# Configuring an Amazon RDS DB instance
This section shows how to set up your Amazon RDS DB instance. Before creating a DB instance, decide on the DB instance class that will run the DB instance. Also, decide where the DB instance will run by choosing an AWS Region. Next, create the DB instance.
You can configure a DB instance with an option group and a DB parameter group.
+ An *option group* specifies features, called options, that are available for a particular Amazon RDS DB instance.
+ A *DB parameter group* acts as a container for engine configuration values that are applied to one or more DB instances.
The options and parameters that are available depend on the DB engine and DB engine version. You can specify an option group and a DB parameter group when you create a DB instance. You can also modify a DB instance to specify them.
**Topics**
+ [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md)
+ [Creating Amazon RDS resources with AWS CloudFormation](creating-resources-with-cloudformation.md)
+ [Connecting to an Amazon RDS DB instance](CHAP_CommonTasks.Connect.md)
+ [Working with option groups](USER_WorkingWithOptionGroups.md)
+ [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md)
+ [Creating an Amazon ElastiCache cache using Amazon RDS DB instance settings](creating-elasticache-cluster-with-RDS-settings.md)
+ [Auto migrating EC2 databases to Amazon RDS using AWS Database Migration Service](USER_DMS_migration.md)
+ [Tutorial: Creating a MySQL DB instance with a custom parameterand new option group](tutorial-creating-custom-OPG.md)
# Creating an Amazon RDS DB instance
The basic building block of Amazon RDS is the DB instance, where you create your databases. You choose the engine-specific characteristics of the DB instance when you create it. You also choose the storage capacity, CPU, memory, and so on of the AWS instance on which the database server runs.
**Topics**
+ [DB instance prerequisites](#USER_CreateDBInstance.Prerequisites)
+ [Creating a DB instance](#USER_CreateDBInstance.Creating)
+ [Settings for DB instances](USER_CreateDBInstance.Settings.md)
## DB instance prerequisites
**Important**
Before you can create an Amazon RDS DB instance, complete the tasks in [Setting up your Amazon RDS environment](CHAP_SettingUp.md).
The following are prerequisites for creating an RDS DB instance.
**Topics**
+ [Configure the network for the DB instance](#USER_CreateDBInstance.Prerequisites.VPC)
+ [Additional prerequisites](#USER_CreateDBInstance.Prerequisites.Additional)
### Configure the network for the DB instance
You can create an Amazon RDS DB instance only in a virtual private cloud (VPC) based on the Amazon VPC service. Also, it must be in an AWS Region that has at least two Availability Zones. The DB subnet group that you choose for the DB instance must cover at least two Availability Zones. This configuration ensures that you can configure a Multi-AZ deployment when you create the DB instance or easily move to one in the future.
To set up connectivity between your new DB instance and an Amazon EC2 instance in the same VPC, do so when you create the DB instance. To connect to your DB instance from resources other than EC2 instances in the same VPC, configure the network connections manually.
**Topics**
+ [Configure automatic network connectivity with an EC2 instance](#USER_CreateDBInstance.Prerequisites.VPC.Automatic)
+ [Configure the network manually](#USER_CreateDBInstance.Prerequisites.VPC.Manual)
#### Configure automatic network connectivity with an EC2 instance
When you create an RDS DB instance, you can use the AWS Management Console to set up connectivity between an EC2 instance and the new DB instance. When you do so, RDS configures your VPC and network settings automatically. The DB instance is created in the same VPC as the EC2 instance so that the EC2 instance can access the DB instance.
The following are requirements for connecting an EC2 instance with the DB instance:
+ The EC2 instance must exist in the AWS Region before you create the DB instance.
If no EC2 instances exist in the AWS Region, the console provides a link to create one.
+ The user who is creating the DB instance must have permissions to perform the following operations:
+ `ec2:AssociateRouteTable`
+ `ec2:AuthorizeSecurityGroupEgress`
+ `ec2:AuthorizeSecurityGroupIngress`
+ `ec2:CreateRouteTable`
+ `ec2:CreateSubnet`
+ `ec2:CreateSecurityGroup`
+ `ec2:DescribeInstances`
+ `ec2:DescribeNetworkInterfaces`
+ `ec2:DescribeRouteTables`
+ `ec2:DescribeSecurityGroups`
+ `ec2:DescribeSubnets`
+ `ec2:ModifyNetworkInterfaceAttribute`
+ `ec2:RevokeSecurityGroupEgress`
Using this option creates a private DB instance. The DB instance uses a DB subnet group with only private subnets to restrict access to resources within the VPC.
To connect an EC2 instance to the DB instance, choose **Connect to an EC2 compute resource** in the **Connectivity** section on the **Create database** page.
![\[Connect an EC2 instance\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ec2-set-up-connection-create.png)
When you choose **Connect to an EC2 compute resource**, RDS sets the following options automatically. You can't change these settings unless you choose not to set up connectivity with an EC2 instance by choosing **Don't connect to an EC2 compute resource**.
****
| Console option | Automatic setting |
| --- | --- |
| **Network type** | RDS sets network type to **IPv4**. Currently, dual-stack mode isn't supported when you set up a connection between an EC2 instance and the DB instance. |
| **Virtual Private Cloud (VPC)** | RDS sets the VPC to the one associated with the EC2 instance. |
| **DB subnet group** | RDS requires a DB subnet group with a private subnet in the same Availability Zone as the EC2 instance. If a DB subnet group that meets this requirement exists, then RDS uses the existing DB subnet group. By default, this option is set to Automatic setup. When you choose **Automatic setup** and there is no DB subnet group that meets this requirement, the following action happens. RDS uses three available private subnets in three Availability Zones where one of the Availability Zones is the same as the EC2 instance. If a private subnet isn’t available in an Availability Zone, RDS creates a private subnet in the Availability Zone. Then RDS creates the DB subnet group.When a private subnet is available, RDS uses the route table associated with the subnet and adds any subnets it creates to this route table. When no private subnet is available, RDS creates a route table without internet gateway access and adds the subnets it creates to the route table.RDS also allows you to use existing DB subnet groups. Select **Choose existing** if you want to use an existing DB subnet group of your choice. |
| **Public access** | RDS chooses **No** so that the DB instance isn't publicly accessible. For security, it is a best practice to keep the database private and make sure it isn't accessible from the internet. |
| **VPC security group (firewall)** | RDS creates a new security group that is associated with the DB instance. The security group is named `rds-ec2-n`, where `n` is a number. This security group includes an inbound rule with the EC2 VPC security group (firewall) as the source. This security group that is associated with the DB instance allows the EC2 instance to access the DB instance. RDS also creates a new security group that is associated with the EC2 instance. The security group is named `ec2-rds-n`, where `n` is a number. This security group includes an outbound rule with the VPC security group of the DB instance as the source. This security group allows the EC2 instance to send traffic to the DB instance. You can add another new security group by choosing **Create new** and typing the name of the new security group. You can add existing security groups by choosing **Choose existing** and selecting security groups to add. |
| **Availability Zone** | When you choose **Single DB instance** in **Availability & durability** (Single-AZ deployment), RDS chooses the Availability Zone of the EC2 instance. When you choose **Multi-AZ DB instance** in **Availability & durability** (Multi-AZ DB instance deployment), RDS chooses the Availability Zone of the EC2 instance for one DB instance in the deployment. RDS randomly chooses a different Availability Zone for the other DB instance. Either the primary DB instance or the standby replica is created in the same Availability Zone as the EC2 instance. When you choose **Multi-AZ DB instance**, there is the possibility of cross Availability Zone costs if the DB instance and EC2 instance are in different Availability Zones. |
For more information about these settings, see [Settings for DB instances](USER_CreateDBInstance.Settings.md).
If you change these settings after the DB instance is created, the changes might affect the connection between the EC2 instance and the DB instance.
#### Configure the network manually
To connect to your DB instance from resources other than EC2 instances in the same VPC, configure the network connections manually. If you use the AWS Management Console to create your DB instance, you can have Amazon RDS automatically create a VPC for you. Or you can use an existing VPC or create a new VPC for your DB instance. With any approach, your VPC requires at least one subnet in each of at least two Availability Zones for use with an RDS DB instance.
By default, Amazon RDS creates the DB instance an Availability Zone automatically for you. To choose a specific Availability Zone, you need to change the **Availability & durability** setting to **Single DB instance**. Doing so exposes an **Availability Zone** setting that lets you choose from among the Availability Zones in your VPC. However, if you choose a Multi-AZ deployment, RDS chooses the Availability Zone of the primary or writer DB instance automatically, and the **Availability Zone** setting doesn't appear.
In some cases, you might not have a default VPC or haven't created a VPC. In these cases, you can have Amazon RDS automatically create a VPC for you when you create a DB instance using the console. Otherwise, do the following:
+ Create a VPC with at least one subnet in each of at least two of the Availability Zones in the AWS Region where you want to deploy your DB instance. For more information, see [Working with a DB instance in a VPC](USER_VPC.WorkingWithRDSInstanceinaVPC.md#Overview.RDSVPC.Create) and [Tutorial: Create a VPC for use with a DB instance (IPv4 only)](CHAP_Tutorials.WebServerDB.CreateVPC.md).
+ Specify a VPC security group that authorizes connections to your DB instance. For more information, see [Provide access to your DB instance in your VPC by creating a security group](CHAP_SettingUp.md#CHAP_SettingUp.SecurityGroup) and [Controlling access with security groups](Overview.RDSSecurityGroups.md).
+ Specify an RDS DB subnet group that defines at least two subnets in the VPC that can be used by the DB instance. For more information, see [Working with DB subnet groups](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.Subnets).
If you want to connect to a resource that isn't in the same VPC as the DB instance, see the appropriate scenarios in [Scenarios for accessing a DB instance in a VPC](USER_VPC.Scenarios.md).
### Additional prerequisites
Before you create your DB instance, consider the following additional prerequisites:
+ If you are connecting to AWS using AWS Identity and Access Management (IAM) credentials, your AWS account must have certain IAM policies. These grant the permissions required to perform Amazon RDS operations. For more information, see [Identity and access management for Amazon RDS](UsingWithRDS.IAM.md).
To use IAM to access the RDS console, sign in to the AWS Management Console with your IAM user credentials. Then go to the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
+ To tailor the configuration parameters for your DB instance, specify a DB parameter group with the required parameter settings. For information about creating or modifying a DB parameter group, see [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md).
**Important**
If you are using the BYOL model for Amazon RDS for Db2, before creating a DB instance, you must first create a custom parameter group that contains your IBM Site ID and IBM Customer ID. For more information, see [Bring your own license (BYOL) for Db2](db2-licensing.md#db2-licensing-options-byol).
+ Determine the TCP/IP port number to specify for your DB instance. The firewalls at some companies block connections to the default ports for RDS DB instances. If your company firewall blocks the default port, choose another port for your DB instance. The default ports for Amazon RDS DB engines are:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html)
For RDS for SQL Server, the following ports are reserved, and you can't use them when you create a DB instance: `1234, 1434, 3260, 3343, 3389, 47001,` and `49152-49156`.
## Creating a DB instance
You can create an Amazon RDS DB instance using the AWS Management Console, the AWS CLI, or the RDS API.
**Note**
For RDS for Db2, we recommend that you set up items needed for your license model before you create an RDS for Db2 DB instance. For more information, see [Amazon RDS for Db2 licensing options](db2-licensing.md).
### Console
You can create a DB instance by using the AWS Management Console with **Easy create** enabled or not enabled. With **Easy create** enabled, you specify only the DB engine type, DB instance size, and DB instance identifier. **Easy create** uses the default setting for other configuration options. With **Easy create** not enabled, you specify more configuration options when you create a database, including ones for availability, security, backups, and maintenance.
**Note**
In the following procedure, **Standard create** is enabled, and **Easy create** isn't enabled. This procedure uses Microsoft SQL Server as an example.
For examples that use **Easy create** to walk you through creating and connecting to sample DB instances for each engine, see [Getting started with Amazon RDS](CHAP_GettingStarted.md).
**To create a DB instance**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the upper-right corner of the Amazon RDS console, choose the AWS Region in which you want to create the DB instance.
1. In the navigation pane, choose **Databases**.
1. Choose **Create database**, then choose **Standard create**.
1. For **Engine type**, choose IBM Db2, MariaDB, Microsoft SQL Server, MySQL, Oracle, or PostgreSQL.
**Microsoft SQL Server** is shown here.
![\[Engine selection\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/create-instance-sqlserver.png)
1. For **Database management type**, if you're using Oracle or SQL Server choose **Amazon RDS** or **Amazon RDS Custom**.
**Amazon RDS** is shown here. For more information on RDS Custom, see [Amazon RDS Custom](rds-custom.md).
1. For **Edition**, if you're using Db2, Oracle, or SQL Server, choose the DB engine edition that you want to use.
MySQL has only one option for the edition, and MariaDB and PostgreSQL have none.
1. For **Version**, choose the engine version.
1. In **Templates**, choose the template that matches your use case. If you choose **Production**, the following are preselected in a later step:
+ **Multi-AZ** failover option
+ **Provisioned IOPS SSD (io1)** storage option
+ **Enable deletion protection** option
We recommend these features for any production environment.
**Note**
Template choices vary by edition.
1. In the **Settings** section, open **Credential Settings**. Then do the following:
1. (Optional) Change the **Master username** value.
1. Choose either of the following credentials management options:
+ **Managed in AWS Secrets Manager**
In **Select the encryption key**, choose either a KMS key that Secrets Manager creates or a key that you have created.
**Note**
We recommend AWS Secrets Manager as the most secure technique for managing credentials. Additional charges apply. For more information, see [Password management with Amazon RDS and AWS Secrets Manager](rds-secrets-manager.md).
+ **Self managed**
To specify a password, clear the **Auto generate a password** check box if it is selected. Enter the same password in **Master password** and **Confirm master password**.
1. (Optional) Set up a connection to a compute resource for this DB instance.
You can configure connectivity between an Amazon EC2 instance and the new DB instance during DB instance creation. For more information, see [Configure automatic network connectivity with an EC2 instance](#USER_CreateDBInstance.Prerequisites.VPC.Automatic).
1. In the **Connectivity** section under **VPC security group (firewall)**, if you select **Create new**, a VPC security group is created with an inbound rule that allows your local computer's IP address to access the database.
1. For the remaining sections, specify your DB instance settings. For information about each setting, see [Settings for DB instances](USER_CreateDBInstance.Settings.md).
1. Choose **Create database**.
If you chose to use an automatically generated password, the **View credential details** button appears on the **Databases** page.
To view the master username and password for the DB instance, choose **View credential details**.
To connect to the DB instance as the master user, use the username and password that appear.
**Important**
You can't view the master user password again. If you don't record it, you might have to change it. If you need to change the master user password after the DB instance is available, modify the DB instance to do so. For more information about modifying a DB instance, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
1. For **Databases**, choose the name of the new DB instance.
On the RDS console, the details for the new DB instance appear. The DB instance has a status of **Creating** until the DB instance is created and ready for use. When the state changes to **Available**, you can connect to the DB instance. Depending on the DB instance class and storage allocated, it can take several minutes for the new instance to be available.
![\[My DB instances details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/SQLSvr-Launch05.png)
### AWS CLI
**Note**
If you want to use Db2 license through AWS Marketplace, you must first subscribe to AWS Marketplace and register with IBM by using the AWS Management Console. For more information, see [Subscribing to Db2 Marketplace listings and registering with IBM](db2-licensing.md#db2-marketplace-subscribing-registering).
To create a DB instance by using the AWS CLI, call the [create-db-instance](https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html) command with the following parameters:
+ `--db-instance-identifier`
+ `--db-instance-class`
+ `--vpc-security-group-ids`
+ `--db-subnet-group`
+ `--engine`
+ `--master-username`
+ `--master-user-password` or `--manage-master-user-password`
+ `--allocated-storage`
+ `--backup-retention-period`
For information about each setting, see [Settings for DB instances](USER_CreateDBInstance.Settings.md).
This example uses Microsoft SQL Server.
**Example**
For Linux, macOS, or Unix:
```
1. aws rds create-db-instance \
2. --engine sqlserver-se \
3. --db-instance-identifier mymsftsqlserver \
4. --allocated-storage 250 \
5. --db-instance-class db.t3.large \
6. --vpc-security-group-ids mysecuritygroup \
7. --db-subnet-group mydbsubnetgroup \
8. --master-username masterawsuser \
9. --manage-master-user-password \
10. --backup-retention-period 3
```
For Windows:
```
1. aws rds create-db-instance ^
2. --engine sqlserver-se ^
3. --db-instance-identifier mydbinstance ^
4. --allocated-storage 250 ^
5. --db-instance-class db.t3.large ^
6. --vpc-security-group-ids mysecuritygroup ^
7. --db-subnet-group mydbsubnetgroup ^
8. --master-username masterawsuser ^
9. --manage-master-user-password ^
10. --backup-retention-period 3
```
This command produces output similar to the following.
```
1. DBINSTANCE mydbinstance db.t3.large sqlserver-se 250 sa creating 3 **** n 10.50.2789
2. SECGROUP default active
3. PARAMGRP default.sqlserver-se-14 in-sync
```
### RDS API
**Note**
If you want to use Db2 license through AWS Marketplace, you must first subscribe to AWS Marketplace and register with IBM by using the AWS Management Console. For more information, see [Subscribing to Db2 Marketplace listings and registering with IBM](db2-licensing.md#db2-marketplace-subscribing-registering).
To create a DB instance by using the Amazon RDS API, call the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) operation.
For information about each setting, see [Settings for DB instances](USER_CreateDBInstance.Settings.md).
# Settings for DB instances
In the following table, you can find details about settings that you choose when you create a DB instance. The table also shows the DB engines for which each setting is supported.
You can create a DB instance using the console, the [create-db-instance](https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html) CLI command, or the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) RDS API operation.
****
| Console setting | Setting description | CLI option and RDS API parameter | Supported DB engines |
| --- | --- | --- | --- |
| **Allocated storage** | The amount of storage to allocate for your DB instance (in gibibytes). In some cases, allocating a higher amount of storage for your DB instance than the size of your database can improve I/O performance. For more information, see [Amazon RDS DB instance storage](CHAP_Storage.md). | **CLI option:** `--allocated-storage` **API parameter:** `AllocatedStorage` | All |
| Architecture settings | If you choose **Oracle multitenant architecture**, RDS for Oracle creates a container database (CDB). If you don't choose this option, RDS for Oracle creates a non-CDB. A non-CDB uses the traditional Oracle database architecture. A CDB can contain pluggable databases (PDBs) whereas a non-CDB cannot. Oracle Database 21c uses the CDB architecture only. Oracle Database 19c can use either the CDB or non-CDB architecture. Releases lower than Oracle Database 19c use the non-CDB architecture only. For more information, see [Overview of RDS for Oracle CDBs](Oracle.Concepts.CDBs.md). | **CLI option:** `--engine oracle-ee-cdb` (Oracle multitenant) `--engine oracle-se2-cdb` (Oracle multitenant) `--engine oracle-ee` (traditional) `--engine oracle-se2` (traditional) **API parameter:** `Engine` | Oracle |
| Architecture configuration | These settings are only valid when you choose **Oracle multitenant architecture** for **Architecture settings**. Choose either of the following additional settings: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) Regardless of which configuration you choose, your CDB contains a single initial PDB. In the multi-tenant configuration, you can create more PDBs later using RDS APIs. For more information, see [Overview of RDS for Oracle CDBs](Oracle.Concepts.CDBs.md). | **CLI option:** `--multi-tenant` (multi-tenant configuration) `--no-multi-tenant` (single-tenant configuration) **API parameter:** `MultiTenant` | Oracle |
| Auto minor version upgrade | Choose **Enable auto minor version upgrade** to enable your DB instance to receive preferred minor DB engine version upgrades automatically when they become available. This is the default behavior. Amazon RDS performs automatic minor version upgrades in the maintenance window. If you don't choose **Enable auto minor version upgrade**, your DB instance isn't upgraded automatically when new minor versions become available. For more information, see [Automatically upgrading the minor engine version](USER_UpgradeDBInstance.Upgrading.md#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades). | **CLI option:** `--auto-minor-version-upgrade` `--no-auto-minor-version-upgrade` **API parameter:** `AutoMinorVersionUpgrade` | All |
| Availability zone | The Availability Zone for your DB instance. Use the default value of **No Preference** unless you want to specify an Availability Zone. For more information, see [Regions, Availability Zones, and Local Zones](Concepts.RegionsAndAvailabilityZones.md). | **CLI option:** `--availability-zone` **API parameter:** `AvailabilityZone` | All |
| **AWS KMS key** | Only available if **Encryption** is set to **Enable encryption**. Choose the AWS KMS key to use for encrypting this DB instance. For more information, see [Encrypting Amazon RDS resources](Overview.Encryption.md). | **CLI option:** `--kms-key-id` **API parameter:** `KmsKeyId` | All |
| AWS License Manager configuration | Enter a name for an AWS License Manager license configuration. The name must be 100 characters or less, and only include a-z, A-Z, and 0-9. For more information, see [Integrating with AWS License Manager](db2-licensing.md#db2-lms-integration). | **CLI option:** For more information, see [AWS License Manager CLI](db2-licensing.md#db2-lms-integration.cli). **API parameter:** For more information, see [AWS License Manager API](db2-licensing.md#db2-lms-integration.api). | Db2 |
| Backup replication | Choose **Enable replication in another AWS Region** to create backups in an additional Region for disaster recovery. Then choose the **Destination Region** for the additional backups. | Not available when creating a DB instance. For information on enabling cross-Region backups using the AWS CLI or RDS API, see [Enabling cross-Region automated backups for Amazon RDS](AutomatedBackups.Replicating.Enable.md). | Db2 Oracle PostgreSQL SQL Server |
| Backup retention period | The number of days that you want automatic backups of your DB instance to be retained. For any nontrivial DB instance, set this value to **1** or greater. For more information, see [Introduction to backups](USER_WorkingWithAutomatedBackups.md). | **CLI option:** `--backup-retention-period` **API parameter:** `BackupRetentionPeriod` | All |
| Backup target | Choose **AWS Cloud** to store automated backups and manual snapshots in the parent AWS Region. Choose **Outposts (on-premises)** to store them locally on your Outpost. This option setting applies only to RDS on Outposts. For more information, see [Creating DB instances for Amazon RDS on AWS Outposts](rds-on-outposts.creating.md). | **CLI option:** `--backup-target` **API parameter:** `BackupTarget` | MySQL, PostgreSQL, SQL Server |
| Backup window | The time period during which Amazon RDS automatically takes a backup of your DB instance. Unless you have a specific time that you want to have your database backed up, use the default of **No Preference**. For more information, see [Introduction to backups](USER_WorkingWithAutomatedBackups.md). | **CLI option:** `--preferred-backup-window` **API parameter:** `PreferredBackupWindow` | All |
| **Certificate authority** | The certificate authority (CA) for the server certificate used by the DB instance. For more information, see [Using SSL/TLS to encrypt a connection to a DB instance or cluster ](UsingWithRDS.SSL.md). | **CLI option:** `--ca-certificate-identifier` **RDS API parameter:** `CACertificateIdentifier` | All |
| Character set | The character set for your DB instance. The default value of **AL32UTF8** for the DB character set is for the Unicode 5.0 UTF-8 Universal character set. You can't change the DB character set after you create the DB instance. In a single-tenant configuration, a non-default DB character set affects only the PDB, not the CDB. For more information, see [Single-tenant configuration of the CDB architecture](Oracle.Concepts.CDBs.md#Oracle.Concepts.single-tenant). The DB character set is different from the national character set, which is called the NCHAR character set. Unlike the DB character set, the NCHAR character set specifies the encoding for NCHAR data types (NCHAR, NVARCHAR2, and NCLOB) columns without affecting database metadata. For more information, see [RDS for Oracle character sets](Appendix.OracleCharacterSets.md). | **CLI option:** `--character-set-name` **API parameter:** `CharacterSetName` | Oracle |
| Collation | A server-level collation for your DB instance. For more information, see [Server-level collation for Microsoft SQL Server](Appendix.SQLServer.CommonDBATasks.Collation.md#Appendix.SQLServer.CommonDBATasks.Collation.Server). | **CLI option:** `--character-set-name` **API parameter:** `CharacterSetName` | SQL Server |
| Copy tags to snapshots | This option copies any DB instance tags to a DB snapshot when you create a snapshot. For more information, see [Tagging Amazon RDS resources](USER_Tagging.md). | **CLI option:** `--copy-tags-to-snapshot` `--no-copy-tags-to-snapshot` **RDS API parameter:** `CopyTagsToSnapshot` | All |
| Database authentication | The database authentication option that you want to use. Choose **Password authentication** to authenticate database users with database passwords only. Choose **Password and IAM DB authentication** to authenticate database users with database passwords and user credentials through users and roles. For more information, see [IAM database authentication for MariaDB, MySQL, and PostgreSQL](UsingWithRDS.IAMDBAuth.md). This option is only supported for MySQL and PostgreSQL. Choose **Password and Kerberos authentication** to authenticate database users with database passwords and Kerberos authentication through an AWS Managed Microsoft AD created with Directory Service. Next, choose the directory or choose **Create a new Directory**. For more information, see one of the following: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) | ***IAM:*** **CLI option:** `--enable-iam-database-authentication` `--no-enable-iam-database-authentication` **RDS API parameter:** `EnableIAMDatabaseAuthentication` ***Kerberos:*** **CLI option:** `--domain` `--domain-iam-role-name` **RDS API parameter:** `Domain` `DomainIAMRoleName` | Varies by authentication type |
| Database management type | Choose **Amazon RDS** if you don't need to customize your environment. Choose **Amazon RDS Custom** if you want to customize the database, OS, and infrastructure. For more information, see [Amazon RDS Custom](rds-custom.md). | For the CLI and API, you specify the database engine type. | Oracle SQL Server |
| Database port | The port that you want to access the DB instance through. The default port is shown. The firewalls at some companies block connections to the default MariaDB, MySQL, and PostgreSQL ports. If your company firewall blocks the default port, enter another port for your DB instance. | **CLI option:** `--port` **RDS API parameter:** `Port` | All |
| DB engine version | The version of database engine that you want to use. | **CLI option:** `--engine-version` **RDS API parameter:** `EngineVersion` | All |
| DB instance class | The configuration for your DB instance. For example, a **db.t3.small** DB instance class has 2 GiB memory, 2 vCPUs, 1 virtual core, a variable ECU, and a moderate I/O capacity. If possible, choose a DB instance class large enough that a typical query working set can be held in memory. When working sets are held in memory, the system can avoid writing to disk, which improves performance. For more information, see [DB instance classes](Concepts.DBInstanceClass.md). In RDS for Oracle, you can select **Include additional memory configurations**. These configurations are optimized for a high ratio of memory to vCPU. For example, **db.r5.6xlarge.tpc2.mem4x** is a db.r5.8x DB instance that has 2 threads per core (tpc2) and 4x the memory of a standard db.r5.6xlarge DB instance. For more information, see [RDS for Oracle DB instance classes](Oracle.Concepts.InstanceClasses.md). | **CLI option:** `--db-instance-class` **RDS API parameter:** `DBInstanceClass` | All |
| DB instance identifier | The name for your DB instance. Name your DB instances in the same way that you name your on-premises servers. Your DB instance identifier can contain up to 63 alphanumeric characters, and must be unique for your account in the AWS Region you chose. | **CLI option:** `--db-instance-identifier` **RDS API parameter:** `DBInstanceIdentifier` | All |
| DB parameter group | A parameter group for your DB instance. You can choose the default parameter group, or you can create a custom parameter group. If you are using the BYOL model for RDS for Db2, before creating a DB instance, you must first create a custom parameter group that contains your IBM Site ID and IBM Customer ID. For more information, see [Bring your own license (BYOL) for Db2](db2-licensing.md#db2-licensing-options-byol). For more information, see [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md). | **CLI option:** `--db-parameter-group-name` **RDS API parameter:** `DBParameterGroupName` | All |
| DB subnet group | The DB subnet group you want to use for the DB cluster. Select Choose existing to use an existing DB subnet group. Then choose the required subnet group from the Existing DB subnet groups dropdown list.Choose **Automatic setup** to let RDS select a compatible DB subnet group. If none exist, RDS creates a new subnet group for your cluster.For more information, see [Working with DB subnet groups](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.Subnets). | **CLI option:** `--db-subnet-group-name` **RDS API parameter:** `DBSubnetGroupName` | All |
| Dedicated Log Volume | Use a dedicated log volume (DLV) to store database transaction logs on a storage volume that's separate from the volume containing the database tables. For more information, see [Using a dedicated log volume (DLV)](USER_PIOPS.dlv.md). | **CLI option:** `--dedicated-log-volume` **RDS API parameter:** `DedicatedLogVolume` | All |
| Deletion protection | **Enable deletion protection** to prevent your DB instance from being deleted. If you create a production DB instance with the AWS Management Console, deletion protection is enabled by default. For more information, see [Deleting a DB instance](USER_DeleteInstance.md). | **CLI option:** `--deletion-protection` `--no-deletion-protection` **RDS API parameter:** `DeletionProtection` | All |
| Encryption | **Enable Encryption** to enable encryption at rest for this DB instance. For more information, see [Encrypting Amazon RDS resources](Overview.Encryption.md). | **CLI option:** `--storage-encrypted` `--no-storage-encrypted` **RDS API parameter:** `StorageEncrypted` | All |
| Enhanced Monitoring | **Enable enhanced monitoring** to enable gathering metrics in real time for the operating system that your DB instance runs on. For more information, see [Monitoring OS metrics with Enhanced Monitoring](USER_Monitoring.OS.md). | **CLI options:** `--monitoring-interval` `--monitoring-role-arn` **RDS API parameters:** `MonitoringInterval` `MonitoringRoleArn` | All |
| Engine type | Choose the database engine to be used for this DB instance. | **CLI option:** `--engine` **RDS API parameter:** `Engine` | All |
| Initial database name | The name for the database on your DB instance. If you don't provide a name, Amazon RDS doesn't create a database on the DB instance (except for Oracle and PostgreSQL). The name can't be a word reserved by the database engine, and has other constraints depending on the DB engine. Db2: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) MariaDB and MySQL: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) Oracle: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) PostgreSQL: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) | **CLI option:** `--db-name` **RDS API parameter:** `DBName` | All except SQL Server |
| License | Valid values for the license model: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) | **CLI option:** `--license-model` **RDS API parameter:** `LicenseModel` | All |
| **Log exports** | The types of database log files to publish to Amazon CloudWatch Logs. For more information, see [Publishing database logs to Amazon CloudWatch Logs](USER_LogAccess.Procedural.UploadtoCloudWatch.md). | **CLI option:** `--enable-cloudwatch-logs-exports` **RDS API parameter:** `EnableCloudwatchLogsExports` | All |
| Maintenance window | The 30-minute window in which pending modifications to your DB instance are applied. If the time period doesn't matter, choose **No Preference**. For more information, see [Amazon RDS maintenance window](USER_UpgradeDBInstance.Maintenance.md#Concepts.DBMaintenance). | **CLI option:** `--preferred-maintenance-window` **RDS API parameter:** `PreferredMaintenanceWindow` | All |
| Manage master credentials in AWS Secrets Manager | Select **Manage master credentials in AWS Secrets Manager** to manage the master user password in a secret in Secrets Manager. Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account. For more information, see [Password management with Amazon RDS and AWS Secrets Manager](rds-secrets-manager.md). | **CLI option:** `--manage-master-user-password \| --no-manage-master-user-password` `--master-user-secret-kms-key-id` **RDS API parameter:** `ManageMasterUserPassword` `MasterUserSecretKmsKeyId` | All |
| Master password | The password for your master user account. The password has the following number of printable ASCII characters (excluding `/`, `"`, a space, and `@`) depending on the DB engine: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) | **CLI option:** `--master-user-password` **RDS API parameter:** `MasterUserPassword` | All |
| Master username | The name that you use as the master username to log in to your DB instance with all database privileges. Note the following naming restrictions: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) You can't change the master username after you create the DB instance. For Db2, we recommend that you use the same master username as your self-managed Db2 instance name. For more information on privileges granted to the master user, see [Master user account privileges](UsingWithRDS.MasterAccounts.md). | **CLI option:** `--master-username` **RDS API parameter:** `MasterUsername` | All |
| Microsoft SQL Server Windows Authentication | **Enable Microsoft SQL Server Windows authentication**, then **Browse Directory** to choose the directory where you want to allow authorized domain users to authenticate with this SQL Server instance using Windows Authentication. | **CLI options:** `--domain` `--domain-iam-role-name` **RDS API parameters:** `Domain` `DomainIAMRoleName` | SQL Server |
| Multi-AZ deployment | **Create a standby instance** to create a passive secondary replica of your DB instance in another Availability Zone for failover support. We recommend Multi-AZ for production workloads to maintain high availability. For development and testing, you can choose **Do not create a standby instance**. For more information, see [Configuring and managing a Multi-AZ deployment for Amazon RDS](Concepts.MultiAZ.md). | **CLI option:** `--multi-az` `--no-multi-az` **RDS API parameter:** `MultiAZ` | All |
| National character set (NCHAR) | The national character set for your DB instance, commonly called the NCHAR character set. You can set the national character set to either AL16UTF16 (default) or UTF-8. You can't change the national character set after you create the DB instance. The national character set is different from the DB character set. Unlike the DB character set, the national character set specifies the encoding only for NCHAR data types (NCHAR, NVARCHAR2, and NCLOB) columns without affecting database metadata. For more information, see [RDS for Oracle character sets](Appendix.OracleCharacterSets.md). | **CLI option:** `--nchar-character-set-name` **API parameter:** `NcharCharacterSetName` | Oracle |
| Network type | The IP addressing protocols supported by the DB instance. **IPv4** (the default) to specify that resources can communicate with the DB instance only over the Internet Protocol version 4 (IPv4) addressing protocol. **Dual-stack mode** to specify that resources can communicate with the DB instance over IPv4, Internet Protocol version 6 (IPv6), or both. Use dual-stack mode if you have any resources that must communicate with your DB instance over the IPv6 addressing protocol. Also, make sure that you associate an IPv6 CIDR block with all subnets in the DB subnet group that you specify. For more information, see [Amazon RDS IP addressing](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.IP_addressing). | **CLI option:** `--network-type` **RDS API parameter:** `NetworkType` | All |
| Option group | An option group for your DB instance. You can choose the default option group or you can create a custom option group. For more information, see [Working with option groups](USER_WorkingWithOptionGroups.md). | **CLI option:** `--option-group-name` **RDS API parameter:** `OptionGroupName` | All |
| Performance Insights | **Enable Performance Insights** to monitor your DB instance load so that you can analyze and troubleshoot your database performance. Choose a retention period to determine how much Performance Insights data history to keep. The retention setting is **Default (7 days)**. To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see [Pricing and data retention for Performance Insights](USER_PerfInsights.Overview.cost.md). Choose a KMS key to use to protect the key used to encrypt this database volume. Choose from the KMS keys in your account, or enter the key from a different account. For more information, see [Monitoring DB load with Performance Insights on Amazon RDS](USER_PerfInsights.md). | **CLI options:** `--enable-performance-insights` `--no-enable-performance-insights` `--performance-insights-retention-period` `--performance-insights-kms-key-id` **RDS API parameters:** `EnablePerformanceInsights` `PerformanceInsightsRetentionPeriod` `PerformanceInsightsKMSKeyId` | All except Db2 |
| **Provisioned IOPS** | The Provisioned IOPS (I/O operations per second) value for the DB instance. This setting is available only if you choose one of the following for **Storage type**: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) For more information, see [Amazon RDS DB instance storage](CHAP_Storage.md). | **CLI option:** `--iops` **RDS API parameter:** `Iops` | All |
| Public access | **Yes** to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC. **No** to make the DB instance accessible only from inside the VPC. For more information, see [Hiding a DB instance in a VPC from the internet](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.Hiding). To connect to a DB instance from outside of its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group. In addition, other requirements must be met. For more information, see [Can't connect to Amazon RDS DB instance](CHAP_Troubleshooting.md#CHAP_Troubleshooting.Connecting). If your DB instance isn't publicly accessible, use an AWS Site-to-Site VPN connection or an Direct Connect connection to access it from a private network. For more information, see [Internetwork traffic privacy](inter-network-traffic-privacy.md). | **CLI option:** `--publicly-accessible` `--no-publicly-accessible` **RDS API parameter:** `PubliclyAccessible` | All |
| RDS Extended Support | Select **Enable RDS Extended Support** to allow supported major engine versions to continue running past the RDS end of standard support date. When you create a DB instance, Amazon RDS defaults to RDS Extended Support. To prevent the creation of a new DB instance after the RDS end of standard support date and to avoid charges for RDS Extended Support, disable this setting. Your existing DB instances won't incur charges until the RDS Extended Support pricing start date. For more information, see [Amazon RDS Extended Support with Amazon RDS](extended-support.md). | **CLI option:** `--engine-lifecycle-support` **RDS API parameter:** `EngineLifecycleSupport` | MySQL PostgreSQL |
| **RDS Proxy** | Choose **Create an RDS Proxy** to create a proxy for your DB instance. Amazon RDS automatically creates an IAM role and a Secrets Manager secret for the proxy. For more information, see [Amazon RDS Proxy](rds-proxy.md). | Not available when creating a DB instance. | MariaDB MySQL PostgreSQL |
| Storage autoscaling | **Enable storage autoscaling** to enable Amazon RDS to automatically increase storage when needed to avoid having your DB instance run out of storage space. Use **Maximum storage threshold** to set the upper limit for Amazon RDS to automatically increase storage for your DB instance. The default is 1,000 GiB. For more information, see [Managing capacity automatically with Amazon RDS storage autoscaling](USER_PIOPS.Autoscaling.md). | **CLI option:** `--max-allocated-storage` **RDS API parameter:** `MaxAllocatedStorage` | All |
| **Storage throughput** | The storage throughput value for the DB instance. This setting is available only if you choose **General purpose SSD (gp3)** for **Storage type**. For more information, see [gp3 storage (recommended)](CHAP_Storage.md#gp3-storage). | **CLI option:** `--storage-throughput` **RDS API parameter:** `StorageThroughput` | All |
| Storage type | The storage type for your DB instance. If you choose **General Purpose SSD (gp3)**, you can provision additional provisioned IOPS and storage throughput under **Advanced settings**. If you choose **Provisioned IOPS SSD (io1)** or **Provisioned IOPS SSD (io2)**, enter the **Provisioned IOPS** value. For more information, see [Amazon RDS storage types](CHAP_Storage.md#Concepts.Storage). | **CLI option:** `--storage-type` **RDS API parameter:** `StorageType` | All |
| Additional storage volumes | You can add up to three additional storage volumes to your RDS for Oracle or RDS for SQL Server DB instance. You can configure each additional volume to use gp3 or io2 storage types. You can also specify different allocated storage, IOPS, and throughput settings to optimize for your workload requirements. Make sure you specify the volume names as `rdsdbdata2`, `rdsdbdata3`, or `rdsdbdata4`. The combined storage across the primary and additional volumes cannot exceed 256 TiB. | **CLI option:** `--additional-storage-volumes` **RDS API parameter:** `AdditionalStorageVolumes` | Oracle and SQL Server |
| Subnet group | A DB subnet group to associate with this DB instance. For more information, see [Working with DB subnet groups](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.Subnets). | **CLI option:** `--db-subnet-group-name` **RDS API parameter:** `DBSubnetGroupName` | All |
| Tenant database name | The name of your initial PDB in the multi-tenant configuration of the Oracle architecture. This setting is available only if you choose **Multi-tenant configuration** for **Architecture configuration**. The tenant database name must differ from the name of your CDB, which is named `RDSCDB`. You can't change the CDB name. | **CLI option:** `--db-name` **RDS API parameter:** `DBName` | Oracle |
| Tenant database master username | The name that you use as the master username to log in to your tenant database (PDB) with all database privileges. This setting is available only if you choose **Multi-tenant configuration** for **Architecture configuration**. Note the following naming restrictions: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) You can't do the following: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.Settings.html) | **CLI option:** `--master-username` **RDS API parameter:** `MasterUsername` | Oracle |
| Tenant database master password | The password for the master user account of your tenant database (PDB). This setting is available only if you choose **Multi-tenant configuration** for **Architecture configuration**. The password has 8–30 printable ASCII characters, excluding `/`, `"`, a space, and `@`. | **CLI option:** `--master-password` **RDS API parameter:** `MasterPassword` | Oracle |
| Tenant database character set | The character set of the initial tenant database. This setting is available only if you choose **Multi-tenant configuration** for **Architecture configuration**. Only RDS for Oracle CDB instances are supported. The default value of **AL32UTF8** for the tenant database character set is for the Unicode 5.0 UTF-8 Universal character set. You can choose a tenant database character set that is different from the character set of the CDB. For more information, see [RDS for Oracle character sets](Appendix.OracleCharacterSets.md). | **CLI option:** `--character-set-name` **RDS API parameter:** `CharacterSetName` | Oracle |
| Tenant database national character set | The national character set for your tenant database, commonly called the `NCHAR` character set. This setting is available only if you choose **Multi-tenant configuration** for **Architecture configuration**. Only RDS for Oracle CDB instances are supported. You can set the national character set to either **AL16UTF16** (default) or **UTF-8**. You can't change the national character set after you create the tenant database. The tenant database national character set is different from the tenant database character set. The national character set specifies the encoding only for columns that use the `NCHAR` data type (`NCHAR`, `NVARCHAR2`, and `NCLOB`) and doesn't affect database metadata. For more information, see [RDS for Oracle character sets](Appendix.OracleCharacterSets.md). | **CLI option:** `--nchar-character-set-name` **API parameter:** `NcharCharacterSetName` | Oracle |
| Time zone | The time zone for your DB instance. If you don't choose a time zone, your DB instance uses the default time zone. You can't change the time zone after the DB instance is created. For more information, see [Local time zone for Amazon RDS for Db2 DB instances](db2-time-zone.md) and [Local time zone for Microsoft SQL Server DB instances](SQLServer.Concepts.General.TimeZone.md). | **CLI option:** `--timezone` **RDS API parameter:** `Timezone` | Db2 SQL Server RDS Custom for SQL Server |
| Virtual Private Cloud (VPC) | A VPC based on the Amazon VPC service to associate with this DB instance. For more information, see [Amazon VPC and Amazon RDS](USER_VPC.md). | For the CLI and API, you specify the VPC security group IDs. | All |
| VPC security group (firewall) | The security group to associate with the DB instance. For more information, see [Overview of VPC security groups](Overview.RDSSecurityGroups.md#Overview.RDSSecurityGroups.VPCSec). | **CLI option:** `--vpc-security-group-ids` **RDS API parameter:** `VpcSecurityGroupIds` | All |
# Creating Amazon RDS resources with AWS CloudFormation
Amazon RDS is integrated with AWS CloudFormation, a service that helps you to model and set up your AWS resources so that you can spend less time creating and managing your resources and infrastructure. You create a template that describes all the AWS resources that you want (such as DB instances and DB parameter groups), and CloudFormation provisions and configures those resources for you.
When you use CloudFormation, you can reuse your template to set up your RDS resources consistently and repeatedly. Describe your resources once, and then provision the same resources over and over in multiple AWS accounts and Regions.
## RDS and CloudFormation templates
[CloudFormation templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-guide.html) are formatted text files in JSON or YAML. These templates describe the resources that you want to provision in your CloudFormation stacks. If you're unfamiliar with JSON or YAML, you can use CloudFormation Designer to help you get started with CloudFormation templates. For more information, see [What is CloudFormation Designer?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/working-with-templates-cfn-designer.html) in the *AWS CloudFormation User Guide*.
RDS supports creating resources in CloudFormation. For more information, including examples of JSON and YAML templates for these resources, see the [RDS resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_RDS.html) in the *AWS CloudFormation User Guide*.
## Learn more about CloudFormation
To learn more about CloudFormation, see the following resources:
+ [AWS CloudFormation](https://aws.amazon.com/cloudformation/)
+ [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
+ [CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/Welcome.html)
+ [AWS CloudFormation Command Line Interface User Guide](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html)
# Connecting to an Amazon RDS DB instance
Before you can connect to a DB instance, you must create the DB instance. For information, see [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md). After Amazon RDS provisions your DB instance, use any standard client application or utility for your DB engine to connect to the DB instance. In the connection string, specify the DNS address from the DB instance endpoint as the host parameter. Also, specify the port number from the DB instance endpoint as the port parameter.
For more information about finding connection information for an Amazon RDS DB instance or scenarios for accessing a DB instance in a VPC, see the following topics.
+ [Finding the connection information for an Amazon RDS DB instance](CHAP_CommonTasks.Connect.EndpointAndPort.md)
+ [Scenarios for accessing a DB instance in a VPC](CHAP_CommonTasks.Connect.ScenariosForAccess.md)
# Finding the connection information for an Amazon RDS DB instance
The connection information for a DB instance includes its endpoint, port, and a valid database user, such as the master user. For example, for a MySQL DB instance, suppose that the endpoint value is `mydb.123456789012.us-east-1.rds.amazonaws.com`. In this case, the port value is `3306`, and the database user is `admin`. Given this information, you specify the following values in a connection string:
+ For host or host name or DNS name, specify `mydb.123456789012.us-east-1.rds.amazonaws.com`.
+ For port, specify `3306`.
+ For user, specify `admin`.
The endpoint is unique for each DB instance, and the values of the port and user can vary. The following list shows the most common port for each DB engine:
+ Db2 – 50000
+ MariaDB – 3306
+ Microsoft SQL Server – 1433
+ MySQL – 3306
+ Oracle – 1521
+ PostgreSQL – 5432
To connect to a DB instance, use any client for a DB engine. For example, you might use the mysql utility to connect to a MariaDB or MySQL DB instance. You might use Microsoft SQL Server Management Studio to connect to a SQL Server DB instance. You might use Oracle SQL Developer to connect to an Oracle DB instance. Similarly, you might use the psql command line utility to connect to a PostgreSQL DB instance.
To find the connection information for a DB instance, use the AWS Management Console. You can also use the AWS Command Line Interface (AWS CLI) [describe-db-instances](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html) command or the RDS API [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) operation.
## Console
**To find the connection information for a DB instance in the AWS Management Console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Databases** to display a list of your DB instances.
1. Choose the name of the DB instance to display its details.
1. On the **Connectivity & security** tab, copy the endpoint. Also, note the port number. You need both the endpoint and the port number to connect to the DB instance.
![\[The endpoint and port of a DB instance\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/endpoint-port.png)
1. If you need to find the master user name, choose the **Configuration** tab and view the **Master username** value.
## AWS CLI
To find the connection information for a DB instance by using the AWS CLI, call the [describe-db-instances](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html) command. In the call, query for the DB instance ID, endpoint, port, and master user name.
For Linux, macOS, or Unix:
```
aws rds describe-db-instances \
--query "*[].[DBInstanceIdentifier,Endpoint.Address,Endpoint.Port,MasterUsername]"
```
For Windows:
```
aws rds describe-db-instances ^
--query "*[].[DBInstanceIdentifier,Endpoint.Address,Endpoint.Port,MasterUsername]"
```
Your output should be similar to the following.
```
[
[
"mydb",
"mydb.123456789012.us-east-1.rds.amazonaws.com",
3306,
"admin"
],
[
"myoracledb",
"myoracledb.123456789012.us-east-1.rds.amazonaws.com",
1521,
"dbadmin"
],
[
"mypostgresqldb",
"mypostgresqldb.123456789012.us-east-1.rds.amazonaws.com",
5432,
"postgresadmin"
]
]
```
## RDS API
To find the connection information for a DB instance by using the Amazon RDS API, call the [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) operation. In the output, find the values for the endpoint address, endpoint port, and master user name.
# Scenarios for accessing a DB instance in a VPC
Using Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources, such as Amazon RDS DB instances, into a virtual private cloud (VPC). When you use Amazon VPC, you have control over your virtual networking environment. You can choose your own IP address range, create subnets, and configure routing and access control lists.
A VPC security group controls access to DB instances inside a VPC. Each VPC security group rule enables a specific source to access a DB instance in a VPC that is associated with that VPC security group. The source can be a range of addresses (for example, 203.0.113.0/24), or another VPC security group. By specifying a VPC security group as the source, you allow incoming traffic from all instances (typically application servers) that use the source VPC security group.
Before attempting to connect to your DB instance, configure your VPC for your use case. The following are common scenarios for accessing a DB instance in a VPC:
+ **A DB instance in a VPC accessed by an Amazon EC2 instance in the same VPC** – A common use of a DB instance in a VPC is to share data with an application server that is running in an EC2 instance in the same VPC. The EC2 instance might run a web server with an application that interacts with the DB instance.
+ **A DB instance in a VPC accessed by an EC2 instance in a different VPC** – In some cases, your DB instance is in a different VPC from the EC2 instance that you're using to access it. If so, you can use VPC peering to access the DB instance.
+ **A DB instance in a VPC accessed by a client application through the internet** – To access a DB instance in a VPC from a client application through the internet, you configure a VPC with a single public subnet. You also configure an internet gateway to enable communication over the internet.
To connect to a DB instance from outside of its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group, and other requirements must be met. For more information, see [Can't connect to Amazon RDS DB instance](CHAP_Troubleshooting.md#CHAP_Troubleshooting.Connecting).
+ **A DB instance in a VPC accessed by a private network** – If your DB instance isn't publicly accessible, you can use one of the following options to access it from a private network:
+ An AWS Site-to-Site VPN connection
+ An Direct Connect connection
+ An AWS Client VPN connection
For more information, see [Scenarios for accessing a DB instance in a VPC](USER_VPC.Scenarios.md).
## Connecting to DB instances with the AWS drivers
The AWS suite of drivers has been designed to provide support for faster switchover and failover times, and authentication with AWS Secrets Manager, AWS Identity and Access Management (IAM), and Federated Identity. The AWS drivers rely on monitoring DB instance status and being aware of the instance topology to determine the new primary instance. This approach reduces switchover and failover times to single-digit seconds, compared to tens of seconds for open-source drivers.
The following table lists the features supported for each of the drivers. As new service features are introduced, the goal of the AWS suite of drivers is to have built-in support for these service features.
| Feature | [AWS JDBC Driver](https://github.com/awslabs/aws-advanced-jdbc-wrapper) | [AWS Python Driver](https://github.com/awslabs/aws-advanced-python-wrapper) | [AWS ODBC Driver for MySQL](https://github.com/aws/aws-mysql-odbc) |
| --- | --- | --- | --- |
| Failover support | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheFailoverPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheFailoverPlugin.md) | [Yes](https://github.com/aws/aws-mysql-odbc/blob/main/docs/using-the-aws-driver/UsingTheAwsDriver.md#failover-process) |
| Enhanced failover monitoring | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheHostMonitoringPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheHostMonitoringPlugin.md) | [Yes](https://github.com/aws/aws-mysql-odbc/blob/main/docs/using-the-aws-driver/HostMonitoring.md#enhanced-failure-monitoring) |
| Read/write splitting | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheReadWriteSplittingPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheReadWriteSplittingPlugin.md) | No |
| Driver metadata connection | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheDriverMetadataConnectionPlugin.md) | N/A | N/A |
| Telemetry | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/Telemetry.md) | [Yes](https://github.com/aws/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/Telemetry.md) | No |
| Secrets Manager | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheAwsSecretsManagerPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheAwsSecretsManagerPlugin.md) | [Yes](https://github.com/aws/aws-mysql-odbc/blob/main/docs/using-the-aws-driver/UsingTheAwsDriver.md#secrets-manager-authentication) |
| IAM authentication | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheIamAuthenticationPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheIamAuthenticationPlugin.md) | [Yes](https://github.com/aws/aws-mysql-odbc/blob/main/docs/using-the-aws-driver/UsingTheAwsDriver.md#iam-authentication) |
| Federated Identity (AD FS) | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheFederatedAuthPlugin.md) | [Yes](https://github.com/awslabs/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/using-plugins/UsingTheFederatedAuthenticationPlugin.md) | No |
| Federated Identity (Okta) | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/using-plugins/UsingTheFederatedAuthPlugin.md) | No | No |
| Multi-AZ DB clusters | [Yes](https://github.com/awslabs/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/SupportForRDSMultiAzDBCluster.md) | [Yes](https://github.com/aws/aws-advanced-python-wrapper/blob/main/docs/using-the-python-driver/SupportForRDSMultiAzDBCluster.md) | No |
For more information on the AWS drivers, see the corresponding language driver for your [RDS for MariaDB](MariaDB.Connecting.Drivers.md#MariaDB.Connecting.JDBCDriver), [RDS for MySQL](MySQL.Connecting.Drivers.md#MySQL.Connecting.JDBCDriver), or [RDS for PostgreSQL](PostgreSQL.Connecting.JDBCDriver.md) DB instance.
**Note**
The only features supported for RDS for MariaDB are authentication with AWS Secrets Manager, AWS Identity and Access Management (IAM), and Federated Identity.
## Connecting to a DB instance that's running a specific DB engine
To learn how to connect to a DB instance that is running a specific DB engine, follow the instructions for your DB engine:
+ [RDS for Db2](USER_ConnectToDb2DBInstance.md)
+ [RDS for MariaDB](USER_ConnectToMariaDBInstance.md)
+ [RDS for SQL Server](USER_ConnectToMicrosoftSQLServerInstance.md)
+ [RDS for MySQL](USER_ConnectToInstance.md)
+ [RDS for Oracle](USER_ConnectToOracleInstance.md)
+ [RDS for PostgreSQL](USER_ConnectToPostgreSQLInstance.md)
## Managing connections with RDS Proxy
You can also use Amazon RDS Proxy to manage connections to RDS for MariaDB, RDS for Microsoft SQL Server, RDS for MySQL, and RDS for PostgreSQL DB instances. RDS Proxy allows applications to pool and share database connections to improve scalability. For more information, see [Amazon RDS Proxy](rds-proxy.md).
## Database authentication options
Amazon RDS supports the following ways to authenticate database users:
+ **Password authentication** – Your DB instance performs all administration of user accounts. You create users and specify passwords with SQL statements. The SQL statements you can use depend on your DB engine.
+ **AWS Identity and Access Management (IAM) database authentication** – You don't need to use a password when you connect to a DB instance. Instead, you use an authentication token.
+ **Kerberos authentication** – You use external authentication of database users using Kerberos and Microsoft Active Directory. Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Kerberos has been built into Active Directory and is designed to authenticate users to network resources, such as databases.
IAM database authentication and Kerberos authentication are available only for specific DB engines and versions.
For more information, see [Database authentication with Amazon RDS ](database-authentication.md).
## Encrypted connections
You can use Secure Socket Layer (SSL) or Transport Layer Security (TLS) from your application to encrypt a connection to a DB instance. Each DB engine has its own process for implementing SSL/TLS. For more information, see [Using SSL/TLS to encrypt a connection to a DB instance or cluster ](UsingWithRDS.SSL.md).
# Working with option groups
Some DB engines offer additional features that make it easier to manage data and databases, and to provide additional security for your database. Amazon RDS uses option groups to enable and configure these features. An *option group* can specify features, called options, that are available for a particular Amazon RDS DB instance. Options can have settings that specify how the option works. When you associate a DB instance with an option group, the specified options and option settings are enabled for that DB instance.
Amazon RDS supports options for the following database engines:
****
| Database engine | Relevant documentation |
| --- | --- |
| `Db2` | [Options for RDS for Db2 DB instances](Db2.Options.md) |
| `MariaDB` | [Options for MariaDB database engine](Appendix.MariaDB.Options.md) |
| `Microsoft SQL Server` | [Options for the Microsoft SQL Server database engine](Appendix.SQLServer.Options.md) |
| `MySQL` | [Options for MySQL DB instances](Appendix.MySQL.Options.md) |
| `Oracle` | [Adding options to Oracle DB instances](Appendix.Oracle.Options.md) |
| `PostgreSQL` | PostgreSQL does not use options and option groups. PostgreSQL uses extensions and modules to provide additional features. For more information, see [Supported PostgreSQL extension versions](PostgreSQL.Concepts.General.FeatureSupport.Extensions.md). |
## Option groups overview
Amazon RDS provides an empty default option group for each new DB instance. You can't modify or delete this default option group, but any new option group that you create derives its settings from the default option group. To apply an option to a DB instance, you must do the following:
1. Create a new option group, or copy or modify an existing option group.
1. Add one or more options to the option group.
1. Associate the option group with the DB instance.
To associate an option group with a DB instance, modify the DB instance. For more information, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
Both DB instances and DB snapshots can be associated with an option group. In some cases, you might restore from a DB snapshot or perform a point-in-time restore for a DB instance. In these cases, the option group associated with the DB snapshot or DB instance is, by default, associated with the restored DB instance. You can associate a different option group with a restored DB instance. However, the new option group must contain any persistent or permanent options that were included in the original option group. Persistent and permanent options are described following.
Options require additional memory to run on a DB instance. Thus, you might need to launch a larger instance to use them, depending on your current use of your DB instance. For example, Oracle Enterprise Manager Database Control uses about 300 MB of RAM. If you enable this option for a small DB instance, you might encounter performance problems or out-of-memory errors.
### Persistent and permanent options
Two types of options, persistent and permanent, require special consideration when you add them to an option group.
Persistent options can't be removed from an option group while DB instances are associated with the option group. An example of a persistent option is the TDE option for Microsoft SQL Server transparent data encryption (TDE). You must disassociate all DB instances from the option group before a persistent option can be removed from the option group. In some cases, you might restore or perform a point-in-time restore from a DB snapshot. In these cases, if the option group associated with that DB snapshot contains a persistent option, you can only associate the restored DB instance with that option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can never be removed from an option group. You can change the option group of a DB instance that is using the permanent option. However, the option group associated with the DB instance must include the same permanent option. In some cases, you might restore or perform a point-in-time restore from a DB snapshot. In these cases, if the option group associated with that DB snapshot contains a permanent option, you can only associate the restored DB instance with an option group with that permanent option.
For Oracle DB instances, you can copy shared DB snapshots that have the options `Timezone` or `OLS` (or both). To do so, specify a target option group that includes these options when you copy the DB snapshot. The OLS option is permanent and persistent only for Oracle DB instances running Oracle version 12.2 or higher. For more information about these options, see [Oracle time zone](Appendix.Oracle.Options.Timezone.md) and [Oracle Label Security](Oracle.Options.OLS.md).
### VPC considerations
The option group associated with the DB instance is linked to the DB instance's VPC. This means that you can't use the option group assigned to a DB instance if you try to restore the instance to a different VPC. If you restore a DB instance to a different VPC, you can do one of the following:
+ Assign the default option group to the DB instance.
+ Assign an option group that is linked to that VPC.
+ Create a new option group and assign it to the DB instance.
With persistent or permanent options, such as Oracle TDE, you must create a new option group. This option group must include the persistent or permanent option when restoring a DB instance into a different VPC.
Option settings control the behavior of an option. For example, the Oracle Advanced Security option `NATIVE_NETWORK_ENCRYPTION` has a setting that you can use to specify the encryption algorithm for network traffic to and from the DB instance. Some options settings are optimized for use with Amazon RDS and cannot be changed.
### Mutually exclusive options
Some options are mutually exclusive. You can use one or the other, but not both at the same time. The following options are mutually exclusive:
+ [Oracle Enterprise Manager Database Express](Appendix.Oracle.Options.OEM_DBControl.md) and [Oracle Management Agent for Enterprise Manager Cloud Control](Oracle.Options.OEMAgent.md).
+ [Oracle native network encryption](Appendix.Oracle.Options.NetworkEncryption.md) and [Oracle Secure Sockets Layer](Appendix.Oracle.Options.SSL.md).
## Creating an option group
You can create a new option group that derives its settings from the default option group. You then add one or more options to the new option group. Or, if you already have an existing option group, you can copy that option group with all of its options to a new option group. For more information, see [Copying an option group](#USER_WorkingWithOptionGroups.Copy).
After you create a new option group, it has no options. To learn how to add options to the option group, see [Adding an option to an option group](#USER_WorkingWithOptionGroups.AddOption). After you have added the options you want, you can then associate the option group with a DB instance. This way, the options become available on the DB instance. For information about associating an option group with a DB instance, see the documentation for your engine in [Working with option groups](#USER_WorkingWithOptionGroups).
### Console
One way of creating an option group is by using the AWS Management Console.
**To create a new option group by using the console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Choose **Create group**.
1. In the **Create option group** window, do the following:
1. For **Name**, type a name for the option group that is unique within your AWS account. The name can contain only letters, digits, and hyphens.
1. For **Description**, type a brief description of the option group. The description is used for display purposes.
1. For **Engine**, choose the DB engine that you want.
1. For **Major engine version**, choose the major version of the DB engine that you want.
1. To continue, choose **Create**. To cancel the operation instead, choose **Cancel**.
### AWS CLI
To create an option group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/create-option-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/create-option-group.html) command with the following required parameters.
+ `--option-group-name`
+ `--engine-name`
+ `--major-engine-version`
+ `--option-group-description`
**Example**
The following example creates an option group named `testoptiongroup`, which is associated with the Oracle Enterprise Edition DB engine. The description is enclosed in quotation marks.
For Linux, macOS, or Unix:
```
aws rds create-option-group \
--option-group-name testoptiongroup \
--engine-name oracle-ee \
--major-engine-version 19 \
--option-group-description "Test option group for Oracle Database 19c EE"
```
For Windows:
```
aws rds create-option-group ^
--option-group-name testoptiongroup ^
--engine-name oracle-ee ^-
--major-engine-version 19 ^
--option-group-description "Test option group for Oracle Database 19c EE"
```
### RDS API
To create an option group, call the Amazon RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateOptionGroup.html) operation. Include the following parameters:
+ `OptionGroupName`
+ `EngineName`
+ `MajorEngineVersion`
+ `OptionGroupDescription`
## Copying an option group
You can use the AWS CLI or the Amazon RDS API copy an option group. Copying an option group can be convenient. An example is when you have an existing option group and want to include most of its custom parameters and values in a new option group. You can also make a copy of an option group that you use in production and then modify the copy to test other option settings.
**Note**
Currently, you can't copy an option group to a different AWS Region.
### AWS CLI
To copy an option group, use the AWS CLI [copy-option-group](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-option-group.html) command. Include the following required options:
+ `--source-option-group-identifier`
+ `--target-option-group-identifier`
+ `--target-option-group-description`
**Example**
The following example creates an option group named `new-option-group`, which is a local copy of the option group `my-option-group`.
For Linux, macOS, or Unix:
```
aws rds copy-option-group \
--source-option-group-identifier my-option-group \
--target-option-group-identifier new-option-group \
--target-option-group-description "My new option group"
```
For Windows:
```
aws rds copy-option-group ^
--source-option-group-identifier my-option-group ^
--target-option-group-identifier new-option-group ^
--target-option-group-description "My new option group"
```
### RDS API
To copy an option group, call the Amazon RDS API [CopyOptionGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyOptionGroup.html) operation. Include the following required parameters.
+ `SourceOptionGroupIdentifier`
+ `TargetOptionGroupIdentifier`
+ `TargetOptionGroupDescription`
## Adding an option to an option group
You can add an option to an existing option group. After you have added the options you want, you can then associate the option group with a DB instance so that the options become available on the DB instance. For information about associating an option group with a DB instance, see the documentation for your specific DB engine listed at [Working with option groups](#USER_WorkingWithOptionGroups).
Option group changes must be applied immediately in two cases:
+ When you add an option that adds or updates a port value, such as the `OEM` option.
+ When you add or remove an option group with an option that includes a port value.
In these cases, choose the **Apply Immediately** option in the console. Or you can include the `--apply-immediately` option when using the AWS CLI or set the `ApplyImmediately` parameter to `true` when using the Amazon RDS API. Options that don't include port values can be applied immediately, or can be applied during the next maintenance window for the DB instance.
**Note**
If you specify a security group as a value for an option in an option group, manage the security group by modifying the option group. You can't change or remove this security group by modifying a DB instance. Also, the security group doesn't appear in the DB instance details in the AWS Management Console or in the output for the AWS CLI command `describe-db-instances`.
### Console
You can use the AWS Management Console to add an option to an option group.
**To add an option to an option group by using the console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Choose the option group that you want to modify, and then choose **Add option**.
![\[Console option group\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/optiongroup-addoption1.png)
1. In the **Add option** window, do the following:
1. Choose the option that you want to add. You might need to provide additional values, depending on the option that you select. For example, when you choose the `OEM` option, you must also type a port value and specify a security group.
1. To enable the option on all associated DB instances as soon as you add it, for **Apply Immediately**, choose **Yes**. If you choose **No** (the default), the option is enabled for each associated DB instance during its next maintenance window.
![\[Console option group\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/optiongroup-addoption2.png)
1. When the settings are as you want them, choose **Add option**.
### AWS CLI
To add an option to an option group, run the AWS CLI [add-option-to-option-group](https://docs.aws.amazon.com/cli/latest/reference/rds/add-option-to-option-group.html) command with the option that you want to add. To enable the new option immediately on all associated DB instances, include the `--apply-immediately` parameter. By default, the option is enabled for each associated DB instance during its next maintenance window. Include the following required parameter:
+ `--option-group-name`
**Example**
The following example adds the `Timezone` option, with the `America/Los_Angeles` setting, to an option group named `testoptiongroup` and immediately enables it.
For Linux, macOS, or Unix:
```
aws rds add-option-to-option-group \
--option-group-name testoptiongroup \
--options "OptionName=Timezone,OptionSettings=[{Name=TIME_ZONE,Value=America/Los_Angeles}]" \
--apply-immediately
```
For Windows:
```
aws rds add-option-to-option-group ^
--option-group-name testoptiongroup ^
--options "OptionName=Timezone,OptionSettings=[{Name=TIME_ZONE,Value=America/Los_Angeles}]" ^
--apply-immediately
```
Command output is similar to the following:
```
...{
"OptionName": "Timezone",
"OptionDescription": "Change time zone",
"Persistent": true,
"Permanent": false,
"OptionSettings": [
{
"Name": "TIME_ZONE",
"Value": "America/Los_Angeles",
"DefaultValue": "UTC",
"Description": "Specifies the timezone the user wants to change the system time to",
"ApplyType": "DYNAMIC",
"DataType": "STRING",
"AllowedValues": "Africa/Cairo,...",
"IsModifiable": true,
"IsCollection": false
}
],
"DBSecurityGroupMemberships": [],
"VpcSecurityGroupMemberships": []
}...
```
**Example**
The following example adds the Oracle OEM option to an option group. It also specifies a custom port and a pair of Amazon EC2 VPC security groups to use for that port.
For Linux, macOS, or Unix:
```
aws rds add-option-to-option-group \
--option-group-name testoptiongroup \
--options OptionName=OEM,Port=5500,VpcSecurityGroupMemberships="sg-test1,sg-test2" \
--apply-immediately
```
For Windows:
```
aws rds add-option-to-option-group ^
--option-group-name testoptiongroup ^
--options OptionName=OEM,Port=5500,VpcSecurityGroupMemberships="sg-test1,sg-test2" ^
--apply-immediately
```
Command output is similar to the following:
```
OPTIONGROUP False oracle-ee 19 arn:aws:rds:us-east-1:1234567890:og:testoptiongroup Test Option Group testoptiongroup vpc-test
OPTIONS Oracle 12c EM Express OEM False False 5500
VPCSECURITYGROUPMEMBERSHIPS active sg-test1
VPCSECURITYGROUPMEMBERSHIPS active sg-test2
```
**Example**
The following example adds the Oracle option `NATIVE_NETWORK_ENCRYPTION` to an option group and specifies the option settings. If no option settings are specified, default values are used.
For Linux, macOS, or Unix:
```
aws rds add-option-to-option-group \
--option-group-name testoptiongroup \
--options '[{"OptionSettings":[{"Name":"SQLNET.ENCRYPTION_SERVER","Value":"REQUIRED"},{"Name":"SQLNET.ENCRYPTION_TYPES_SERVER","Value":"AES256,AES192,DES"}],"OptionName":"NATIVE_NETWORK_ENCRYPTION"}]' \
--apply-immediately
```
For Windows:
```
aws rds add-option-to-option-group ^
--option-group-name testoptiongroup ^
--options "OptionSettings"=[{"Name"="SQLNET.ENCRYPTION_SERVER","Value"="REQUIRED"},{"Name"="SQLNET.ENCRYPTION_TYPES_SERVER","Value"="AES256\,AES192\,DES"}],"OptionName"="NATIVE_NETWORK_ENCRYPTION" ^
--apply-immediately
```
Command output is similar to the following:
```
...{
"OptionName": "NATIVE_NETWORK_ENCRYPTION",
"OptionDescription": "Native Network Encryption",
"Persistent": false,
"Permanent": false,
"OptionSettings": [
{
"Name": "SQLNET.ENCRYPTION_TYPES_SERVER",
"Value": "AES256,AES192,DES",
"DefaultValue": "RC4_256,AES256,AES192,3DES168,RC4_128,AES128,3DES112,RC4_56,DES,RC4_40,DES40",
"Description": "Specifies list of encryption algorithms in order of intended use",
"ApplyType": "STATIC",
"DataType": "STRING",
"AllowedValues": "RC4_256,AES256,AES192,3DES168,RC4_128,AES128,3DES112,RC4_56,DES,RC4_40,DES40",
"IsModifiable": true,
"IsCollection": true
},
{
"Name": "SQLNET.ENCRYPTION_SERVER",
"Value": "REQUIRED",
"DefaultValue": "REQUESTED",
"Description": "Specifies the desired encryption behavior",
"ApplyType": "STATIC",
"DataType": "STRING",
"AllowedValues": "ACCEPTED,REJECTED,REQUESTED,REQUIRED",
"IsModifiable": true,
"IsCollection": false
},...
```
### RDS API
To add an option to an option group using the Amazon RDS API, call the [ModifyOptionGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html) operation with the option that you want to add. To enable the new option immediately on all associated DB instances, include the `ApplyImmediately` parameter and set it to `true`. By default, the option is enabled for each associated DB instance during its next maintenance window. Include the following required parameter:
+ `OptionGroupName`
## Listing the options and option settings for an option group
You can list all the options and option settings for an option group.
### Console
You can use the AWS Management Console to list all of the options and option settings for an option group.
**To list the options and option settings for an option group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Choose the name of the option group to display its details. The options and option settings in the option group are listed.
### AWS CLI
To list the options and option settings for an option group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-option-groups.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-option-groups.html) command. Specify the name of the option group whose options and settings you want to view. If you don't specify an option group name, all option groups are described.
**Example**
The following example lists the options and option settings for all option groups.
```
aws rds describe-option-groups
```
**Example**
The following example lists the options and option settings for an option group named `testoptiongroup`.
```
aws rds describe-option-groups --option-group-name testoptiongroup
```
### RDS API
To list the options and option settings for an option group, use the Amazon RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeOptionGroups.html) operation. Specify the name of the option group whose options and settings you want to view. If you don't specify an option group name, all option groups are described.
## Modifying an option setting
After you have added an option that has modifiable option settings, you can modify the settings at any time. If you change options or option settings in an option group, those changes are applied to all DB instances that are associated with that option group. For more information on what settings are available for the various options, see the documentation for your engine in [Working with option groups](#USER_WorkingWithOptionGroups).
Option group changes must be applied immediately in two cases:
+ When you add an option that adds or updates a port value, such as the `OEM` option.
+ When you add or remove an option group with an option that includes a port value.
In these cases, choose the **Apply Immediately** option in the console. Or you can include the `--apply-immediately` option when using the AWS CLI or set the `ApplyImmediately` parameter to `true` when using the RDS API. Options that don't include port values can be applied immediately, or can be applied during the next maintenance window for the DB instance.
**Note**
If you specify a security group as a value for an option in an option group, you manage the security group by modifying the option group. You can't change or remove this security group by modifying a DB instance. Also, the security group doesn't appear in the DB instance details in the AWS Management Console or in the output for the AWS CLI command `describe-db-instances`.
### Console
You can use the AWS Management Console to modify an option setting.
**To modify an option setting by using the console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Select the option group whose option that you want to modify, and then choose **Modify option**.
1. In the **Modify option** window, from **Installed Options**, choose the option whose setting you want to modify. Make the changes that you want.
1. To enable the option as soon as you add it, for **Apply Immediately**, choose **Yes**. If you choose **No** (the default), the option is enabled for each associated DB instance during its next maintenance window.
1. When the settings are as you want them, choose **Modify Option**.
### AWS CLI
To modify an option setting, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/add-option-to-option-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/add-option-to-option-group.html) command with the option group and option that you want to modify. By default, the option is enabled for each associated DB instance during its next maintenance window. To apply the change immediately to all associated DB instances, include the `--apply-immediately` parameter. To modify an option setting, use the `--settings` argument.
**Example**
The following example modifies the port that the Oracle Enterprise Manager Database Control (OEM) uses in an option group named `testoptiongroup` and immediately applies the change.
For Linux, macOS, or Unix:
```
aws rds add-option-to-option-group \
--option-group-name testoptiongroup \
--options OptionName=OEM,Port=5432,DBSecurityGroupMemberships=default \
--apply-immediately
```
For Windows:
```
aws rds add-option-to-option-group ^
--option-group-name testoptiongroup ^
--options OptionName=OEM,Port=5432,DBSecurityGroupMemberships=default ^
--apply-immediately
```
Command output is similar to the following:
```
OPTIONGROUP False oracle-ee 19 arn:aws:rds:us-east-1:1234567890:og:testoptiongroup Test Option Group testoptiongroup
OPTIONS Oracle 12c EM Express OEM False False 5432
DBSECURITYGROUPMEMBERSHIPS default authorized
```
**Example**
The following example modifies the Oracle option `NATIVE_NETWORK_ENCRYPTION` and changes the option settings.
For Linux, macOS, or Unix:
```
aws rds add-option-to-option-group \
--option-group-name testoptiongroup \
--options '[{"OptionSettings":[{"Name":"SQLNET.ENCRYPTION_SERVER","Value":"REQUIRED"},{"Name":"SQLNET.ENCRYPTION_TYPES_SERVER","Value":"AES256,AES192,DES,RC4_256"}],"OptionName":"NATIVE_NETWORK_ENCRYPTION"}]' \
--apply-immediately
```
For Windows:
```
aws rds add-option-to-option-group ^
--option-group-name testoptiongroup ^
--options "OptionSettings"=[{"Name"="SQLNET.ENCRYPTION_SERVER","Value"="REQUIRED"},{"Name"="SQLNET.ENCRYPTION_TYPES_SERVER","Value"="AES256\,AES192\,DES\,RC4_256"}],"OptionName"="NATIVE_NETWORK_ENCRYPTION" ^
--apply-immediately
```
Command output is similar to the following:
```
OPTIONGROUP False oracle-ee 19 arn:aws:rds:us-east-1:1234567890:og:testoptiongroup Test Option Group testoptiongroup
OPTIONS Oracle Advanced Security - Native Network Encryption NATIVE_NETWORK_ENCRYPTION False False
OPTIONSETTINGS RC4_256,AES256,AES192,3DES168,RC4_128,AES128,3DES112,RC4_56,DES,RC4_40,DES40 STATIC STRING
RC4_256,AES256,AES192,3DES168,RC4_128,AES128,3DES112,RC4_56,DES,RC4_40,DES40 Specifies list of encryption algorithms in order of intended use
True True SQLNET.ENCRYPTION_TYPES_SERVER AES256,AES192,DES,RC4_256
OPTIONSETTINGS ACCEPTED,REJECTED,REQUESTED,REQUIRED STATIC STRING REQUESTED Specifies the desired encryption behavior False True SQLNET.ENCRYPTION_SERVER REQUIRED
OPTIONSETTINGS SHA1,MD5 STATIC STRING SHA1,MD5 Specifies list of checksumming algorithms in order of intended use True True SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER SHA1,MD5
OPTIONSETTINGS ACCEPTED,REJECTED,REQUESTED,REQUIRED STATIC STRING REQUESTED Specifies the desired data integrity behavior False True SQLNET.CRYPTO_CHECKSUM_SERVER REQUESTED
```
### RDS API
To modify an option setting, use the Amazon RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html) command with the option group and option that you want to modify. By default, the option is enabled for each associated DB instance during its next maintenance window. To apply the change immediately to all associated DB instances, include the `ApplyImmediately` parameter and set it to `true`.
## Removing an option from an option group
Some options can be removed from an option group, and some cannot. A persistent option cannot be removed from an option group until all DB instances associated with that option group are disassociated. A permanent option can never be removed from an option group. For more information about what options are removable, see the documentation for your specific engine listed at [Working with option groups](#USER_WorkingWithOptionGroups).
If you remove all options from an option group, Amazon RDS doesn't delete the option group. DB instances that are associated with the empty option group continue to be associated with it; they just won't have any active options. Alternatively, to remove all options from a DB instance, you can associate the DB instance with the default (empty) option group.
### Console
You can use the AWS Management Console to remove an option from an option group.
**To remove an option from an option group by using the console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Select the option group whose option you want to remove, and then choose **Delete option**.
1. In the **Delete option** window, do the following:
+ Select the check box for the option that you want to delete.
+ For the deletion to take effect as soon as you make it, for **Apply immediately**, choose **Yes**. If you choose **No** (the default), the option is deleted for each associated DB instance during its next maintenance window.
![\[Delete option group\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/optiongroup-removeoption2.png)
1. When the settings are as you want them, choose **Yes, Delete**.
### AWS CLI
To remove an option from an option group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/remove-option-from-option-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/remove-option-from-option-group.html) command with the option that you want to delete. By default, the option is removed from each associated DB instance during its next maintenance window. To apply the change immediately, include the `--apply-immediately` parameter.
**Example**
The following example removes the Oracle Enterprise Manager Database Control (OEM) option from an option group named `testoptiongroup` and immediately applies the change.
For Linux, macOS, or Unix:
```
aws rds remove-option-from-option-group \
--option-group-name testoptiongroup \
--options OEM \
--apply-immediately
```
For Windows:
```
aws rds remove-option-from-option-group ^
--option-group-name testoptiongroup ^
--options OEM ^
--apply-immediately
```
Command output is similar to the following:
```
OPTIONGROUP testoptiongroup oracle-ee 19 Test option group
```
### RDS API
To remove an option from an option group, use the Amazon RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyOptionGroup.html) action. By default, the option is removed from each associated DB instance during its next maintenance window. To apply the change immediately, include the `ApplyImmediately` parameter and set it to `true`.
Include the following parameters:
+ `OptionGroupName`
+ `OptionsToRemove.OptionName`
## Deleting an option group
You can delete an option group only if it meets the following criteria:
+ It is not associated with any Amazon RDS resource. An option group can be associated with a DB instance, a manual DB snapshot, or an automated DB snapshot.
+ It is not a default option group.
To identify the option groups used by your DB instances and DB snapshots, you can use the following CLI commands:
```
aws rds describe-db-instances \
--query 'DBInstances[*].[DBInstanceIdentifier,OptionGroupMemberships[].OptionGroupName]'
aws rds describe-db-snapshots | jq -r '.DBSnapshots[] | "\(.DBInstanceIdentifier),\(.OptionGroupName)"' | sort | uniq
```
If you try to delete an option group that is associated with an RDS resource, an error like the following is returned.
```
An error occurred (InvalidOptionGroupStateFault) when calling the DeleteOptionGroup operation: The option group 'optionGroupName' cannot be deleted because it is in use.
```
**To find the Amazon RDS resources associated with an option group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Choose the name of the option group to show its details.
1. Check the **Associated Instances and Snapshots** section for the associated Amazon RDS resources.
If a DB instance is associated with the option group, modify the DB instance to use a different option group. For more information, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
If a manual DB snapshot is associated with the option group, modify the DB snapshot to use a different option group. You can do so using the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-snapshot.html](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-snapshot.html) command.
**Note**
You can't modify the option group of an automated DB snapshot.
### Console
One way of deleting an option group is by using the AWS Management Console.
**To delete an option group by using the console**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Option groups**.
1. Choose the option group.
1. Choose **Delete group**.
1. On the confirmation page, choose **Delete** to finish deleting the option group, or choose **Cancel** to cancel the deletion.
### AWS CLI
To delete an option group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/delete-option-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/delete-option-group.html) command with the following required parameter.
+ `--option-group-name`
**Example**
The following example deletes an option group named `testoptiongroup`.
For Linux, macOS, or Unix:
```
aws rds delete-option-group \
--option-group-name testoptiongroup
```
For Windows:
```
aws rds delete-option-group ^
--option-group-name testoptiongroup
```
### RDS API
To delete an option group, call the Amazon RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteOptionGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteOptionGroup.html) operation. Include the following parameter:
+ `OptionGroupName`
# Parameter groups for Amazon RDS
*Database parameters* specify how the database is configured. For example, database parameters can specify the amount of resources, such as memory, to allocate to a database.
You manage your database configuration by associating your DB instances and Multi-AZ DB clusters with parameter groups. Amazon RDS defines parameter groups with default settings. You can also define your own parameter groups with customized settings.
**Note**
Some DB engines offer additional features that you can add to your database as options in an option group. For information about option groups, see [Working with option groups](USER_WorkingWithOptionGroups.md).
**Topics**
+ [Overview of parameter groups](parameter-groups-overview.md)
+ [DB parameter groups for Amazon RDS DB instances](USER_WorkingWithDBInstanceParamGroups.md)
+ [Working with DB cluster parameter groups for Multi-AZ DB clusters](USER_WorkingWithDBClusterParamGroups.md)
+ [Comparing DB parameter groups](USER_WorkingWithParamGroups.Comparing.md)
+ [Specifying DB parameters](USER_ParamValuesRef.md)
# Overview of parameter groups
A *DB parameter group* acts as a container for engine configuration values that are applied to one or more DB instances.
*DB cluster parameter groups* apply to Multi-AZ DB clusters only. In a Multi-AZ DB cluster, the settings in the DB cluster parameter group apply to all of the DB instances in the cluster. The default DB parameter group for the DB engine and DB engine version is used for each DB instance in the DB cluster.
**Topics**
+ [Default and custom parameter groups](#parameter-groups-overview.custom)
+ [Static and dynamic DB instance parameters](#parameter-groups-overview.db-instance)
+ [Static and dynamic DB cluster parameters](#parameter-groups-overview.maz)
+ [Character set parameters](#parameter-groups-overview.char-sets)
+ [Supported parameters and parameter values](#parameter-groups-overview.supported)
## Default and custom parameter groups
If you create a DB instance without specifying a DB parameter group, the DB instance uses a default DB parameter group. Likewise, if you create a Multi-AZ DB cluster without specifying a DB cluster parameter group, the DB cluster uses a default DB cluster parameter group. Each default parameter group contains database engine defaults and Amazon RDS system defaults based on the engine, compute class, and allocated storage of the instance.
You can't modify the parameter settings of a default parameter group. Instead, you can do the following:
1. Create a new parameter group.
1. Change the settings of your desired parameters. Not all DB engine parameters in a parameter group are eligible to be modified.
1. Modify your DB instance or DB cluster to associate the new parameter group.
When you associate a new DB parameter group with a DB instance, the association happens immediately. For information about modifying a DB instance, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md). For information about modifying a Multi-AZ DB clusters, see [Modifying a Multi-AZ DB cluster for Amazon RDS](modify-multi-az-db-cluster.md).
**Note**
If you have modified your DB instance to use a custom parameter group, and you start the DB instance, RDS automatically reboots the DB instance as part of the startup process. For RDS for SQL Server Multi-AZ instances with AlwaysOn or Mirroring option enabled, a failover is expected when instance is rebooted after the startup process.
RDS applies the modified static and dynamic parameters in a newly associated parameter group only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot. For more information about changing the DB parameter group, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
If you update parameters within a DB parameter group, the changes apply to all DB instances that are associated with that parameter group. Likewise, if you update parameters within a Multi-AZ DB cluster parameter group, the changes apply to all Aurora DB clusters that are associated with that DB cluster parameter group.
If you don't want to create a parameter group from scratch, you can copy an existing parameter group with the AWS CLI [copy-db-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-parameter-group.html) command or [copy-db-cluster-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-cluster-parameter-group.html) command. You might find that copying a parameter group is useful in some cases. For example, you might want to include most of an existing DB parameter group's custom parameters and values in a new DB parameter group.
## Static and dynamic DB instance parameters
DB instance parameters are either static or dynamic. They differ as follows:
+ When you change a static parameter and save the DB parameter group, the parameter change takes effect after you manually reboot the associated DB instances. For static parameters, the console always uses `pending-reboot` for the `ApplyMethod`.
+ When you change a dynamic parameter, by default the parameter change takes effect immediately, without requiring a reboot. When you use the AWS Management Console to change DB instance parameter values, it always uses `immediate` for the `ApplyMethod` for dynamic parameters. To defer the parameter change until after you reboot an associated DB instance, use the AWS CLI or RDS API. Set the `ApplyMethod` to `pending-reboot` for the parameter change.
**Note**
Using `pending-reboot` with dynamic parameters in the AWS CLI or RDS API on RDS for SQL Server DB instances generates an error. Use `apply-immediately` on RDS for SQL Server.
For more information about using the AWS CLI to change a parameter value, see [modify-db-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-parameter-group.html). For more information about using the RDS API to change a parameter value, see [ModifyDBParameterGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBParameterGroup.html).
If a DB instance isn't using the latest changes to its associated DB parameter group, the console shows a status of **pending-reboot** for the DB parameter group. This status doesn't result in an automatic reboot during the next maintenance window. To apply the latest parameter changes to that DB instance, manually reboot the DB instance.
## Static and dynamic DB cluster parameters
DB cluster parameters are either static or dynamic. They differ as follows:
+ When you change a static parameter and save the DB cluster parameter group, the parameter change takes effect after you manually reboot the associated DB clusters. For static parameters, the console always uses `pending-reboot` for the `ApplyMethod`.
+ When you change a dynamic parameter, by default the parameter change takes effect immediately, without requiring a reboot. When you use the AWS Management Console to change DB cluster parameter values, it always uses `immediate` for the `ApplyMethod` for dynamic parameters. To defer the parameter change until after an associated DB cluster is rebooted, use the AWS CLI or RDS API. Set the `ApplyMethod` to `pending-reboot` for the parameter change.
For more information about using the AWS CLI to change a parameter value, see [modify-db-cluster-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-cluster-parameter-group.html). For more information about using the RDS API to change a parameter value, see [ModifyDBClusterParameterGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterParameterGroup.html).
## Character set parameters
Before you create a DB instance or Multi-AZ DB cluster, set any parameters that relate to the character set or collation of your database in your parameter group. Also do so before you create a database in it. In this way, you ensure that the default database and new databases use the character set and collation values that you specify. If you change character set or collation parameters, the parameter changes aren't applied to existing databases.
For some DB engines, you can change character set or collation values for an existing database using the `ALTER DATABASE` command, for example:
```
ALTER DATABASE database_name CHARACTER SET character_set_name COLLATE collation;
```
For more information about changing the character set or collation values for a database, check the documentation for your DB engine.
## Supported parameters and parameter values
To determine the supported parameters for your DB engine, view the parameters in the DB parameter group and DB cluster parameter group used by the DB instance or DB cluster. For more information, see [Viewing parameter values for a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Viewing.md) and [Viewing parameter values for a DB cluster parameter group](USER_WorkingWithParamGroups.ViewingCluster.md).
In many cases, you can specify integer and Boolean parameter values using expressions, formulas, and functions. Functions can include a mathematical log expression. However, not all parameters support expressions, formulas, and functions for parameter values. For more information, see [Specifying DB parameters](USER_ParamValuesRef.md).
Improperly setting parameters in a parameter group can have unintended adverse effects, including degraded performance and system instability. Always be cautious when modifying database parameters, and back up your data before modifying a parameter group. Try parameter group setting changes on a test DB instance or DB cluster before applying those parameter group changes to a production DB instance or DB cluster.
# DB parameter groups for Amazon RDS DB instances
DB instances use DB parameter groups. The following sections describe configuring and managing DB instance parameter groups.
**Topics**
+ [Creating a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Creating.md)
+ [Associating a DB parameter group with a DB instance in Amazon RDS](USER_WorkingWithParamGroups.Associating.md)
+ [Modifying parameters in a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Modifying.md)
+ [Resetting parameters in a DB parameter group to their default values in Amazon RDS](USER_WorkingWithParamGroups.Resetting.md)
+ [Copying a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Copying.md)
+ [Listing DB parameter groups in Amazon RDS](USER_WorkingWithParamGroups.Listing.md)
+ [Viewing parameter values for a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Viewing.md)
+ [Deleting a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Deleting.md)
# Creating a DB parameter group in Amazon RDS
You can create a new DB parameter group using the AWS Management Console, the AWS CLI, or the RDS API.
The following limitations apply to the DB parameter group name:
+ The name must be 1 to 255 letters, numbers, or hyphens.
Default parameter group names can include a period, such as `default.mysql8.0`. However, custom parameter group names can't include a period.
+ The first character must be a letter.
+ The name can't end with a hyphen or contain two consecutive hyphens.
## Console
**To create a DB parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. Choose **Create parameter group**.
1. For **Parameter group name**, enter the name of your new DB parameter group.
1. For **Description**, enter a description for your new DB parameter group.
1. For **Engine type**, choose your DB engine.
1. For **Parameter group family**, choose a DB parameter group family.
1. For **Type**, if applicable, choose **DB Parameter Group**.
1. Choose **Create**.
## AWS CLI
To create a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-parameter-group.html) command. The following example creates a DB parameter group named *mydbparametergroup* for MySQL version 8.0 with a description of "*My new parameter group*."
Include the following required parameters:
+ `--db-parameter-group-name`
+ `--db-parameter-group-family`
+ `--description`
To list all of the available parameter group families, use the following command:
```
aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"
```
**Note**
The output contains duplicates.
**Example**
For Linux, macOS, or Unix:
```
aws rds create-db-parameter-group \
--db-parameter-group-name mydbparametergroup \
--db-parameter-group-family MySQL8.0 \
--description "My new parameter group"
```
For Windows:
```
aws rds create-db-parameter-group ^
--db-parameter-group-name mydbparametergroup ^
--db-parameter-group-family MySQL8.0 ^
--description "My new parameter group"
```
This command produces output similar to the following:
```
DBPARAMETERGROUP mydbparametergroup mysql8.0 My new parameter group
```
## RDS API
To create a DB parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBParameterGroup.html) operation.
Include the following required parameters:
+ `DBParameterGroupName`
+ `DBParameterGroupFamily`
+ `Description`
# Associating a DB parameter group with a DB instance in Amazon RDS
You can create your own DB parameter groups with customized settings. You can associate a DB parameter group with a DB instance using the AWS Management Console, the AWS CLI, or the RDS API. You can do so when you create or modify a DB instance.
For information about creating a DB parameter group, see [Creating a DB parameter group in Amazon RDS](USER_WorkingWithParamGroups.Creating.md). For information about creating a DB instance, see [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md). For information about modifying a DB instance, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
**Note**
When you associate a new DB parameter group with a DB instance, the modified static and dynamic parameters are applied only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot.
## Console
**To associate a DB parameter group with a DB instance**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Databases**, and then choose the DB instance that you want to modify.
1. Choose **Modify**. The **Modify DB instance** page appears.
1. Change the **DB parameter group** setting.
1. Choose **Continue** and check the summary of modifications.
1. (Optional) Choose **Apply immediately** to apply the changes immediately. Choosing this option can cause an outage in some cases. For more information, see [Using the schedule modifications setting](USER_ModifyInstance.ApplyImmediately.md).
1. On the confirmation page, review your changes. If they are correct, choose **Modify DB instance** to save your changes.
Or choose **Back** to edit your changes or **Cancel** to cancel your changes.
## AWS CLI
To associate a DB parameter group with a DB instance, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html) command with the following options:
+ `--db-instance-identifier`
+ `--db-parameter-group-name`
The following example associates the `mydbpg` DB parameter group with the `database-1` DB instance. The changes are applied immediately by using `--apply-immediately`. Use `--no-apply-immediately` to apply the changes during the next maintenance window. For more information, see [Using the schedule modifications setting](USER_ModifyInstance.ApplyImmediately.md).
**Example**
For Linux, macOS, or Unix:
```
aws rds modify-db-instance \
--db-instance-identifier database-1 \
--db-parameter-group-name mydbpg \
--apply-immediately
```
For Windows:
```
aws rds modify-db-instance ^
--db-instance-identifier database-1 ^
--db-parameter-group-name mydbpg ^
--apply-immediately
```
## RDS API
To associate a DB parameter group with a DB instance, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html) operation with the following parameters:
+ `DBInstanceName`
+ `DBParameterGroupName`
# Modifying parameters in a DB parameter group in Amazon RDS
You can modify parameter values in a customer-created DB parameter group; you can't change the parameter values in a default DB parameter group. Changes to parameters in a customer-created DB parameter group are applied to all DB instances that are associated with the DB parameter group.
There are two types of parameters: dynamic parameters and static parameters. Changes to dynamic parameters are applied to the DB instance immediately without a reboot. Changes to static parameters are applied only after the DB instance is rebooted.
The RDS console shows the status of the DB parameter group associated with a DB instance on the **Configuration** tab. For example, if the DB instance isn't using the latest changes to its associated DB parameter group, the RDS console shows the DB parameter group with a status of **pending-reboot**. To apply the latest parameter changes to that DB instance, manually reboot the DB instance.
![\[Parameter change pending reboot scenario\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/param-reboot.png)
## Console
**To modify the parameters in a DB parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the name of the parameter group that you want to modify.
1. For **Parameter group actions**, choose **Edit**.
1. Change the values of the parameters that you want to modify. You can scroll through the parameters using the arrow keys at the top right of the dialog box.
You can't change values in a default parameter group.
1. Choose **Save changes**.
## AWS CLI
To modify a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-parameter-group.html) command with the following required options:
+ `--db-parameter-group-name`
+ `--parameters`
The following example modifies the` max_connections` and `max_allowed_packet` values in the DB parameter group named *mydbparametergroup*.
**Example**
For Linux, macOS, or Unix:
```
aws rds modify-db-parameter-group \
--db-parameter-group-name mydbparametergroup \
--parameters "ParameterName=max_connections,ParameterValue=250,ApplyMethod=immediate" \
"ParameterName=max_allowed_packet,ParameterValue=1024,ApplyMethod=immediate"
```
For Windows:
```
aws rds modify-db-parameter-group ^
--db-parameter-group-name mydbparametergroup ^
--parameters "ParameterName=max_connections,ParameterValue=250,ApplyMethod=immediate" ^
"ParameterName=max_allowed_packet,ParameterValue=1024,ApplyMethod=immediate"
```
The command produces output like the following:
```
DBPARAMETERGROUP mydbparametergroup
```
## RDS API
To modify a DB parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBParameterGroup.html) operation with the following required parameters:
+ `DBParameterGroupName`
+ `Parameters`
# Resetting parameters in a DB parameter group to their default values in Amazon RDS
You can reset parameter values in a customer-created DB parameter group to their default values. Changes to parameters in a customer-created DB parameter group are applied to all DB instances that are associated with the DB parameter group.
When you use the console, you can reset specific parameters to their default values. However, you can't easily reset all of the parameters in the DB parameter group at once. When you use the AWS CLI or RDS API, you can reset specific parameters to their default values. You can also reset all of the parameters in the DB parameter group at once.
Changes to some parameters are applied to the DB instance immediately without a reboot. Changes to other parameters are applied only after the DB instance is rebooted. The RDS console shows the status of the DB parameter group associated with a DB instance on the **Configuration** tab. For example, suppose that the DB instance isn't using the latest changes to its associated DB parameter group. If so, the RDS console shows the DB parameter group with a status of **pending-reboot**. To apply the latest parameter changes to that DB instance, manually reboot the DB instance.
![\[Parameter change pending reboot scenario\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/param-reboot.png)
**Note**
In a default DB parameter group, parameters are always set to their default values.
## Console
**To reset parameters in a DB parameter group to their default values**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the parameter group.
1. For **Parameter group actions**, choose **Edit**.
1. Choose the parameters that you want to reset to their default values. You can scroll through the parameters using the arrow keys at the top right of the dialog box.
You can't reset values in a default parameter group.
1. Choose **Reset** and then confirm by choosing **Reset parameters**.
## AWS CLI
To reset some or all of the parameters in a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/reset-db-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/reset-db-parameter-group.html) command with the following required option: `--db-parameter-group-name`.
To reset all of the parameters in the DB parameter group, specify the `--reset-all-parameters` option. To reset specific parameters, specify the `--parameters` option.
The following example resets all of the parameters in the DB parameter group named *mydbparametergroup* to their default values.
**Example**
For Linux, macOS, or Unix:
```
aws rds reset-db-parameter-group \
--db-parameter-group-name mydbparametergroup \
--reset-all-parameters
```
For Windows:
```
aws rds reset-db-parameter-group ^
--db-parameter-group-name mydbparametergroup ^
--reset-all-parameters
```
The following example resets the `max_connections` and `max_allowed_packet` options to their default values in the DB parameter group named *mydbparametergroup*.
**Example**
For Linux, macOS, or Unix:
```
aws rds reset-db-parameter-group \
--db-parameter-group-name mydbparametergroup \
--parameters "ParameterName=max_connections,ApplyMethod=immediate" \
"ParameterName=max_allowed_packet,ApplyMethod=immediate"
```
For Windows:
```
aws rds reset-db-parameter-group ^
--db-parameter-group-name mydbparametergroup ^
--parameters "ParameterName=max_connections,ApplyMethod=immediate" ^
"ParameterName=max_allowed_packet,ApplyMethod=immediate"
```
The command produces output like the following:
```
DBParameterGroupName mydbparametergroup
```
## RDS API
To reset parameters in a DB parameter group to their default values, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBParameterGroup.html) command with the following required parameter: `DBParameterGroupName`.
To reset all of the parameters in the DB parameter group, set the `ResetAllParameters` parameter to `true`. To reset specific parameters, specify the `Parameters` parameter.
# Copying a DB parameter group in Amazon RDS
You can copy custom DB parameter groups that you create. Copying a parameter group can be convenient solution. An example is when you have created a DB parameter group and want to include most of its custom parameters and values in a new DB parameter group. You can copy a DB parameter group by using the AWS Management Console. You can also use the AWS CLI [copy-db-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-parameter-group.html) command or the RDS API [CopyDBParameterGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html) operation.
After you copy a DB parameter group, wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. Doing this allows Amazon RDS to fully complete the copy action before the parameter group is used. This is especially important for parameters that are critical when creating the default database for a DB instance. An example is the character set for the default database defined by the `character_set_database` parameter. Use the **Parameter Groups** option of the [Amazon RDS console](https://console.aws.amazon.com/rds/) or the [describe-db-parameters](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html) command to verify that your DB parameter group is created.
**Note**
You can't copy a default parameter group. However, you can create a new parameter group that is based on a default parameter group.
You can't copy a DB parameter group to a different AWS account or AWS Region.
## Console
**To copy a DB parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the custom parameter group that you want to copy.
1. For **Parameter group actions**, choose **Copy**.
1. In **New DB parameter group identifier**, enter a name for the new parameter group.
1. In **Description**, enter a description for the new parameter group.
1. Choose **Copy**.
## AWS CLI
To copy a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-parameter-group.html) command with the following required options:
+ `--source-db-parameter-group-identifier`
+ `--target-db-parameter-group-identifier`
+ `--target-db-parameter-group-description`
The following example creates a new DB parameter group named `mygroup2` that is a copy of the DB parameter group `mygroup1`.
**Example**
For Linux, macOS, or Unix:
```
aws rds copy-db-parameter-group \
--source-db-parameter-group-identifier mygroup1 \
--target-db-parameter-group-identifier mygroup2 \
--target-db-parameter-group-description "DB parameter group 2"
```
For Windows:
```
aws rds copy-db-parameter-group ^
--source-db-parameter-group-identifier mygroup1 ^
--target-db-parameter-group-identifier mygroup2 ^
--target-db-parameter-group-description "DB parameter group 2"
```
## RDS API
To copy a DB parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html) operation with the following required parameters:
+ `SourceDBParameterGroupIdentifier`
+ `TargetDBParameterGroupIdentifier`
+ `TargetDBParameterGroupDescription`
# Listing DB parameter groups in Amazon RDS
You can list the DB parameter groups you've created for your AWS account.
**Note**
Default parameter groups are automatically created from a default parameter template when you create a DB instance for a particular DB engine and version. These default parameter groups contain preferred parameter settings and can't be modified. When you create a custom parameter group, you can modify parameter settings.
## Console
**To list all DB parameter groups for an AWS account**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The DB parameter groups appear in a list.
## AWS CLI
To list all DB parameter groups for an AWS account, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameter-groups.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameter-groups.html) command.
**Example**
The following example lists all available DB parameter groups for an AWS account.
```
aws rds describe-db-parameter-groups
```
The command returns a response like the following:
```
DBPARAMETERGROUP default.mysql8.0 mysql8.0 Default parameter group for MySQL8.0
DBPARAMETERGROUP mydbparametergroup mysql8.0 My new parameter group
```
The following example describes the *mydbparamgroup1* parameter group.
For Linux, macOS, or Unix:
```
aws rds describe-db-parameter-groups \
--db-parameter-group-name mydbparamgroup1
```
For Windows:
```
aws rds describe-db-parameter-groups ^
--db-parameter-group-name mydbparamgroup1
```
The command returns a response like the following:
```
DBPARAMETERGROUP mydbparametergroup1 mysql8.0 My new parameter group
```
## RDS API
To list all DB parameter groups for an AWS account, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameterGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameterGroups.html) operation.
# Viewing parameter values for a DB parameter group in Amazon RDS
You can get a list of all parameters in a DB parameter group and their values.
## Console
**To view the parameter values for a DB parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The DB parameter groups appear in a list.
1. Choose the name of the parameter group to see its list of parameters.
## AWS CLI
To view the parameter values for a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html) command with the following required parameter.
+ `--db-parameter-group-name`
**Example**
The following example lists the parameters and parameter values for a DB parameter group named *mydbparametergroup.*
```
aws rds describe-db-parameters --db-parameter-group-name mydbparametergroup
```
The command returns a response like the following:
```
DBPARAMETER Parameter Name Parameter Value Source Data Type Apply Type Is Modifiable
DBPARAMETER allow-suspicious-udfs engine-default boolean static false
DBPARAMETER auto_increment_increment engine-default integer dynamic true
DBPARAMETER auto_increment_offset engine-default integer dynamic true
DBPARAMETER binlog_cache_size 32768 system integer dynamic true
DBPARAMETER socket /tmp/mysql.sock system string static false
```
## RDS API
To view the parameter values for a DB parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html) command with the following required parameter.
+ `DBParameterGroupName`
# Deleting a DB parameter group in Amazon RDS
You can delete a DB parameter group using the AWS Management Console, AWS CLI, or RDS API. A parameter group is eligible for deletion only if it isn't associated with a DB instance.
## Console
**To delete a DB parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The DB parameter groups appear in a list.
1. Choose the name of the parameter groups to be deleted.
1. Choose **Actions** and then **Delete**.
1. Review the parameter group names and then choose **Delete**.
## AWS CLI
To delete a DB parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/delete-db-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/delete-db-parameter-group.html) command with the following required parameter.
+ `--db-parameter-group-name`
**Example**
The following example deletes a DB parameter group named *mydbparametergroup.*
```
aws rds delete-db-parameter-group --db-parameter-group-name mydbparametergroup
```
## RDS API
To delete a DB parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBParameterGroup.html) command with the following required parameter.
+ `DBParameterGroupName`
# Working with DB cluster parameter groups for Multi-AZ DB clusters
Multi-AZ DB clusters use DB cluster parameter groups. The following sections describe configuring and managing DB cluster parameter groups.
**Topics**
+ [Creating a DB cluster parameter group](USER_WorkingWithParamGroups.CreatingCluster.md)
+ [Modifying parameters in a DB cluster parameter group](USER_WorkingWithParamGroups.ModifyingCluster.md)
+ [Resetting parameters in a DB cluster parameter group](USER_WorkingWithParamGroups.ResettingCluster.md)
+ [Copying a DB cluster parameter group](USER_WorkingWithParamGroups.CopyingCluster.md)
+ [Listing DB cluster parameter groups](USER_WorkingWithParamGroups.ListingCluster.md)
+ [Viewing parameter values for a DB cluster parameter group](USER_WorkingWithParamGroups.ViewingCluster.md)
+ [Deleting a DB cluster parameter group](USER_WorkingWithParamGroups.DeletingCluster.md)
# Creating a DB cluster parameter group
You can create a new DB cluster parameter group using the AWS Management Console, the AWS CLI, or the RDS API.
After you create a DB cluster parameter group, wait at least 5 minutes before creating a DB cluster that uses that DB cluster parameter group. Doing this allows Amazon RDS to fully create the parameter group before it is used by the new DB cluster. You can use the **Parameter groups** page in the [Amazon RDS console](https://console.aws.amazon.com/rds/) or the [describe-db-cluster-parameters](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) command to verify that your DB cluster parameter group is created.
The following limitations apply to the DB cluster parameter group name:
+ The name must be 1 to 255 letters, numbers, or hyphens.
Default parameter group names can include a period, such as `default.mysql5.7`. However, custom parameter group names can't include a period.
+ The first character must be a letter.
+ The name can't end with a hyphen or contain two consecutive hyphens.
## Console
**To create a DB cluster parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. Choose **Create parameter group**.
1. For **Parameter group name**, enter the name of the new DB cluster parameter group.
1. For **Description**, enter a description for the new DB cluster parameter group.
1. For **Engine type**, choose your database engine.
1. For **Parameter group family**, choose a DB parameter group family.
1. Choose **Create**.
## AWS CLI
To create a DB cluster parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-cluster-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-cluster-parameter-group.html) command.
The following example creates a DB cluster parameter group named *mydbclusterparametergroup* for RDS for MySQL version 8.0 with a description of "*My new cluster parameter group*."
Include the following required parameters:
+ `--db-cluster-parameter-group-name`
+ `--db-parameter-group-family`
+ `--description`
To list all of the available parameter group families, use the following command:
```
aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"
```
**Note**
The output contains duplicates.
**Example**
For Linux, macOS, or Unix:
```
aws rds create-db-cluster-parameter-group \
--db-cluster-parameter-group-name mydbclusterparametergroup \
--db-parameter-group-family mysql8.0 \
--description "My new cluster parameter group"
```
For Windows:
```
aws rds create-db-cluster-parameter-group ^
--db-cluster-parameter-group-name mydbclusterparametergroup ^
--db-parameter-group-family mysql8.0 ^
--description "My new cluster parameter group"
```
This command produces output similar to the following:
```
{
"DBClusterParameterGroup": {
"DBClusterParameterGroupName": "mydbclusterparametergroup",
"DBParameterGroupFamily": "mysql8.0",
"Description": "My new cluster parameter group",
"DBClusterParameterGroupArn": "arn:aws:rds:us-east-1:123456789012:cluster-pg:mydbclusterparametergroup2"
}
}
```
## RDS API
To create a DB cluster parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBClusterParameterGroup.html) action.
Include the following required parameters:
+ `DBClusterParameterGroupName`
+ `DBParameterGroupFamily`
+ `Description`
# Modifying parameters in a DB cluster parameter group
You can modify parameter values in a customer-created DB cluster parameter group. You can't change the parameter values in a default DB cluster parameter group. Changes to parameters in a customer-created DB cluster parameter group are applied to all DB clusters that are associated with the DB cluster parameter group.
## Console
**To modify a DB cluster parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the parameter group that you want to modify.
1. For **Parameter group actions**, choose **Edit**.
1. Change the values of the parameters you want to modify. You can scroll through the parameters using the arrow keys at the top right of the dialog box.
You can't change values in a default parameter group.
1. Choose **Save changes**.
1. Reboot the cluster to apply the changes to it.
If you don't reboot the cluster, then a failover operation could take longer than normal.
## AWS CLI
To modify a DB cluster parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-cluster-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-cluster-parameter-group.html) command with the following required parameters:
+ `--db-cluster-parameter-group-name`
+ `--parameters`
The following example modifies the `server_audit_logging` and `server_audit_logs_upload` values in the DB cluster parameter group named *mydbclusterparametergroup*.
**Example**
For Linux, macOS, or Unix:
```
aws rds modify-db-cluster-parameter-group \
--db-cluster-parameter-group-name mydbclusterparametergroup \
--parameters "ParameterName=server_audit_logging,ParameterValue=1,ApplyMethod=immediate" \
"ParameterName=server_audit_logs_upload,ParameterValue=1,ApplyMethod=immediate"
```
For Windows:
```
aws rds modify-db-cluster-parameter-group ^
--db-cluster-parameter-group-name mydbclusterparametergroup ^
--parameters "ParameterName=server_audit_logging,ParameterValue=1,ApplyMethod=immediate" ^
"ParameterName=server_audit_logs_upload,ParameterValue=1,ApplyMethod=immediate"
```
The command produces output like the following:
```
DBCLUSTERPARAMETERGROUP mydbclusterparametergroup
```
## RDS API
To modify a DB cluster parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterParameterGroup.html) command with the following required parameters:
+ `DBClusterParameterGroupName`
+ `Parameters`
# Resetting parameters in a DB cluster parameter group
You can reset parameters to their default values in a customer-created DB cluster parameter group. Changes to parameters in a customer-created DB cluster parameter group are applied to all DB clusters that are associated with the DB cluster parameter group.
**Note**
In a default DB cluster parameter group, parameters are always set to their default values.
## Console
**To reset parameters in a DB cluster parameter group to their default values**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the parameter group.
1. For **Parameter group actions**, choose **Edit**.
1. Choose the parameters that you want to reset to their default values. You can scroll through the parameters using the arrow keys at the top right of the dialog box.
You can't reset values in a default parameter group.
1. Choose **Reset** and then confirm by choosing **Reset parameters**.
1. Reboot the DB cluster.
## AWS CLI
To reset parameters in a DB cluster parameter group to their default values, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/reset-db-cluster-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/reset-db-cluster-parameter-group.html) command with the following required option: `--db-cluster-parameter-group-name`.
To reset all of the parameters in the DB cluster parameter group, specify the `--reset-all-parameters` option. To reset specific parameters, specify the `--parameters` option.
The following example resets all of the parameters in the DB parameter group named *mydbparametergroup* to their default values.
**Example**
For Linux, macOS, or Unix:
```
aws rds reset-db-cluster-parameter-group \
--db-cluster-parameter-group-name mydbparametergroup \
--reset-all-parameters
```
For Windows:
```
aws rds reset-db-cluster-parameter-group ^
--db-cluster-parameter-group-name mydbparametergroup ^
--reset-all-parameters
```
The following example resets the `server_audit_logging` and `server_audit_logs_upload` to their default values in the DB cluster parameter group named *mydbclusterparametergroup*.
**Example**
For Linux, macOS, or Unix:
```
aws rds reset-db-cluster-parameter-group \
--db-cluster-parameter-group-name mydbclusterparametergroup \
--parameters "ParameterName=server_audit_logging,ApplyMethod=immediate" \
"ParameterName=server_audit_logs_upload,ApplyMethod=immediate"
```
For Windows:
```
aws rds reset-db-cluster-parameter-group ^
--db-cluster-parameter-group-name mydbclusterparametergroup ^
--parameters "ParameterName=server_audit_logging,ParameterValue=1,ApplyMethod=immediate" ^
"ParameterName=server_audit_logs_upload,ParameterValue=1,ApplyMethod=immediate"
```
The command produces output like the following:
```
DBClusterParameterGroupName mydbclusterparametergroup
```
## RDS API
To reset parameters in a DB cluster parameter group to their default values, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ResetDBClusterParameterGroup.html) command with the following required parameter: `DBClusterParameterGroupName`.
To reset all of the parameters in the DB cluster parameter group, set the `ResetAllParameters` parameter to `true`. To reset specific parameters, specify the `Parameters` parameter.
# Copying a DB cluster parameter group
You can copy custom DB cluster parameter groups that you create. Copying a parameter group is a convenient solution when you have already created a DB cluster parameter group and you want to include most of the custom parameters and values from that group in a new DB cluster parameter group. You can copy a DB cluster parameter group by using the AWS CLI [copy-db-cluster-parameter-group](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-cluster-parameter-group.html) command or the RDS API [CopyDBClusterParameterGroup](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBParameterGroup.html) operation.
After you copy a DB cluster parameter group, wait at least 5 minutes before creating a DB cluster that uses that DB cluster parameter group. Doing this allows Amazon RDS to fully copy the parameter group before it is used by the new DB cluster. You can use the **Parameter groups** page in the [Amazon RDS console](https://console.aws.amazon.com/rds/) or the [describe-db-cluster-parameters](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) command to verify that your DB cluster parameter group is created.
**Note**
You can't copy a default parameter group. However, you can create a new parameter group that is based on a default parameter group.
You can't copy a DB cluster parameter group to a different AWS account or AWS Region.
## Console
**To copy a DB cluster parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the custom parameter group that you want to copy.
1. For **Parameter group actions**, choose **Copy**.
1. In **New DB parameter group identifier**, enter a name for the new parameter group.
1. In **Description**, enter a description for the new parameter group.
1. Choose **Copy**.
## AWS CLI
To copy a DB cluster parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-cluster-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/copy-db-cluster-parameter-group.html) command with the following required parameters:
+ `--source-db-cluster-parameter-group-identifier`
+ `--target-db-cluster-parameter-group-identifier`
+ `--target-db-cluster-parameter-group-description`
The following example creates a new DB cluster parameter group named `mygroup2` that is a copy of the DB cluster parameter group `mygroup1`.
**Example**
For Linux, macOS, or Unix:
```
aws rds copy-db-cluster-parameter-group \
--source-db-cluster-parameter-group-identifier mygroup1 \
--target-db-cluster-parameter-group-identifier mygroup2 \
--target-db-cluster-parameter-group-description "DB parameter group 2"
```
For Windows:
```
aws rds copy-db-cluster-parameter-group ^
--source-db-cluster-parameter-group-identifier mygroup1 ^
--target-db-cluster-parameter-group-identifier mygroup2 ^
--target-db-cluster-parameter-group-description "DB parameter group 2"
```
## RDS API
To copy a DB cluster parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CopyDBClusterParameterGroup.html) operation with the following required parameters:
+ `SourceDBClusterParameterGroupIdentifier`
+ `TargetDBClusterParameterGroupIdentifier`
+ `TargetDBClusterParameterGroupDescription`
# Listing DB cluster parameter groups
You can list the DB cluster parameter groups you've created for your AWS account.
**Note**
Default parameter groups are automatically created from a default parameter template when you create a DB cluster for a particular DB engine and version. These default parameter groups contain preferred parameter settings and can't be modified. When you create a custom parameter group, you can modify parameter settings.
## Console
**To list all DB cluster parameter groups for an AWS account**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The DB cluster parameter groups appear in the list with **DB cluster parameter group** for **Type**.
## AWS CLI
To list all DB cluster parameter groups for an AWS account, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-clusterparameter-groups.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-clusterparameter-groups.html) command.
**Example**
The following example lists all available DB cluster parameter groups for an AWS account.
```
aws rds describe-db-cluster-parameter-groups
```
The following example describes the *mydbclusterparametergroup* parameter group.
For Linux, macOS, or Unix:
```
aws rds describe-db-cluster-parameter-groups \
--db-cluster-parameter-group-name mydbclusterparametergroup
```
For Windows:
```
aws rds describe-db-cluster-parameter-groups ^
--db-cluster-parameter-group-name mydbclusterparametergroup
```
The command returns a response like the following:
```
{
"DBClusterParameterGroups": [
{
"DBClusterParameterGroupName": "mydbclusterparametergroup2",
"DBParameterGroupFamily": "mysql8.0",
"Description": "My new cluster parameter group",
"DBClusterParameterGroupArn": "arn:aws:rds:us-east-1:123456789012:cluster-pg:mydbclusterparametergroup"
}
]
}
```
## RDS API
To list all DB cluster parameter groups for an AWS account, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameterGroups.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusterParameterGroups.html) action.
# Viewing parameter values for a DB cluster parameter group
You can get a list of all parameters in a DB cluster parameter group and their values.
## Console
**To view the parameter values for a DB cluster parameter group**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The DB cluster parameter groups appear in the list with **DB cluster parameter group** for **Type**.
1. Choose the name of the DB cluster parameter group to see its list of parameters.
## AWS CLI
To view the parameter values for a DB cluster parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) command with the following required parameter.
+ `--db-cluster-parameter-group-name`
**Example**
The following example lists the parameters and parameter values for a DB cluster parameter group named *mydbclusterparametergroup*, in JSON format.
The command returns a response like the following:
```
aws rds describe-db-cluster-parameters --db-cluster-parameter-group-name mydbclusterparametergroup
```
```
{
"Parameters": [
{
"ParameterName": "activate_all_roles_on_login",
"ParameterValue": "0",
"Description": "Automatically set all granted roles as active after the user has authenticated successfully.",
"Source": "engine-default",
"ApplyType": "dynamic",
"DataType": "boolean",
"AllowedValues": "0,1",
"IsModifiable": true,
"ApplyMethod": "pending-reboot",
"SupportedEngineModes": [
"provisioned"
]
},
{
"ParameterName": "allow-suspicious-udfs",
"Description": "Controls whether user-defined functions that have only an xxx symbol for the main function can be loaded",
"Source": "engine-default",
"ApplyType": "static",
"DataType": "boolean",
"AllowedValues": "0,1",
"IsModifiable": false,
"ApplyMethod": "pending-reboot",
"SupportedEngineModes": [
"provisioned"
]
},
...
```
## RDS API
To view the parameter values for a DB cluster parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBParameters.html) command with the following required parameter.
+ `DBClusterParameterGroupName`
In some cases, the allowed values for a parameter aren't shown. These are always parameters where the source is the database engine default.
To view the values of these parameters, you can run the following SQL statements:
+ MySQL:
```
-- Show the value of a particular parameter
mysql$ SHOW VARIABLES LIKE '%parameter_name%';
-- Show the values of all parameters
mysql$ SHOW VARIABLES;
```
+ PostgreSQL:
```
-- Show the value of a particular parameter
postgresql=> SHOW parameter_name;
-- Show the values of all parameters
postgresql=> SHOW ALL;
```
# Deleting a DB cluster parameter group
You can delete a DB cluster parameter group using the AWS Management Console, AWS CLI, or RDS API. A DB cluster parameter group parameter group is eligible for deletion only if it isn't associated with a DB cluster.
## Console
**To delete parameter groups**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
The parameter groups appear in a list.
1. Choose the name of the DB cluster parameter groups to be deleted.
1. Choose **Actions** and then **Delete**.
1. Review the parameter group names and then choose **Delete**.
## AWS CLI
To delete a DB cluster parameter group, use the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/rds/delete-db-cluster-parameter-group.html](https://docs.aws.amazon.com/cli/latest/reference/rds/delete-db-cluster-parameter-group.html) command with the following required parameter.
+ `--db-parameter-group-name`
**Example**
The following example deletes a DB cluster parameter group named *mydbparametergroup.*
```
aws rds delete-db-cluster-parameter-group --db-parameter-group-name mydbparametergroup
```
## RDS API
To delete a DB cluster parameter group, use the RDS API [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterParameterGroup.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBClusterParameterGroup.html) command with the following required parameter.
+ `DBParameterGroupName`
# Comparing DB parameter groups
You can use the AWS Management Console to view the differences between two DB parameter groups.
The specified parameter groups must both be DB parameter groups, or they both must be DB cluster parameter groups. This is true even when the DB engine and version are the same. For example, you can't compare an `aurora-mysql8.0` (Aurora MySQL version 3) DB parameter group and an `aurora-mysql8.0` DB cluster parameter group.
You can compare Aurora MySQL and RDS for MySQL DB parameter groups, even for different versions, but you can't compare Aurora PostgreSQL and RDS for PostgreSQL DB parameter groups.
**To compare two DB parameter groups**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the navigation pane, choose **Parameter groups**.
1. In the list, choose the two parameter groups that you want to compare.
**Note**
To compare a default parameter group to a custom parameter group, first choose the default parameter group on the **Default** tab, then choose the custom parameter group on the **Custom** tab.
1. From **Actions**, choose **Compare**.
# Specifying DB parameters
DB parameter types include the following:
+ Integer
+ Boolean
+ String
+ Long
+ Double
+ Timestamp
+ Object of other defined data types
+ Array of values of type integer, Boolean, string, long, double, timestamp, or object
You can also specify integer and Boolean parameters using expressions, formulas, and functions.
For the Oracle engine, you can use the `DBInstanceClassHugePagesDefault` formula variable to specify a Boolean DB parameter. See [DB parameter formula variables](#USER_FormulaVariables).
For the PostgreSQL engine, you can use an expression to specify a Boolean DB parameter. See [Boolean DB parameter expressions](#USER_ParamBooleanExpressions).
**Contents**
+ [DB parameter formulas](#USER_ParamFormulas)
+ [DB parameter formula variables](#USER_FormulaVariables)
+ [DB parameter formula operators](#USER_FormulaOperators)
+ [DB parameter functions](#USER_ParamFunctions)
+ [Boolean DB parameter expressions](#USER_ParamBooleanExpressions)
+ [DB parameter log expressions](#USER_ParamLogExpressions)
+ [DB parameter value examples](#USER_ParamValueExamples)
## DB parameter formulas
A DB parameter formula is an expression that resolves to an integer value or a Boolean value. You enclose the expression in braces: \$1\$1. You can use a formula for either a DB parameter value or as an argument to a DB parameter function.
**Syntax**
```
{FormulaVariable}
{FormulaVariable*Integer}
{FormulaVariable*Integer/Integer}
{FormulaVariable/Integer}
```
### DB parameter formula variables
Each formula variable returns an integer or a Boolean value. The names of the variables are case-sensitive.
*AllocatedStorage*
Returns an integer representing the size, in bytes, of the data volume.
*DBInstanceClassHugePagesDefault*
Returns a Boolean value. Currently, it's only supported for Oracle engines.
For more information, see [Turning on HugePages for an RDS for Oracle instance](Oracle.Concepts.HugePages.md).
*DBInstanceClassMemory*
Returns an integer for the number of bytes of memory available to the database process. This number is internally calculated by starting with the total amount of memory for the DB instance class. From this, the calculation subtracts memory reserved for the operating system and the RDS processes that manage the instance. Therefore, the number is always somewhat lower than the memory figures shown in the instance class tables in [DB instance classes](Concepts.DBInstanceClass.md). The exact value depends on a combination of factors. These include instance class, DB engine, and whether it applies to an RDS instance or an instance that's part of an Aurora cluster.
*DBInstanceVCPU*
Returns an integer representing the number of virtual central processing units (vCPUs) used by Amazon RDS to manage the instance.
*EndPointPort*
Returns an integer representing the port used when connecting to the DB instance.
*TrueIfReplica*
Returns `1` if the DB instance is a read replica and `0` if it is not. This is the default value for the `read_only` parameter in MySQL.
### DB parameter formula operators
DB parameter formulas support two operators: division and multiplication.
*Division operator: /*
Divides the dividend by the divisor, returning an integer quotient. Decimals in the quotient are truncated, not rounded.
Syntax
```
dividend / divisor
```
The dividend and divisor arguments must be integer expressions.
*Multiplication operator: \$1*
Multiplies the expressions, returning the product of the expressions. Decimals in the expressions are truncated, not rounded.
Syntax
```
expression * expression
```
Both expressions must be integers.
## DB parameter functions
You specify the arguments of DB parameter functions as either integers or formulas. Each function must have at least one argument. Specify multiple arguments as a comma-separated list. The list can't have any empty members, such as *argument1*,,*argument3*. Function names are case-insensitive.
*IF*
Returns an argument.
Currently, it's only supported for Oracle engines, and the only supported first argument is `{DBInstanceClassHugePagesDefault}`. For more information, see [Turning on HugePages for an RDS for Oracle instance](Oracle.Concepts.HugePages.md).
Syntax
```
IF(argument1, argument2, argument3)
```
Returns the second argument if the first argument evaluates to true. Returns the third argument otherwise.
*GREATEST*
Returns the largest value from a list of integers or parameter formulas.
Syntax
```
GREATEST(argument1, argument2,...argumentn)
```
Returns an integer.
*LEAST*
Returns the smallest value from a list of integers or parameter formulas.
Syntax
```
LEAST(argument1, argument2,...argumentn)
```
Returns an integer.
*SUM*
Adds the values of the specified integers or parameter formulas.
Syntax
```
SUM(argument1, argument2,...argumentn)
```
Returns an integer.
## Boolean DB parameter expressions
A Boolean DB parameter expression resolves to a Boolean value of 1 or 0. The expression is enclosed in quotation marks.
**Note**
Boolean DB parameter expressions are only supported for the PostgreSQL engine.
**Syntax**
```
"expression operator expression"
```
Both expressions must resolve to integers. An expression can be the following:
+ integer constant
+ DB parameter formula
+ DB parameter function
+ DB parameter variable
Boolean DB parameter expressions support the following inequality operators:
*The greater than operator: >*
Syntax
```
"expression > expression"
```
*The less than operator: <*
Syntax
```
"expression < expression"
```
* The greater than or equal to operators: >=, =>*
Syntax
```
"expression >= expression"
"expression => expression"
```
*The less than or equal to operators: <=, =<*
Syntax
```
"expression <= expression"
"expression =< expression"
```
**Example using a Boolean DB parameter expression**
The following Boolean DB parameter expression example compares the result of a parameter formula with an integer. It does so to modify the Boolean DB parameter `wal_compression` for a PostgreSQL DB instance. The parameter expression compares the number of vCPUs with the value 2. If the number of vCPUs is greater than 2, then the `wal_compression` DB parameter is set to true.
```
aws rds modify-db-parameter-group --db-parameter-group-name group-name \
--parameters "ParameterName=wal_compression,ParameterValue=\"{DBInstanceVCPU} > 2\" "
```
## DB parameter log expressions
You can set an integer DB parameter value to a log expression. You enclose the expression in braces: \$1\$1. For example:
```
{log(DBInstanceClassMemory/8187281418)*1000}
```
The `log` function represents log base 2. This example also uses the `DBInstanceClassMemory` formula variable. See [DB parameter formula variables](#USER_FormulaVariables).
**Note**
Currently, you can't specify the MySQL `innodb_log_file_size` parameter with any value other than an integer.
## DB parameter value examples
These examples show using formulas, functions, and expressions for the values of DB parameters.
**Warning**
Improperly setting parameters in a DB parameter group can have unintended adverse effects. These might include degraded performance and system instability. Use caution when modifying database parameters and back up your data before modifying your DB parameter group. Try out parameter group changes on a test DB instance, created using point-in-time-restores, before applying those parameter group changes to your production DB instances.
**Example using the DB parameter function GREATEST**
You can specify the `GREATEST` function in an Oracle processes parameter. Use it to set the number of user processes to the larger of either 80 or `DBInstanceClassMemory` divided by 9,868,951.
```
GREATEST({DBInstanceClassMemory/9868951},80)
```
**Example using the DB parameter function LEAST**
You can specify the `LEAST` function in a MySQL `max_binlog_cache_size` parameter value. Use it to set the maximum cache size a transaction can use in a MySQL instance to the lesser of 1 MB or `DBInstanceClass`/256.
```
LEAST({DBInstanceClassMemory/256},10485760)
```
# Creating an Amazon ElastiCache cache using Amazon RDS DB instance settings
ElastiCache is a fully managed, in-memory caching service that provides microsecond read and write latencies that support flexible, real-time use cases. ElastiCache can help you accelerate application and database performance. You can use ElastiCache as a primary data store for use cases that don't require data durability, such as gaming leaderboards, streaming, and data analytics. ElastiCache helps remove the complexity associated with deploying and managing a distributed computing environment. For more information, see [Common ElastiCache Use Cases and How ElastiCache Can Help](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/elasticache-use-cases.html) for Memcached and [Common ElastiCache Use Cases and How ElastiCache Can Help](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/elasticache-use-cases.html) for Redis OSS. You can use the Amazon RDS console for creating ElastiCache cache.
You can operate Amazon ElastiCache in two formats. You can get started with a serverless cache or choose to design your own cache cluster. If you choose to design your own cache cluster, ElastiCache works with both the Redis OSS and Memcached engines. If you're unsure which engine you want to use, see [Comparing Memcached and Redis OSS](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html). For more information about Amazon ElastiCache, see the [Amazon ElastiCache User Guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/).
**Topics**
+ [Overview of ElastiCache cache creation with RDS DB instance settings](#creating-elasticache-cluster-with-RDS-settings-overview)
+ [Creating an ElastiCache cache with settings from an RDS DB instance](#creating-elasticache-cluster-with-RDS-settings-new-DB)
## Overview of ElastiCache cache creation with RDS DB instance settings
You can create an ElastiCache cache from Amazon RDS using the same configuration settings as a newly created or existing RDS DB instance.
Some use cases to associate an ElastiCache cache with your DB instance:
+ You can save costs and improve your performance by using ElastiCache with RDS versus running on RDS alone.
For example, you can save up to 55% in cost and gain up to 80x faster read performance by using ElastiCache with RDS for MySQL versus RDS for MySQL alone.
+ You can use the ElastiCache cache as a primary data store for applications that don't require data durability. Your applications that use Redis OSS or Memcached can use ElastiCache with almost no modification.
When you create an ElastiCache cache from RDS, the ElastiCache cache inherits the following settings from the associated RDS DB instance:
+ ElastiCache connectivity settings
+ ElastiCache security settings
You can also set the cache configuration settings according to your requirements.
### Setting up ElastiCache in your applications
Your applications must be set up to utilize ElastiCache cache. You can also optimize and improve cache performance by setting up your applications to use caching strategies depending on your requirements.
+ To access your ElastiCache cache and get started, see [Getting started with ElastiCache (Redis OSS)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/GettingStarted.html) and [Getting started with ElastiCache (Memcached)](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/GettingStarted.html).
+ For more information about caching strategies, see [Caching strategies and best practices](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/BestPractices.html) for Memcached and [Caching strategies and best practices](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/BestPractices.html) for Redis OSS.
+ For more information about high availability in ElastiCache (Redis OSS) clusters, see [ High availability using replication groups](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/BestPractices.html).
+ You might incur costs associated with backup storage, data transfer within or across regions, or use of AWS Outposts. For pricing details, see [ Amazon ElastiCache pricing](https://aws.amazon.com/elasticache/pricing/).
## Creating an ElastiCache cache with settings from an RDS DB instance
You can create an ElastiCache cache for your RDS DB instances with settings for inherited from the DB instance.
**Create an ElastiCache cache with settings from a DB instance**
1. To create a DB instance, follow the instructions in [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md).
1. After creating an RDS DB instance, the console displays the **Suggested add-ons** window. Select **Create an ElastiCache cluster from RDS using your DB settings**.
For an existing database, in the **Databases** page, select the required DB instance. In the **Actions** dropdown menu, choose **Create ElastiCache cluster** to create an ElastiCache cache in RDS that has the same settings as your existing RDS DB instance.
In the **ElastiCache configuration section**, the **Source DB identifier** displays which DB instance the ElastiCache cache inherits settings from.
1. Choose whether you want to create a Redis OSS or Memcached cluster. For more information, see [Comparing Memcached and Redis OSS](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html).
![\[Choose cluster type and deployement option.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/EC-RDS-Config.png)
1. After this, choose whether you want to create a **Serverless cache** or **Design your own cache**. For more information, see [ Choosing between deployment options](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.deployment.html).
If you choose **Serverless cache**:
1. In **Cache settings**, enter values for **Name** and **Description**.
1. Under **View default settings**, leave the default settings to establish the connection between your cache and DB instance.
1. You can also edit the default settings by choosing **Customize default settings**. Select the **ElastiCache connectivity settings**, **ElastiCache security settings**, and **Maximum usage limits**.
1. If you choose **Design your own cache**:
1. If you chose **Redis OSS cluster**, choose whether you want to keep the cluster mode **Enabled** or **Disabled**. For more information, see [ Replication: Redis OSS (Cluster Mode Disabled) vs. Redis OSS (Cluster Mode Enabled)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis-RedisCluster.html).
1. Enter values for **Name**, **Description**, and **Engine version**.
For **Engine version**, the recommended default value is the latest engine version. You can also choose an **Engine version** for the ElastiCache cache that best meets your requirements.
1. Choose the node type in the **Node type** option. For more information, see [Managing nodes](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.html).
If you choose to create a Redis OSS cluster with the **Cluster mode** set to **Enabled**, then enter the number of shards (partitions/node groups) in the **Number of shards** option.
Enter the number of replicas of each shard in **Number of replicas**.
**Note**
The selected node type, the number of shards, and the number of replicas all affect your cache performance and resource costs. Be sure these settings match your database needs. For pricing information, see [Amazon ElastiCache pricing](https://aws.amazon.com/elasticache/pricing/).
1. Select the **ElastiCache connectivity settings** and **ElastiCache security settings**. You can keep the default settings or customize these settings per your requirements.
1. Verify the default and inherited settings of your ElastiCache cache. Some settings can't be changed after creation.
**Note**
RDS might adjust the backup window of your ElastiCache cache to meet the minimum window requirement of 60 minutes. The backup window of your source database remains the same.
1. When you're ready, choose **Create ElastiCache cache**.
The console displays a confirmation banner for the ElastiCache cache creation. Follow the link in the banner to the ElastiCache console to view the cache details. The ElastiCache console displays the newly created ElastiCache cache.
# Auto migrating EC2 databases to Amazon RDS using AWS Database Migration Service
You can use the RDS console to migrate an EC2 database to RDS. RDS uses AWS Database Migration Service (AWS DMS) to migrate your source EC2 database. AWS DMS allows you to migrate relational databases into your AWS Cloud. For more information about AWS Database Migration Service, see [What is AWS Database Migration Service?](https://docs.aws.amazon.com/dms/latest/userguide/Welcome.html) in the *AWS Database Migration Service User Guide*.
To begin the migration, you must create an equivalent RDS DB instance to migrate the data into. After you create your target database, you can import your EC2 database into it. For source databases smaller than 1TiB, this migration action reduces the time and resources required to migrate your data into RDS.
## Overview
The RDS console allows you to migrate EC2 databases into equivalent RDS databases. You must create an RDS database to enable migration from the console.
You can migrate EC2 databases for the following databases engines:
+ MySQL
+ MariaDB
+ PostgreSQL
The migration process involves the following steps:
+ Create an equivalent database in RDS. For the databases to be equivalent, they must have the same database engine and compatible engine versions. They must also be in the same VPC. For instructions on creating your database, see [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md).
+ Choose the type of replication for your database:
+ **Full load migration** – RDS copies the complete source database to the target database, creating new tables in the target when necessary.
**Note**
This option causes an outage in your RDS database.
+ **Full load and change data capture (CDC) migration** – Similar to full load migration, with this option, RDS copies over the complete source database to the target database. However, after the full load migration, RDS applies any captured changes in the source to the target database. Change data capture collects changes to the database logs by using the database engine's native API.
**Note**
This option causes an outage in your RDS database.
+ **Change data capture (CDC)** – Use this option to keep your target database available through the migration. RDS migrates ongoing changes in your source database to the target database.
+ RDS creates the necessary networking resources to facilitate the migration. Once RDS creates the required resources, it notifies you about the resources created and allows you to initiate the data transfer.
The time required to complete the migration depends on the type of replication and the size of the source database.
## Prerequisites
### MySQL and MariaDB
Before you begin to work with a MySQL or MariaDB database as the source database, make sure that you have the following prerequisites. These prerequisites apply to AWS-managed sources.
You must have an account for AWS DMS that has the Replication Admin role. The role needs the following privileges:
+ **REPLICATION CLIENT** – This privilege is required for CDC tasks only. In other words, full-load-only tasks don't require this privilege.
+ **REPLICATION SLAVE** – This privilege is required for CDC tasks only. In other words, full-load-only tasks don't require this privilege.
The AWS DMS user must also have SELECT privileges for the source tables designated for replication.
Grant the following privileges if you use MySQL-specific premigration assessments.
```
grant select on mysql.user to ;
grant select on mysql.db to ;
grant select on mysql.tables_priv to ;
grant select on mysql.role_edges to #only for MySQL version 8.0.11 and higher
```
### PostgreSQL
Before migrating data from an AWS-managed PostgreSQL source database, do the following:
+ We recommend that you use an AWS user account with the minimum required permissions for the PostgreSQL DB instance as the user account for the PostgreSQL source endpoint for AWS DMS. Using the master account is not recommended. The account must have the `rds_superuser` role and the `rds_replication` role. The `rds_replication` role grants permissions to manage logical slots and to stream data using logical slots.
**Note**
Some AWS DMS transactions are idle for some time before the DMS engine uses them again. By using the parameter `idle_in_transaction_session_timeout` in PostgreSQL versions 9.6 and higher, you can cause idle transactions to time out and fail.
## Limitations
The following limitations apply to the auto-migrate process:
+ Your target database status must be **Available** to begin source database migration.
+ When migrating from a MySQL source database, your RDS account must have the Replication Admin role. You must also have the proper privileges applied for that role.
+ Your EC2 instance and target database must be in the same VPC.
+ You can't migrate your EC2 database to the following target databases when using the **Migrate data from EC2 database** action:
+ Database that is a member of a cluster
+ Oracle, SQL Server, and Db2 databases
+ Databases with MySQL version lower than 5.7
+ Databases with PostgreSQL version lower than 10.4
+ Databases with MariaDB version lower than 10.2
# Creating IAM resources for homogeneous migrations
RDS uses AWS DMS to migrate your data. To access your databases and to migrate data, AWS DMS creates a serverless environment for homogeneous data migrations. In this environment, AWS DMS requires access to VPC peering, route tables, security groups, and other AWS resources. Also, AWS DMS stores logs, metrics, and progress for each data migration in Amazon CloudWatch. To create a data migration project, AWS DMS needs access to these services.
Also, AWS DMS requires access to the secrets that respresent a set of user credentials to authenticate the database connection for the source and target connection.
**Note**
By using the **Migrate data from EC2 instance** action, you can use the RDS console to generate these IAM resources. Skip this step if you use the console generated IAM resources.
You need the following IAM resources for this process:
**Topics**
+ [Creating an IAM policy for homogeneous data migrations](#USER_DMS_migration-IAM.iam-policy)
+ [Creating an IAM role for homogeneous data migrations](#USER_DMS_migration-IAM.iam-role)
+ [Creating a secret access policy and role](USER_DMS_migration-IAM.secret-iam-role-policy.md)
+ [Creating an IAM role for AWS DMS to manage Amazon VPC](USER_DMS_migration-IAM.dms-vpc-role.md)
## Creating an IAM policy for homogeneous data migrations
In this step, you create an IAM policy that provides AWS DMS with access to Amazon EC2 and CloudWatch resources. Next, create an IAM role and attach this policy.
**To create an IAM policy for data migration**
1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane, choose **Policies**.
1. Choose **Create policy**.
1. In the **Create policy** page, choose the **JSON** tab.
1. Paste the following JSON into the editor.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribePrefixLists",
"logs:DescribeLogGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicequotas:GetServiceQuota"
],
"Resource": "arn:aws:servicequotas:*:*:vpc/L-0EA8095F"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:DescribeLogStreams"
],
"Resource": "arn:aws:logs:*:*:log-group:dms-data-migration-*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:dms-data-migration-*:log-stream:dms-data-migration-*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:PutMetricData",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateRoute",
"ec2:DeleteRoute"
],
"Resource": "arn:aws:ec2:*:*:route-table/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:security-group-rule/*",
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:vpc-peering-connection/*",
"arn:aws:ec2:*:*:vpc/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "arn:aws:ec2:*:*:security-group-rule/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:ModifyVpcPeeringConnectionOptions"
],
"Resource": "arn:aws:ec2:*:*:vpc-peering-connection/*"
},
{
"Effect": "Allow",
"Action": "ec2:AcceptVpcPeeringConnection",
"Resource": "arn:aws:ec2:*:*:vpc/*"
}
]
}
```
------
1. Choose **Next: Tags** and **Next: Review.**
1. Enter **HomogeneousDataMigrationsPolicy** for **Name\$1**, and choose **Create policy**.
## Creating an IAM role for homogeneous data migrations
In this step, you create an IAM role that provides access to AWS Secrets Manager, Amazon EC2, and CloudWatch.
**To create an IAM role for data migrations**
1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane, choose **Roles**.
1. Choose **Create role**.
1. On the **Select trusted entity** page, for **Trusted entity type**, choose **AWS Service**. For **Use cases for other AWS services**, choose **DMS**.
1. Select the **DMS** check box and choose **Next**.
1. On the **Add permissions** page, choose **HomogeneousDataMigrationsPolicy** that you created before. Choose **Next**.
1. On the **Name, review, and create** page, enter **HomogeneousDataMigrationsRole** for **Role name**, and choose **Create role**.
1. On the **Roles** page, enter **HomogeneousDataMigrationsRole** for **Role name**. Choose **HomogeneousDataMigrationsRole**.
1. On the **HomogeneousDataMigrationsRole** page, choose the **Trust relationships** tab. Choose **Edit trust policy**.
1. On the **Edit trust policy** page, paste the following JSON into the editor, replacing the existing text.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"dms-data-migrations.amazonaws.com",
"dms.your_region.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
```
------
In the preceding example, replace *your\$1region* with the name of your AWS Region.
The preceding resource-based policy provides AWS DMS service principals with permissions to perform tasks according to the customer managed **HomogeneousDataMigrationsPolicy** policy.
1. Choose **Update policy**.
# Creating a secret access policy and role
Follow the procedures below to create your secret access policy and role which allow DMS to access the user credentials for your source and target databases.
**To create the secret access policy and role, which allows Amazon RDS to access AWS Secrets Manager to access your appropriate secret**
1. Sign in to the AWS Management Console and open the AWS Identity and Access Management (IAM) console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Choose **Policies**, then choose **Create policy**.
1. Choose **JSON** and enter the following policy to enable access to and decryption of your secret.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:us-east-1:111122223333:secret:SecretName-ABCDEF"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:DescribeKey"
],
"Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
]
}
```
------
Here, `secret_arn` is the ARN of your secret, which you can get from either `SecretsManagerSecretId` as appropriate, and `kms_key_arn` is the ARN of the AWS KMS key that you are using to encrypt your secret, as in the following example.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:us-east-2:123456789012:secret:MySQLTestSecret-qeHamH"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:DescribeKey"
],
"Resource": "arn:aws:kms:us-east-2:123456789012:key/761138dc-0542-4e58-947f-4a3a8458d0fd"
}
]
}
```
------
**Note**
If you use the default encryption key created by AWS Secrets Manager, you do not have to specify the AWS KMS permissions for `kms_key_arn`.
If you want your policy to provide access to both secrets, simply specify an additional JSON resource object for the other *secret\$1arn*.
1. Review and create the policy with a friendly name and optional description.
1. Choose **Roles**, then choose **Create role**.
1. Choose **AWS service** as the type of trusted entity.
1. Choose **DMS** from the list of services as the trusted service, then choose **Next: Permissions**.
1. Look up and attach the policy you created in step 4, then proceed through adding any tags and review your role. At this point, edit the trust relationships for the role to use your Amazon RDS regional service principal as the trusted entity. This principal has the following format.
```
dms.region-name.amazonaws.com
```
Here, *`region-name`* is the name of your region, such as `us-east-1`. Thus, an Amazon RDS regional service principal for this region follows.
```
dms.us-east-1.amazonaws.com
dms-data-migrations.amazonaws.com
```
# Creating an IAM role for AWS DMS to manage Amazon VPC
You must create an IAM role for AWS DMS to manage the VPC settings for your resources. This role must be available for successful migration.
**Creating the `dms-vpc-role` for database migration**
1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane of the console, choose **Roles** and then choose **Create role**.
1. Choose the **AWS service** option for the **Select trusted entity** option.
For **Use case**, select **DMS**.
1. For the **Add permissions** step, select `AmazonDMSVPCManagementRole` and choose **Next**.
1. In the **Name, review, and create** page, set the **Role name** to `dms-vpc-role` and choose **Create role**.
This creates the role for the DMS to manage the VPC settings for the migration.
# Setting up data migration for EC2 database
To begin migrating data from your EC2 source database, you must create an equivalent RDS database. For instructions on creating your database, see [Creating an Amazon RDS DB instance](USER_CreateDBInstance.md).
After creating your target database, use the following steps to set up the data migration:
**Set up data migration project**
1. Select the target database on the **Databases** page in the RDS console.
1. Choose the **Actions** dropdown and select the **Migrate data from EC2 database** option. To see the supported target databases, see [Limitations](USER_DMS_migration.md#USER_DMS_migration-Limitations).
1. Under the **Select source EC2 database** section:
1. Check the **Engine type** and make sure it is the same as your source database.
Also, check if the engine versions are compatible.
1. For **EC2 instance**, choose the EC2 instance where your source database resides.
1. For **Port**, enter the port on which your source database allows traffic.
1. For **Secret**, choose **Create and use a new secret** if you don't have an existing secret. Enter the **Username** and **Password** for your source database. Also choose the KMS key with which to encrypt your secret.
If you have an existing secret, select **Use an existing secret** and then choose secret from the dropdown.
1. For **IAM role for secret**, if you have an existing IAM role, select **Use an existing IAM role** and choose an IAM role from the dropdown that can access the secret ID from the previous step.
If you don't have existing IAM role, choose **Create and use new IAM role**. Enter the new name for your role for **IAM role name. You can see the permissions associated with this role in the link below.**
1. Under the **View target RDS database** section:
1. Confirm the settings of your target database at the top of the section.
1. For **Secret**, choose **Create and use a new secret** if you don't have an existing secret that holds your target database credentials.
If you have an existing secret, select the secret from the dropdown.
1. For **IAM role for secret**, select an IAM role that can access the secret from the previous step. You can also create a new IAM role if you don't have existing IAM role.
If the dropdown doesn't populate the IAM roles, specify the **IAM role ARN** in the format `arn:aws:iam:account_id:role/roleName`.
1. Under the **Configure data migration** section:
1. Select the type of data migration by selecting between **Full load**, **Full load and change data capture (CDC)**, or **Change data capture (CDC)**. For more information about these options, see [Overview](USER_DMS_migration.md#USER_DMS_migration-overview).
You can't modify the migration type afer the migration starts.
1. For **IAM role for data migration**, if you have an existing IAM role, select **Use an existing IAM role** and choose an IAM role from the dropdown that grants DMS the permissions to create the resources required for the migration. If you don't have existing IAM role, choose **Create and use new IAM role**.
1. Confirm that the **View migration settings** tab shows the required settings for your data migration to be set up successfully.
1. Select **Migrate** to complete the migration set up.
After completing these steps, you can see the resources being set up for the data migration by choosing **View details** in the progress banner in the console. Once the required resources are set up, the migration automatically starts. If you create
To migrate multiple databases into the target database, start this process again with details about the new EC2 database.
# Managing data migrations
After using the **Migrate data from EC2 database** action from the RDS console, RDS starts the migration automatically.
If you used the AWS DMS console to create the migration resources, you can start the migration process.
## Starting the data migration
Follow these steps to start data migration:
**Starting a data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. Under the **Data migrations** tab, the **Associated data migrations** lists the available data migrations.
Migrations set up using the RDS console start automatically once the required resources are set up.
Migrations set up using the DMS console are set to **Ready**.
To begin these migrations, select the **Actions** drop down and select **Start**.
1. This begins the data migration for your EC2 database.
## Stopping the data migration
For data migrations whose replication type is full load, stopping the migration causes the process to stop and can't be resumed. Once stopped, you must restart the migration.
For migrations with replication type set to change data capture (CDC) or full load and CDC, you can stop the continuous replication process, and resume the process later.
**Stopping a data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. Under the **Data migrations** tab, the **Associated data migrations** lists the ongoing data migrations.
To stop a migration, select a data migration and select **Stop** in the **Actions** drop down.
1. This stops the data migration for your EC2 database.
## Resuming the data migration
For data migrations whose replication type is full load and change data capture (CDC) or change data capture (CDC) migration, you can resume the CDC process from the last stop point.
**Resuming a data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. Under the **Data migrations** tab, the **Associated data migrations** lists the stopped data migrations.
To resume a migration, select a data migration and select **Resume processing** in the **Actions** drop down.
1. This resume the data migration for your EC2 database.
## Deleting the data migration
To delete an associated data migration, use the following instructions
**Deleting a data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. To delete a migration, select a data migration and select **Delete** in the **Actions** drop down.
1. This deletes the data migration.
Deleting a data migration that was in progress doesn't impact any data that has already been loaded to the target database.
## Restarting the data migration
To restart an associated data migration from a CDC start point, use the following instructions
**Restarting a data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. To restart a migration, select a data migration and select **Restart** in the **Actions** drop down.
1. This restarts the data migration from a CDC start point.
Restarting a data migration that was in progress doesn't impact any data that has already been loaded to the target database.
# Monitoring your data migrations
After the data migrations starts, you can monitor its status and progress. Data migrations of large data sets take hours to complete. To maintain the reliability, availability, and high performance of your data migration, monitor its progress regularly.
**To check the status and progress of your data migration**
1. Choose the target database on the **Databases** page in the RDS console.
1. In the database details page, choose the **Data migrations** tab.
1. The **Associated data migrations** section lists your data migrations. Check the **Status** column.
1. For running data migrations, the **Migration process** column displays the percentage of migrated data.
1. To monitor the process in CloudWatch, use the link in the in **CloudWatch** column.
## Migration statuses
For each data migration that you run, the RDS console displays the **Status**. The following list includes the statuses:
+ `Ready`: The data migration is ready to start.
+ `Starting`: RDS is creating the serverless environment for your data migration.
+ `Load running`: RDS is performing the full load migration.
+ `Load complete, replication ongoing`: RDS completed the full load and now replicates the ongoing changes. This status only applies for full load and CDC type migrations.
+ `Replication ongoing`: RDS is replicating ongoing changes. This status only applies to CDC type migrations.
+ `Stopping`: RDS is stopping the data migrations. This status applies when you choose to stop the data migration from the **Actions** menu.
+ `Stopped`: RDS has stopped the data migration.
+ `Failed`: The data migration has failed. For more information, see the log files.
+ `Restarting`: The data migration has restarted an ongoing data replication from a CDC start point.
# Tutorial: Creating a MySQL DB instance with a custom parameterand new option group
In this tutorial, you create a MySQL DB instance with a custom parameter and new option group. For more information about custom parameter and option groups, see [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md) and [Working with option groups](USER_WorkingWithOptionGroups.md).
**Important**
There's no charge for creating an AWS account. However, by completing this tutorial, you might incur costs for the AWS resources you use. You can delete these resources after you complete the tutorial if they are no longer needed.
To create a DB instance with custom configurations and settings, you can use custom parameter and new option groups. Custom parameter and new option groups are particularly helpful if you work with multiple databases and want to uniformly configure settings for them.
By completing these steps, you learn:
+ How to use Amazon RDS to create a MySQL DB instance with a custom parameter and new option group.
+ How to use specific parameters and options for MySQL DB instances.
To complete this tutorial, perform the following tasks:
1. Create a custom parameter group with the MySQL parameters `default_password_lifetime`and `disconnect_on_expired_password`.
1. Create a new option group with MySQL option feature `MariaDB Audit Plugin`. For steps to create an option group, see [Working with option groups](USER_WorkingWithOptionGroups.md).
1. Create a MySQL DB instance with the custom parameter group and new option group that you created.
**Topics**
+ [Prerequisites](#tutorial-creating-custom-OPG.Prerequisites)
+ [Create an Amazon RDS parameter group](#tutorial-creating-custom-OPG.create-parameter-group)
+ [Modify parameter values in your custom parameter group](#tutorial-creating-custom-OPG.add-parameters)
+ [Create a new Amazon RDS option group](#tutorial-creating-custom-OPG.create-option-group)
+ [Add a option to your new option group](#tutorial-creating-custom-OPG.add-options)
+ [Create MySQL DB instance with a custom parameter and a new option group](#tutorial-creating-custom-OPG.create-OPG)
## Prerequisites
This tutorial requires you to have an AWS account and a user with administrative access. If you don't already have those set up, complete the steps in the following sections:
+ [Sign up for an AWS account](CHAP_SettingUp.md#sign-up-for-aws)
+ [Create a user with administrative access](CHAP_SettingUp.md#create-an-admin)
## Create an Amazon RDS parameter group
In this tutorial, you learn how to create a custom parameter group with [ default\$1password\$1lifetime](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_default_password_lifetime) and [ disconnect\$1on\$1expired\$1password](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_disconnect_on_expired_password) for a MySQL DB instance in the console. The `default_password_lifetime` parameter controls the number of days before the client password automatically expires. The `disconnect_on_expired_password` parameter controls whether the MySQL DB instance disconnects the client when the password expires. For more information on other parameters available for MySQL DB instances, see [Parameters for MySQL](Appendix.MySQL.Parameters.md) .
**To create a parameter group**
1. Open the Amazon RDS console and choose **Parameter groups**.
1. For **Custom parameter groups**, choose **Create parameter group**.
1. Set the parameter group details.
1. Enter a name for the parameter group.
1. Enter a description of the parameter group.
1. For **Engine type**, choose **MySQL Community.**
1. For **Parameter group family**, choose **MySQL 8.0.**
1. Choose **Create**.
The new parameter group appears on the **Parameter groups** page in the Amazon RDS console. The following steps illustrate how to modify parameter values to customize your parameter group.
## Modify parameter values in your custom parameter group
Use the following steps to modify the parameter values in the parameter group that you created in [Create an Amazon RDS parameter group](#tutorial-creating-custom-OPG.create-parameter-group).
**To modify parameter values in your parameter group**
1. Open the Amazon RDS console and choose **Parameter groups**.
1. For **Custom parameter groups**, choose the name of the parameter group you created.
1. Choose **Edit**.
1. In the **Filter parameters** search box, search for the custom parameter `default_password_lifetime`.
1. Select the check box next to the parameter and enter a value the number of days to set for this password lifetime parameter.
1. Select **Save Changes**.
1. Repeat the same steps for the parameter ` disconnect_on_expired_password`. When you choose this parameter, you are prompted to select a value of 0 or 1 from the dropdown menu. Select 1 to disconnect on expired password.
The custom parameter group is now available to associate with Amazon RDS for MySQL 8.0 DB instance. Next, create a new option group for your DB instance.
## Create a new Amazon RDS option group
Create a new option group with the option [MariaDB Audit Plugin](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.AuditPlugin.html). This plugin logs server activity for security and compliance. For more information on other custom options available for MySQL DB instances, see [Options for MySQL DB instances](Appendix.MySQL.Options.md).
**To create an option group**
1. Open the Amazon RDS console and choose **Option groups**.
1. For **Option Groups**, choose **Create group**.
1. Set the option group details.
+ Enter a name for the option group.
+ Enter a description of the option group.
+ For **Engine**, select **mysql**.
+ For **Major engine version**, select **8.0**.
1. Choose **Create**.
The new option group appears on the **Option groups ** page in the Amazon RDS console. The following steps show how to add options to the option group.
## Add a option to your new option group
Use the following steps to add a option to the new option group that you created in [Create a new Amazon RDS option group](#tutorial-creating-custom-OPG.create-option-group).
**To add an option to your option group**
1. Open the Amazon RDS console and choose **Option groups**.
1. For **Option groups**, select the name of the option group that you created.
1. Under **Options**, choose **Add option**.
1. Set the option group details.
+ For **Option name**, choose the option MariaDB Audit Plugin, **MARIADB\$1AUDIT\$1PLUGIN**.
+ For **Option settings**, leave all the default options selected.
+ For **Apply immediately**, choose **Yes**.
1. Choose **Create option**.
The new option group should now be available for all associated DB instances. Next, create a MySQL DB instance with the custom parameter and new option group.
## Create MySQL DB instance with a custom parameter and a new option group
Finally, create a MySQL DB instance with the custom parameter and new option group that you made in the previous steps. The following steps show how to create the MySQL DB instance with your custom parameter and new option group.
**To create a DB instance with a custom parameter and new option group**
1. Open the Amazon RDS console and choose **Databases**.
1. Choose **Create database**.
1. For **Choose a database creation method**, choose **Standard Create**.
1. For **Engine options**, choose **MySQL** .
1. For **Availability and durability**, choose **Single DB instance.** This step is necessary to support a custom parameter or new option group.
1. Select **Additional Configuration**.
+ For **Initial database name**, choose a name for your DB instance.
+ Under the **DB parameter group** dropdown, select the name of the custom parameter group you created previously.
+ Under **Option group** dropdown, select the name of new option group you created previously.
1. For this tutorial, you can leave the default settings for any other DB settings or modify them as required.
1. Choose **Create database**.
RDS creates a new MySQL DB instance with a custom parameter groupand new option group. To see more information on this database, see the **Databases** page of the Amazon RDS console.
In this tutorial, you configured a MySQL DB instance with tailored settings using a custom parameter and a new option group. This newly created MySQL DB instance manages the user password lifetime by using the parameter `default_password_lifetime`. This DB instance also disconnects users that connect with an expired password by using the parameter `disconnect_on_expired_password`. You also use the option `MariaDB Audit Plugin` to keep track of server activity. To optimize your database, you can apply additional setting in your custom parameter group and add options.
After you have finished creating your customized DB instance, you should delete your resources to avoid incurring unwanted costs. To delete a DB instance, follow the instructions in [Deleting a DB instance](USER_DeleteInstance.md).