGlobalWriteForwarding
-
Specifies whether to enable this DB cluster to forward write operations to the primary cluster of a global cluster (Aurora global database). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.
You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster, and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by a global cluster API operation, but it does nothing until then.
Valid for Cluster Type: Aurora DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
EnableHttpEndpoint
-
Specifies whether to enable the HTTP endpoint for the DB cluster. By default, the HTTP endpoint isn't enabled.
When enabled, the HTTP endpoint provides a connectionless web service API (RDS Data API) for running SQL queries on the DB cluster. You can also query your database from inside the RDS console with the RDS query editor.
RDS Data API is supported with the following DB clusters:
-
Aurora PostgreSQL Serverless v2 and provisioned
-
Aurora PostgreSQL and Aurora MySQL Serverless v1
For more information, see Using RDS Data API in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
-
EnableIAMDatabaseAuthentication
-
A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
For more information, see IAM Database Authentication in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
EnableLocalWriteForwarding
-
Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances.
Valid for: Aurora DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
Engine
-
The name of the database engine to be used for this DB cluster.
Valid Values:
-
aurora-mysql
-
aurora-postgresql
-
mysql
-
postgres
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Some interruptions
-
EngineLifecycleSupport
-
The life cycle type for this DB cluster.
Note
By default, this value is set to
open-source-rds-extended-support
, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value toopen-source-rds-extended-support-disabled
. In this case, creating the DB cluster will fail if the DB major version is past its end of standard support date.You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:
-
Amazon Aurora (PostgreSQL only) - Using Amazon RDS Extended Support in the Amazon Aurora User Guide
-
Amazon RDS - Using Amazon RDS Extended Support in the Amazon RDS User Guide
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
open-source-rds-extended-support | open-source-rds-extended-support-disabled
Default:
open-source-rds-extended-support
Required: No
Type: String
Update requires: Some interruptions
-
EngineMode
-
The DB engine mode of the DB cluster, either
provisioned
orserverless
.The
serverless
engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use theprovisioned
engine mode.For information about limitations and requirements for Serverless DB clusters, see the following sections in the Amazon Aurora User Guide:
Valid for Cluster Type: Aurora DB clusters only
Required: No
Type: String
Update requires: Replacement
EngineVersion
-
The version number of the database engine to use.
To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) and version 3 (8.0-compatible), use the following command:
aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"
You can supply either
5.7
or8.0
to use the default engine version for Aurora MySQL version 2 or version 3, respectively.To list all of the available engine versions for Aurora PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"
To list all of the available engine versions for RDS for MySQL, use the following command:
aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"
To list all of the available engine versions for RDS for PostgreSQL, use the following command:
aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
Aurora MySQL
For information, see Database engine updates for Amazon Aurora MySQL in the Amazon Aurora User Guide.
Aurora PostgreSQL
For information, see Amazon Aurora PostgreSQL releases and engine versions in the Amazon Aurora User Guide.
MySQL
For information, see Amazon RDS for MySQL in the Amazon RDS User Guide.
PostgreSQL
For information, see Amazon RDS for PostgreSQL in the Amazon RDS User Guide.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Some interruptions
GlobalClusterIdentifier
-
If you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource.
If you aren't configuring a global database cluster, don't specify this property.
Note
To remove the DB cluster from a global database cluster, specify an empty value for the
GlobalClusterIdentifier
property.For information about Aurora global databases, see Working with Amazon Aurora Global Databases in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
Required: No
Type: String
Pattern:
^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$
Minimum:
0
Maximum:
63
Update requires: Some interruptions
Iops
-
The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.
For information about valid IOPS values, see Provisioned IOPS storage in the Amazon RDS User Guide.
This setting is required to create a Multi-AZ DB cluster.
Valid for Cluster Type: Multi-AZ DB clusters only
Constraints:
-
Must be a multiple between .5 and 50 of the storage amount for the DB cluster.
Required: No
Type: Integer
Update requires: No interruption
-
KmsKeyId
-
The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as
arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef
. If you enable theStorageEncrypted
property but don't specify this property, the default KMS key is used. If you specify this property, you must set theStorageEncrypted
property totrue
.If you specify the
SnapshotIdentifier
property, theStorageEncrypted
property value is inherited from the snapshot, and if the DB cluster is encrypted, the specifiedKmsKeyId
property is used.If you create a read replica of an encrypted DB cluster in another AWS Region, make sure to set
KmsKeyId
to a KMS key identifier that is valid in the destination AWS Region. This KMS key is used to encrypt the read replica in that AWS Region.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
ManageMasterUserPassword
-
Specifies whether to manage the master user password with AWS Secrets Manager.
For more information, see Password management with AWS Secrets Manager in the Amazon RDS User Guide and Password management with AWS Secrets Manager in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Constraints:
-
Can't manage the master user password with AWS Secrets Manager if
MasterUserPassword
is specified.
Required: No
Type: Boolean
Update requires: No interruption
-
MasterUsername
-
The name of the master user for the DB cluster.
Note
If you specify the
SourceDBClusterIdentifier
,SnapshotIdentifier
, orGlobalClusterIdentifier
property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: Conditional
Type: String
Pattern:
^[a-zA-Z]{1}[a-zA-Z0-9_]*$
Minimum:
1
Update requires: Some interruptions
MasterUserPassword
-
The master password for the DB instance.
Note
If you specify the
SourceDBClusterIdentifier
,SnapshotIdentifier
, orGlobalClusterIdentifier
property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: Conditional
Type: String
Update requires: No interruption
MasterUserSecret
-
The secret managed by RDS in AWS Secrets Manager for the master user password.
For more information, see Password management with AWS Secrets Manager in the Amazon RDS User Guide and Password management with AWS Secrets Manager in the Amazon Aurora User Guide.
Required: No
Type: MasterUserSecret
Update requires: No interruption
MonitoringInterval
-
The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify
0
.If
MonitoringRoleArn
is specified, also setMonitoringInterval
to a value other than0
.Valid for Cluster Type: Multi-AZ DB clusters only
Valid Values:
0 | 1 | 5 | 10 | 15 | 30 | 60
Default:
0
Required: No
Type: Integer
Update requires: No interruption
MonitoringRoleArn
-
The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is
arn:aws:iam:123456789012:role/emaccess
. For information on creating a monitoring role, see Setting up and enabling Enhanced Monitoring in the Amazon RDS User Guide.If
MonitoringInterval
is set to a value other than0
, supply aMonitoringRoleArn
value.Valid for Cluster Type: Multi-AZ DB clusters only
Required: No
Type: String
Update requires: No interruption
NetworkType
-
The network type of the DB cluster.
Valid values:
-
IPV4
-
DUAL
The network type is determined by the
DBSubnetGroup
specified for the DB cluster. ADBSubnetGroup
can support only the IPv4 protocol or the IPv4 and IPv6 protocols (DUAL
).For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for: Aurora DB clusters only
Required: No
Type: String
Update requires: No interruption
-
PerformanceInsightsEnabled
-
Specifies whether to turn on Performance Insights for the DB cluster.
For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters only
Required: No
Type: Boolean
Update requires: No interruption
PerformanceInsightsKmsKeyId
-
The AWS KMS key identifier for encryption of Performance Insights data.
The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you don't specify a value for
PerformanceInsightsKMSKeyId
, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region.Valid for Cluster Type: Multi-AZ DB clusters only
Required: No
Type: String
Update requires: No interruption
PerformanceInsightsRetentionPeriod
-
The number of days to retain Performance Insights data.
Valid for Cluster Type: Multi-AZ DB clusters only
Valid Values:
-
7
-
month * 31, where month is a number of months from 1-23. Examples:
93
(3 months * 31),341
(11 months * 31),589
(19 months * 31) -
731
Default:
7
daysIf you specify a retention period that isn't valid, such as
94
, Amazon RDS issues an error.Required: No
Type: Integer
Update requires: No interruption
-
Port
-
The port number on which the DB instances in the DB cluster accept connections.
Default:
-
When
EngineMode
isprovisioned
,3306
(for both Aurora MySQL and Aurora PostgreSQL) -
When
EngineMode
isserverless
:-
3306
whenEngine
isaurora
oraurora-mysql
-
5432
whenEngine
isaurora-postgresql
-
Important
The
No interruption
on update behavior only applies to DB clusters. If you are updating a DB instance, see Port for the AWS::RDS::DBInstance resource.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Integer
Update requires: No interruption
-
PreferredBackupWindow
-
The daily time range during which automated backups are created. For more information, see Backup Window in the Amazon Aurora User Guide.
Constraints:
-
Must be in the format
hh24:mi-hh24:mi
. -
Must be in Universal Coordinated Time (UTC).
-
Must not conflict with the preferred maintenance window.
-
Must be at least 30 minutes.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: No interruption
-
PreferredMaintenanceWindow
-
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format:
ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: No interruption
PubliclyAccessible
-
Specifies whether the DB cluster is publicly accessible.
When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.
Valid for Cluster Type: Multi-AZ DB clusters only
Default: The default behavior varies depending on whether
DBSubnetGroupName
is specified.If
DBSubnetGroupName
isn't specified, andPubliclyAccessible
isn't specified, the following applies:-
If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.
-
If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.
If
DBSubnetGroupName
is specified, andPubliclyAccessible
isn't specified, the following applies:-
If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.
-
If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
Required: No
Type: Boolean
Update requires: Replacement
-
ReadEndpoint
-
This data type represents the information you need to connect to an Amazon RDS DB instance. This data type is used as a response element in the following actions:
-
CreateDBInstance
-
DescribeDBInstances
-
DeleteDBInstance
For the data structure that represents Amazon Aurora DB cluster endpoints, see
DBClusterEndpoint
.Required: No
Type: ReadEndpoint
Update requires: No interruption
-
ReplicationSourceIdentifier
-
The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.
Valid for: Aurora DB clusters only
Required: No
Type: String
Update requires: No interruption
RestoreToTime
-
The date and time to restore the DB cluster to.
Valid Values: Value must be a time in Universal Coordinated Time (UTC) format
Constraints:
-
Must be before the latest restorable time for the DB instance
-
Must be specified if
UseLatestRestorableTime
parameter isn't provided -
Can't be specified if the
UseLatestRestorableTime
parameter is enabled -
Can't be specified if the
RestoreType
parameter iscopy-on-write
This property must be used with
SourceDBClusterIdentifier
property. The resulting cluster will have the identifier that matches the value of theDBclusterIdentifier
property.Example:
2015-03-07T23:45:00Z
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
-
RestoreType
-
The type of restore to be performed. You can specify one of the following values:
-
full-copy
- The new DB cluster is restored as a full copy of the source DB cluster. -
copy-on-write
- The new DB cluster is restored as a clone of the source DB cluster.
If you don't specify a
RestoreType
value, then the new DB cluster is restored as a full copy of the source DB cluster.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
-
ScalingConfiguration
-
The scaling configuration of an Aurora Serverless v1 DB cluster.
This property is only supported for Aurora Serverless v1. For Aurora Serverless v2, Use the
ServerlessV2ScalingConfiguration
property.Valid for: Aurora Serverless v1 DB clusters only
Required: No
Type: ScalingConfiguration
Update requires: No interruption
ServerlessV2ScalingConfiguration
-
The scaling configuration of an Aurora Serverless V2 DB cluster.
This property is only supported for Aurora Serverless v2. For Aurora Serverless v1, Use the
ScalingConfiguration
property.Valid for: Aurora Serverless v2 DB clusters only
Required: No
Type: ServerlessV2ScalingConfiguration
Update requires: No interruption
SnapshotIdentifier
-
The identifier for the DB snapshot or DB cluster snapshot to restore from.
You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.
After you restore a DB cluster with a
SnapshotIdentifier
property, you must specify the sameSnapshotIdentifier
property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify theSnapshotIdentifier
property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB cluster is restored from the specifiedSnapshotIdentifier
property, and the original DB cluster is deleted.If you specify the
SnapshotIdentifier
property to restore a DB cluster (as opposed to specifying it for DB cluster updates), then don't specify the following properties:-
GlobalClusterIdentifier
-
MasterUsername
-
MasterUserPassword
-
ReplicationSourceIdentifier
-
RestoreType
-
SourceDBClusterIdentifier
-
SourceRegion
-
StorageEncrypted
(for an encrypted snapshot) -
UseLatestRestorableTime
Constraints:
-
Must match the identifier of an existing Snapshot.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
-
SourceDBClusterIdentifier
-
When restoring a DB cluster to a point in time, the identifier of the source DB cluster from which to restore.
Constraints:
-
Must match the identifier of an existing DBCluster.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: String
Update requires: Replacement
-
SourceRegion
-
The AWS Region which contains the source DB cluster when replicating a DB cluster. For example,
us-east-1
.Valid for: Aurora DB clusters only
Required: No
Type: String
Update requires: Replacement
StorageEncrypted
-
Indicates whether the DB cluster is encrypted.
If you specify the
KmsKeyId
property, then you must enable encryption.If you specify the
SourceDBClusterIdentifier
property, don't specify this property. The value is inherited from the source DB cluster, and if the DB cluster is encrypted, the specifiedKmsKeyId
property is used.If you specify the
SnapshotIdentifier
and the specified snapshot is encrypted, don't specify this property. The value is inherited from the snapshot, and the specifiedKmsKeyId
property is used.If you specify the
SnapshotIdentifier
and the specified snapshot isn't encrypted, you can use this property to specify that the restored DB cluster is encrypted. Specify theKmsKeyId
property for the KMS key to use for encryption. If you don't want the restored DB cluster to be encrypted, then don't set this property or set it tofalse
.Note
If you specify both the
StorageEncrypted
andSnapshotIdentifier
properties without specifying theKmsKeyId
property, then the restored DB cluster inherits the encryption settings from the DB snapshot that provide.Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Boolean
Update requires: Replacement
StorageType
-
The storage type to associate with the DB cluster.
For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
This setting is required to create a Multi-AZ DB cluster.
When specified for a Multi-AZ DB cluster, a value for the
Iops
parameter is required.Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
-
Aurora DB clusters -
aurora | aurora-iopt1
-
Multi-AZ DB clusters -
io1 | io2 | gp3
Default:
-
Aurora DB clusters -
aurora
-
Multi-AZ DB clusters -
io1
Note
When you create an Aurora DB cluster with the storage type set to
aurora-iopt1
, the storage type is returned in the response. The storage type isn't returned when you set it toaurora
.Required: No
Type: String
Update requires: No interruption
-
-
Tags to assign to the DB cluster.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Array of Tag
Maximum:
50
Update requires: No interruption
UseLatestRestorableTime
-
A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster is not restored to the latest restorable backup time.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Boolean
Update requires: Replacement
VpcSecurityGroupIds
-
A list of EC2 VPC security groups to associate with this DB cluster.
If you plan to update the resource, don't specify VPC security groups in a shared VPC.
Valid for: Aurora DB clusters and Multi-AZ DB clusters
Required: No
Type: Array of String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the name (DBClusterIdentifier
) of the DB cluster.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
DBClusterArn
-
The Amazon Resource Name (ARN) for the DB cluster.
DBClusterResourceId
-
The AWS Region-unique, immutable identifier for the DB cluster. This identifier is found in AWS CloudTrail log entries whenever the KMS key for the DB cluster is accessed.
Endpoint.Address
-
The connection endpoint for the DB cluster. For example:
mystack-mydbcluster-123456789012.us-east-2.rds.amazonaws.com
Endpoint.Port
-
The port number that will accept connections on this DB cluster. For example:
3306
MasterUserSecret.SecretArn
-
The Amazon Resource Name (ARN) of the secret.
ReadEndpoint.Address
-
The reader endpoint for the DB cluster. For example:
mystack-mydbcluster-ro-123456789012.us-east-2.rds.amazonaws.com
StorageThroughput
-
The storage throughput for the DB cluster. The throughput is automatically set based on the IOPS that you provision, and is not configurable.
This setting is only for non-Aurora Multi-AZ DB clusters.
Examples
The following examples create DB clusters.
Note
For an example that adds a scaling policy for a DB cluster with Application Auto Scaling, see Declaring a scaling policy for an Aurora DB cluster.
- Creating an Amazon Aurora DB cluster with two DB instances
- Creating an Amazon Aurora DB cluster that exports logs to Amazon CloudWatch Logs
- Creating a Multi-AZ DB cluster
- Creating an Amazon Aurora Serverless v2 DB cluster
- Creating an Amazon Aurora Serverless v1 DB cluster
- Create a Secrets Manager secret for a master password
- Restoring an Amazon Aurora DB cluster
Creating an Amazon Aurora DB cluster with two DB instances
The following example creates an Amazon Aurora DB cluster and adds two DB instances to it. Because Amazon RDS automatically assigns a writer and reader DB instances in the cluster, use the cluster endpoint to read and write data, not the individual DB instance endpoints.
Note
The example uses the time_zone
Aurora MySQL parameter. For
Aurora PostgreSQL, use the timezone
parameter instead.
JSON
{ "Parameters": { "Username": { "NoEcho": "true", "Description": "Username for Aurora MySQL database access", "Type": "String", "MinLength": "1", "MaxLength": "16", "Default": "bevelvoerder", "AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription": "must begin with a letter and contain only alphanumeric characters." }, "Password": { "NoEcho": "true", "Description": "Password for Aurora MySQL database access", "Type": "String", "MinLength": "8", "MaxLength": "41", "Default": "Passw0rd", "AllowedPattern": "[a-zA-Z0-9]*", "ConstraintDescription": "must contain only alphanumeric characters." } }, "Resources": { "RDSCluster": { "Type": "AWS::RDS::DBCluster", "Properties": { "MasterUsername": { "Ref": "Username" }, "MasterUserPassword": { "Ref": "Password" }, "Engine": "aurora-mysql", "DBClusterParameterGroupName": { "Ref": "RDSDBClusterParameterGroup" } } }, "RDSDBInstance1": { "Type": "AWS::RDS::DBInstance", "Properties": { "DBParameterGroupName": { "Ref": "RDSDBParameterGroup" }, "Engine": "aurora-mysql", "DBClusterIdentifier": { "Ref": "RDSCluster" }, "PubliclyAccessible": "true", "DBInstanceClass": "db.r3.xlarge" } }, "RDSDBInstance2": { "Type": "AWS::RDS::DBInstance", "Properties": { "DBParameterGroupName": { "Ref": "RDSDBParameterGroup" }, "Engine": "aurora-mysql", "DBClusterIdentifier": { "Ref": "RDSCluster" }, "PubliclyAccessible": "true", "DBInstanceClass": "db.r3.xlarge" } }, "RDSDBClusterParameterGroup": { "Type": "AWS::RDS::DBClusterParameterGroup", "Properties": { "Description": "CloudFormation Sample Aurora Cluster Parameter Group", "Family": "aurora5.6", "Parameters": { "time_zone": "US/Eastern" } } }, "RDSDBParameterGroup": { "Type": "AWS::RDS::DBParameterGroup", "Properties": { "Description": "CloudFormation Sample Aurora Parameter Group", "Family": "aurora5.6", "Parameters": { "sql_mode": "IGNORE_SPACE", "max_allowed_packet": 1024, "innodb_buffer_pool_size": "{DBInstanceClassMemory*3/4}" } } } } }
YAML
Parameters: Username: NoEcho: 'true' Description: Username for Aurora MySQL database access Type: String MinLength: '1' MaxLength: '16' Default: "bevelvoerder" AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. Password: NoEcho: 'true' Description: Password for Aurora MySQL database access Type: String MinLength: '8' MaxLength: '41' Default: "Passw0rd" AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: must contain only alphanumeric characters. Resources: RDSCluster: Type: 'AWS::RDS::DBCluster' Properties: MasterUsername: Ref: Username MasterUserPassword: Ref: Password Engine: aurora-mysql DBClusterParameterGroupName: Ref: RDSDBClusterParameterGroup RDSDBInstance1: Type: 'AWS::RDS::DBInstance' Properties: DBParameterGroupName: Ref: RDSDBParameterGroup Engine: aurora-mysql DBClusterIdentifier: Ref: RDSCluster PubliclyAccessible: 'true' DBInstanceClass: db.r3.xlarge RDSDBInstance2: Type: 'AWS::RDS::DBInstance' Properties: DBParameterGroupName: Ref: RDSDBParameterGroup Engine: aurora-mysql DBClusterIdentifier: Ref: RDSCluster PubliclyAccessible: 'true' DBInstanceClass: db.r3.xlarge RDSDBClusterParameterGroup: Type: 'AWS::RDS::DBClusterParameterGroup' Properties: Description: CloudFormation Sample Aurora Cluster Parameter Group Family: aurora5.6 Parameters: time_zone: US/Eastern RDSDBParameterGroup: Type: 'AWS::RDS::DBParameterGroup' Properties: Description: CloudFormation Sample Aurora Parameter Group Family: aurora5.6 Parameters: sql_mode: IGNORE_SPACE max_allowed_packet: 1024 innodb_buffer_pool_size: '{DBInstanceClassMemory*3/4}'
Creating an Amazon Aurora DB cluster that exports logs to Amazon CloudWatch Logs
The following example creates an Amazon Aurora PostgreSQL DB cluster that exports logs to Amazon CloudWatch Logs. For more information about exporting Aurora DB cluster logs to Amazon CloudWatch Logs, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Sample Template for sending Aurora DB cluster logs to CloudWatch Logs: Sample template showing how to create an Aurora PostgreSQL DB cluster that exports logs to CloudWatch Logs. **WARNING** This template enables log exports to CloudWatch Logs. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters" : { "DBUsername" : { "NoEcho" : "true", "Description" : "Username for PostgreSQL database access", "Type" : "String", "MinLength" : "1", "MaxLength" : "16", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." }, "DBPassword" : { "NoEcho" : "true", "Description" : "Password for PostgreSQL database access", "Type" : "String", "MinLength" : "8", "MaxLength" : "41", "AllowedPattern" : "[a-zA-Z0-9]*", "ConstraintDescription" : "must contain only alphanumeric characters." } }, "Resources" : { "RDSCluster" : { "Type": "AWS::RDS::DBCluster", "Properties" : { "MasterUsername" : { "Ref" : "DBUsername" }, "MasterUserPassword" : { "Ref" : "DBPassword" }, "DBClusterIdentifier" : "aurora-postgresql-cluster", "Engine" : "aurora-postgresql", "EngineVersion" : "10.7", "DBClusterParameterGroupName" : "default.aurora-postgresql10", "EnableCloudwatchLogsExports" : ["postgresql"] } }, "RDSDBInstance1": { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBInstanceIdentifier" : "aurora-postgresql-instance1", "Engine" : "aurora-postgresql", "DBClusterIdentifier" : { "Ref" : "RDSCluster" }, "PubliclyAccessible" : "true", "DBInstanceClass" : "db.r4.large" } }, "RDSDBInstance2": { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBInstanceIdentifier" : "aurora-postgresql-instance2", "Engine" : "aurora-postgresql", "DBClusterIdentifier" : { "Ref" : "RDSCluster" }, "PubliclyAccessible" : "true", "DBInstanceClass" : "db.r4.large" } }, } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: >- AWS CloudFormation Sample Template for sending Aurora DB cluster logs to CloudWatch Logs: Sample template showing how to create an Aurora PostgreSQL DB cluster that exports logs to CloudWatch Logs. **WARNING** This template enables log exports to CloudWatch Logs. You will be billed for the AWS resources used if you create a stack from this template. Parameters: DBUsername: NoEcho: 'true' Description: Username for PostgreSQL database access Type: String MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: 'true' Description: Password for PostgreSQL database access Type: String MinLength: '8' MaxLength: '41' AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: must contain only alphanumeric characters. Resources: RDSCluster: Type: 'AWS::RDS::DBCluster' Properties: MasterUsername: !Ref DBUsername MasterUserPassword: !Ref DBPassword DBClusterIdentifier: aurora-postgresql-cluster Engine: aurora-postgresql EngineVersion: '10.7' DBClusterParameterGroupName: default.aurora-postgresql10 EnableCloudwatchLogsExports: - postgresql RDSDBInstance1: Type: 'AWS::RDS::DBInstance' Properties: DBInstanceIdentifier: aurora-postgresql-instance1 Engine: aurora-postgresql DBClusterIdentifier: !Ref RDSCluster PubliclyAccessible: 'true' DBInstanceClass: db.r4.large RDSDBInstance2: Type: 'AWS::RDS::DBInstance' Properties: DBInstanceIdentifier: aurora-postgresql-instance2 Engine: aurora-postgresql DBClusterIdentifier: !Ref RDSCluster PubliclyAccessible: 'true' DBInstanceClass: db.r4.large
Creating a Multi-AZ DB cluster
The following example creates a Multi-AZ DB cluster. A Multi-AZ DB cluster has a writer DB instance and two reader DB instances in three separate Availability Zones in the same AWS Region. Multi-AZ DB clusters provide high availability, increased capacity for read workloads, and lower write latency. You must specify a supported DB engine and DB engine version while creating a Multi-AZ DB cluster. For more information, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template for creating a Multi-AZ DB cluster.", "Parameters": { "DBUsername": { "NoEcho": "true", "Description": "Username for database access", "Type": "String", "MinLength": "1", "MaxLength": "16", "AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription": "Must begin with a letter and contain only alphanumeric characters." }, "DBPassword": { "NoEcho": "true", "Description": "Password for database access", "Type": "String", "MinLength": "8", "MaxLength": "41", "AllowedPattern": "[a-zA-Z0-9]*", "ConstraintDescription": "Must contain only alphanumeric characters." }, "DBClusterIdentifier": { "Type": "String" }, "Engine": { "Type": "String" }, "EngineVersion": { "Type": "String" }, "AllocatedStorage": { "Type": "Number" }, "Iops": { "Type": "Number" } }, "Resources": { "MultiAZDBCluster": { "Type": "AWS::RDS::DBCluster", "Properties": { "MasterUsername": { "Ref": "DBUsername" }, "MasterUserPassword": { "Ref": "DBPassword" }, "DBClusterIdentifier": { "Ref": "DBClusterIdentifier" }, "Engine": { "Ref": "Engine" }, "EngineVersion": { "Ref": "EngineVersion" }, "AllocatedStorage": { "Ref": "AllocatedStorage" }, "Iops": { "Ref": "Iops" }, "DBClusterInstanceClass": "db.r6gd.xlarge", "BackupRetentionPeriod": 1, "StorageType": "io1" } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: AWS CloudFormation Sample Template for creating a Multi-AZ DB cluster. Parameters: DBUsername: NoEcho: 'true' Description: Username for database access Type: String MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: Must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: 'true' Description: Password for database access Type: String MinLength: '8' MaxLength: '41' AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: Must contain only alphanumeric characters. DBClusterIdentifier: Type: String Engine: Type: String EngineVersion: Type: String AllocatedStorage: Type: Number Iops: Type: Number Resources: MultiAZDBCluster: Type: 'AWS::RDS::DBCluster' Properties: MasterUsername: !Ref DBUsername MasterUserPassword: !Ref DBPassword DBClusterIdentifier: !Ref DBClusterIdentifier Engine: !Ref Engine EngineVersion: !Ref EngineVersion AllocatedStorage: !Ref AllocatedStorage Iops: !Ref Iops DBClusterInstanceClass: db.r6gd.xlarge BackupRetentionPeriod: 1 StorageType: io1
Creating an Amazon Aurora Serverless v2 DB cluster
The following example creates an Amazon Aurora Serverless v2 DB cluster. Aurora Serverless v2 automates the processes of monitoring the workload and adjusting the capacity for your databases. It adjusts the capacity in increments to provide the necessary database resources to meet an application's requirements. For more information, see Using Amazon Aurora Serverless v2 in the Amazon Aurora User Guide.
You must provide a supported engine version when you create an Amazon Aurora Serverless v2 DB cluster. For more information, see Aurora Serverless v2 in the Amazon Aurora User Guide.
Note
This example creates an Aurora MySQL Serverless v2 DB cluster by setting
Engine
to aurora-mysql
.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "ServerlessV2 Cluster", "Parameters": { "MasterUsername": { "Type": "String" }, "MasterUserPassword": { "Type": "String", "NoEcho": true }, "DBClusterIdentifier": { "Type": "String" }, "EngineVersion": { "Type": "String" }, "MinCapacity": { "Type": "String" }, "MaxCapacity": { "Type": "String" } }, "Resources": { "RDSDBCluster": { "Type": "AWS::RDS::DBCluster", "Properties": { "Engine": "aurora-mysql", "DBClusterIdentifier": { "Ref": "DBClusterIdentifier" }, "EngineVersion": { "Ref": "EngineVersion" }, "MasterUsername": { "Ref": "MasterUsername" }, "MasterUserPassword": { "Ref": "MasterUserPassword" }, "ServerlessV2ScalingConfiguration": { "MinCapacity": { "Ref": "MinCapacity" }, "MaxCapacity": { "Ref": "MaxCapacity" } } } }, "RDSDBInstance": { "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "aurora-mysql", "DBInstanceClass": "db.serverless", "DBClusterIdentifier": { "Ref": "RDSDBCluster" } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: ServerlessV2 Cluster Parameters: MasterUsername: Type: String MasterUserPassword: Type: String NoEcho: true DBClusterIdentifier: Type: String EngineVersion: Type: String MinCapacity: Type: String MaxCapacity: Type: String Resources: RDSDBCluster: Type: 'AWS::RDS::DBCluster' Properties: Engine: aurora-mysql DBClusterIdentifier: !Ref DBClusterIdentifier EngineVersion: !Ref EngineVersion MasterUsername: !Ref MasterUsername MasterUserPassword: !Ref MasterUserPassword ServerlessV2ScalingConfiguration: MinCapacity: !Ref MinCapacity MaxCapacity: !Ref MaxCapacity RDSDBInstance: Type: 'AWS::RDS::DBInstance' Properties: Engine: aurora-mysql DBInstanceClass: db.serverless DBClusterIdentifier: !Ref RDSDBCluster
Creating an Amazon Aurora Serverless v1 DB cluster
The following example creates an Amazon Aurora Serverless v1 DB cluster. An Aurora Serverless v1 DB cluster is a DB cluster that automatically starts up, shuts down, and scales up or down its compute capacity based on your application's needs. For more information about Aurora Serverless v1 DB clusters, see Using Amazon Aurora Serverless in the Amazon Aurora User Guide.
Note
This example creates an Aurora MySQL Serverless DB cluster by setting
Engine
to aurora
and
EngineVersion
to 5.6.10a
. To create an Aurora
PostgreSQL Serverless DB cluster, set Engine
to
aurora-postgresql
and EngineVersion
to
10.7
.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Sample Template AuroraServerlessDBCluster: Sample template showing how to create an Amazon Aurora Serverless DB cluster. **WARNING** This template creates an Amazon Aurora DB cluster. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters" : { "DBUsername" : { "NoEcho" : "true", "Description" : "Username for MySQL database access", "Type" : "String", "MinLength" : "1", "MaxLength" : "16", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." }, "DBPassword" : { "NoEcho" : "true", "Description" : "Password MySQL database access", "Type" : "String", "MinLength" : "8", "MaxLength" : "41", "AllowedPattern" : "[a-zA-Z0-9]*", "ConstraintDescription" : "must contain only alphanumeric characters." } }, "Resources" : { "RDSCluster" : { "Type": "AWS::RDS::DBCluster", "Properties" : { "MasterUsername" : { "Ref": "DBUsername" }, "MasterUserPassword" : { "Ref": "DBPassword" }, "DBClusterIdentifier" : "my-serverless-cluster", "Engine" : "aurora", "EngineVersion" : "5.6.10a", "EngineMode" : "serverless", "ScalingConfiguration" : { "AutoPause" : true, "MinCapacity" : 4, "MaxCapacity" : 32, "SecondsUntilAutoPause" : 1000 } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: >- AWS CloudFormation Sample Template AuroraServerlessDBCluster: Sample template showing how to create an Amazon Aurora Serverless DB cluster. **WARNING** This template creates an Amazon Aurora DB cluster. You will be billed for the AWS resources used if you create a stack from this template. Parameters: DBUsername: NoEcho: 'true' Description: Username for MySQL database access Type: String MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: 'true' Description: Password MySQL database access Type: String MinLength: '8' MaxLength: '41' AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: must contain only alphanumeric characters. Resources: RDSCluster: Type: 'AWS::RDS::DBCluster' Properties: MasterUsername: !Ref DBUsername MasterUserPassword: !Ref DBPassword DBClusterIdentifier: my-serverless-cluster Engine: aurora EngineVersion: 5.6.10a EngineMode: serverless ScalingConfiguration: AutoPause: true MinCapacity: 4 MaxCapacity: 32 SecondsUntilAutoPause: 1000
Create a Secrets Manager secret for a master password
The following example creates a AWS CloudFormation stack with the AWS::RDS::DBInstance resource with managed master user password feature.
The secret which is used to authenticate the DB instance is shown in the Secret
stack output.
This output can be removed if showing this value to other CloudFormation stack isn't required.
For more information about managing password with Secrets Manager, see Password management with AWS Secrets Manager in the Amazon RDS User Guide and Password management with AWS Secrets Manager in the Amazon Aurora User Guide.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "A sample template", "Resources": { "MyCluster": { "Properties": { "Engine": "aurora-mysql", "MasterUsername": "masteruser", "ManageMasterUserPassword": true, "MasterUserSecret": { "KmsKeyId": { "Ref": "KMSKey" } } }, "Type": "AWS::RDS::DBCluster" }, "MyInstance": { "Properties": { "DBClusterIdentifier": { "Ref": "MyCluster" }, "DBInstanceClass": "db.t2.small", "Engine": "aurora-mysql", "PubliclyAccessible": "true" }, "Type": "AWS::RDS::DBInstance" }, "KMSKey": { "Type": "AWS::KMS::Key", "Properties": { "Description": "Manual test KMS key", "EnableKeyRotation": true, "KeyPolicy": { "Version": "2012-10-17", "Id": { "Ref": "AWS::StackName" }, "Statement": [ { "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": { "AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" } }, "Action": [ "kms:*" ], "Resource": "*" } ] } } } }, "Outputs": { "Secret": { "Value": { "Fn::GetAtt": "MyCluster.MasterUserSecret.SecretArn" } } } }
YAML
AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Resources: MyCluster: Properties: Engine: aurora-mysql MasterUsername: masteruser ManageMasterUserPassword: true MasterUserSecret: KmsKeyId: !Ref KMSKey Type: "AWS::RDS::DBCluster" MyInstance: Properties: DBClusterIdentifier: Ref: MyCluster DBInstanceClass: db.t2.small Engine: aurora-mysql PubliclyAccessible: "true" Type: "AWS::RDS::DBInstance" KMSKey: Type: 'AWS::KMS::Key' Properties: Description: Manual test KMS key EnableKeyRotation: True KeyPolicy: Version: "2012-10-17" Id: !Ref "AWS::StackName" Statement: - Sid: "Allow administration of the key" Effect: "Allow" Principal: AWS: Fn::Sub: 'arn:${AWS::Partition}:iam::${AWS::AccountId}:root' Action: - "kms:*" Resource: "*" Outputs: Secret: Value: Fn::GetAtt: MyCluster.MasterUserSecret.SecretArn
Restoring an Amazon Aurora DB cluster
The following example restores an Amazon Aurora DB cluster. The example assumes that SourceDBCluster
property already exists.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template To Restore AuroraDBCluster: Sample template showing how to restore an Amazon Aurora DB cluster. **WARNING** This template creates an Amazon Aurora DB cluster. You will be billed for the AWS resources used if you create a stack from this template.", "Resources": { "RDSCluster": { "Type": "AWS::RDS::DBCluster", "Properties": { "DBClusterIdentifier": "my-multi-az-cluster-pit", "SourceDBClusterIdentifier": "my-multi-az-cluster", "RestoreToTime": "2023-05-29T23:50:00Z", "DBClusterInstanceClass": "db.r6gd.large", "StorageType": "io1", "Iops": 1000, "PubliclyAccessible": true } } } }
YAML
Description: >- AWS CloudFormation Sample Template To Restore AuroraDBCluster: Sample template showing how to restore an Amazon Aurora DB cluster. **WARNING** This template creates an Amazon Aurora DB cluster. You will be billed for the AWS resources used if you create a stack from this template. Resources: RDSCluster: Type: 'AWS::RDS::DBCluster' Properties: DBClusterIdentifier: my-multi-az-cluster-pit SourceDBClusterIdentifier: my-multi-az-cluster RestoreToTime: 2023-05-29T23:50:00Z DBClusterInstanceClass: db.r6gd.large StorageType: io1 Iops: 1000 PubliclyAccessible: true