rds_modify_db_cluster: Modify the settings for an Amazon Aurora DB cluster or a Multi-AZ DB cluster

[required] The DB cluster identifier for the cluster being modified. This parameter isn't case-sensitive.

Constraints: This identifier must match the identifier of an existing DB cluster.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

The new DB cluster identifier for the DB cluster when renaming a DB cluster. This value is stored as a lowercase string.

Constraints:

• Must contain from 1 to 63 letters, numbers, or hyphens

• The first character must be a letter

• Can't end with a hyphen or contain two consecutive hyphens

A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the PreferredMaintenanceWindow setting for the DB cluster. If this parameter is disabled, changes to the DB cluster are applied during the next maintenance window.

Most modifications can be applied immediately or during the next scheduled maintenance window. Some modifications, such as turning on deletion protection and changing the master password, are applied immediately—regardless of when you choose to apply them.

By default, this parameter is disabled.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

The number of days for which automated backups are retained. Specify a minimum value of 1.

Default: 1

Constraints:

• Must be a value from 1 to 35

The name of the DB cluster parameter group to use for the DB cluster.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A list of VPC security groups that the DB cluster will belong to.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

The port number on which the DB cluster accepts connections.

Constraints: Value must be 1150-65535

Default: The same port as the original DB cluster.

Valid for: Aurora DB clusters only

The new password for the master database user. This password can contain any printable ASCII character except "/", """, or "@".

Constraints:

• Must contain from 8 to 41 characters.

• Can't be specified if ManageMasterUserPassword is turned on.

A value that indicates that the DB cluster should be associated with the specified option group.

DB clusters are associated with a default option group that can't be modified.

The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter.

The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see Backup window in the Amazon Aurora User Guide.

Constraints:

• Must be in the format hh24:mi-hh24:mi.

• Must be in Universal Coordinated Time (UTC).

• Must not conflict with the preferred maintenance window.

• Must be at least 30 minutes.

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Format: ddd:hh24:mi-ddd:hh24:mi

The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.

Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.

Constraints: Minimum 30-minute window.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information, see IAM Database Authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

The target backtrack window, in seconds. To disable backtracking, set this value to 0.

Default: 0

Constraints:

• If specified, this value must be set to a number from 0 to 259,200 (72 hours).

The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster. The values in the list depend on the DB engine being used.

RDS for MySQL

Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless ApplyImmediately is enabled.

If the cluster that you're modifying has one or more read replicas, all replicas must be running an engine version that's the same or later than the version you specify.

To list all of the available engine versions for Aurora MySQL, use the following command:

aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion"

To list all of the available engine versions for Aurora PostgreSQL, use the following command:

aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion"

To list all of the available engine versions for RDS for MySQL, use the following command:

aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion"

To list all of the available engine versions for RDS for PostgreSQL, use the following command:

aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A value that indicates whether major version upgrades are allowed.

Constraints: You must allow major version upgrades when specifying a value for the EngineVersion parameter that is a different major version than the DB cluster's current version.

Valid for: Aurora DB clusters only

The name of the DB parameter group to apply to all instances of the DB cluster.

When you apply a parameter group using the DBInstanceParameterGroupName parameter, the DB cluster isn't rebooted automatically. Also, parameter changes are applied immediately rather than during the next maintenance window.

Default: The existing name setting

Constraints:

• The DB parameter group must be in the same DB parameter group family as this DB cluster.

• The DBInstanceParameterGroupName parameter is valid in combination with the AllowMajorVersionUpgrade parameter for a major version upgrade only.

The Active Directory directory ID to move the DB cluster to. Specify none to remove the cluster from its current domain. The domain must be created prior to this operation.

For more information, see Kerberos Authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

Specify the name of the IAM role to be used when making API calls to the Directory Service.

Valid for: Aurora DB clusters only

The scaling properties of the DB cluster. You can only modify scaling properties for DB clusters in serverless DB engine mode.

Valid for: Aurora DB clusters only

A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless v1 DB cluster. By default, the HTTP endpoint is disabled.

When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless v1 DB cluster. You can also query your database from inside the RDS console with the query editor.

For more information, see Using the Data API for Aurora Serverless v1 in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (GlobalCluster). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.

You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the failover_global_cluster API operation, but it does nothing until then.

Valid for: Aurora DB clusters only

The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.

For the full list of DB instance classes and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

Valid for: Multi-AZ DB clusters only

The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.

Valid for: Multi-AZ DB clusters only

Specifies the storage type to be associated with the DB cluster.

When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.

Valid values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)

Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)

Valid for: Aurora DB clusters and Multi-AZ DB clusters

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

For information about valid IOPS values, see Amazon RDS Provisioned IOPS storage in the Amazon RDS User Guide.

Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB cluster.

Valid for: Multi-AZ DB clusters only

A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

Valid for: Multi-AZ DB clusters only

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, also set MonitoringInterval to a value other than 0.

Valid Values: 0, 1, 5, 10, 15, 30, 60

Valid for: Multi-AZ DB clusters only

The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.

If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.

Valid for: Multi-AZ DB clusters only

A value that indicates whether to turn on Performance Insights for the DB cluster.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.

Valid for: Multi-AZ DB clusters only

The Amazon Web Services KMS key identifier for encryption of Performance Insights data.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

Valid for: Multi-AZ DB clusters only

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

• 7

• month * 31, where month is a number of months from 1-23

• 731

The network type of the DB cluster.

Valid values:

• IPV4

• DUAL

A value that indicates whether to manage the master user password with Amazon Web Services Secrets Manager.

If the DB cluster doesn't manage the master user password with Amazon Web Services Secrets Manager, you can turn on this management. In this case, you can't specify MasterUserPassword.

If the DB cluster already manages the master user password with Amazon Web Services Secrets Manager, and you specify that the master user password is not managed with Amazon Web Services Secrets Manager, then you must specify MasterUserPassword. In this case, RDS deletes the secret and uses the new password for the master user specified by MasterUserPassword.

For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

A value that indicates whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.

This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster. The secret value contains the updated password.

For more information, see Password management with Amazon Web Services Secrets Manager in the Amazon RDS User Guide and Password management with Amazon Web Services Secrets Manager in the Amazon Aurora User Guide.

Constraints:

• You must apply the change immediately when rotating the master user password.

The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.

This setting is valid only if both of the following conditions are met:

• The DB cluster doesn't manage the master user password in Amazon Web Services Secrets Manager.

  If the DB cluster already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key that is used to encrypt the secret.

• You are turning on ManageMasterUserPassword to manage the master user password in Amazon Web Services Secrets Manager.

  If you are turning on ManageMasterUserPassword and don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager KMS key to encrypt the secret, and you must use a customer managed KMS key.

The DB engine mode of the DB cluster, either provisioned or serverless.

The DB engine mode can be modified only from serverless to provisioned.

For more information, see CreateDBCluster.

Valid for: Aurora DB clusters only

A value that indicates whether engine mode changes from serverless to provisioned are allowed.

Constraints: You must allow engine mode changes when specifying a different value for the EngineMode parameter from the DB cluster's current engine mode.

Valid for: Aurora Serverless v1 DB clusters only