{ "description": "Instance is the Schema for the Instances API. Provides an RDS instance resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "InstanceSpec defines the desired state of Instance", "properties": { "forProvider": { "properties": { "allocatedStorage": { "description": "The allocated storage in gibibytes. If max_allocated_storage is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If replicate_source_db is set, the value is ignored during the creation of the instance.", "type": "number" }, "allowMajorVersionUpgrade": { "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.", "type": "boolean" }, "applyImmediately": { "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\nfalse. See Amazon RDS Documentation for more\ninformation.", "type": "boolean" }, "autoGeneratePassword": { "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage_master_user_password is set to true.\nIf true, the password will be auto-generated and stored in the Secret referenced by the passwordSecretRef field.", "type": "boolean" }, "autoMinorVersionUpgrade": { "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.", "type": "boolean" }, "availabilityZone": { "description": "The AZ for the RDS instance.", "type": "string" }, "backupRetentionPeriod": { "description": "The days to retain backups for.\nMust be between 0 and 35.\nDefault is 0.\nMust be greater than 0 if the database is used as a source for a Read Replica,\nuses low-downtime updates,\nor will use RDS Blue/Green deployments.", "type": "number" }, "backupTarget": { "description": "Specifies where automated backups and manual snapshots are stored. Possible values are region (default) and outposts. See Working with Amazon RDS on AWS Outposts for more information.", "type": "string" }, "backupWindow": { "description": "The daily time range (in UTC) during which automated backups are created if they are enabled.\nExample: \"09:46-10:16\". Must not overlap with maintenance_window.", "type": "string" }, "blueGreenUpdate": { "description": "Enables low-downtime updates using RDS Blue/Green deployments.\nSee blue_green_update below.", "properties": { "enabled": { "description": "Enables low-downtime updates when true.\nDefault is false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "caCertIdentifier": { "description": "The identifier of the CA certificate for the DB instance.", "type": "string" }, "characterSetName": { "description": "The character set name to use for DB encoding in Oracle and Microsoft SQL instances (collation).\nThis can't be changed.\nSee Oracle Character Sets Supported in Amazon RDS or\nServer-Level Collation for Microsoft SQL Server for more information.\nCannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier.", "type": "string" }, "copyTagsToSnapshot": { "description": "Copy all Instance tags to snapshots. Default is false.", "type": "boolean" }, "customIamInstanceProfile": { "description": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.", "type": "string" }, "customerOwnedIpEnabled": { "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See CoIP for RDS on Outposts for more information.", "type": "boolean" }, "databaseInsightsMode": { "description": "The mode of Database Insights that is enabled for the instance. Valid values: standard, advanced .", "type": "string" }, "dbName": { "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the AWS documentation for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case. Cannot be specified for a replica.", "type": "string" }, "dbSubnetGroupName": { "description": "Name of DB subnet group.\nDB instance will be created in the VPC associated with the DB subnet group.\nIf unspecified, will be created in the default Subnet Group.\nWhen working with read replicas created in the same region, defaults to the Subnet Group Name of the source DB.\nWhen working with read replicas created in a different region, defaults to the default Subnet Group.\nSee DBSubnetGroupName in API action CreateDBInstanceReadReplica for additional read replica constraints.", "type": "string" }, "dbSubnetGroupNameRef": { "description": "Reference to a SubnetGroup in rds to populate dbSubnetGroupName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "dbSubnetGroupNameSelector": { "description": "Selector for a SubnetGroup in rds to populate dbSubnetGroupName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "dedicatedLogVolume": { "description": "Use a dedicated log volume (DLV) for the DB instance. Requires Provisioned IOPS. See the AWS documentation for more details.", "type": "boolean" }, "deleteAutomatedBackups": { "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is true.", "type": "boolean" }, "deletionProtection": { "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false.", "type": "boolean" }, "domain": { "description": "The ID of the Directory Service Active Directory domain to create the instance in. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainAuthSecretArn": { "description": "The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainDnsIps": { "description": "The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name.", "items": { "type": "string" }, "type": "array" }, "domainFqdn": { "description": "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainIamRoleName": { "description": "The name of the IAM role to be used when making API calls to the Directory Service. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainOu": { "description": "The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "enabledCloudwatchLogsExports": { "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. For supported values, see the EnableCloudwatchLogsExports.member.N parameter in API action CreateDBInstance.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "engine": { "description": "The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine'. For information on the difference between the available Aurora MySQL engines see Comparison in the [Amazon RDS Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/Welcome.html).", "type": "string" }, "engineLifecycleSupport": { "description": "The life cycle type for this DB instance. This setting applies only to RDS for MySQL and RDS for PostgreSQL. Valid values are open-source-rds-extended-support, open-source-rds-extended-support-disabled. Default value is open-source-rds-extended-support. [Using Amazon RDS Extended Support]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html", "type": "string" }, "engineVersion": { "description": "The engine version to use. If `autoMinorVersionUpgrade` is enabled, you can provide a prefix of the version such as 5.7 (for 5.7.10). The actual engine version used is returned in the attribute `status.atProvider.engineVersionActual`. For supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine version must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine version'.", "type": "string" }, "finalSnapshotIdentifier": { "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if skip_final_snapshot is\nset to false. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.", "type": "string" }, "iamDatabaseAuthenticationEnabled": { "description": "Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.", "type": "boolean" }, "identifier": { "description": "Required if restore_to_point_in_time is specified.", "type": "string" }, "identifierPrefix": { "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.", "type": "string" }, "instanceClass": { "description": "The instance type of the RDS instance.", "type": "string" }, "iops": { "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\" or \"io2\". Can only be set when storage_type is \"io1\", \"io2 or \"gp3\".\nCannot be specified for gp3 storage if the allocated_storage value is below a per-engine threshold.\nSee the RDS User Guide for details.", "type": "number" }, "kmsKeyId": { "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "licenseModel": { "description": "License model information for this DB instance. Valid values for this field are as follows:", "type": "string" }, "maintenanceWindow": { "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See RDS\nMaintenance Window\ndocs\nfor more information.", "type": "string" }, "manageMasterUserPassword": { "description": "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password or password_wo is provided.", "type": "boolean" }, "masterUserSecretKmsKeyId": { "description": "The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.", "type": "string" }, "masterUserSecretKmsKeyIdRef": { "description": "Reference to a Key in kms to populate masterUserSecretKmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "masterUserSecretKmsKeyIdSelector": { "description": "Selector for a Key in kms to populate masterUserSecretKmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "maxAllocatedStorage": { "description": "Specifies the maximum storage (in GiB) that Amazon RDS can automatically scale to for this DB instance. By default, Storage Autoscaling is disabled. To enable Storage Autoscaling, set max_allocated_storage to greater than or equal to allocated_storage. Setting max_allocated_storage to 0 explicitly disables Storage Autoscaling. When configured, changes to allocated_storage will be automatically ignored as the storage can dynamically scale.", "type": "number" }, "monitoringInterval": { "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.", "type": "number" }, "monitoringRoleArn": { "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the AWS\nDocumentation\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.", "type": "string" }, "monitoringRoleArnRef": { "description": "Reference to a Role in iam to populate monitoringRoleArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "monitoringRoleArnSelector": { "description": "Selector for a Role in iam to populate monitoringRoleArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "multiAz": { "description": "Specifies if the RDS instance is multi-AZ", "type": "boolean" }, "ncharCharacterSetName": { "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See Oracle Character Sets\nSupported in Amazon RDS.", "type": "string" }, "networkType": { "description": "The network type of the DB instance. Valid values: IPV4, DUAL.", "type": "string" }, "optionGroupName": { "description": "Name of the DB option group to associate.", "type": "string" }, "parameterGroupName": { "description": "Name of the DB parameter group to associate.", "type": "string" }, "parameterGroupNameRef": { "description": "Reference to a ParameterGroup in rds to populate parameterGroupName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "parameterGroupNameSelector": { "description": "Selector for a ParameterGroup in rds to populate parameterGroupName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "passwordSecretRef": { "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage_master_user_password is set to true.\nPassword for the master DB user. If you set autoGeneratePassword to true, the Secret referenced here will be created or updated with generated password if it does not already contain one.", "properties": { "key": { "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "passwordWoSecretRef": { "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage_master_user_password is set to true.", "properties": { "key": { "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "passwordWoVersion": { "description": "Used together with password_wo to trigger an update. Increment this value when an update to password_wo is required.", "type": "number" }, "performanceInsightsEnabled": { "description": "Specifies whether Performance Insights are enabled. Defaults to false.", "type": "boolean" }, "performanceInsightsKmsKeyId": { "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying performance_insights_kms_key_id, performance_insights_enabled needs to be set to true. Once KMS key is set, it can never be changed.", "type": "string" }, "performanceInsightsRetentionPeriod": { "description": "Amount of time in days to retain Performance Insights data. Valid values are 7, 731 (2 years) or a multiple of 31. When specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true. Defaults to '7'.", "type": "number" }, "port": { "description": "The port on which the DB accepts connections.", "type": "number" }, "publiclyAccessible": { "description": "Bool to control if instance is publicly\naccessible. Default is false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "replicaMode": { "description": "Specifies whether the replica is in either mounted or open-read-only mode. This attribute\nis only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified. See Working with Oracle Read Replicas for more information.", "type": "string" }, "replicateSourceDb": { "description": "Specifies that this resource is a Replica database, and to use this value as the source database.\nIf replicating an Amazon RDS Database Instance in the same region, use the identifier of the source DB, unless also specifying the db_subnet_group_name.\nIf specifying the db_subnet_group_name in the same region, use the arn of the source DB.\nIf replicating an Instance in a different region, use the arn of the source DB.\nNote that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms_key_id.\nSee DB Instance Replication and Working with PostgreSQL and MySQL Read Replicas for more information on using Replication.", "type": "string" }, "replicateSourceDbRef": { "description": "Reference to a Instance in rds to populate replicateSourceDb.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "replicateSourceDbSelector": { "description": "Selector for a Instance in rds to populate replicateSourceDb.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "restoreToPointInTime": { "description": "A configuration block for restoring a DB instance to an arbitrary point in time.\nRequires the identifier argument to be set with the name of the new DB instance to be created.\nSee Restore To Point In Time below for details.", "properties": { "restoreTime": { "description": "The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with use_latest_restorable_time.", "type": "string" }, "sourceDbInstanceAutomatedBackupsArn": { "description": "The ARN of the automated backup from which to restore. Required if source_db_instance_identifier or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbInstanceIdentifier": { "description": "The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if source_db_instance_automated_backups_arn or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbiResourceId": { "description": "The resource ID of the source DB instance from which to restore. Required if source_db_instance_identifier or source_db_instance_automated_backups_arn is not specified.", "type": "string" }, "useLatestRestorableTime": { "description": "A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to false. Cannot be specified with restore_time.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "s3Import": { "description": "Restore from a Percona Xtrabackup in S3. See Importing Data into an Amazon RDS MySQL DB Instance", "properties": { "bucketName": { "description": "The bucket name where your backup is stored", "type": "string" }, "bucketPrefix": { "description": "Can be blank, but is the path to your backup", "type": "string" }, "ingestionRole": { "description": "Role applied to load the data.", "type": "string" }, "sourceEngine": { "description": "Source engine for the backup", "type": "string" }, "sourceEngineVersion": { "description": "Version of the source engine used to make the backup", "type": "string" } }, "type": "object", "additionalProperties": false }, "skipFinalSnapshot": { "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from final_snapshot_identifier. Default\nis false.", "type": "boolean" }, "snapshotIdentifier": { "description": "Specifies whether or not to create this database from a snapshot.\nThis corresponds to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.", "type": "string" }, "storageEncrypted": { "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare kms_key_id with a valid ARN. The\ndefault is false if not specified.", "type": "boolean" }, "storageThroughput": { "description": "The storage throughput value for the DB instance. Can only be set when storage_type is \"gp3\". Cannot be specified if the allocated_storage value is below a per-engine threshold. See the RDS User Guide for details.", "type": "number" }, "storageType": { "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), \"gp3\" (general purpose SSD that needs iops independently)\n\"io1\" (provisioned IOPS SSD) or \"io2\" (block express storage provisioned IOPS\nSSD). The default is \"io1\" if iops is specified, \"gp2\" if not.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "timezone": { "description": "Time zone of the DB instance. timezone is currently\nonly supported by Microsoft SQL Server. The timezone can only be set on\ncreation. See MSSQL User\nGuide\nfor more information.", "type": "string" }, "upgradeStorageConfig": { "description": "Whether to upgrade the storage file system configuration on the read replica.\nCan only be set with replicate_source_db.", "type": "boolean" }, "username": { "description": "Username for the master DB user. Cannot be specified for a replica.", "type": "string" }, "vpcSecurityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vpcSecurityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "vpcSecurityGroupIds": { "description": "List of VPC security groups to\nassociate.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "allocatedStorage": { "description": "The allocated storage in gibibytes. If max_allocated_storage is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If replicate_source_db is set, the value is ignored during the creation of the instance.", "type": "number" }, "allowMajorVersionUpgrade": { "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.", "type": "boolean" }, "applyImmediately": { "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\nfalse. See Amazon RDS Documentation for more\ninformation.", "type": "boolean" }, "autoMinorVersionUpgrade": { "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.", "type": "boolean" }, "availabilityZone": { "description": "The AZ for the RDS instance.", "type": "string" }, "backupRetentionPeriod": { "description": "The days to retain backups for.\nMust be between 0 and 35.\nDefault is 0.\nMust be greater than 0 if the database is used as a source for a Read Replica,\nuses low-downtime updates,\nor will use RDS Blue/Green deployments.", "type": "number" }, "backupTarget": { "description": "Specifies where automated backups and manual snapshots are stored. Possible values are region (default) and outposts. See Working with Amazon RDS on AWS Outposts for more information.", "type": "string" }, "backupWindow": { "description": "The daily time range (in UTC) during which automated backups are created if they are enabled.\nExample: \"09:46-10:16\". Must not overlap with maintenance_window.", "type": "string" }, "blueGreenUpdate": { "description": "Enables low-downtime updates using RDS Blue/Green deployments.\nSee blue_green_update below.", "properties": { "enabled": { "description": "Enables low-downtime updates when true.\nDefault is false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "caCertIdentifier": { "description": "The identifier of the CA certificate for the DB instance.", "type": "string" }, "characterSetName": { "description": "The character set name to use for DB encoding in Oracle and Microsoft SQL instances (collation).\nThis can't be changed.\nSee Oracle Character Sets Supported in Amazon RDS or\nServer-Level Collation for Microsoft SQL Server for more information.\nCannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier.", "type": "string" }, "copyTagsToSnapshot": { "description": "Copy all Instance tags to snapshots. Default is false.", "type": "boolean" }, "customIamInstanceProfile": { "description": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.", "type": "string" }, "customerOwnedIpEnabled": { "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See CoIP for RDS on Outposts for more information.", "type": "boolean" }, "databaseInsightsMode": { "description": "The mode of Database Insights that is enabled for the instance. Valid values: standard, advanced .", "type": "string" }, "dbName": { "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the AWS documentation for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case. Cannot be specified for a replica.", "type": "string" }, "dbSubnetGroupName": { "description": "Name of DB subnet group.\nDB instance will be created in the VPC associated with the DB subnet group.\nIf unspecified, will be created in the default Subnet Group.\nWhen working with read replicas created in the same region, defaults to the Subnet Group Name of the source DB.\nWhen working with read replicas created in a different region, defaults to the default Subnet Group.\nSee DBSubnetGroupName in API action CreateDBInstanceReadReplica for additional read replica constraints.", "type": "string" }, "dbSubnetGroupNameRef": { "description": "Reference to a SubnetGroup in rds to populate dbSubnetGroupName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "dbSubnetGroupNameSelector": { "description": "Selector for a SubnetGroup in rds to populate dbSubnetGroupName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "dedicatedLogVolume": { "description": "Use a dedicated log volume (DLV) for the DB instance. Requires Provisioned IOPS. See the AWS documentation for more details.", "type": "boolean" }, "deleteAutomatedBackups": { "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is true.", "type": "boolean" }, "deletionProtection": { "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false.", "type": "boolean" }, "domain": { "description": "The ID of the Directory Service Active Directory domain to create the instance in. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainAuthSecretArn": { "description": "The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainDnsIps": { "description": "The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name.", "items": { "type": "string" }, "type": "array" }, "domainFqdn": { "description": "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainIamRoleName": { "description": "The name of the IAM role to be used when making API calls to the Directory Service. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainOu": { "description": "The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "enabledCloudwatchLogsExports": { "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. For supported values, see the EnableCloudwatchLogsExports.member.N parameter in API action CreateDBInstance.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "engine": { "description": "The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine'. For information on the difference between the available Aurora MySQL engines see Comparison in the [Amazon RDS Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/Welcome.html).", "type": "string" }, "engineLifecycleSupport": { "description": "The life cycle type for this DB instance. This setting applies only to RDS for MySQL and RDS for PostgreSQL. Valid values are open-source-rds-extended-support, open-source-rds-extended-support-disabled. Default value is open-source-rds-extended-support. [Using Amazon RDS Extended Support]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html", "type": "string" }, "engineVersion": { "description": "The engine version to use. If `autoMinorVersionUpgrade` is enabled, you can provide a prefix of the version such as 5.7 (for 5.7.10). The actual engine version used is returned in the attribute `status.atProvider.engineVersionActual`. For supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine version must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine version'.", "type": "string" }, "finalSnapshotIdentifier": { "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if skip_final_snapshot is\nset to false. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.", "type": "string" }, "iamDatabaseAuthenticationEnabled": { "description": "Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.", "type": "boolean" }, "identifier": { "description": "Required if restore_to_point_in_time is specified.", "type": "string" }, "identifierPrefix": { "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.", "type": "string" }, "instanceClass": { "description": "The instance type of the RDS instance.", "type": "string" }, "iops": { "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\" or \"io2\". Can only be set when storage_type is \"io1\", \"io2 or \"gp3\".\nCannot be specified for gp3 storage if the allocated_storage value is below a per-engine threshold.\nSee the RDS User Guide for details.", "type": "number" }, "kmsKeyId": { "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.", "type": "string" }, "kmsKeyIdRef": { "description": "Reference to a Key in kms to populate kmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSelector": { "description": "Selector for a Key in kms to populate kmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "licenseModel": { "description": "License model information for this DB instance. Valid values for this field are as follows:", "type": "string" }, "maintenanceWindow": { "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See RDS\nMaintenance Window\ndocs\nfor more information.", "type": "string" }, "manageMasterUserPassword": { "description": "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password or password_wo is provided.", "type": "boolean" }, "masterUserSecretKmsKeyId": { "description": "The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.", "type": "string" }, "masterUserSecretKmsKeyIdRef": { "description": "Reference to a Key in kms to populate masterUserSecretKmsKeyId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "masterUserSecretKmsKeyIdSelector": { "description": "Selector for a Key in kms to populate masterUserSecretKmsKeyId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "maxAllocatedStorage": { "description": "Specifies the maximum storage (in GiB) that Amazon RDS can automatically scale to for this DB instance. By default, Storage Autoscaling is disabled. To enable Storage Autoscaling, set max_allocated_storage to greater than or equal to allocated_storage. Setting max_allocated_storage to 0 explicitly disables Storage Autoscaling. When configured, changes to allocated_storage will be automatically ignored as the storage can dynamically scale.", "type": "number" }, "monitoringInterval": { "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.", "type": "number" }, "monitoringRoleArn": { "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the AWS\nDocumentation\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.", "type": "string" }, "monitoringRoleArnRef": { "description": "Reference to a Role in iam to populate monitoringRoleArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "monitoringRoleArnSelector": { "description": "Selector for a Role in iam to populate monitoringRoleArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "multiAz": { "description": "Specifies if the RDS instance is multi-AZ", "type": "boolean" }, "ncharCharacterSetName": { "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See Oracle Character Sets\nSupported in Amazon RDS.", "type": "string" }, "networkType": { "description": "The network type of the DB instance. Valid values: IPV4, DUAL.", "type": "string" }, "optionGroupName": { "description": "Name of the DB option group to associate.", "type": "string" }, "parameterGroupName": { "description": "Name of the DB parameter group to associate.", "type": "string" }, "parameterGroupNameRef": { "description": "Reference to a ParameterGroup in rds to populate parameterGroupName.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "parameterGroupNameSelector": { "description": "Selector for a ParameterGroup in rds to populate parameterGroupName.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "passwordSecretRef": { "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage_master_user_password is set to true.\nPassword for the master DB user. If you set autoGeneratePassword to true, the Secret referenced here will be created or updated with generated password if it does not already contain one.", "properties": { "key": { "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "passwordWoSecretRef": { "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Cannot be set if manage_master_user_password is set to true.", "properties": { "key": { "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "passwordWoVersion": { "description": "Used together with password_wo to trigger an update. Increment this value when an update to password_wo is required.", "type": "number" }, "performanceInsightsEnabled": { "description": "Specifies whether Performance Insights are enabled. Defaults to false.", "type": "boolean" }, "performanceInsightsKmsKeyId": { "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying performance_insights_kms_key_id, performance_insights_enabled needs to be set to true. Once KMS key is set, it can never be changed.", "type": "string" }, "performanceInsightsRetentionPeriod": { "description": "Amount of time in days to retain Performance Insights data. Valid values are 7, 731 (2 years) or a multiple of 31. When specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true. Defaults to '7'.", "type": "number" }, "port": { "description": "The port on which the DB accepts connections.", "type": "number" }, "publiclyAccessible": { "description": "Bool to control if instance is publicly\naccessible. Default is false.", "type": "boolean" }, "replicaMode": { "description": "Specifies whether the replica is in either mounted or open-read-only mode. This attribute\nis only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified. See Working with Oracle Read Replicas for more information.", "type": "string" }, "replicateSourceDb": { "description": "Specifies that this resource is a Replica database, and to use this value as the source database.\nIf replicating an Amazon RDS Database Instance in the same region, use the identifier of the source DB, unless also specifying the db_subnet_group_name.\nIf specifying the db_subnet_group_name in the same region, use the arn of the source DB.\nIf replicating an Instance in a different region, use the arn of the source DB.\nNote that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms_key_id.\nSee DB Instance Replication and Working with PostgreSQL and MySQL Read Replicas for more information on using Replication.", "type": "string" }, "replicateSourceDbRef": { "description": "Reference to a Instance in rds to populate replicateSourceDb.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "replicateSourceDbSelector": { "description": "Selector for a Instance in rds to populate replicateSourceDb.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "restoreToPointInTime": { "description": "A configuration block for restoring a DB instance to an arbitrary point in time.\nRequires the identifier argument to be set with the name of the new DB instance to be created.\nSee Restore To Point In Time below for details.", "properties": { "restoreTime": { "description": "The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with use_latest_restorable_time.", "type": "string" }, "sourceDbInstanceAutomatedBackupsArn": { "description": "The ARN of the automated backup from which to restore. Required if source_db_instance_identifier or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbInstanceIdentifier": { "description": "The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if source_db_instance_automated_backups_arn or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbiResourceId": { "description": "The resource ID of the source DB instance from which to restore. Required if source_db_instance_identifier or source_db_instance_automated_backups_arn is not specified.", "type": "string" }, "useLatestRestorableTime": { "description": "A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to false. Cannot be specified with restore_time.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "s3Import": { "description": "Restore from a Percona Xtrabackup in S3. See Importing Data into an Amazon RDS MySQL DB Instance", "properties": { "bucketName": { "description": "The bucket name where your backup is stored", "type": "string" }, "bucketPrefix": { "description": "Can be blank, but is the path to your backup", "type": "string" }, "ingestionRole": { "description": "Role applied to load the data.", "type": "string" }, "sourceEngine": { "description": "Source engine for the backup", "type": "string" }, "sourceEngineVersion": { "description": "Version of the source engine used to make the backup", "type": "string" } }, "type": "object", "additionalProperties": false }, "skipFinalSnapshot": { "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from final_snapshot_identifier. Default\nis false.", "type": "boolean" }, "snapshotIdentifier": { "description": "Specifies whether or not to create this database from a snapshot.\nThis corresponds to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.", "type": "string" }, "storageEncrypted": { "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare kms_key_id with a valid ARN. The\ndefault is false if not specified.", "type": "boolean" }, "storageThroughput": { "description": "The storage throughput value for the DB instance. Can only be set when storage_type is \"gp3\". Cannot be specified if the allocated_storage value is below a per-engine threshold. See the RDS User Guide for details.", "type": "number" }, "storageType": { "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), \"gp3\" (general purpose SSD that needs iops independently)\n\"io1\" (provisioned IOPS SSD) or \"io2\" (block express storage provisioned IOPS\nSSD). The default is \"io1\" if iops is specified, \"gp2\" if not.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "timezone": { "description": "Time zone of the DB instance. timezone is currently\nonly supported by Microsoft SQL Server. The timezone can only be set on\ncreation. See MSSQL User\nGuide\nfor more information.", "type": "string" }, "upgradeStorageConfig": { "description": "Whether to upgrade the storage file system configuration on the read replica.\nCan only be set with replicate_source_db.", "type": "boolean" }, "username": { "description": "Username for the master DB user. Cannot be specified for a replica.", "type": "string" }, "vpcSecurityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vpcSecurityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate vpcSecurityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "vpcSecurityGroupIds": { "description": "List of VPC security groups to\nassociate.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "kind": "ClusterProviderConfig", "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "kind": { "description": "Kind of the referenced object.", "type": "string" }, "name": { "description": "Name of the referenced object.", "type": "string" } }, "required": [ "kind", "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "x-kubernetes-validations": [ { "message": "spec.forProvider.instanceClass is a required parameter", "rule": "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.instanceClass) || (has(self.initProvider) && has(self.initProvider.instanceClass))" } ], "additionalProperties": false }, "status": { "description": "InstanceStatus defines the observed state of Instance.", "properties": { "atProvider": { "properties": { "address": { "description": "The hostname of the RDS instance. See also endpoint and port.", "type": "string" }, "allocatedStorage": { "description": "The allocated storage in gibibytes. If max_allocated_storage is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If replicate_source_db is set, the value is ignored during the creation of the instance.", "type": "number" }, "allowMajorVersionUpgrade": { "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.", "type": "boolean" }, "applyImmediately": { "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\nfalse. See Amazon RDS Documentation for more\ninformation.", "type": "boolean" }, "arn": { "description": "The ARN of the RDS instance.", "type": "string" }, "autoMinorVersionUpgrade": { "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.", "type": "boolean" }, "availabilityZone": { "description": "The AZ for the RDS instance.", "type": "string" }, "backupRetentionPeriod": { "description": "The days to retain backups for.\nMust be between 0 and 35.\nDefault is 0.\nMust be greater than 0 if the database is used as a source for a Read Replica,\nuses low-downtime updates,\nor will use RDS Blue/Green deployments.", "type": "number" }, "backupTarget": { "description": "Specifies where automated backups and manual snapshots are stored. Possible values are region (default) and outposts. See Working with Amazon RDS on AWS Outposts for more information.", "type": "string" }, "backupWindow": { "description": "The daily time range (in UTC) during which automated backups are created if they are enabled.\nExample: \"09:46-10:16\". Must not overlap with maintenance_window.", "type": "string" }, "blueGreenUpdate": { "description": "Enables low-downtime updates using RDS Blue/Green deployments.\nSee blue_green_update below.", "properties": { "enabled": { "description": "Enables low-downtime updates when true.\nDefault is false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "caCertIdentifier": { "description": "The identifier of the CA certificate for the DB instance.", "type": "string" }, "characterSetName": { "description": "The character set name to use for DB encoding in Oracle and Microsoft SQL instances (collation).\nThis can't be changed.\nSee Oracle Character Sets Supported in Amazon RDS or\nServer-Level Collation for Microsoft SQL Server for more information.\nCannot be set with replicate_source_db, restore_to_point_in_time, s3_import, or snapshot_identifier.", "type": "string" }, "copyTagsToSnapshot": { "description": "Copy all Instance tags to snapshots. Default is false.", "type": "boolean" }, "customIamInstanceProfile": { "description": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.", "type": "string" }, "customerOwnedIpEnabled": { "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See CoIP for RDS on Outposts for more information.", "type": "boolean" }, "databaseInsightsMode": { "description": "The mode of Database Insights that is enabled for the instance. Valid values: standard, advanced .", "type": "string" }, "dbName": { "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the AWS documentation for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case. Cannot be specified for a replica.", "type": "string" }, "dbSubnetGroupName": { "description": "Name of DB subnet group.\nDB instance will be created in the VPC associated with the DB subnet group.\nIf unspecified, will be created in the default Subnet Group.\nWhen working with read replicas created in the same region, defaults to the Subnet Group Name of the source DB.\nWhen working with read replicas created in a different region, defaults to the default Subnet Group.\nSee DBSubnetGroupName in API action CreateDBInstanceReadReplica for additional read replica constraints.", "type": "string" }, "dedicatedLogVolume": { "description": "Use a dedicated log volume (DLV) for the DB instance. Requires Provisioned IOPS. See the AWS documentation for more details.", "type": "boolean" }, "deleteAutomatedBackups": { "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is true.", "type": "boolean" }, "deletionProtection": { "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false.", "type": "boolean" }, "domain": { "description": "The ID of the Directory Service Active Directory domain to create the instance in. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainAuthSecretArn": { "description": "The ARN for the Secrets Manager secret with the self managed Active Directory credentials for the user joining the domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainDnsIps": { "description": "The IPv4 DNS IP addresses of your primary and secondary self managed Active Directory domain controllers. Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Conflicts with domain and domain_iam_role_name.", "items": { "type": "string" }, "type": "array" }, "domainFqdn": { "description": "The fully qualified domain name (FQDN) of the self managed Active Directory domain. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "domainIamRoleName": { "description": "The name of the IAM role to be used when making API calls to the Directory Service. Conflicts with domain_fqdn, domain_ou, domain_auth_secret_arn and a domain_dns_ips.", "type": "string" }, "domainOu": { "description": "The self managed Active Directory organizational unit for your DB instance to join. Conflicts with domain and domain_iam_role_name.", "type": "string" }, "enabledCloudwatchLogsExports": { "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. For supported values, see the EnableCloudwatchLogsExports.member.N parameter in API action CreateDBInstance.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "endpoint": { "description": "The connection endpoint in address:port format.", "type": "string" }, "engine": { "description": "The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine'. For information on the difference between the available Aurora MySQL engines see Comparison in the [Amazon RDS Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/Welcome.html).", "type": "string" }, "engineLifecycleSupport": { "description": "The life cycle type for this DB instance. This setting applies only to RDS for MySQL and RDS for PostgreSQL. Valid values are open-source-rds-extended-support, open-source-rds-extended-support-disabled. Default value is open-source-rds-extended-support. [Using Amazon RDS Extended Support]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/extended-support.html", "type": "string" }, "engineVersion": { "description": "The engine version to use. If `autoMinorVersionUpgrade` is enabled, you can provide a prefix of the version such as 5.7 (for 5.7.10). The actual engine version used is returned in the attribute `status.atProvider.engineVersionActual`. For supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html). Note that for Amazon Aurora instances the engine version must match the [DB Cluster](https://marketplace.upbound.io/providers/upbound/provider-aws/latest/resources/rds.aws.upbound.io/Cluster/v1beta1)'s engine version'.", "type": "string" }, "engineVersionActual": { "description": "The running version of the database.", "type": "string" }, "finalSnapshotIdentifier": { "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if skip_final_snapshot is\nset to false. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.", "type": "string" }, "hostedZoneId": { "description": "The canonical hosted zone ID of the DB instance (to be used\nin a Route 53 Alias record).", "type": "string" }, "iamDatabaseAuthenticationEnabled": { "description": "Specifies whether mappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.", "type": "boolean" }, "id": { "description": "RDS DBI resource ID.", "type": "string" }, "identifier": { "description": "Required if restore_to_point_in_time is specified.", "type": "string" }, "identifierPrefix": { "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.", "type": "string" }, "instanceClass": { "description": "The instance type of the RDS instance.", "type": "string" }, "iops": { "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\" or \"io2\". Can only be set when storage_type is \"io1\", \"io2 or \"gp3\".\nCannot be specified for gp3 storage if the allocated_storage value is below a per-engine threshold.\nSee the RDS User Guide for details.", "type": "number" }, "kmsKeyId": { "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.", "type": "string" }, "latestRestorableTime": { "description": "The latest time, in UTC RFC3339 format, to which a database can be restored with point-in-time restore.", "type": "string" }, "licenseModel": { "description": "License model information for this DB instance. Valid values for this field are as follows:", "type": "string" }, "listenerEndpoint": { "description": "Specifies the listener connection endpoint for SQL Server Always On. See endpoint below.", "items": { "properties": { "address": { "description": "The hostname of the RDS instance. See also endpoint and port.", "type": "string" }, "hostedZoneId": { "description": "The canonical hosted zone ID of the DB instance (to be used\nin a Route 53 Alias record).", "type": "string" }, "port": { "description": "The port on which the DB accepts connections.", "type": "number" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "maintenanceWindow": { "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See RDS\nMaintenance Window\ndocs\nfor more information.", "type": "string" }, "manageMasterUserPassword": { "description": "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if password or password_wo is provided.", "type": "boolean" }, "masterUserSecret": { "description": "A block that specifies the master user secret. Only available when manage_master_user_password is set to true. Documented below.", "items": { "properties": { "kmsKeyId": { "description": "The Amazon Web Services KMS key identifier that is used to encrypt the secret.", "type": "string" }, "secretArn": { "description": "The Amazon Resource Name (ARN) of the secret.", "type": "string" }, "secretStatus": { "description": "The status of the secret. Valid Values: creating | active | rotating | impaired.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "masterUserSecretKmsKeyId": { "description": "The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used.", "type": "string" }, "maxAllocatedStorage": { "description": "Specifies the maximum storage (in GiB) that Amazon RDS can automatically scale to for this DB instance. By default, Storage Autoscaling is disabled. To enable Storage Autoscaling, set max_allocated_storage to greater than or equal to allocated_storage. Setting max_allocated_storage to 0 explicitly disables Storage Autoscaling. When configured, changes to allocated_storage will be automatically ignored as the storage can dynamically scale.", "type": "number" }, "monitoringInterval": { "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.", "type": "number" }, "monitoringRoleArn": { "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the AWS\nDocumentation\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.", "type": "string" }, "multiAz": { "description": "Specifies if the RDS instance is multi-AZ", "type": "boolean" }, "ncharCharacterSetName": { "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See Oracle Character Sets\nSupported in Amazon RDS.", "type": "string" }, "networkType": { "description": "The network type of the DB instance. Valid values: IPV4, DUAL.", "type": "string" }, "optionGroupName": { "description": "Name of the DB option group to associate.", "type": "string" }, "parameterGroupName": { "description": "Name of the DB parameter group to associate.", "type": "string" }, "passwordWoVersion": { "description": "Used together with password_wo to trigger an update. Increment this value when an update to password_wo is required.", "type": "number" }, "performanceInsightsEnabled": { "description": "Specifies whether Performance Insights are enabled. Defaults to false.", "type": "boolean" }, "performanceInsightsKmsKeyId": { "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying performance_insights_kms_key_id, performance_insights_enabled needs to be set to true. Once KMS key is set, it can never be changed.", "type": "string" }, "performanceInsightsRetentionPeriod": { "description": "Amount of time in days to retain Performance Insights data. Valid values are 7, 731 (2 years) or a multiple of 31. When specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true. Defaults to '7'.", "type": "number" }, "port": { "description": "The port on which the DB accepts connections.", "type": "number" }, "publiclyAccessible": { "description": "Bool to control if instance is publicly\naccessible. Default is false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "replicaMode": { "description": "Specifies whether the replica is in either mounted or open-read-only mode. This attribute\nis only supported by Oracle instances. Oracle replicas operate in open-read-only mode unless otherwise specified. See Working with Oracle Read Replicas for more information.", "type": "string" }, "replicas": { "items": { "type": "string" }, "type": "array" }, "replicateSourceDb": { "description": "Specifies that this resource is a Replica database, and to use this value as the source database.\nIf replicating an Amazon RDS Database Instance in the same region, use the identifier of the source DB, unless also specifying the db_subnet_group_name.\nIf specifying the db_subnet_group_name in the same region, use the arn of the source DB.\nIf replicating an Instance in a different region, use the arn of the source DB.\nNote that if you are creating a cross-region replica of an encrypted database you will also need to specify a kms_key_id.\nSee DB Instance Replication and Working with PostgreSQL and MySQL Read Replicas for more information on using Replication.", "type": "string" }, "resourceId": { "description": "The RDS Resource ID of this instance.", "type": "string" }, "restoreToPointInTime": { "description": "A configuration block for restoring a DB instance to an arbitrary point in time.\nRequires the identifier argument to be set with the name of the new DB instance to be created.\nSee Restore To Point In Time below for details.", "properties": { "restoreTime": { "description": "The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with use_latest_restorable_time.", "type": "string" }, "sourceDbInstanceAutomatedBackupsArn": { "description": "The ARN of the automated backup from which to restore. Required if source_db_instance_identifier or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbInstanceIdentifier": { "description": "The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if source_db_instance_automated_backups_arn or source_dbi_resource_id is not specified.", "type": "string" }, "sourceDbiResourceId": { "description": "The resource ID of the source DB instance from which to restore. Required if source_db_instance_identifier or source_db_instance_automated_backups_arn is not specified.", "type": "string" }, "useLatestRestorableTime": { "description": "A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to false. Cannot be specified with restore_time.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "s3Import": { "description": "Restore from a Percona Xtrabackup in S3. See Importing Data into an Amazon RDS MySQL DB Instance", "properties": { "bucketName": { "description": "The bucket name where your backup is stored", "type": "string" }, "bucketPrefix": { "description": "Can be blank, but is the path to your backup", "type": "string" }, "ingestionRole": { "description": "Role applied to load the data.", "type": "string" }, "sourceEngine": { "description": "Source engine for the backup", "type": "string" }, "sourceEngineVersion": { "description": "Version of the source engine used to make the backup", "type": "string" } }, "type": "object", "additionalProperties": false }, "skipFinalSnapshot": { "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from final_snapshot_identifier. Default\nis false.", "type": "boolean" }, "snapshotIdentifier": { "description": "Specifies whether or not to create this database from a snapshot.\nThis corresponds to the snapshot ID you'd find in the RDS console, e.g: rds:production-2015-06-26-06-05.", "type": "string" }, "status": { "description": "The RDS instance status.", "type": "string" }, "storageEncrypted": { "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare kms_key_id with a valid ARN. The\ndefault is false if not specified.", "type": "boolean" }, "storageThroughput": { "description": "The storage throughput value for the DB instance. Can only be set when storage_type is \"gp3\". Cannot be specified if the allocated_storage value is below a per-engine threshold. See the RDS User Guide for details.", "type": "number" }, "storageType": { "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), \"gp3\" (general purpose SSD that needs iops independently)\n\"io1\" (provisioned IOPS SSD) or \"io2\" (block express storage provisioned IOPS\nSSD). The default is \"io1\" if iops is specified, \"gp2\" if not.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "timezone": { "description": "Time zone of the DB instance. timezone is currently\nonly supported by Microsoft SQL Server. The timezone can only be set on\ncreation. See MSSQL User\nGuide\nfor more information.", "type": "string" }, "upgradeStorageConfig": { "description": "Whether to upgrade the storage file system configuration on the read replica.\nCan only be set with replicate_source_db.", "type": "boolean" }, "username": { "description": "Username for the master DB user. Cannot be specified for a replica.", "type": "string" }, "vpcSecurityGroupIds": { "description": "List of VPC security groups to\nassociate.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }