CfnDBClusterProps
- class aws_cdk.aws_docdb.CfnDBClusterProps(*, availability_zones=None, backup_retention_period=None, copy_tags_to_snapshot=None, db_cluster_identifier=None, db_cluster_parameter_group_name=None, db_subnet_group_name=None, deletion_protection=None, enable_cloudwatch_logs_exports=None, engine_version=None, global_cluster_identifier=None, kms_key_id=None, manage_master_user_password=None, master_username=None, master_user_password=None, master_user_secret_kms_key_id=None, network_type=None, port=None, preferred_backup_window=None, preferred_maintenance_window=None, restore_to_time=None, restore_type=None, rotate_master_user_password=None, serverless_v2_scaling_configuration=None, snapshot_identifier=None, source_db_cluster_identifier=None, storage_encrypted=None, storage_type=None, tags=None, use_latest_restorable_time=None, vpc_security_group_ids=None)
Bases:
objectProperties for defining a
CfnDBCluster.- Parameters:
availability_zones (
Optional[Sequence[str]]) – A list of Amazon EC2 Availability Zones that instances in the cluster can be created in.backup_retention_period (
Union[int,float,None]) – The number of days for which automated backups are retained. You must specify a minimum value of 1. Default: 1 Constraints: - Must be a value from 1 to 35.copy_tags_to_snapshot (
Union[bool,IResolvable,None]) – Set totrueto copy all tags from the source cluster snapshot to the target cluster snapshot, and otherwisefalse. The default isfalse.db_cluster_identifier (
Optional[str]) – The cluster identifier. This parameter is stored as a lowercase string. Constraints: - Must contain from 1 to 63 letters, numbers, or hyphens. - The first character must be a letter. - Cannot end with a hyphen or contain two consecutive hyphens. Example:my-clusterdb_cluster_parameter_group_name (
Optional[str]) – The name of the cluster parameter group to associate with this cluster.db_subnet_group_name (
Optional[str]) – A subnet group to associate with this cluster. Constraints: Must match the name of an existingDBSubnetGroup. Must not be default. Example:mySubnetgroupdeletion_protection (
Union[bool,IResolvable,None]) – Protects clusters from being accidentally deleted. If enabled, the cluster cannot be deleted unless it is modified andDeletionProtectionis disabled.enable_cloudwatch_logs_exports (
Optional[Sequence[str]]) – The list of log types that need to be enabled for exporting to Amazon CloudWatch Logs. You can enable audit logs or profiler logs. For more information, see Auditing Amazon DocumentDB Events and Profiling Amazon DocumentDB Operations .engine_version (
Optional[str]) – The version number of the database engine to use. The--engine-versionwill default to the latest major engine version. For production workloads, we recommend explicitly declaring this parameter with the intended major engine version. If you intend to trigger an in-place upgrade, please refer to Amazon DocumentDB in-place major version upgrade . Note that for an in-place engine version upgrade, you need to remove other cluster properties changes (e.g. SecurityGroupId) from the CFN template.global_cluster_identifier (
Optional[str]) – The cluster identifier of the new global cluster.kms_key_id (
Optional[str]) – The AWS KMS key identifier for an encrypted cluster. The AWS KMS key identifier is the Amazon Resource Name (ARN) for the AWS KMS encryption key. If you are creating a cluster using the same AWS account that owns the AWS KMS encryption key that is used to encrypt the new cluster, you can use the AWS KMS key alias instead of the ARN for the AWS KMS encryption key. If an encryption key is not specified inKmsKeyId: - If theStorageEncryptedparameter istrue, Amazon DocumentDB uses your default encryption key. AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Regions .manage_master_user_password (
Union[bool,IResolvable,None]) – Specifies whether to manage the master user password with Amazon Web Services Secrets Manager. Constraint: You can’t manage the master user password with Amazon Web Services Secrets Manager ifMasterUserPasswordis specified.master_username (
Optional[str]) – The name of the master user for the cluster. Constraints: - Must be from 1 to 63 letters or numbers. - The first character must be a letter. - Cannot be a reserved word for the chosen database engine.master_user_password (
Optional[str]) – The password for the master database user. This password can contain any printable ASCII character except forward slash (/), double quote (“), or the “at” symbol (@). Constraints: Must contain from 8 to 100 characters.master_user_secret_kms_key_id (
Optional[str]) – The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager. This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the DB cluster. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If you don’t specifyMasterUserSecretKmsKeyId, then theaws/secretsmanagerKMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can’t use theaws/secretsmanagerKMS key to encrypt the secret, and you must use a customer managed KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.network_type (
Optional[str]) – The network type of the cluster. The network type is determined by theDBSubnetGroupspecified for the cluster. ADBSubnetGroupcan support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL). For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide. Valid Values:IPV4|DUALport (
Union[int,float,None]) – Specifies the port that the database engine is listening on.preferred_backup_window (
Optional[str]) – The daily time range during which automated backups are created if automated backups are enabled using theBackupRetentionPeriodparameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region . Constraints: - Must be in the formathh24:mi-hh24:mi. - Must be in Universal Coordinated Time (UTC). - Must not conflict with the preferred maintenance window. - Must be at least 30 minutes.preferred_maintenance_window (
Optional[str]) – The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format:ddd:hh24:mi-ddd:hh24:miThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week. Valid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun Constraints: Minimum 30-minute window.restore_to_time (
Optional[str]) – The date and time to restore the cluster to. Valid values: A time in Universal Coordinated Time (UTC) format. Constraints: - Must be before the latest restorable time for the instance. - Must be specified if theUseLatestRestorableTimeparameter is not provided. - Cannot be specified if theUseLatestRestorableTimeparameter istrue. - Cannot be specified if theRestoreTypeparameter iscopy-on-write. Example:2015-03-07T23:45:00Zrestore_type (
Optional[str]) – The type of restore to be performed. You can specify one of the following values:. -full-copy- The new DB cluster is restored as a full copy of the source DB cluster. -copy-on-write- The new DB cluster is restored as a clone of the source DB cluster. Constraints: You can’t specifycopy-on-writeif the engine version of the source DB cluster is earlier than 1.11. If you don’t specify aRestoreTypevalue, then the new DB cluster is restored as a full copy of the source DB cluster.rotate_master_user_password (
Union[bool,IResolvable,None]) – Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password. This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the cluster. The secret value contains the updated password. Constraint: You must apply the change immediately when rotating the master user password.serverless_v2_scaling_configuration (
Union[IResolvable,ServerlessV2ScalingConfigurationProperty,Dict[str,Any],None]) – Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.snapshot_identifier (
Optional[str]) – The identifier for the snapshot or cluster snapshot to restore from. You can use either the name or the Amazon Resource Name (ARN) to specify a cluster snapshot. However, you can use only the ARN to specify a snapshot. Constraints: - Must match the identifier of an existing snapshot.source_db_cluster_identifier (
Optional[str]) – The identifier of the source cluster from which to restore. Constraints: - Must match the identifier of an existingDBCluster.storage_encrypted (
Union[bool,IResolvable,None]) – Specifies whether the cluster is encrypted. If you specifySourceDBClusterIdentifierorSnapshotIdentifierand don’t specifyStorageEncrypted, the encryption property is inherited from the source cluster or snapshot (unlessKMSKeyIdis specified, in which case the restored cluster will be encrypted with that KMS key). If the source is encrypted andStorageEncryptedis specified to be true, the restored cluster will be encrypted (if you want to use a different KMS key, specify theKMSKeyIdproperty as well). If the source is unencrypted andStorageEncryptedis specified to be true, then theKMSKeyIdproperty must be specified. If the source is encrypted, don’t specifyStorageEncryptedto be false as opting out of encryption is not allowed.storage_type (
Optional[str]) – The storage type to associate with the DB cluster. For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide . Valid values for storage type -standard | iopt1Default value isstandard.. epigraph:: When you create an Amazon DocumentDB cluster with the storage type set toiopt1, the storage type is returned in the response. The storage type isn’t returned when you set it tostandard.tags (
Optional[Sequence[Union[CfnTag,Dict[str,Any]]]]) – The tags to be assigned to the cluster.use_latest_restorable_time (
Union[bool,IResolvable,None]) – A value that is set totrueto restore the cluster to the latest restorable backup time, andfalseotherwise. Default:falseConstraints: Cannot be specified if theRestoreToTimeparameter is provided.vpc_security_group_ids (
Optional[Sequence[str]]) – A list of EC2 VPC security groups to associate with this cluster.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_docdb as docdb cfn_dBCluster_props = docdb.CfnDBClusterProps( availability_zones=["availabilityZones"], backup_retention_period=123, copy_tags_to_snapshot=False, db_cluster_identifier="dbClusterIdentifier", db_cluster_parameter_group_name="dbClusterParameterGroupName", db_subnet_group_name="dbSubnetGroupName", deletion_protection=False, enable_cloudwatch_logs_exports=["enableCloudwatchLogsExports"], engine_version="engineVersion", global_cluster_identifier="globalClusterIdentifier", kms_key_id="kmsKeyId", manage_master_user_password=False, master_username="masterUsername", master_user_password="masterUserPassword", master_user_secret_kms_key_id="masterUserSecretKmsKeyId", network_type="networkType", port=123, preferred_backup_window="preferredBackupWindow", preferred_maintenance_window="preferredMaintenanceWindow", restore_to_time="restoreToTime", restore_type="restoreType", rotate_master_user_password=False, serverless_v2_scaling_configuration=docdb.CfnDBCluster.ServerlessV2ScalingConfigurationProperty( max_capacity=123, min_capacity=123 ), snapshot_identifier="snapshotIdentifier", source_db_cluster_identifier="sourceDbClusterIdentifier", storage_encrypted=False, storage_type="storageType", tags=[CfnTag( key="key", value="value" )], use_latest_restorable_time=False, vpc_security_group_ids=["vpcSecurityGroupIds"] )
Attributes
- availability_zones
A list of Amazon EC2 Availability Zones that instances in the cluster can be created in.
- backup_retention_period
The number of days for which automated backups are retained. You must specify a minimum value of 1.
Default: 1
Constraints:
Must be a value from 1 to 35.
- copy_tags_to_snapshot
Set to
trueto copy all tags from the source cluster snapshot to the target cluster snapshot, and otherwisefalse.The default is
false.
- db_cluster_identifier
The cluster identifier. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Example:
my-cluster
- db_cluster_parameter_group_name
The name of the cluster parameter group to associate with this cluster.
- db_subnet_group_name
A subnet group to associate with this cluster.
Constraints: Must match the name of an existing
DBSubnetGroup. Must not be default.Example:
mySubnetgroup
- deletion_protection
Protects clusters from being accidentally deleted.
If enabled, the cluster cannot be deleted unless it is modified and
DeletionProtectionis disabled.
- enable_cloudwatch_logs_exports
The list of log types that need to be enabled for exporting to Amazon CloudWatch Logs.
You can enable audit logs or profiler logs. For more information, see Auditing Amazon DocumentDB Events and Profiling Amazon DocumentDB Operations .
- engine_version
The version number of the database engine to use.
The
--engine-versionwill default to the latest major engine version. For production workloads, we recommend explicitly declaring this parameter with the intended major engine version.If you intend to trigger an in-place upgrade, please refer to Amazon DocumentDB in-place major version upgrade . Note that for an in-place engine version upgrade, you need to remove other cluster properties changes (e.g. SecurityGroupId) from the CFN template.
- global_cluster_identifier
The cluster identifier of the new global cluster.
- kms_key_id
The AWS KMS key identifier for an encrypted cluster.
The AWS KMS key identifier is the Amazon Resource Name (ARN) for the AWS KMS encryption key. If you are creating a cluster using the same AWS account that owns the AWS KMS encryption key that is used to encrypt the new cluster, you can use the AWS KMS key alias instead of the ARN for the AWS KMS encryption key.
If an encryption key is not specified in
KmsKeyId:If the
StorageEncryptedparameter istrue, Amazon DocumentDB uses your default encryption key.
AWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Regions .
- manage_master_user_password
Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.
Constraint: You can’t manage the master user password with Amazon Web Services Secrets Manager if
MasterUserPasswordis specified.
- master_user_password
The password for the master database user.
This password can contain any printable ASCII character except forward slash (/), double quote (“), or the “at” symbol (@).
Constraints: Must contain from 8 to 100 characters.
- master_user_secret_kms_key_id
The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don’t specify
MasterUserSecretKmsKeyId, then theaws/secretsmanagerKMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can’t use theaws/secretsmanagerKMS key to encrypt the secret, and you must use a customer managed KMS key.There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
- master_username
The name of the master user for the cluster.
Constraints:
Must be from 1 to 63 letters or numbers.
The first character must be a letter.
Cannot be a reserved word for the chosen database engine.
- network_type
The network type of the cluster.
The network type is determined by the
DBSubnetGroupspecified for the cluster. ADBSubnetGroupcan support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).For more information, see DocumentDB clusters in a VPC in the Amazon DocumentDB Developer Guide.
Valid Values:
IPV4|DUAL
- port
Specifies the port that the database engine is listening on.
- preferred_backup_window
The daily time range during which automated backups are created if automated backups are enabled using the
BackupRetentionPeriodparameter.The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region .
Constraints:
Must be in the format
hh24:mi-hh24:mi.Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
- preferred_maintenance_window
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format:
ddd:hh24:mi-ddd:hh24:miThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week.
Valid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun
Constraints: Minimum 30-minute window.
- restore_to_time
The date and time to restore the cluster to.
Valid values: A time in Universal Coordinated Time (UTC) format.
Constraints:
Must be before the latest restorable time for the instance.
Must be specified if the
UseLatestRestorableTimeparameter is not provided.Cannot be specified if the
UseLatestRestorableTimeparameter istrue.Cannot be specified if the
RestoreTypeparameter iscopy-on-write.
Example:
2015-03-07T23:45:00Z
- restore_type
.
full-copy- The new DB cluster is restored as a full copy of the source DB cluster.copy-on-write- The new DB cluster is restored as a clone of the source DB cluster.
Constraints: You can’t specify
copy-on-writeif the engine version of the source DB cluster is earlier than 1.11.If you don’t specify a
RestoreTypevalue, then the new DB cluster is restored as a full copy of the source DB cluster.- See:
- Type:
The type of restore to be performed. You can specify one of the following values
- rotate_master_user_password
Specifies whether to rotate the secret managed by Amazon Web Services Secrets Manager for the master user password.
This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the cluster. The secret value contains the updated password.
Constraint: You must apply the change immediately when rotating the master user password.
- serverless_v2_scaling_configuration
Contains the scaling configuration of an Amazon DocumentDB Serverless cluster.
- snapshot_identifier
The identifier for the snapshot or cluster snapshot to restore from.
You can use either the name or the Amazon Resource Name (ARN) to specify a cluster snapshot. However, you can use only the ARN to specify a snapshot.
Constraints:
Must match the identifier of an existing snapshot.
- source_db_cluster_identifier
The identifier of the source cluster from which to restore.
Constraints:
Must match the identifier of an existing
DBCluster.
- storage_encrypted
Specifies whether the cluster is encrypted.
If you specify
SourceDBClusterIdentifierorSnapshotIdentifierand don’t specifyStorageEncrypted, the encryption property is inherited from the source cluster or snapshot (unlessKMSKeyIdis specified, in which case the restored cluster will be encrypted with that KMS key). If the source is encrypted andStorageEncryptedis specified to be true, the restored cluster will be encrypted (if you want to use a different KMS key, specify theKMSKeyIdproperty as well). If the source is unencrypted andStorageEncryptedis specified to be true, then theKMSKeyIdproperty must be specified. If the source is encrypted, don’t specifyStorageEncryptedto be false as opting out of encryption is not allowed.
- storage_type
The storage type to associate with the DB cluster.
For information on storage types for Amazon DocumentDB clusters, see Cluster storage configurations in the Amazon DocumentDB Developer Guide .
Valid values for storage type -
standard | iopt1Default value is
standard.. epigraph:When you create an Amazon DocumentDB cluster with the storage type set to ``iopt1`` , the storage type is returned in the response. The storage type isn't returned when you set it to ``standard`` .
- tags
The tags to be assigned to the cluster.
- use_latest_restorable_time
A value that is set to
trueto restore the cluster to the latest restorable backup time, andfalseotherwise.Default:
falseConstraints: Cannot be specified if the
RestoreToTimeparameter is provided.
- vpc_security_group_ids
A list of EC2 VPC security groups to associate with this cluster.