lib/aws-sdk-rds/client.rb in aws-sdk-rds-1.166.0 vs lib/aws-sdk-rds/client.rb in aws-sdk-rds-1.167.0

- old
+ new

@@ -2380,12 +2380,16 @@ # # @option params [String] :master_user_password # The password for the master database user. This password can contain # any printable ASCII character except "/", """, or "@". # - # Constraints: Must contain from 8 to 41 characters. + # Constraints: # + # * Must contain from 8 to 41 characters. + # + # * Can't be specified if `ManageMasterUserPassword` is turned on. + # # Valid for: Aurora DB clusters and Multi-AZ DB clusters # # @option params [String] :option_group_name # A value that indicates that the DB cluster should be associated with # the specified option group. @@ -2948,10 +2952,58 @@ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html # # @option params [String] :db_system_id # Reserved for future use. # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide* and + # [Password management with Amazon Web Services Secrets Manager][2] in + # the *Amazon Aurora User Guide.* + # + # Constraints: + # + # * Can't manage the master user password with Amazon Web Services + # Secrets Manager if `MasterUserPassword` is specified. + # + # ^ + # + # Valid for: Aurora DB clusters and Multi-AZ DB clusters + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB cluster. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # If you don't specify `MasterUserSecretKmsKeyId`, then the + # `aws/secretsmanager` KMS key is used to encrypt the secret. If the + # secret is in a different Amazon Web Services account, then you can't + # use the `aws/secretsmanager` KMS key to encrypt the secret, and you + # must use a customer managed KMS key. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # + # Valid for: Aurora DB clusters and Multi-AZ DB clusters + # # @option params [String] :source_region # The source region of the snapshot. This is only needed when the # shapshot is encrypted and in a different region. # # @return [Types::CreateDBClusterResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -3048,10 +3100,12 @@ # min_capacity: 1.0, # max_capacity: 1.0, # }, # network_type: "String", # db_system_id: "String", + # manage_master_user_password: false, + # master_user_secret_kms_key_id: "String", # source_region: "String", # }) # # @example Response structure # @@ -3160,10 +3214,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBCluster AWS API Documentation # # @overload create_db_cluster(params = {}) # @param [Hash] params ({}) @@ -3876,10 +3933,13 @@ # **Amazon Aurora** # # Not applicable. The password for the master user is managed by the DB # cluster. # + # Constraints: Can't be specified if `ManageMasterUserPassword` is + # turned on. + # # **MariaDB** # # Constraints: Must contain from 8 to 41 characters. # # **Microsoft SQL Server** @@ -4663,10 +4723,51 @@ # # This setting applies only to the `gp3` storage type. # # This setting doesn't apply to RDS Custom or Amazon Aurora. # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide.* + # + # Constraints: + # + # * Can't manage the master user password with Amazon Web Services + # Secrets Manager if `MasterUserPassword` is specified. + # + # ^ + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB instance. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # If you don't specify `MasterUserSecretKmsKeyId`, then the + # `aws/secretsmanager` KMS key is used to encrypt the secret. If the + # secret is in a different Amazon Web Services account, then you can't + # use the `aws/secretsmanager` KMS key to encrypt the secret, and you + # must use a customer managed KMS key. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # # @return [Types::CreateDBInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateDBInstanceResult#db_instance #db_instance} => Types::DBInstance # # @@ -4752,10 +4853,12 @@ # enable_customer_owned_ip: false, # custom_iam_instance_profile: "String", # backup_target: "String", # network_type: "String", # storage_throughput: 1, + # manage_master_user_password: false, + # master_user_secret_kms_key_id: "String", # }) # # @example Response structure # # resp.db_instance.db_instance_identifier #=> String @@ -4899,10 +5002,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstance AWS API Documentation # # @overload create_db_instance(params = {}) # @param [Hash] params ({}) @@ -5721,10 +5827,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstanceReadReplica AWS API Documentation # # @overload create_db_instance_read_replica(params = {}) # @param [Hash] params ({}) @@ -7200,10 +7309,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBCluster AWS API Documentation # # @overload delete_db_cluster(params = {}) # @param [Hash] params ({}) @@ -7670,10 +7782,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/DeleteDBInstance AWS API Documentation # # @overload delete_db_instance(params = {}) # @param [Hash] params ({}) @@ -9405,10 +9520,13 @@ # resp.db_clusters[0].performance_insights_retention_period #=> Integer # resp.db_clusters[0].serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_clusters[0].serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_clusters[0].network_type #=> String # resp.db_clusters[0].db_system_id #=> String + # resp.db_clusters[0].master_user_secret.secret_arn #=> String + # resp.db_clusters[0].master_user_secret.secret_status #=> String + # resp.db_clusters[0].master_user_secret.kms_key_id #=> String # # # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage): # # * db_cluster_available @@ -10036,10 +10154,13 @@ # resp.db_instances[0].backup_target #=> String # resp.db_instances[0].network_type #=> String # resp.db_instances[0].activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instances[0].storage_throughput #=> Integer # resp.db_instances[0].db_system_id #=> String + # resp.db_instances[0].master_user_secret.secret_arn #=> String + # resp.db_instances[0].master_user_secret.secret_status #=> String + # resp.db_instances[0].master_user_secret.kms_key_id #=> String # # # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage): # # * db_instance_available @@ -13244,10 +13365,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/FailoverDBCluster AWS API Documentation # # @overload failover_db_cluster(params = {}) # @param [Hash] params ({}) @@ -13900,12 +14024,16 @@ # # @option params [String] :master_user_password # The new password for the master database user. This password can # contain any printable ASCII character except "/", """, or "@". # - # Constraints: Must contain from 8 to 41 characters. + # Constraints: # + # * Must contain from 8 to 41 characters. + # + # * Can't be specified if `ManageMasterUserPassword` is turned on. + # # Valid for: Aurora DB clusters and Multi-AZ DB clusters # # @option params [String] :option_group_name # A value that indicates that the DB cluster should be associated with # the specified option group. @@ -14341,10 +14469,100 @@ # # # # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # If the DB cluster doesn't manage the master user password with Amazon + # Web Services Secrets Manager, you can turn on this management. In this + # case, you can't specify `MasterUserPassword`. + # + # If the DB cluster already manages the master user password with Amazon + # Web Services Secrets Manager, and you specify that the master user + # password is not managed with Amazon Web Services Secrets Manager, then + # you must specify `MasterUserPassword`. In this case, RDS deletes the + # secret and uses the new password for the master user specified by + # `MasterUserPassword`. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide* and + # [Password management with Amazon Web Services Secrets Manager][2] in + # the *Amazon Aurora User Guide.* + # + # Valid for: Aurora DB clusters and Multi-AZ DB clusters + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html + # + # @option params [Boolean] :rotate_master_user_password + # A value that indicates whether to rotate the secret managed by Amazon + # Web Services Secrets Manager for the master user password. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB cluster. The + # secret value contains the updated password. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide* and + # [Password management with Amazon Web Services Secrets Manager][2] in + # the *Amazon Aurora User Guide.* + # + # Constraints: + # + # * You must apply the change immediately when rotating the master user + # password. + # + # ^ + # + # Valid for: Aurora DB clusters and Multi-AZ DB clusters + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if both of the following conditions are + # met: + # + # * The DB cluster doesn't manage the master user password in Amazon + # Web Services Secrets Manager. + # + # If the DB cluster already manages the master user password in Amazon + # Web Services Secrets Manager, you can't change the KMS key that is + # used to encrypt the secret. + # + # * You are turning on `ManageMasterUserPassword` to manage the master + # user password in Amazon Web Services Secrets Manager. + # + # If you are turning on `ManageMasterUserPassword` and don't specify + # `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager` KMS key is + # used to encrypt the secret. If the secret is in a different Amazon + # Web Services account, then you can't use the `aws/secretsmanager` + # KMS key to encrypt the secret, and you must use a customer managed + # KMS key. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # + # Valid for: Aurora DB clusters and Multi-AZ DB clusters + # # @return [Types::ModifyDBClusterResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ModifyDBClusterResult#db_cluster #db_cluster} => Types::DBCluster # # @@ -14417,10 +14635,13 @@ # serverless_v2_scaling_configuration: { # min_capacity: 1.0, # max_capacity: 1.0, # }, # network_type: "String", + # manage_master_user_password: false, + # rotate_master_user_password: false, + # master_user_secret_kms_key_id: "String", # }) # # @example Response structure # # resp.db_cluster.allocated_storage #=> Integer @@ -14528,10 +14749,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBCluster AWS API Documentation # # @overload modify_db_cluster(params = {}) # @param [Hash] params ({}) @@ -14984,10 +15208,13 @@ # Not applicable. The password for the master user is managed by the DB # cluster. For more information, see `ModifyDBCluster`. # # Default: Uses existing setting # + # Constraints: Can't be specified if `ManageMasterUserPassword` is + # turned on. + # # **MariaDB** # # Constraints: Must contain from 8 to 41 characters. # # **Microsoft SQL Server** @@ -15679,10 +15906,95 @@ # # This setting applies only to the `gp3` storage type. # # This setting doesn't apply to RDS Custom or Amazon Aurora. # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # If the DB cluster doesn't manage the master user password with Amazon + # Web Services Secrets Manager, you can turn on this management. In this + # case, you can't specify `MasterUserPassword`. + # + # If the DB cluster already manages the master user password with Amazon + # Web Services Secrets Manager, and you specify that the master user + # password is not managed with Amazon Web Services Secrets Manager, then + # you must specify `MasterUserPassword`. In this case, RDS deletes the + # secret and uses the new password for the master user specified by + # `MasterUserPassword`. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide.* + # + # Constraints: + # + # * Can't manage the master user password with Amazon Web Services + # Secrets Manager if `MasterUserPassword` is specified. + # + # ^ + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # + # @option params [Boolean] :rotate_master_user_password + # A value that indicates whether to rotate the secret managed by Amazon + # Web Services Secrets Manager for the master user password. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB cluster. The + # secret value contains the updated password. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide.* + # + # Constraints: + # + # * You must apply the change immediately when rotating the master user + # password. + # + # ^ + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if both of the following conditions are + # met: + # + # * The DB instance doesn't manage the master user password in Amazon + # Web Services Secrets Manager. + # + # If the DB instance already manages the master user password in + # Amazon Web Services Secrets Manager, you can't change the KMS key + # used to encrypt the secret. + # + # * You are turning on `ManageMasterUserPassword` to manage the master + # user password in Amazon Web Services Secrets Manager. + # + # If you are turning on `ManageMasterUserPassword` and don't specify + # `MasterUserSecretKmsKeyId`, then the `aws/secretsmanager` KMS key is + # used to encrypt the secret. If the secret is in a different Amazon + # Web Services account, then you can't use the `aws/secretsmanager` + # KMS key to encrypt the secret, and you must use a customer managed + # KMS key. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # # @return [Types::ModifyDBInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ModifyDBInstanceResult#db_instance #db_instance} => Types::DBInstance # # @@ -15765,10 +16077,13 @@ # aws_backup_recovery_point_arn: "AwsBackupRecoveryPointArn", # automation_mode: "full", # accepts full, all-paused # resume_full_automation_mode_minutes: 1, # network_type: "String", # storage_throughput: 1, + # manage_master_user_password: false, + # rotate_master_user_password: false, + # master_user_secret_kms_key_id: "String", # }) # # @example Response structure # # resp.db_instance.db_instance_identifier #=> String @@ -15912,10 +16227,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBInstance AWS API Documentation # # @overload modify_db_instance(params = {}) # @param [Hash] params ({}) @@ -17152,10 +17470,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplica AWS API Documentation # # @overload promote_read_replica(params = {}) # @param [Hash] params ({}) @@ -17295,10 +17616,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/PromoteReadReplicaDBCluster AWS API Documentation # # @overload promote_read_replica_db_cluster(params = {}) # @param [Hash] params ({}) @@ -17542,10 +17866,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBCluster AWS API Documentation # # @overload reboot_db_cluster(params = {}) # @param [Hash] params ({}) @@ -17762,10 +18089,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RebootDBInstance AWS API Documentation # # @overload reboot_db_instance(params = {}) # @param [Hash] params ({}) @@ -18407,16 +18737,20 @@ # # * First character must be a letter. # # * Can't be a reserved word for the chosen database engine. # - # @option params [required, String] :master_user_password + # @option params [String] :master_user_password # The password for the master database user. This password can contain # any printable ASCII character except "/", """, or "@". # - # Constraints: Must contain from 8 to 41 characters. + # Constraints: # + # * Must contain from 8 to 41 characters. + # + # * Can't be specified if `ManageMasterUserPassword` is turned on. + # # @option params [String] :option_group_name # A value that indicates that the restored DB cluster should be # associated with the specified option group. # # Permanent options can't be removed from an option group. An option @@ -18627,10 +18961,54 @@ # # # # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide* and + # [Password management with Amazon Web Services Secrets Manager][2] in + # the *Amazon Aurora User Guide.* + # + # Constraints: + # + # * Can't manage the master user password with Amazon Web Services + # Secrets Manager if `MasterUserPassword` is specified. + # + # ^ + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB cluster. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # If you don't specify `MasterUserSecretKmsKeyId`, then the + # `aws/secretsmanager` KMS key is used to encrypt the secret. If the + # secret is in a different Amazon Web Services account, then you can't + # use the `aws/secretsmanager` KMS key to encrypt the secret, and you + # must use a customer managed KMS key. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # # @return [Types::RestoreDBClusterFromS3Result] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::RestoreDBClusterFromS3Result#db_cluster #db_cluster} => Types::DBCluster # # @example Request syntax with placeholder values @@ -18646,11 +19024,11 @@ # db_subnet_group_name: "String", # engine: "String", # required # engine_version: "String", # port: 1, # master_username: "String", # required - # master_user_password: "String", # required + # master_user_password: "String", # option_group_name: "String", # preferred_backup_window: "String", # preferred_maintenance_window: "String", # tags: [ # { @@ -18675,10 +19053,12 @@ # serverless_v2_scaling_configuration: { # min_capacity: 1.0, # max_capacity: 1.0, # }, # network_type: "String", + # manage_master_user_password: false, + # master_user_secret_kms_key_id: "String", # }) # # @example Response structure # # resp.db_cluster.allocated_storage #=> Integer @@ -18786,10 +19166,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromS3 AWS API Documentation # # @overload restore_db_cluster_from_s3(params = {}) # @param [Hash] params ({}) @@ -19424,10 +19807,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterFromSnapshot AWS API Documentation # # @overload restore_db_cluster_from_snapshot(params = {}) # @param [Hash] params ({}) @@ -20031,10 +20417,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBClusterToPointInTime AWS API Documentation # # @overload restore_db_cluster_to_point_in_time(params = {}) # @param [Hash] params ({}) @@ -20795,10 +21184,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromDBSnapshot AWS API Documentation # # @overload restore_db_instance_from_db_snapshot(params = {}) # @param [Hash] params ({}) @@ -20880,12 +21272,33 @@ # # @option params [String] :master_user_password # The password for the master user. The password can include any # printable ASCII character except "/", """, or "@". # + # Constraints: Can't be specified if `ManageMasterUserPassword` is + # turned on. + # + # **MariaDB** + # # Constraints: Must contain from 8 to 41 characters. # + # **Microsoft SQL Server** + # + # Constraints: Must contain from 8 to 128 characters. + # + # **MySQL** + # + # Constraints: Must contain from 8 to 41 characters. + # + # **Oracle** + # + # Constraints: Must contain from 8 to 30 characters. + # + # **PostgreSQL** + # + # Constraints: Must contain from 8 to 128 characters. + # # @option params [Array<String>] :db_security_groups # A list of DB security groups to associate with this DB instance. # # Default: The default DB security group for the database engine. # @@ -21242,10 +21655,51 @@ # @option params [Integer] :storage_throughput # Specifies the storage throughput value for the DB instance. # # This setting doesn't apply to RDS Custom or Amazon Aurora. # + # @option params [Boolean] :manage_master_user_password + # A value that indicates whether to manage the master user password with + # Amazon Web Services Secrets Manager. + # + # For more information, see [Password management with Amazon Web + # Services Secrets Manager][1] in the *Amazon RDS User Guide.* + # + # Constraints: + # + # * Can't manage the master user password with Amazon Web Services + # Secrets Manager if `MasterUserPassword` is specified. + # + # ^ + # + # + # + # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html + # + # @option params [String] :master_user_secret_kms_key_id + # The Amazon Web Services KMS key identifier to encrypt a secret that is + # automatically generated and managed in Amazon Web Services Secrets + # Manager. + # + # This setting is valid only if the master user password is managed by + # RDS in Amazon Web Services Secrets Manager for the DB instance. + # + # The Amazon Web Services KMS key identifier is the key ARN, key ID, + # alias ARN, or alias name for the KMS key. To use a KMS key in a + # different Amazon Web Services account, specify the key ARN or alias + # ARN. + # + # If you don't specify `MasterUserSecretKmsKeyId`, then the + # `aws/secretsmanager` KMS key is used to encrypt the secret. If the + # secret is in a different Amazon Web Services account, then you can't + # use the `aws/secretsmanager` KMS key to encrypt the secret, and you + # must use a customer managed KMS key. + # + # There is a default KMS key for your Amazon Web Services account. Your + # Amazon Web Services account has a different default KMS key for each + # Amazon Web Services Region. + # # @return [Types::RestoreDBInstanceFromS3Result] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::RestoreDBInstanceFromS3Result#db_instance #db_instance} => Types::DBInstance # # @example Request syntax with placeholder values @@ -21305,10 +21759,12 @@ # use_default_processor_features: false, # deletion_protection: false, # max_allocated_storage: 1, # network_type: "String", # storage_throughput: 1, + # manage_master_user_password: false, + # master_user_secret_kms_key_id: "String", # }) # # @example Response structure # # resp.db_instance.db_instance_identifier #=> String @@ -21452,10 +21908,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3 AWS API Documentation # # @overload restore_db_instance_from_s3(params = {}) # @param [Hash] params ({}) @@ -22200,10 +22659,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTime AWS API Documentation # # @overload restore_db_instance_to_point_in_time(params = {}) # @param [Hash] params ({}) @@ -22523,10 +22985,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBCluster AWS API Documentation # # @overload start_db_cluster(params = {}) # @param [Hash] params ({}) @@ -22707,10 +23172,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StartDBInstance AWS API Documentation # # @overload start_db_instance(params = {}) # @param [Hash] params ({}) @@ -23152,10 +23620,13 @@ # resp.db_cluster.performance_insights_retention_period #=> Integer # resp.db_cluster.serverless_v2_scaling_configuration.min_capacity #=> Float # resp.db_cluster.serverless_v2_scaling_configuration.max_capacity #=> Float # resp.db_cluster.network_type #=> String # resp.db_cluster.db_system_id #=> String + # resp.db_cluster.master_user_secret.secret_arn #=> String + # resp.db_cluster.master_user_secret.secret_status #=> String + # resp.db_cluster.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBCluster AWS API Documentation # # @overload stop_db_cluster(params = {}) # @param [Hash] params ({}) @@ -23343,10 +23814,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/StopDBInstance AWS API Documentation # # @overload stop_db_instance(params = {}) # @param [Hash] params ({}) @@ -23665,10 +24139,13 @@ # resp.db_instance.backup_target #=> String # resp.db_instance.network_type #=> String # resp.db_instance.activity_stream_policy_status #=> String, one of "locked", "unlocked", "locking-policy", "unlocking-policy" # resp.db_instance.storage_throughput #=> Integer # resp.db_instance.db_system_id #=> String + # resp.db_instance.master_user_secret.secret_arn #=> String + # resp.db_instance.master_user_secret.secret_status #=> String + # resp.db_instance.master_user_secret.kms_key_id #=> String # # @see http://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/SwitchoverReadReplica AWS API Documentation # # @overload switchover_read_replica(params = {}) # @param [Hash] params ({}) @@ -23688,10 +24165,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-rds' - context[:gem_version] = '1.166.0' + context[:gem_version] = '1.167.0' Seahorse::Client::Request.new(handlers, context) end # Polls an API operation until a resource enters a desired state. #