AwsRdsDbInstanceDetails - AWS Security Hub

AwsRdsDbInstanceDetails

Contains the details of an Amazon RDS DB instance.

Contents

AllocatedStorage

The amount of storage (in gigabytes) to initially allocate for the DB instance.

Type: Integer

Required: No

AssociatedRoles

The IAM roles associated with the DB instance.

Type: Array of AwsRdsDbInstanceAssociatedRole objects

Required: No

AutoMinorVersionUpgrade

Indicates whether minor version patches are applied automatically.

Type: Boolean

Required: No

AvailabilityZone

The Availability Zone where the DB instance will be created.

Type: String

Pattern: .*\S.*

Required: No

BackupRetentionPeriod

The number of days for which to retain automated backups.

Type: Integer

Required: No

CACertificateIdentifier

The identifier of the CA certificate for this DB instance.

Type: String

Pattern: .*\S.*

Required: No

CharacterSetName

The name of the character set that this DB instance is associated with.

Type: String

Pattern: .*\S.*

Required: No

CopyTagsToSnapshot

Whether to copy resource tags to snapshots of the DB instance.

Type: Boolean

Required: No

DBClusterIdentifier

If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.

Type: String

Pattern: .*\S.*

Required: No

DBInstanceClass

Contains the name of the compute and memory capacity class of the DB instance.

Type: String

Pattern: .*\S.*

Required: No

DBInstanceIdentifier

Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.

Type: String

Pattern: .*\S.*

Required: No

DbInstancePort

Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port.

Type: Integer

Required: No

DbInstanceStatus

The current status of the DB instance.

Type: String

Pattern: .*\S.*

Required: No

DbiResourceId

The AWS Region-unique, immutable identifier for the DB instance. This identifier is found in CloudTrail log entries whenever the AWS KMS key for the DB instance is accessed.

Type: String

Pattern: .*\S.*

Required: No

DBName

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters don't apply to an Oracle DB instance.

Type: String

Pattern: .*\S.*

Required: No

DbParameterGroups

A list of the DB parameter groups to assign to the DB instance.

Type: Array of AwsRdsDbParameterGroup objects

Required: No

DbSecurityGroups

A list of the DB security groups to assign to the DB instance.

Type: Array of strings

Pattern: .*\S.*

Required: No

DbSubnetGroup

Information about the subnet group that is associated with the DB instance.

Type: AwsRdsDbSubnetGroup object

Required: No

DeletionProtection

Indicates whether the DB instance has deletion protection enabled.

When deletion protection is enabled, the database cannot be deleted.

Type: Boolean

Required: No

DomainMemberships

The Active Directory domain membership records associated with the DB instance.

Type: Array of AwsRdsDbDomainMembership objects

Required: No

EnabledCloudWatchLogsExports

A list of log types that this DB instance is configured to export to CloudWatch Logs.

Type: Array of strings

Pattern: .*\S.*

Required: No

Endpoint

Specifies the connection endpoint.

Type: AwsRdsDbInstanceEndpoint object

Required: No

Engine

Provides the name of the database engine to use for this DB instance.

Type: String

Pattern: .*\S.*

Required: No

EngineVersion

Indicates the database engine version.

Type: String

Pattern: .*\S.*

Required: No

EnhancedMonitoringResourceArn

The ARN of the CloudWatch Logs log stream that receives the enhanced monitoring metrics data for the DB instance.

Type: String

Pattern: .*\S.*

Required: No

IAMDatabaseAuthenticationEnabled

True if mapping of IAM accounts to database accounts is enabled, and otherwise false.

IAM database authentication can be enabled for the following database engines.

  • For MySQL 5.6, minor version 5.6.34 or higher

  • For MySQL 5.7, minor version 5.7.16 or higher

  • Aurora 5.6 or higher

Type: Boolean

Required: No

InstanceCreateTime

Indicates when the DB instance was created.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

Iops

Specifies the provisioned IOPS (I/O operations per second) for this DB instance.

Type: Integer

Required: No

KmsKeyId

If StorageEncrypted is true, the AWS KMS key identifier for the encrypted DB instance.

Type: String

Pattern: .*\S.*

Required: No

LatestRestorableTime

Specifies the latest time to which a database can be restored with point-in-time restore.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

LicenseModel

License model information for this DB instance.

Type: String

Pattern: .*\S.*

Required: No

ListenerEndpoint

Specifies the connection endpoint.

Type: AwsRdsDbInstanceEndpoint object

Required: No

MasterUsername

The master user name of the DB instance.

Type: String

Pattern: .*\S.*

Required: No

MaxAllocatedStorage

The upper limit to which Amazon RDS can automatically scale the storage of the DB instance.

Type: Integer

Required: No

MonitoringInterval

The interval, in seconds, between points when enhanced monitoring metrics are collected for the DB instance.

Type: Integer

Required: No

MonitoringRoleArn

The ARN for the IAM role that permits Amazon RDS to send enhanced monitoring metrics to CloudWatch Logs.

Type: String

Pattern: .*\S.*

Required: No

MultiAz

Whether the DB instance is a multiple Availability Zone deployment.

Type: Boolean

Required: No

OptionGroupMemberships

The list of option group memberships for this DB instance.

Type: Array of AwsRdsDbOptionGroupMembership objects

Required: No

PendingModifiedValues

Changes to the DB instance that are currently pending.

Type: AwsRdsDbPendingModifiedValues object

Required: No

PerformanceInsightsEnabled

Indicates whether Performance Insights is enabled for the DB instance.

Type: Boolean

Required: No

PerformanceInsightsKmsKeyId

The identifier of the AWS KMS key used to encrypt the Performance Insights data.

Type: String

Pattern: .*\S.*

Required: No

PerformanceInsightsRetentionPeriod

The number of days to retain Performance Insights data.

Type: Integer

Required: No

PreferredBackupWindow

The range of time each day when automated backups are created, if automated backups are enabled.

Uses the format HH:MM-HH:MM. For example, 04:52-05:22.

Type: String

Pattern: .*\S.*

Required: No

PreferredMaintenanceWindow

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Uses the format <day>:HH:MM-<day>:HH:MM.

For the day values, use mon|tue|wed|thu|fri|sat|sun.

For example, sun:09:32-sun:10:02.

Type: String

Pattern: .*\S.*

Required: No

ProcessorFeatures

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

Type: Array of AwsRdsDbProcessorFeature objects

Required: No

PromotionTier

The order in which to promote an Aurora replica to the primary instance after a failure of the existing primary instance.

Type: Integer

Required: No

PubliclyAccessible

Specifies the accessibility options for the DB instance.

A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address.

A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

Type: Boolean

Required: No

ReadReplicaDBClusterIdentifiers

List of identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica.

Type: Array of strings

Pattern: .*\S.*

Required: No

ReadReplicaDBInstanceIdentifiers

List of identifiers of the read replicas associated with this DB instance.

Type: Array of strings

Pattern: .*\S.*

Required: No

ReadReplicaSourceDBInstanceIdentifier

If this DB instance is a read replica, contains the identifier of the source DB instance.

Type: String

Pattern: .*\S.*

Required: No

SecondaryAvailabilityZone

For a DB instance with multi-Availability Zone support, the name of the secondary Availability Zone.

Type: String

Pattern: .*\S.*

Required: No

StatusInfos

The status of a read replica. If the instance isn't a read replica, this is empty.

Type: Array of AwsRdsDbStatusInfo objects

Required: No

StorageEncrypted

Specifies whether the DB instance is encrypted.

Type: Boolean

Required: No

StorageType

The storage type for the DB instance.

Type: String

Pattern: .*\S.*

Required: No

TdeCredentialArn

The ARN from the key store with which the instance is associated for TDE encryption.

Type: String

Pattern: .*\S.*

Required: No

Timezone

The time zone of the DB instance.

Type: String

Pattern: .*\S.*

Required: No

VpcSecurityGroups

A list of VPC security groups that the DB instance belongs to.

Type: Array of AwsRdsDbInstanceVpcSecurityGroup objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: