Network prerequisites for Aurora MySQL database activity streams - Amazon Aurora
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Network prerequisites for Aurora MySQL database activity streams

In the following section, you can find how to configure your virtual private cloud (VPC) for use with database activity streams.


Aurora MySQL network prerequisites are applicable to the following engine versions:

  • Aurora MySQL version 2, up to 2.11.3

  • Aurora MySQL version 2.12.0

  • Aurora MySQL version 3, up to 3.04.2

Prerequisites for Amazon KMS endpoints

Instances in an Aurora MySQL cluster that use activity streams must be able to access Amazon KMS endpoints. Make sure this requirement is satisfied before enabling database activity streams for your Aurora MySQL cluster. If the Aurora cluster is publicly available, this requirement is satisfied automatically.


If the Aurora MySQL DB cluster can't access the Amazon KMS endpoint, the activity stream stops. In that case, Aurora notifies you about this issue using RDS Events.

Prerequisites for public availability

For an Aurora DB cluster to be public, it must meet the following requirements:

  • Publicly Accessible is Yes in the Amazon Web Services Management Console cluster details page.

  • The DB cluster is in an Amazon VPC public subnet. For more information about publicly accessible DB instances, see Working with a DB cluster in a VPC. For more information about public Amazon VPC subnets, see Your VPC and Subnets.

Prerequisites for private availability

If your Aurora DB cluster is in a VPC public subnet and isn't publicly accessible, it's private. To keep your cluster private and use it with database activity streams, you have the following options:

  • Configure Network Address Translation (NAT) in your VPC. For more information, see NAT Gateways.

  • Create an Amazon KMS endpoint in your VPC. This option is recommended because it's easier to configure.

To create an Amazon KMS endpoint in your VPC
  1. Open the Amazon VPC console at

  2. In the navigation pane, choose Endpoints.

  3. Choose Create Endpoint.

    The Create Endpoint page appears.

  4. Do the following:

    • In Service category, choose Amazon services.

    • In Service Name, choose com.amazonaws.region.kms, where region is the Amazon Web Services Region where your cluster is located.

    • For VPC, choose the VPC where your cluster is located.

  5. Choose Create Endpoint.

For more information about configuring VPC endpoints, see VPC Endpoints.