@guardian/cdk
    Preparing search index...

    Interface GuDatabaseInstanceProps

    interface GuDatabaseInstanceProps {
        allocatedStorage?: number;
        allowMajorVersionUpgrade?: boolean;
        app: string;
        applyImmediately?: boolean;
        autoMinorVersionUpgrade?: boolean;
        availabilityZone?: string;
        caCertificate?: CaCertificate;
        characterSetName?: string;
        cloudwatchLogsExports?: string[];
        cloudwatchLogsRetention?: RetentionDays;
        cloudwatchLogsRetentionRole?: IRole;
        copyTagsToSnapshot?: boolean;
        credentials?: Credentials;
        databaseName?: string;
        deleteAutomatedBackups?: boolean;
        deletionProtection?: boolean;
        devXBackups: OptIn | OptOut;
        domain?: string;
        domainRole?: IRole;
        enablePerformanceInsights?: boolean;
        engine: IInstanceEngine;
        iamAuthentication?: boolean;
        instanceIdentifier?: string;
        instanceType: string;
        iops?: number;
        licenseModel?: LicenseModel;
        maxAllocatedStorage?: number;
        monitoringInterval?: Duration;
        monitoringRole?: IRole;
        multiAz?: boolean;
        networkType?: NetworkType;
        optionGroup?: IOptionGroup;
        parameterGroup?: IParameterGroup;
        parameters?: { [key: string]: string };
        performanceInsightEncryptionKey?: IKey;
        performanceInsightRetention?: PerformanceInsightRetention;
        port?: number;
        preferredMaintenanceWindow?: string;
        processorFeatures?: ProcessorFeatures;
        publiclyAccessible?: boolean;
        removalPolicy?: RemovalPolicy;
        s3ExportBuckets?: IBucket[];
        s3ExportRole?: IRole;
        s3ImportBuckets?: IBucket[];
        s3ImportRole?: IRole;
        securityGroups?: ISecurityGroup[];
        storageEncrypted?: boolean;
        storageEncryptionKey?: IKey;
        storageThroughput?: number;
        storageType?: StorageType;
        subnetGroup?: ISubnetGroup;
        timezone?: string;
        vpc: IVpc;
        vpcSubnets?: SubnetSelection;
    }

    Hierarchy (View Summary)

    • Omit<
          DatabaseInstanceProps,
          "instanceType"
          | "backupRetention"
          | "preferredBackupWindow",
      >
    • AppIdentity
      • GuDatabaseInstanceProps
    Index

    Properties

    allocatedStorage? allowMajorVersionUpgrade? app applyImmediately? autoMinorVersionUpgrade? availabilityZone? caCertificate? characterSetName? cloudwatchLogsExports? cloudwatchLogsRetention? cloudwatchLogsRetentionRole? copyTagsToSnapshot? credentials? databaseName? deleteAutomatedBackups? deletionProtection? devXBackups domain? domainRole? enablePerformanceInsights? engine iamAuthentication? instanceIdentifier? instanceType iops? licenseModel? maxAllocatedStorage? monitoringInterval? monitoringRole? multiAz? networkType? optionGroup? parameterGroup? parameters? performanceInsightEncryptionKey? performanceInsightRetention? port? preferredMaintenanceWindow? processorFeatures? publiclyAccessible? removalPolicy? s3ExportBuckets? s3ExportRole? s3ImportBuckets? s3ImportRole? securityGroups? storageEncrypted? storageEncryptionKey? storageThroughput? storageType? subnetGroup? timezone? vpc vpcSubnets?

    Properties

    allocatedStorage?: number

    The allocated storage size, specified in gibibytes (GiB).

    100
    allowMajorVersionUpgrade?: boolean

    Whether to allow major version upgrades.

    false
    app: string
    applyImmediately?: boolean

    Specifies whether changes to the DB instance and any pending modifications are applied immediately, regardless of the preferredMaintenanceWindow setting. If set to false, changes are applied during the next maintenance window.

    Until RDS applies the changes, the DB instance remains in a drift state. As a result, the configuration doesn't fully reflect the requested modifications and temporarily diverges from the intended state.

    This property also determines whether the DB instance reboots when a static parameter is modified in the associated DB parameter group.

    https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html

    - Changes will be applied immediately
    autoMinorVersionUpgrade?: boolean

    Indicates that minor engine upgrades are applied automatically to the DB instance during the maintenance window.

    true
    availabilityZone?: string

    The name of the Availability Zone where the DB instance will be located.

    - no preference
    caCertificate?: CaCertificate

    The identifier of the CA certificate for this DB instance.

    Specifying or updating this property triggers a reboot.

    For RDS DB engines:

    - RDS will choose a certificate authority
    characterSetName?: string

    For supported engines, specifies the character set to associate with the DB instance.

    - RDS default character set name
    cloudwatchLogsExports?: string[]

    The list of log types that need to be enabled for exporting to CloudWatch Logs.

    - no log exports
    cloudwatchLogsRetention?: RetentionDays

    The number of days log events are kept in CloudWatch Logs. When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to Infinity.

    - logs never expire
    cloudwatchLogsRetentionRole?: IRole

    The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

    - a new role is created.
    copyTagsToSnapshot?: boolean

    Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance.

    true
    credentials?: Credentials

    Credentials for the administrative user

    - A username of 'admin' (or 'postgres' for PostgreSQL) and SecretsManager-generated password
    databaseName?: string

    The name of the database.

    - no name
    deleteAutomatedBackups?: boolean

    Indicates whether automated backups should be deleted or retained when you delete a DB instance.

    true
    deletionProtection?: boolean

    Indicates whether the DB instance should have deletion protection enabled.

    • true if removalPolicy is RETAIN, false otherwise
    devXBackups: OptIn | OptOut

    We recommend using DevX Backups to protect your RDS instance's backups. For more details on this feature, see the documentation.

    domain?: string

    The Active Directory directory ID to create the DB instance in.

    - Do not join domain
    domainRole?: IRole

    The IAM role to be used when making API calls to the Directory Service. The role needs the AWS-managed policy AmazonRDSDirectoryServiceAccess or equivalent.

    • The role will be created for you if DatabaseInstanceNewProps#domain is specified
    enablePerformanceInsights?: boolean

    Whether to enable Performance Insights for the DB instance.

    • false, unless performanceInsightRetention or performanceInsightEncryptionKey is set.
    engine: IInstanceEngine

    The database engine.

    iamAuthentication?: boolean

    Whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.

    false
    instanceIdentifier?: string

    A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase.

    - a CloudFormation generated name
    instanceType: string
    iops?: number

    The number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000.

    - no provisioned iops if storage type is not specified. For GP3: 3,000 IOPS if allocated
    storage is less than 400 GiB for MariaDB, MySQL, and PostgreSQL, less than 200 GiB for Oracle and
    less than 20 GiB for SQL Server. 12,000 IOPS otherwise (except for SQL Server where the default is
    always 3,000 IOPS).
    licenseModel?: LicenseModel

    The license model.

    - RDS default license model
    maxAllocatedStorage?: number

    Upper limit to which RDS can scale the storage in GiB(Gibibyte).

    https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling

    - No autoscaling of RDS instance
    monitoringInterval?: Duration

    The interval, in seconds, between points when Amazon RDS collects enhanced monitoring metrics for the DB instance.

    - no enhanced monitoring
    monitoringRole?: IRole

    Role that will be used to manage DB instance monitoring.

    - A role is automatically created for you
    multiAz?: boolean

    Specifies if the database instance is a multiple Availability Zone deployment.

    false
    networkType?: NetworkType

    The network type of the DB instance.

    - IPV4
    optionGroup?: IOptionGroup

    The option group to associate with the instance.

    - no option group
    parameterGroup?: IParameterGroup

    The DB parameter group to associate with the instance.

    - no parameter group
    parameters?: { [key: string]: string }

    The parameters in the DBParameterGroup to create automatically

    You can only specify parameterGroup or parameters but not both. You need to use a versioned engine to auto-generate a DBParameterGroup.

    - None
    performanceInsightEncryptionKey?: IKey

    The AWS KMS key for encryption of Performance Insights data.

    - default master key
    performanceInsightRetention?: PerformanceInsightRetention

    The amount of time, in days, to retain Performance Insights data.

    7 this is the free tier
    port?: number

    The port for the instance.

    - the default port for the chosen engine.
    preferredMaintenanceWindow?: string

    The weekly time range (in UTC) during which system maintenance can occur.

    Format: ddd:hh24:mi-ddd:hh24:mi Constraint: Minimum 30-minute window

    - a 30-minute window selected at random from an 8-hour block of
    time for each AWS Region, occurring on a random day of the week. To see
    the time blocks available, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance
    processorFeatures?: ProcessorFeatures

    The number of CPU cores and the number of threads per core.

    - the default number of CPU cores and threads per core for the
    chosen instance class.

    See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor
    publiclyAccessible?: boolean

    Indicates whether the DB instance is an internet-facing instance. If not specified, the instance's vpcSubnets will be used to determine if the instance is internet-facing or not.

    • true if the instance's vpcSubnets is subnetType: SubnetType.PUBLIC, false otherwise
    removalPolicy?: RemovalPolicy

    The CloudFormation policy to apply when the instance is removed from the stack or replaced during an update.

    - RemovalPolicy.SNAPSHOT (remove the resource, but retain a snapshot of the data)
    s3ExportBuckets?: IBucket[]

    S3 buckets that you want to load data into.

    This property must not be used if s3ExportRole is used.

    For Microsoft SQL Server:

    - None
    s3ExportRole?: IRole

    Role that will be associated with this DB instance to enable S3 export.

    This property must not be used if s3ExportBuckets is used.

    For Microsoft SQL Server:

    • New role is created if s3ExportBuckets is set, no role is defined otherwise
    s3ImportBuckets?: IBucket[]

    S3 buckets that you want to load data from. This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

    This property must not be used if s3ImportRole is used.

    For Microsoft SQL Server:

    - None
    s3ImportRole?: IRole

    Role that will be associated with this DB instance to enable S3 import. This feature is only supported by the Microsoft SQL Server, Oracle, and PostgreSQL engines.

    This property must not be used if s3ImportBuckets is used.

    For Microsoft SQL Server:

    • New role is created if s3ImportBuckets is set, no role is defined otherwise
    securityGroups?: ISecurityGroup[]

    The security groups to assign to the DB instance.

    - a new security group is created
    storageEncrypted?: boolean

    Indicates whether the DB instance is encrypted.

    - true if storageEncryptionKey has been provided, false otherwise
    storageEncryptionKey?: IKey

    The KMS key that's used to encrypt the DB instance.

    - default master key if storageEncrypted is true, no key otherwise
    storageThroughput?: number

    The storage throughput, specified in mebibytes per second (MiBps).

    Only applicable for GP3.

    https://docs.aws.amazon.com//AmazonRDS/latest/UserGuide/CHAP_Storage.html#gp3-storage

    - 125 MiBps if allocated storage is less than 400 GiB for MariaDB, MySQL, and PostgreSQL,
    less than 200 GiB for Oracle and less than 20 GiB for SQL Server. 500 MiBps otherwise (except for
    SQL Server where the default is always 125 MiBps).
    storageType?: StorageType

    The storage type. Storage types supported are gp2, io1, standard.

    https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#Concepts.Storage.GeneralSSD

    GP2
    subnetGroup?: ISubnetGroup

    Existing subnet group for the instance.

    - a new subnet group will be created.
    timezone?: string

    The time zone of the instance. This is currently supported only by Microsoft Sql Server.

    - RDS default timezone
    vpc: IVpc

    The VPC network where the DB subnet group should be created.

    vpcSubnets?: SubnetSelection

    The type of subnets to add to the created DB subnet group.

    - private subnets

    Settings

    Member Visibility

    On This Page

    Properties
    allocatedStorageallowMajorVersionUpgradeappapplyImmediatelyautoMinorVersionUpgradeavailabilityZonecaCertificatecharacterSetNamecloudwatchLogsExportscloudwatchLogsRetentioncloudwatchLogsRetentionRolecopyTagsToSnapshotcredentialsdatabaseNamedeleteAutomatedBackupsdeletionProtectiondevXBackupsdomaindomainRoleenablePerformanceInsightsengineiamAuthenticationinstanceIdentifierinstanceTypeiopslicenseModelmaxAllocatedStoragemonitoringIntervalmonitoringRolemultiAznetworkTypeoptionGroupparameterGroupparametersperformanceInsightEncryptionKeyperformanceInsightRetentionportpreferredMaintenanceWindowprocessorFeaturespubliclyAccessibleremovalPolicys3ExportBucketss3ExportRoles3ImportBucketss3ImportRolesecurityGroupsstorageEncryptedstorageEncryptionKeystorageThroughputstorageTypesubnetGrouptimezonevpcvpcSubnets