Modifying an Amazon Aurora DB cluster
You can change the settings of a DB cluster to accomplish tasks such as changing its backup retention period or its database port. You can also modify DB instances in a DB cluster to accomplish tasks such as changing its DB instance class or enabling Performance Insights for it. This topic guides you through modifying an Aurora DB cluster and its DB instances, and describes the settings for each.
We recommend that you test any changes on a test DB cluster or DB instance before modifying a production DB cluster or DB instance, so that you fully understand the impact of each change. This is especially important when upgrading database versions.
Topics
Modifying the DB cluster by using the console, CLI, and API
You can modify a DB cluster using the AWS Management Console, the AWS CLI, or the RDS API.
Note
Most modifications can be applied immediately or during the next scheduled maintenance window. Some modifications, such as turning on deletion protection, are applied immediately—regardless of when you choose to apply them.
Changing the master password in the AWS Management Console is always applied immediately. However, when using the AWS CLI or RDS API, you can choose whether to apply this change immediately or during the next scheduled maintenance window.
If you're using SSL endpoints and change the DB cluster identifier, stop and restart the DB cluster to update the SSL endpoints. For more information, see Stopping and starting an Amazon Aurora DB cluster.
To modify a DB cluster
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the navigation pane, choose Databases, and then select the DB cluster that you want to modify.
-
Choose Modify. The Modify DB cluster page appears.
-
Change any of the settings that you want. For information about each setting, see Settings for Amazon Aurora.
Note
In the AWS Management Console, some instance level changes only apply to the current DB instance, while others apply to the entire DB cluster. For information about whether a setting applies to the DB instance or the DB cluster, see the scope for the setting in Settings for Amazon Aurora. To change a setting that modifies the entire DB cluster at the instance level in the AWS Management Console, follow the instructions in Modifying a DB instance in a DB cluster.
-
When all the changes are as you want them, choose Continue and check the summary of modifications.
-
To apply the changes immediately, select Apply immediately.
-
On the confirmation page, review your changes. If they are correct, choose Modify cluster to save your changes.
Alternatively, choose Back to edit your changes, or choose Cancel to cancel your changes.
To modify a DB cluster using the AWS CLI, call the modify-db-cluster command. Specify the DB cluster identifier, and the values for the settings that you want to modify. For information about each setting, see Settings for Amazon Aurora.
Note
Some settings only apply to DB instances. To change those settings, follow the instructions in Modifying a DB instance in a DB cluster.
Example
The following command modifies mydbcluster
by setting the backup retention period to 1 week (7 days).
For Linux, macOS, or Unix:
aws rds modify-db-cluster \ --db-cluster-identifier
mydbcluster
\ --backup-retention-period7
For Windows:
aws rds modify-db-cluster ^ --db-cluster-identifier
mydbcluster
^ --backup-retention-period7
To modify a DB cluster using the Amazon RDS API, call the ModifyDBCluster operation. Specify the DB cluster identifier, and the values for the settings that you want to modify. For information about each parameter, see Settings for Amazon Aurora.
Note
Some settings only apply to DB instances. To change those settings, follow the instructions in Modifying a DB instance in a DB cluster.
Modifying a DB instance in a DB cluster
You can modify a DB instance in a DB cluster using the AWS Management Console, the AWS CLI, or the RDS API.
When you modify a DB instance, you can apply the changes immediately.
To apply changes immediately, you select the Apply Immediately option in the AWS Management Console,
you use the --apply-immediately
parameter when calling the AWS CLI,
or you set the ApplyImmediately
parameter to true
when using the Amazon RDS API.
If you don't choose to apply changes immediately, the changes are deferred until the next maintenance window. During the next maintenance window, any of these deferred changes are applied. If you choose to apply changes immediately, your new changes and any previously deferred changes are applied.
To see the modifications that are pending for the next maintenance window, use the describe-db-clustersPendingModifiedValues
field.
Important
If any of the deferred modifications require downtime, choosing Apply immediately can cause unexpected downtime for the DB instance. There is no downtime for the other DB instances in the DB cluster.
Modifications that you defer aren't listed in the output of the describe-pending-maintenance-actions
CLI command. Maintenance actions only include system upgrades that you schedule for the next maintenance window.
To modify a DB instance in a DB cluster
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the navigation pane, choose Databases, and then select the DB instance that you want to modify.
-
For Actions, choose Modify. The Modify DB instance page appears.
-
Change any of the settings that you want. For information about each setting, see Settings for Amazon Aurora.
Note
Some settings apply to the entire DB cluster and must be changed at the cluster level. To change those settings, follow the instructions in Modifying the DB cluster by using the console, CLI, and API.
In the AWS Management Console, some instance level changes only apply to the current DB instance, while others apply to the entire DB cluster. For information about whether a setting applies to the DB instance or the DB cluster, see the scope for the setting in Settings for Amazon Aurora.
-
When all the changes are as you want them, choose Continue and check the summary of modifications.
-
To apply the changes immediately, select Apply immediately.
-
On the confirmation page, review your changes. If they are correct, choose Modify DB instance to save your changes.
Alternatively, choose Back to edit your changes, or choose Cancel to cancel your changes.
To modify a DB instance in a DB cluster by using the AWS CLI, call the modify-db-instance command. Specify the DB instance identifier, and the values for the settings that you want to modify. For information about each parameter, see Settings for Amazon Aurora.
Note
Some settings apply to the entire DB cluster. To change those settings, follow the instructions in Modifying the DB cluster by using the console, CLI, and API.
Example
The following code modifies mydbinstance
by setting the DB instance class to db.r4.xlarge
.
The changes are applied during the next maintenance window
by using --no-apply-immediately
.
Use --apply-immediately
to apply the changes immediately.
For Linux, macOS, or Unix:
aws rds modify-db-instance \ --db-instance-identifier
mydbinstance
\ --db-instance-classdb.r4.xlarge
\--no-apply-immediately
For Windows:
aws rds modify-db-instance ^ --db-instance-identifier
mydbinstance
^ --db-instance-classdb.r4.xlarge
^--no-apply-immediately
To modify a DB instance by using the Amazon RDS API, call the ModifyDBInstance operation. Specify the DB instance identifier, and the values for the settings that you want to modify. For information about each parameter, see Settings for Amazon Aurora.
Note
Some settings apply to the entire DB cluster. To change those settings, follow the instructions in Modifying the DB cluster by using the console, CLI, and API.
Changing the password for the database master user
You can use the AWS Management Console or the AWS CLI to change the master user password.
You modify the writer DB instance to change the master user password using the AWS Management Console.
To change the master user password
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the navigation pane, choose Databases, and then select the DB instance that you want to modify.
-
For Actions, choose Modify.
The Modify DB instance page appears.
-
Enter a New master password.
-
For Confirm master password, enter the same new password.
-
Choose Continue and check the summary of modifications.
Note
Password changes are always applied immediately.
-
On the confirmation page, choose Modify DB instance.
You call the modify-db-cluster command to change the master user password using the AWS CLI. Specify the DB cluster identifier and the new password, as shown in the following examples.
You don't need to specify --apply-immediately|--no-apply-immediately
, because password changes are always
applied immediately.
For Linux, macOS, or Unix:
aws rds modify-db-cluster \ --db-cluster-identifier
mydbcluster
\ --master-user-passwordmynewpassword
For Windows:
aws rds modify-db-cluster ^ --db-cluster-identifier
mydbcluster
^ --master-user-passwordmynewpassword
Settings for Amazon Aurora
The following table contains details about which settings you can modify, the methods for modifying the setting, and the scope of the setting. The scope determines whether the setting applies to the entire DB cluster or if it can be set only for specific DB instances.
Note
Additional settings are available if you are modifying an Aurora Serverless v1 or Aurora Serverless v2 DB cluster. For information about these settings, see Modifying an Aurora Serverless v1 DB cluster and Managing Aurora Serverless v2 DB clusters.
Some settings aren't available for Aurora Serverless v1 and Aurora Serverless v2 because of their limitations. For more information, see Limitations of Aurora Serverless v1 and Requirements and limitations for Aurora Serverless v2.
Setting and description | Method | Scope | Downtime notes |
---|---|---|---|
Auto minor version upgrade Whether you want the DB instance to receive preferred minor engine version upgrades automatically when they become available. Upgrades are installed only during your scheduled maintenance window. For more information about engine updates, see Amazon Aurora PostgreSQL updates and Database engine updates for Amazon Aurora MySQL. For more information about the Auto minor version upgrade setting for Aurora MySQL, see Enabling automatic upgrades between minor Aurora MySQL versions. |
NoteThis setting is enabled by default. For each new cluster, choose the appropriate value for this setting based on its importance, expected lifetime, and the amount of verification testing that you do after each upgrade. When you change this setting, perform this modification for every DB instance in your Aurora cluster. If any DB instance in your cluster has this setting turned off, the cluster isn't automatically upgraded. Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run modify-db-instance and set the
Using the RDS API, call ModifyDBInstance and set the |
The entire DB cluster |
An outage doesn't occur during this change. Outages do occur during future maintenance windows when Aurora applies automatic upgrades. |
Backup retention period The number of days that
automatic backups are retained.
The minimum value is For more information, see Backups. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run modify-db-cluster and set the Using the RDS API, call ModifyDBCluster and set the |
The entire DB cluster |
An outage doesn't occur during this change. |
Backup window (Start time) The time range during which automated backups of your database occurs. The backup window is a start time in Universal Coordinated Time (UTC), and a duration in hours. Aurora backups are continuous and incremental, but the backup window is used to create a daily system backup that is preserved within the backup retention period. You can copy it to preserve it outside of the retention period. The maintenance window and the backup window for the DB cluster can't overlap. For more information, see Backup window. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run modify-db-cluster and set the Using the RDS API, call ModifyDBCluster and set the |
The entire DB cluster. |
An outage doesn't occur during this change. |
Capacity settings The scaling properties of an Aurora Serverless v1 DB cluster. You can only modify scaling properties for DB
clusters in For information about Aurora Serverless v1, see Using Amazon Aurora Serverless v1. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run modify-db-cluster and set the Using the RDS API, call ModifyDBCluster and set the |
The entire DB cluster |
An outage doesn't occur during this change. The change occurs immediately. This setting ignores the apply immediately setting. |
Certificate authority The certificate authority (CA) for the server certificate used by the DB instance. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run modify-db-instance and set the Using the RDS API, call ModifyDBInstance and set the |
Only the specified DB instance |
An outage only occurs if the DB engine doesn't support rotation without restart. You can use the describe-db-engine-versions AWS CLI command to determine whether the DB engine supports rotation without restart. |
Cluster storage configuration The storage type for the DB cluster: Aurora I/O-Optimized or Aurora Standard. For more information, see Storage configurations for Amazon Aurora DB clusters. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run modify-db-cluster and set the Using the RDS API, call ModifyDBCluster and set the |
The entire DB cluster |
Changing the storage type of an Aurora PostgreSQL DB cluster with Optimized Reads instance classes causes an outage. This does not occur when changing storage types for clusters with other instance class types. For more information on the DB instance class types, see DB instance class types. |
Copy tags to snapshots
Select to specify that tags defined for this DB cluster are copied to DB snapshots created from this DB cluster. For more information, see Tagging Amazon Aurora and Amazon RDS resources. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-cluster.html and set the Using the RDS API, call https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBCluster.html and set the |
The entire DB cluster |
An outage doesn't occur during this change. |
Data API You can access Aurora Serverless v1 with web services–based applications, including AWS Lambda and AWS AppSync. This setting only applies to an Aurora Serverless v1 DB cluster. For more information, see Using RDS Data API. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Database authentication
The database authentication you want to use. For MySQL:
For PostgreSQL:
|
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run modify-db-cluster and set the following options:
Using the RDS API, call ModifyDBCluster and set the following parameters:
|
The entire DB cluster |
An outage doesn't occur during this change. |
Database port The port that you want to use to access the DB cluster. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage occurs during this change. All of the DB instances in the DB cluster are rebooted immediately. |
DB cluster identifier The DB cluster identifier. This value is stored as a lowercase string. When you change the DB cluster identifier, the DB cluster endpoints change. The endpoints of the DB instances in the DB cluster don't change. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
DB cluster parameter group The DB cluster parameter group that you want associated with the DB cluster. For more information, see Parameter groups for Amazon Aurora. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. When you change the parameter group, changes to some parameters are applied to the DB instances in the DB cluster immediately without a reboot. Changes to other parameters are applied only after the DB instances in the DB cluster are rebooted. |
DB instance class The DB instance class that you want to use. For more information, see Amazon Aurora DB instance classes. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage occurs during this change. |
DB instance identifier The DB instance identifier. This value is stored as a lowercase string. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
Downtime occurs during this change. RDS restarts the DB instance to update the following:
|
DB parameter group The DB parameter group that you want associated with the DB instance. For more information, see Parameter groups for Amazon Aurora. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. When you associate a new DB parameter group with a DB instance, the modified static and dynamic parameters are applied only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot. For more information, see Parameter groups for Amazon Aurora and Rebooting an Amazon Aurora DB cluster or Amazon Aurora DB instance. |
Deletion protection Enable deletion protection to prevent your DB cluster from being deleted. For more information, see Deletion protection for Aurora clusters. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Engine version The version of the DB engine that you want to use. Before you upgrade your production DB cluster, we recommend that you test the upgrade process on a test DB cluster to verify its duration and to validate your applications. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage occurs during this change. |
Enhanced monitoring Enable enhanced monitoring to enable gathering metrics in real time for the operating system that your DB instance runs on. For more information, see Monitoring OS metrics with Enhanced Monitoring. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Log exports Select the log types to publish to Amazon CloudWatch Logs. For more information, see Aurora MySQL database log files. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Maintenance window The time range during which system maintenance occurs. System maintenance includes upgrades, if applicable. The maintenance window is a start time in Universal Coordinated Time (UTC), and a duration in hours. If you set the window to the current time, there must be at least 30 minutes between the current time and end of the window to ensure any pending changes are applied. You can set the maintenance window independently for the DB cluster and for each DB instance in the DB cluster. When the scope of a modification is the entire DB cluster, the modification is performed during the DB cluster maintenance window. When the scope of a modification is the a DB instance, the modification is performed during maintenance window of that DB instance. The maintenance window and the backup window for the DB cluster can't overlap. For more information, see Amazon RDS maintenance window. |
To change the maintenance window for the DB cluster using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. To change the maintenance window for a DB instance using the AWS Management Console, Modifying a DB instance in a DB cluster. To change the maintenance window for the DB cluster using the AWS CLI, run To change the maintenance window for a DB instance using the AWS CLI, run To change the maintenance window for the DB cluster using the RDS API, call To change the maintenance window for a DB instance using the RDS API, call |
The entire DB cluster or a single DB instance |
If there are one or more pending actions that cause an outage, and the maintenance window is changed to include the current time, then those pending actions are applied immediately, and an outage occurs. |
Manage master credentials in AWS Secrets Manager Select Manage master credentials in AWS Secrets Manager to manage the master user password in a secret in Secrets Manager. Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account. For more information, see Password management with Amazon Aurora and AWS Secrets Manager. If Aurora is already managing the master user password for the DB cluster, you can rotate the master user password by choosing Rotate secret immediately. For more information, see Password management with Amazon Aurora and AWS Secrets Manager. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Network type The IP addressing protocols supported by the DB cluster. IPv4 to specify that resources can communicate with the DB cluster only over the IPv4 addressing protocol. Dual-stack mode to specify that resources can communicate with the DB cluster over IPv4, IPv6, or both. Use dual-stack mode if you have any resources that must communicate with your DB cluster over the IPv6 addressing protocol. To use dual-stack mode, make sure at least two subnets spanning two Availability Zones that support both the IPv4 and IPv6 network protocol. Also, make sure you associate an IPv6 CIDR block with subnets in the DB subnet group you specify. For more information, see Amazon Aurora IP addressing. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
New master password The password for your master user.
|
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Performance Insights Whether to enable Performance Insights, a tool that monitors your DB instance load so that you can analyze and troubleshoot your database performance. For more information, see Monitoring DB load with Performance Insights on Amazon Aurora. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Performance Insights AWS KMS key The AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the Amazon Resource Name (ARN), key identifier, or key alias for the KMS key. For more information, see Turning Performance Insights on and off for Aurora. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Performance Insights retention period The amount of time, in days, to retain Performance Insights data. The retention setting in the free tier is Default (7 days). To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see Pricing and data retention for Performance Insights. For more information, see Turning Performance Insights on and off for Aurora. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Promotion tier A value that specifies the order in which an Aurora Replica is promoted to the primary instance in a DB cluster, after a failure of the existing primary instance. For more information, see Fault tolerance for an Aurora DB cluster. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Public access Publicly accessible to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC. Not publicly accessible to make the DB instance accessible only from inside the VPC. For more information, see Hiding a DB cluster in a VPC from the internet. To connect to a DB instance from outside of its Amazon VPC, the DB instance must be publicly accessible, access must be granted using the inbound rules of the DB instance's security group, and other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance. If your DB instance is isn't publicly accessible, you can also use an AWS Site-to-Site VPN connection or an AWS Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy. |
Using the AWS Management Console, Modifying a DB instance in a DB cluster. Using the AWS CLI, run Using the RDS API, call |
Only the specified DB instance |
An outage doesn't occur during this change. |
Serverless v2 capacity settings The database capacity of an Aurora Serverless v2 DB cluster, measured in Aurora Capacity Units (ACUs). For more information, see Setting the Aurora Serverless v2 capacity range for a cluster. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. The change occurs immediately. This setting ignores the apply immediately setting. |
Security group The security group you want associated with the DB cluster. For more information, see Controlling access with security groups. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Target Backtrack window The amount of time you want to be able to backtrack your DB cluster, in seconds. This setting is available only for Aurora MySQL and only if the DB cluster was created with Backtrack enabled. |
Using the AWS Management Console, Modifying the DB cluster by using the console, CLI, and API. Using the AWS CLI, run Using the RDS API, call |
The entire DB cluster |
An outage doesn't occur during this change. |
Settings that don't apply to Amazon Aurora DB clusters
The following settings in the AWS CLI command modify-db-cluster
and the RDS API operation ModifyDBCluster
don't apply to Amazon Aurora DB clusters.
Note
You can't use the AWS Management Console to modify these settings for Aurora DB clusters.
AWS CLI setting | RDS API setting |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Settings that don't apply to Amazon Aurora DB instances
The following settings in the AWS CLI command modify-db-instance
and the RDS API operation ModifyDBInstance
don't apply to Amazon Aurora DB instances.
Note
You can't use the AWS Management Console to modify these settings for Aurora DB instances.
AWS CLI setting | RDS API setting |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|