AwsRdsDbClusterDetails - AWS Security Hub

AwsRdsDbClusterDetails

Information about an Amazon RDS DB cluster.

Contents

ActivityStreamStatus

The status of the database activity stream. Valid values are as follows:

  • started

  • starting

  • stopped

  • stopping

Type: String

Pattern: .*\S.*

Required: No

AllocatedStorage

For all database engines except Aurora, specifies the allocated storage size in gibibytes (GiB).

Type: Integer

Required: No

AssociatedRoles

A list of the IAM roles that are associated with the DB cluster.

Type: Array of AwsRdsDbClusterAssociatedRole objects

Required: No

AutoMinorVersionUpgrade

Indicates if minor version upgrades are automatically applied to the cluster.

Type: Boolean

Required: No

AvailabilityZones

A list of Availability Zones (AZs) where instances in the DB cluster can be created.

Type: Array of strings

Pattern: .*\S.*

Required: No

BackupRetentionPeriod

The number of days for which automated backups are retained.

Type: Integer

Required: No

ClusterCreateTime

Indicates when the DB cluster was created, in Universal Coordinated Time (UTC).

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

CopyTagsToSnapshot

Whether tags are copied from the DB cluster to snapshots of the DB cluster.

Type: Boolean

Required: No

CrossAccountClone

Whether the DB cluster is a clone of a DB cluster owned by a different AWS account.

Type: Boolean

Required: No

CustomEndpoints

A list of custom endpoints for the DB cluster.

Type: Array of strings

Pattern: .*\S.*

Required: No

DatabaseName

The name of the database.

Type: String

Pattern: .*\S.*

Required: No

DbClusterIdentifier

The DB cluster identifier that the user assigned to the cluster. This identifier is the unique key that identifies a DB cluster.

Type: String

Pattern: .*\S.*

Required: No

DbClusterMembers

The list of instances that make up the DB cluster.

Type: Array of AwsRdsDbClusterMember objects

Required: No

DbClusterOptionGroupMemberships

The list of option group memberships for this DB cluster.

Type: Array of AwsRdsDbClusterOptionGroupMembership objects

Required: No

DbClusterParameterGroup

The name of the DB cluster parameter group for the DB cluster.

Type: String

Pattern: .*\S.*

Required: No

DbClusterResourceId

The identifier of the DB cluster. The identifier must be unique within each AWS Region and is immutable.

Type: String

Pattern: .*\S.*

Required: No

DbSubnetGroup

The subnet group that is associated with the DB cluster, including the name, description, and subnets in the subnet group.

Type: String

Pattern: .*\S.*

Required: No

DeletionProtection

Whether the DB cluster has deletion protection enabled.

Type: Boolean

Required: No

DomainMemberships

The Active Directory domain membership records that are associated with the DB cluster.

Type: Array of AwsRdsDbDomainMembership objects

Required: No

EnabledCloudWatchLogsExports

A list of log types that this DB cluster is configured to export to CloudWatch Logs.

Type: Array of strings

Pattern: .*\S.*

Required: No

Endpoint

The connection endpoint for the primary instance of the DB cluster.

Type: String

Pattern: .*\S.*

Required: No

Engine

The name of the database engine to use for this DB cluster. Valid values are as follows:

  • aurora

  • aurora-mysql

  • aurora-postgresql

Type: String

Pattern: .*\S.*

Required: No

EngineMode

The database engine mode of the DB cluster.Valid values are as follows:

  • global

  • multimaster

  • parallelquery

  • provisioned

  • serverless

Type: String

Pattern: .*\S.*

Required: No

EngineVersion

The version number of the database engine to use.

Type: String

Pattern: .*\S.*

Required: No

HostedZoneId

Specifies the identifier that Amazon Route 53 assigns when you create a hosted zone.

Type: String

Pattern: .*\S.*

Required: No

HttpEndpointEnabled

Whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled.

Type: Boolean

Required: No

IamDatabaseAuthenticationEnabled

Whether the mapping of IAM accounts to database accounts is enabled.

Type: Boolean

Required: No

KmsKeyId

The ARN of the AWS KMS master key that is used to encrypt the database instances in the DB cluster.

Type: String

Pattern: .*\S.*

Required: No

MasterUsername

The name of the master user for the DB cluster.

Type: String

Pattern: .*\S.*

Required: No

MultiAz

Whether the DB cluster has instances in multiple Availability Zones.

Type: Boolean

Required: No

Port

The port number on which the DB instances in the DB cluster accept connections.

Type: Integer

Required: No

PreferredBackupWindow

The range of time each day when automated backups are created, if automated backups are enabled.

Uses the format HH:MM-HH:MM. For example, 04:52-05:22.

Type: String

Pattern: .*\S.*

Required: No

PreferredMaintenanceWindow

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Uses the format <day>:HH:MM-<day>:HH:MM.

For the day values, use mon|tue|wed|thu|fri|sat|sun.

For example, sun:09:32-sun:10:02.

Type: String

Pattern: .*\S.*

Required: No

ReaderEndpoint

The reader endpoint for the DB cluster.

Type: String

Pattern: .*\S.*

Required: No

ReadReplicaIdentifiers

The identifiers of the read replicas that are associated with this DB cluster.

Type: Array of strings

Pattern: .*\S.*

Required: No

Status

The current status of this DB cluster.

Type: String

Pattern: .*\S.*

Required: No

StorageEncrypted

Whether the DB cluster is encrypted.

Type: Boolean

Required: No

VpcSecurityGroups

A list of VPC security groups that the DB cluster belongs to.

Type: Array of AwsRdsDbInstanceVpcSecurityGroup objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: