Amazon DocumentDB cluster parameters reference - Amazon DocumentDB

Amazon DocumentDB cluster parameters reference

When you change a dynamic parameter and save the cluster parameter group, the change is applied immediately regardless of the Apply immediately setting. When you change a static parameter and save the cluster parameter group, the parameter change takes effect after you manually reboot the instance. You can reboot an instance using the Amazon DocumentDB console or by explicitly calling reboot-db-instance.

The following table shows the parameters that apply to all instances in an Amazon DocumentDB cluster.

Amazon DocumentDB cluster-level parameters
Parameter Default Value Valid Values Modifiable Apply Type Data Type Description
audit_logs disabled enabled, disabled, ddl, dml_read, dml_write, all, none Yes Dynamic String Defines whether Amazon CloudWatch audit logs are enabled.
  • enabled—CloudWatch audit logs are enabled.

  • disabled—CloudWatch audit logs are disabled.

  • ddl—auditing for DDL events is enabled.

  • dml_read—auditng for DML read events is enabled.

  • dml_write—auditing for DML write events is enabled.

  • all—auditing for all database events is enabled.

  • none—auditing is disabled.

change_stream_log_retention_duration 10800 3600-604800 Yes Dynamic Integer Defines the duration of time (in seconds) that the change stream log is retained and can be consumed.
profiler disabled enabled, disabled Yes Dynamic String Enables profiling for slow operations.
  • enabled—operations that take longer than a customer-defined threshold value (e.g., 100ms) are logged toAmazon CloudWatch Logs.

  • disabled—slow operations are not logged to CloudWatch Logs.

profiler_sampling_rate 1.0 0.0-1.0 Yes Dynamic Float Defines the sampling rate for logged operations.
profiler_threshold_ms 100 50-2147483646 Yes Dynamic Integer Defines the threshold for profiler.
  • All operations greater than profiler_threshold_ms are logged to CloudWatch Logs.

tls enabled enabled, disabled, fips-140-3 Yes Static String Defines whether Transport Layer Security (TLS) connections are required.
  • enabled—TLS connections are required to connect.

  • disabled—TLS connections cannot be used to connect.

  • fips-140-3—TLS connections with Federal Information Processing Standards (FIPS) attributes are required to connect. The cluster only accepts secure connections per FIPS Publication 140-3. This is only supported starting with Amazon DocumentDB 5.0 (engine version 3.0.3727) clusters in these regions: ca-central-1, us-west-2, us-east-1, us-east-2, us-gov-east-1, us-gov-west-1.

ttl_monitor enabled enabled, disabled Yes Dynamic String Defines whether Time to Live (TTL) monitoring is enabled for the cluster.
  • enabled—TTL monitoring is enabled.

  • disabled—TTL monitoring is disabled.