Creating an Amazon Aurora DB cluster (original) (raw)

Auto minor version upgrade

Choose Enable auto minor version upgrade if you want to enable your Aurora DB cluster to receive preferred minor version upgrades to the DB engine automatically when they become available.

The Auto minor version upgrade setting applies to both Aurora PostgreSQL and Aurora MySQL DB clusters.

For more information about engine updates for Aurora PostgreSQL, see Database engine updates for Amazon Aurora PostgreSQL.

For more information about engine updates for Aurora MySQL, see Database engine updates for Amazon Aurora MySQL.

Set this value for every DB instance in your Aurora cluster. If any DB instance in your cluster has this setting turned off, the cluster isn't automatically upgraded.

Using the AWS CLI, run create-db-instance and set the --auto-minor-version-upgrade|--no-auto-minor-version-upgrade option.

Using the RDS API, call CreateDBInstance and set the AutoMinorVersionUpgrade parameter.

AWS KMS key

Only available if Encryption is set to Enable encryption. Choose the AWS KMS key to use for encrypting this DB cluster. For more information, seeEncrypting Amazon Aurora resources.

Using the AWS CLI, run create-db-cluster and set the --kms-key-id option.

Using the RDS API, call CreateDBCluster and set the KmsKeyId parameter.

Backtrack

Applies only to Aurora MySQL. Choose Enable Backtrack to enable backtracking or Disable Backtrack to disable backtracking. Using backtracking, you can rewind a DB cluster to a specific time, without creating a new DB cluster. It is disabled by default. If you enable backtracking, also specify the amount of time that you want to be able to backtrack your DB cluster (the target backtrack window). For more information, see Backtracking an Aurora DB cluster.

Using the AWS CLI, run create-db-cluster and set the --backtrack-window option.

Using the RDS API, call CreateDBCluster and set the BacktrackWindow parameter.

Certificate authority

The certificate authority (CA) for the server certificate used by the DB instances in the DB cluster.

For more information, see Using SSL/TLS to encrypt a connection to a DB cluster.

Using the AWS CLI, run create-db-instance and set the --ca-certificate-identifier option.

Using the RDS API, call CreateDBInstance and set the CACertificateIdentifier parameter.

Cluster storage configuration

The storage type for the DB cluster: Aurora I/O-Optimized or Aurora Standard.

For more information, see Storage configurations for Amazon Aurora DB clusters.

Using the AWS CLI, run create-db-cluster and set the --storage-type option.

Using the RDS API, call CreateDBCluster and set the StorageType parameter.

Copy tags to snapshots

Choose this option to copy any DB instance tags to a DB snapshot when you create a snapshot.

For more information, seeTagging Amazon Aurora and Amazon RDS resources.

Using the AWS CLI, run create-db-cluster and set the --copy-tags-to-snapshot | --no-copy-tags-to-snapshot option.

Using the RDS API, call CreateDBCluster and set the CopyTagsToSnapshot parameter.

Database authentication

The database authentication you want to use.

For MySQL:

• Choose Password authentication to authenticate database users with database passwords only.
• Choose Password and IAM database authentication to authenticate database users with database passwords and user credentials through IAM users and roles. For more information, see IAM database authentication.

For PostgreSQL:

• Choose IAM database authentication to authenticate database users with database passwords and user credentials through users and roles. For more information, see IAM database authentication.
• Choose Kerberos authentication to authenticate database passwords and user credentials using Kerberos authentication. For more information, see Using Kerberos authentication with Aurora PostgreSQL.

To use IAM database authentication with the AWS CLI, run create-db-cluster and set the --enable-iam-database-authentication | --no-enable-iam-database-authentication option.

To use IAM database authentication with the RDS API, call CreateDBCluster and set the EnableIAMDatabaseAuthentication parameter.

To use Kerberos authentication with the AWS CLI, run create-db-cluster and set the --domain and --domain-iam-role-name options.

To use Kerberos authentication with the RDS API, call CreateDBCluster and set the Domain and DomainIAMRoleName parameters.

Database port

Specify the port for applications and utilities to use to access the database. Aurora MySQL DB clusters default to the default MySQL port, 3306, and Aurora PostgreSQL DB clusters default to the default PostgreSQL port, 5432. The firewalls at some companies block connections to these default ports. If your company firewall blocks the default port, choose another port for the new DB cluster.

Using the AWS CLI, run create-db-cluster and set the --port option.

Using the RDS API, call CreateDBCluster and set the Port parameter.

DB cluster identifier

Enter a name for your DB cluster that is unique for your account in the AWS Region that you chose. This identifier is used in the cluster endpoint address for your DB cluster. For information on the cluster endpoint, see Amazon Aurora endpoint connections.

The DB cluster identifier has the following constraints:

• It must contain from 1 to 63 alphanumeric characters or hyphens.
• Its first character must be a letter.
• It cannot end with a hyphen or contain two consecutive hyphens.
• It must be unique for all DB clusters per AWS account, per AWS Region.

Using the AWS CLI, run create-db-cluster and set the --db-cluster-identifier option.

Using the RDS API, call CreateDBCluster and set the DBClusterIdentifier parameter.

DB cluster parameter group

Choose a DB cluster parameter group. Aurora has a default DB cluster parameter group you can use, or you can create your own DB cluster parameter group. For more information about DB cluster parameter groups, see Parameter groups for Amazon Aurora.

Using the AWS CLI, run create-db-cluster and set the --db-cluster-parameter-group-name option.

Using the RDS API, call CreateDBCluster and set the DBClusterParameterGroupName parameter.

DB instance class

Applies only to the provisioned capacity type. Choose a DB instance class that defines the processing and memory requirements for each instance in the DB cluster. For more information about DB instance classes, seeAmazon Aurora DB instance classes.

Set this value for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --db-instance-class option.

Using the RDS API, call CreateDBInstance and set the DBInstanceClass parameter.

DB parameter group

Choose a parameter group. Aurora has a default parameter group you can use, or you can create your own parameter group. For more information about parameter groups, see Parameter groups for Amazon Aurora.

Set this value for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --db-parameter-group-name option.

Using the RDS API, call CreateDBInstance and set the DBParameterGroupName parameter.

DB subnet group

The DB subnet group you want to use for the DB cluster.

Select Choose existing to use an existing DB subnet group. Then choose the required subnet group from the Existing DB subnet groups dropdown list.

Choose Automatic setup to let RDS select a compatible DB subnet group. If none exist, RDS creates a new subnet group for your cluster.

For more information, see DB cluster prerequisites.

Using the AWS CLI, run create-db-cluster and set the --db-subnet-group-name option.

Using the RDS API, call CreateDBCluster and set the DBSubnetGroupName parameter.

Enable deletion protection

Choose Enable deletion protection to prevent your DB cluster from being deleted. If you create a production DB cluster with the console, deletion protection is enabled by default.

Using the AWS CLI, run create-db-cluster and set the --deletion-protection | --no-deletion-protection option.

Using the RDS API, call CreateDBCluster and set the DeletionProtection parameter.

Enable encryption

Choose Enable encryption to enable encryption at rest for this DB cluster. For more information, seeEncrypting Amazon Aurora resources.

Using the AWS CLI, run create-db-cluster and set the --storage-encrypted | --no-storage-encrypted option.

Using the RDS API, call CreateDBCluster and set the StorageEncrypted parameter.

Enable Enhanced Monitoring

Choose Enable enhanced monitoring to enable gathering metrics in real time for the operating system that your DB cluster runs on. For more information, see Monitoring OS metrics with Enhanced Monitoring.

Set these values for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --monitoring-interval and --monitoring-role-arn options.

Using the RDS API, call CreateDBInstance and set the MonitoringInterval and MonitoringRoleArn parameters.

Enable the RDS Data API

Choose Enable the RDS Data API to enable RDS Data API (Data API). Data API provides a secure HTTP endpoint for running SQL statements without managing connections. For more information, see Using RDS Data API.

Using the AWS CLI, run create-db-cluster and set the --enable-http-endpoint | --no-enable-http-endpoint option.

Using the RDS API, call CreateDBCluster and set the EnableHttpEndpoint parameter.

Engine type

Choose the database engine to be used for this DB cluster.

Using the AWS CLI, run create-db-cluster and set the --engine option.

Using the RDS API, call CreateDBCluster and set the Engine parameter.

Engine version

Applies only to the provisioned capacity type. Choose the version number of your DB engine.

Using the AWS CLI, run create-db-cluster and set the --engine-version option.

Using the RDS API, call CreateDBCluster and set the EngineVersion parameter.

Failover priority

Choose a failover priority for the instance. If you don't choose a value, the default is tier-1. This priority determines the order in which Aurora Replicas are promoted when recovering from a primary instance failure. For more information, see Fault tolerance for an Aurora DB cluster.

Set this value for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --promotion-tier option.

Using the RDS API, call CreateDBInstance and set the PromotionTier parameter.

Initial database name

Enter a name for your default database. If you don't provide a name for an Aurora MySQL DB cluster, Amazon RDS doesn't create a database on the DB cluster you are creating. If you don't provide a name for an Aurora PostgreSQL DB cluster, Amazon RDS creates a database named postgres.

For Aurora MySQL, the default database name has these constraints:

• It must contain 1–64 alphanumeric characters.
• It can't be a word reserved by the database engine.

For Aurora PostgreSQL, the default database name has these constraints:

• It must contain 1–63 alphanumeric characters.
• It must begin with a letter. Subsequent characters can be letters, underscores, or digits (0–9).
• It can't be a word reserved by the database engine.

To create additional databases, connect to the DB cluster and use the SQL command CREATE DATABASE. For more information about connecting to the DB cluster, seeConnecting to an Amazon Aurora DB cluster.

Using the AWS CLI, run create-db-cluster and set the --database-name option.

Using the RDS API, call CreateDBCluster and set the DatabaseName parameter.

Log exports

In the Log exports section, choose the logs that you want to start publishing to Amazon CloudWatch Logs. For more information about publishing Aurora MySQL logs to CloudWatch Logs, see Publishing Amazon Aurora MySQL logs to Amazon CloudWatch Logs. For more information about publishing Aurora PostgreSQL logs to CloudWatch Logs, see Publishing Aurora PostgreSQL logs to Amazon CloudWatch Logs.

Using the AWS CLI, run create-db-cluster and set the --enable-cloudwatch-logs-exports option.

Using the RDS API, call CreateDBCluster and set the EnableCloudwatchLogsExports parameter.

Maintenance window

Choose Select window and specify the weekly time range during which system maintenance can occur. Or choose No preference for Amazon RDS to assign a period randomly.

Using the AWS CLI, run create-db-cluster and set the --preferred-maintenance-window option.

Using the RDS API, call CreateDBCluster and set the PreferredMaintenanceWindow parameter.

Manage master credentials in AWS Secrets Manager

Select Manage master credentials in AWS Secrets Manager to manage the master user password in a secret in Secrets Manager.

Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account.

For more information, see Password management with Amazon Aurora and AWS Secrets Manager.

Using the AWS CLI, run create-db-cluster and set the --manage-master-user-password | --no-manage-master-user-password and --master-user-secret-kms-key-id options.

Using the RDS API, call CreateDBCluster and set the ManageMasterUserPassword and MasterUserSecretKmsKeyId parameters.

Master password

Enter a password to log on to your DB cluster:

• For Aurora MySQL, the password must contain 8–41 printable ASCII characters.
• For Aurora PostgreSQL, it must contain 8–99 printable ASCII characters.
• It can't contain /, ", @, or a space.

Using the AWS CLI, run create-db-cluster and set the --master-user-password option.

Using the RDS API, call CreateDBCluster and set the MasterUserPassword parameter.

Master username

Enter a name to use as the master user name to log on to your DB cluster:

• For Aurora MySQL, the name must contain 1–16 alphanumeric characters.
• For Aurora PostgreSQL, it must contain 1–63 alphanumeric characters.
• The first character must be a letter.
• The name can't be a word reserved by the database engine.

You can't change the master user name after the DB cluster is created.

Using the AWS CLI, run create-db-cluster and set the --master-username option.

Using the RDS API, call CreateDBCluster and set the MasterUsername parameter.

Multi-AZ deployment

Applies only to the provisioned capacity type. Determine if you want to create Aurora Replicas in other Availability Zones for failover support. If you choose Create Replica in Different Zone, then Amazon RDS creates an Aurora Replica for you in your DB cluster in a different Availability Zone than the primary instance for your DB cluster. For more information about multiple Availability Zones, see Regions and Availability Zones.

Using the AWS CLI, run create-db-cluster and set the --availability-zones option.

Using the RDS API, call CreateDBCluster and set the AvailabilityZones parameter.

Network type

The IP addressing protocols supported by the DB cluster.

IPv4 to specify that resources can communicate with the DB cluster only over the IPv4 addressing protocol.

Dual-stack mode to specify that resources can communicate with the DB cluster over IPv4, IPv6, or both. Use dual-stack mode if you have any resources that must communicate with your DB cluster over the IPv6 addressing protocol. To use dual-stack mode, make sure at least two subnets spanning two Availability Zones that support both the IPv4 and IPv6 network protocol. Also, make sure you associate an IPv6 CIDR block with subnets in the DB subnet group you specify.

For more information, see Amazon Aurora IP addressing.

Using the AWS CLI, run create-db-cluster and set the -network-type option.

Using the RDS API, call CreateDBCluster and set the NetworkType parameter.

Public access

Choose Publicly accessible to give the DB cluster a public IP address, or choose Not publicly accessible. The instances in your DB cluster can be a mix of both public and private DB instances. For more information about hiding instances from public access, see Hiding a DB cluster in a VPC from the internet.

To connect to a DB instance from outside of its Amazon VPC, the DB instance must be publicly accessible, access must be granted using the inbound rules of the DB instance's security group, and other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance.

If your DB instance is isn't publicly accessible, you can also use an AWS Site-to-Site VPN connection or an AWS Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy.

Set this value for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --publicly-accessible | --no-publicly-accessible option.

Using the RDS API, call CreateDBInstance and set the PubliclyAccessible parameter.

RDS Extended Support

Select Enable RDS Extended Support to allow supported major engine versions to continue running past the Aurora end of standard support date.

When you create a DB cluster, Amazon Aurora defaults to RDS Extended Support. To prevent the creation of a new DB cluster after the Aurora end of standard support date and to avoid charges for RDS Extended Support, disable this setting. Your existing DB clusters won't incur charges until the RDS Extended Support pricing start date.

For more information, see Amazon RDS Extended Support with Amazon Aurora.

Using the AWS CLI, run create-db-cluster and set the--engine-lifecycle-support option.

Using the RDS API, call CreateDBCluster and set theEngineLifecycleSupport parameter.

RDS Proxy

Choose Create an RDS Proxy to create a proxy for your DB cluster. Amazon RDS automatically creates an IAM role and a Secrets Manager secret for the proxy.

For more information, see Amazon RDS Proxy for Aurora.

Not available when creating a DB cluster.

Retention period

Choose the length of time, from 1 to 35 days, that Aurora retains backup copies of the database. Backup copies can be used for point-in-time restores (PITR) of your database down to the second.

Using the AWS CLI, run create-db-cluster and set the --backup-retention-period option.

Using the RDS API, call CreateDBCluster and set the BackupRetentionPeriod parameter.

Turn on DevOps Guru

Choose Turn on DevOps Guru to turn on Amazon DevOps Guru for your Aurora database. For DevOps Guru for RDS to provide detailed analysis of performance anomalies, Performance Insights must be turned on. For more information, see Setting up DevOps Guru for RDS.

You can turn on DevOps Guru for RDS from within the RDS console, but not by using the RDS API or CLI. For more information about turning on DevOps Guru, see the Amazon DevOps Guru User Guide.

Turn on Performance Insights

Choose Turn on Performance Insights to turn on Amazon RDS Performance Insights. For more information, see Monitoring DB load with Performance Insights on Amazon Aurora.

Set these values for every DB instance in your Aurora cluster.

Using the AWS CLI, run create-db-instance and set the --enable-performance-insights | --no-enable-performance-insights, --performance-insights-kms-key-id, and --performance-insights-retention-period options.

Using the RDS API, call CreateDBInstance and set the EnablePerformanceInsights, PerformanceInsightsKMSKeyId, and PerformanceInsightsRetentionPeriod parameters.

Virtual Private Cloud (VPC)

Choose the VPC to host the DB cluster. ChooseCreate a New VPC to have Amazon RDS create a VPC for you. For more information, see DB cluster prerequisites.

For the AWS CLI and API, you specify the VPC security group IDs.

VPC security group (firewall)

Choose Create new to have Amazon RDS create a VPC security group for you. Or choose Choose existing and specify one or more VPC security groups to secure network access to the DB cluster.

When you choose Create new in the RDS console, a new security group is created with an inbound rule that allows access to the DB instance from the IP address detected in your browser.

For more information, see DB cluster prerequisites.

Using the AWS CLI, run create-db-cluster and set the --vpc-security-group-ids option.

Using the RDS API, call CreateDBCluster and set the VpcSecurityGroupIds parameter.