DatabaseInstanceProps

class aws_cdk.aws_rds.DatabaseInstanceProps(*, vpc, auto_minor_version_upgrade=None, availability_zone=None, backup_retention=None, cloudwatch_logs_exports=None, cloudwatch_logs_retention=None, cloudwatch_logs_retention_role=None, copy_tags_to_snapshot=None, delete_automated_backups=None, deletion_protection=None, domain=None, domain_role=None, enable_performance_insights=None, iam_authentication=None, instance_identifier=None, iops=None, max_allocated_storage=None, monitoring_interval=None, monitoring_role=None, multi_az=None, option_group=None, parameter_group=None, performance_insight_encryption_key=None, performance_insight_retention=None, port=None, preferred_backup_window=None, preferred_maintenance_window=None, processor_features=None, publicly_accessible=None, removal_policy=None, s3_export_buckets=None, s3_export_role=None, s3_import_buckets=None, s3_import_role=None, security_groups=None, storage_type=None, subnet_group=None, vpc_placement=None, vpc_subnets=None, engine, allocated_storage=None, allow_major_version_upgrade=None, database_name=None, instance_type=None, license_model=None, parameters=None, timezone=None, character_set_name=None, credentials=None, storage_encrypted=None, storage_encryption_key=None)

Bases: DatabaseInstanceSourceProps

Construction properties for a DatabaseInstance.

Parameters
  • vpc (IVpc) – The VPC network where the DB subnet group should be created.

  • auto_minor_version_upgrade (Optional[bool]) – Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window. Default: true

  • availability_zone (Optional[str]) – The name of the Availability Zone where the DB instance will be located. Default: - no preference

  • backup_retention (Optional[Duration]) – The number of days during which automatic DB snapshots are retained. Set to zero to disable backups. When creating a read replica, you must enable automatic backups on the source database instance by setting the backup retention to a value other than zero. Default: - Duration.days(1) for source instances, disabled for read replicas

  • cloudwatch_logs_exports (Optional[Sequence[str]]) – The list of log types that need to be enabled for exporting to CloudWatch Logs. Default: - no log exports

  • cloudwatch_logs_retention (Optional[RetentionDays]) – The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to Infinity. Default: - logs never expire

  • cloudwatch_logs_retention_role (Optional[IRole]) – The IAM role for the Lambda function associated with the custom resource that sets the retention policy. Default: - a new role is created.

  • copy_tags_to_snapshot (Optional[bool]) – Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. Default: true

  • delete_automated_backups (Optional[bool]) – Indicates whether automated backups should be deleted or retained when you delete a DB instance. Default: false

  • deletion_protection (Optional[bool]) – Indicates whether the DB instance should have deletion protection enabled. Default: - true if removalPolicy is RETAIN, false otherwise

  • domain (Optional[str]) – The Active Directory directory ID to create the DB instance in. Default: - Do not join domain

  • domain_role (Optional[IRole]) – The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent. Default: - The role will be created for you if {@link DatabaseInstanceNewProps#domain} is specified

  • enable_performance_insights (Optional[bool]) – Whether to enable Performance Insights for the DB instance. Default: - false, unless performanceInsightRentention or performanceInsightEncryptionKey is set.

  • iam_authentication (Optional[bool]) – Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Default: false

  • instance_identifier (Optional[str]) – A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. Default: - a CloudFormation generated name

  • iops (Union[int, float, None]) – The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. Default: - no provisioned iops

  • max_allocated_storage (Union[int, float, None]) – Upper limit to which RDS can scale the storage in GiB(Gibibyte). Default: - No autoscaling of RDS instance

  • monitoring_interval (Optional[Duration]) – The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance. Default: - no enhanced monitoring

  • monitoring_role (Optional[IRole]) – Role that will be used to manage DB instance monitoring. Default: - A role is automatically created for you

  • multi_az (Optional[bool]) – Specifies if the database instance is a multiple Availability Zone deployment. Default: false

  • option_group (Optional[IOptionGroup]) – The option group to associate with the instance. Default: - no option group

  • parameter_group (Optional[IParameterGroup]) – The DB parameter group to associate with the instance. Default: - no parameter group

  • performance_insight_encryption_key (Optional[IKey]) – The AWS KMS key for encryption of Performance Insights data. Default: - default master key

  • performance_insight_retention (Optional[PerformanceInsightRetention]) – The amount of time, in days, to retain Performance Insights data. Default: 7

  • port (Union[int, float, None]) – The port for the instance. Default: - the default port for the chosen engine.

  • preferred_backup_window (Optional[str]) – The daily time range during which automated backups are performed. Constraints: - Must be in the format hh24:mi-hh24:mi. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes. Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow

  • preferred_maintenance_window (Optional[str]) – The weekly time range (in UTC) during which system maintenance can occur. Format: ddd:hh24:mi-ddd:hh24:mi Constraint: Minimum 30-minute window Default: - a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance

  • processor_features (Union[ProcessorFeatures, Dict[str, Any], None]) – The number of CPU cores and the number of threads per core. Default: - the default number of CPU cores and threads per core for the chosen instance class. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor

  • publicly_accessible (Optional[bool]) – Indicates whether the DB instance is an internet-facing instance. Default: - true if vpcSubnets is subnetType: SubnetType.PUBLIC, false otherwise

  • removal_policy (Optional[RemovalPolicy]) – The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update. Default: - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)

  • s3_export_buckets (Optional[Sequence[IBucket]]) – S3 buckets that you want to load data into. This property must not be used if s3ExportRole is used. For Microsoft SQL Server: Default: - None

  • s3_export_role (Optional[IRole]) – Role that will be associated with this DB instance to enable S3 export. This property must not be used if s3ExportBuckets is used. For Microsoft SQL Server: Default: - New role is created if s3ExportBuckets is set, no role is defined otherwise

  • s3_import_buckets (Optional[Sequence[IBucket]]) – S3 buckets that you want to load data from. This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines. This property must not be used if s3ImportRole is used. For Microsoft SQL Server: Default: - None

  • s3_import_role (Optional[IRole]) – Role that will be associated with this DB instance to enable S3 import. This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines. This property must not be used if s3ImportBuckets is used. For Microsoft SQL Server: Default: - New role is created if s3ImportBuckets is set, no role is defined otherwise

  • security_groups (Optional[Sequence[ISecurityGroup]]) – The security groups to assign to the DB instance. Default: - a new security group is created

  • storage_type (Optional[StorageType]) – The storage type. Storage types supported are gp2, io1, standard. Default: GP2

  • subnet_group (Optional[ISubnetGroup]) – Existing subnet group for the instance. Default: - a new subnet group will be created.

  • vpc_placement (Union[SubnetSelection, Dict[str, Any], None]) – (deprecated) The type of subnets to add to the created DB subnet group. Default: - private subnets

  • vpc_subnets (Union[SubnetSelection, Dict[str, Any], None]) – The type of subnets to add to the created DB subnet group. Default: - private subnets

  • engine (IInstanceEngine) – The database engine.

  • allocated_storage (Union[int, float, None]) – The allocated storage size, specified in gigabytes (GB). Default: 100

  • allow_major_version_upgrade (Optional[bool]) – Whether to allow major version upgrades. Default: false

  • database_name (Optional[str]) – The name of the database. Default: - no name

  • instance_type (Optional[InstanceType]) – The name of the compute and memory capacity for the instance. Default: - m5.large (or, more specifically, db.m5.large)

  • license_model (Optional[LicenseModel]) – The license model. Default: - RDS default license model

  • parameters (Optional[Mapping[str, str]]) – The parameters in the DBParameterGroup to create automatically. You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup. Default: - None

  • timezone (Optional[str]) – The time zone of the instance. This is currently supported only by Microsoft Sql Server. Default: - RDS default timezone

  • character_set_name (Optional[str]) – For supported engines, specifies the character set to associate with the DB instance. Default: - RDS default character set name

  • credentials (Optional[Credentials]) – Credentials for the administrative user. Default: - A username of ‘admin’ (or ‘postgres’ for PostgreSQL) and SecretsManager-generated password

  • storage_encrypted (Optional[bool]) – Indicates whether the DB instance is encrypted. Default: - true if storageEncryptionKey has been provided, false otherwise

  • storage_encryption_key (Optional[IKey]) – The KMS key that’s used to encrypt the DB instance. Default: - default master key if storageEncrypted is true, no key otherwise

ExampleMetadata

infused

Example:

# vpc: ec2.Vpc

engine = rds.DatabaseInstanceEngine.postgres(version=rds.PostgresEngineVersion.VER_12_3)
rds.DatabaseInstance(self, "InstanceWithUsername",
    engine=engine,
    vpc=vpc,
    credentials=rds.Credentials.from_generated_secret("postgres")
)

rds.DatabaseInstance(self, "InstanceWithUsernameAndPassword",
    engine=engine,
    vpc=vpc,
    credentials=rds.Credentials.from_password("postgres", SecretValue.ssm_secure("/dbPassword", "1"))
)

my_secret = secretsmanager.Secret.from_secret_name(self, "DBSecret", "myDBLoginInfo")
rds.DatabaseInstance(self, "InstanceWithSecretLogin",
    engine=engine,
    vpc=vpc,
    credentials=rds.Credentials.from_secret(my_secret)
)

Attributes

allocated_storage

The allocated storage size, specified in gigabytes (GB).

Default

100

allow_major_version_upgrade

Whether to allow major version upgrades.

Default

false

auto_minor_version_upgrade

Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.

Default

true

availability_zone

The name of the Availability Zone where the DB instance will be located.

Default
  • no preference

backup_retention

The number of days during which automatic DB snapshots are retained.

Set to zero to disable backups. When creating a read replica, you must enable automatic backups on the source database instance by setting the backup retention to a value other than zero.

Default
  • Duration.days(1) for source instances, disabled for read replicas

character_set_name

For supported engines, specifies the character set to associate with the DB instance.

Default
  • RDS default character set name

cloudwatch_logs_exports

The list of log types that need to be enabled for exporting to CloudWatch Logs.

Default
  • no log exports

cloudwatch_logs_retention

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn’t remove the log retention policy. To remove the retention policy, set the value to Infinity.

Default
  • logs never expire

cloudwatch_logs_retention_role

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

Default
  • a new role is created.

copy_tags_to_snapshot

Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.

Default

true

credentials

Credentials for the administrative user.

Default
  • A username of ‘admin’ (or ‘postgres’ for PostgreSQL) and SecretsManager-generated password

database_name

The name of the database.

Default
  • no name

delete_automated_backups

Indicates whether automated backups should be deleted or retained when you delete a DB instance.

Default

false

deletion_protection

Indicates whether the DB instance should have deletion protection enabled.

Default
  • true if removalPolicy is RETAIN, false otherwise

domain

The Active Directory directory ID to create the DB instance in.

Default
  • Do not join domain

domain_role

The IAM role to be used when making API calls to the Directory Service.

The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent.

Default
  • The role will be created for you if {@link DatabaseInstanceNewProps#domain} is specified

enable_performance_insights

Whether to enable Performance Insights for the DB instance.

Default
  • false, unless performanceInsightRentention or performanceInsightEncryptionKey is set.

engine

The database engine.

iam_authentication

Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.

Default

false

instance_identifier

A name for the DB instance.

If you specify a name, AWS CloudFormation converts it to lowercase.

Default
  • a CloudFormation generated name

instance_type

The name of the compute and memory capacity for the instance.

Default
  • m5.large (or, more specifically, db.m5.large)

iops

The number of I/O operations per second (IOPS) that the database provisions.

The value must be equal to or greater than 1000.

Default
  • no provisioned iops

license_model

The license model.

Default
  • RDS default license model

max_allocated_storage

Upper limit to which RDS can scale the storage in GiB(Gibibyte).

Default
  • No autoscaling of RDS instance

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling

monitoring_interval

The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.

Default
  • no enhanced monitoring

monitoring_role

Role that will be used to manage DB instance monitoring.

Default
  • A role is automatically created for you

multi_az

Specifies if the database instance is a multiple Availability Zone deployment.

Default

false

option_group

The option group to associate with the instance.

Default
  • no option group

parameter_group

The DB parameter group to associate with the instance.

Default
  • no parameter group

parameters

The parameters in the DBParameterGroup to create automatically.

You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup.

Default
  • None

performance_insight_encryption_key

The AWS KMS key for encryption of Performance Insights data.

Default
  • default master key

performance_insight_retention

The amount of time, in days, to retain Performance Insights data.

Default

7

port

The port for the instance.

Default
  • the default port for the chosen engine.

preferred_backup_window

The daily time range during which automated backups are performed.

Constraints:

  • Must be in the format hh24:mi-hh24:mi.

  • Must be in Universal Coordinated Time (UTC).

  • Must not conflict with the preferred maintenance window.

  • Must be at least 30 minutes.

Default

  • a 30-minute window selected at random from an 8-hour block of

time for each AWS Region. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow

preferred_maintenance_window

The weekly time range (in UTC) during which system maintenance can occur.

Format: ddd:hh24:mi-ddd:hh24:mi Constraint: Minimum 30-minute window

Default

  • a 30-minute window selected at random from an 8-hour block of

time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance

processor_features

The number of CPU cores and the number of threads per core.

Default

  • the default number of CPU cores and threads per core for the

chosen instance class.

See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor

publicly_accessible

Indicates whether the DB instance is an internet-facing instance.

Default
  • true if vpcSubnets is subnetType: SubnetType.PUBLIC, false otherwise

removal_policy

The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.

Default
  • RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)

s3_export_buckets

S3 buckets that you want to load data into.

This property must not be used if s3ExportRole is used.

For Microsoft SQL Server:

Default
  • None

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html

s3_export_role

Role that will be associated with this DB instance to enable S3 export.

This property must not be used if s3ExportBuckets is used.

For Microsoft SQL Server:

Default
  • New role is created if s3ExportBuckets is set, no role is defined otherwise

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html

s3_import_buckets

S3 buckets that you want to load data from.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportRole is used.

For Microsoft SQL Server:

Default
  • None

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html

s3_import_role

Role that will be associated with this DB instance to enable S3 import.

This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

This property must not be used if s3ImportBuckets is used.

For Microsoft SQL Server:

Default
  • New role is created if s3ImportBuckets is set, no role is defined otherwise

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Procedural.Importing.html

security_groups

The security groups to assign to the DB instance.

Default
  • a new security group is created

storage_encrypted

Indicates whether the DB instance is encrypted.

Default
  • true if storageEncryptionKey has been provided, false otherwise

storage_encryption_key

The KMS key that’s used to encrypt the DB instance.

Default
  • default master key if storageEncrypted is true, no key otherwise

storage_type

The storage type.

Storage types supported are gp2, io1, standard.

Default

GP2

See

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#Concepts.Storage.GeneralSSD

subnet_group

Existing subnet group for the instance.

Default
  • a new subnet group will be created.

timezone

The time zone of the instance.

This is currently supported only by Microsoft Sql Server.

Default
  • RDS default timezone

vpc

The VPC network where the DB subnet group should be created.

vpc_placement

(deprecated) The type of subnets to add to the created DB subnet group.

Default
  • private subnets

Deprecated

use vpcSubnets

Stability

deprecated

vpc_subnets

The type of subnets to add to the created DB subnet group.

Default
  • private subnets