Apply Immediately setting Available settings

Modifying an Amazon RDS DB instance

You can change the settings of a DB instance to accomplish tasks such as adding additional storage or changing the DB instance class. In this topic, you can find out how to modify an Amazon RDS DB instance and learn about the settings for DB instances.

We recommend that you test any changes on a test instance before modifying a production instance. Doing this helps you to fully understand the impact of each change. Testing is especially important when upgrading database versions.

Most modifications to a DB instance you can either apply immediately or defer until the next maintenance window. Some modifications, such as parameter group changes, require that you manually reboot your DB instance for the change to take effect.

Important

Some modifications result in downtime because Amazon RDS must reboot your DB instance for the change to take effect. Review the impact to your database and applications before modifying your DB instance settings.

To modify a DB instance

Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/.
In the navigation pane, choose Databases, and then choose the DB instance that you want to modify.
Choose Modify. The Modify DB instance page appears.
Change any of the settings that you want. For information about each setting, see Settings for DB instances.
When all the changes are as you want them, choose Continue and check the summary of modifications.
(Optional) Choose Apply immediately to apply the changes immediately. Choosing this option can cause downtime in some cases. For more information, see Using the Apply Immediately setting.
On the confirmation page, review your changes. If they are correct, choose Modify DB instance to save your changes.

Or choose Back to edit your changes or Cancel to cancel your changes.

To modify a DB instance by using the Amazon CLI, call the modify-db-instance command. Specify the DB instance identifier and the values for the options that you want to modify. For information about each option, see Settings for DB instances.

Example

The following code modifies mydbinstance by setting the backup retention period to 1 week (7 days). The code enables deletion protection by using --deletion-protection. To disable deletion protection, use --no-deletion-protection. The changes are applied during the next maintenance window by using --no-apply-immediately. Use --apply-immediately to apply the changes immediately. For more information, see Using the Apply Immediately setting.

For Linux, macOS, or Unix:


aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --backup-retention-period 7 \
    --deletion-protection \
    --no-apply-immediately

For Windows:


aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --backup-retention-period 7 ^
    --deletion-protection ^
    --no-apply-immediately

To modify a DB instance by using the Amazon RDS API, call the ModifyDBInstance operation. Specify the DB instance identifier, and the parameters for the settings that you want to modify. For information about each parameter, see Settings for DB instances.

Using the Apply Immediately setting

When you modify a DB instance, you can apply the changes immediately. To apply changes immediately, you choose the Apply Immediately option in the Amazon Web Services Management Console. Or you use the --apply-immediately parameter when calling the Amazon CLI or set the ApplyImmediately parameter to true when using the Amazon RDS API.

If you don't choose to apply changes immediately, the changes are put into the pending modifications queue. During the next maintenance window, any pending changes in the queue are applied. If you choose to apply changes immediately, your new changes and any changes in the pending modifications queue are applied.

Important

If any of the pending modifications require the DB instance to be temporarily unavailable (downtime), choosing the apply immediately option can cause unexpected downtime.

When you choose to apply a change immediately, any pending modifications are also applied immediately, instead of during the next maintenance window.

If you don't want a pending change to be applied in the next maintenance window, you can modify the DB instance to revert the change. You can do this by using the Amazon CLI and specifying the --apply-immediately option.

Changes to some database settings are applied immediately, even if you choose to defer your changes. To see how the different database settings interact with the apply immediately setting, see Settings for DB instances.

Settings for DB instances

In the following table, you can find details about which settings you can and can't modify. You can also find when changes can be applied and whether the changes cause downtime for your DB instance. By using Amazon RDS features such as Multi-AZ, you can minimize downtime if you later modify the DB instance. For more information, see Configuring and managing a Multi-AZ deployment.

You can modify a DB instance using the console, the modify-db-instance CLI command, or the ModifyDBInstance RDS API operation.

Console setting and description CLI option and RDS API parameter When the change occurs Downtime notes Supported DB engines

Console setting and description	CLI option and RDS API parameter	When the change occurs	Downtime notes	Supported DB engines
Allocated storage The storage, in gibibytes, that you want to allocate for your DB instance. You can only increase the allocated storage. You can't reduce the allocated storage. You can't modify the storage of some older DB instances, or DB instances restored from older DB snapshots. The Allocated storage setting is disabled in the console if your DB instance isn't eligible. You can check whether you can allocate more storage by using the CLI command describe-valid-db-instance-modifications. This command returns the valid storage options for your DB instance. You can't modify allocated storage if the DB instance status is storage-optimization. You also can't modify allocated storage for a DB instance if it's been modified in the last six hours. The maximum storage allowed depends on your DB engine and the storage type. For more information, see Amazon RDS DB instance storage.	CLI option: `--allocated-storage` RDS API parameter: `AllocatedStorage`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change. Performance might be degraded during the change.	All DB engines
Architecture settings The architecture of the database: CDB (single-tenant) or non-CDB. Oracle Database 21c uses CDB architecture only. Oracle Database 19c can use either CDB or non-CDB architecture. Releases lower than Oracle Database 19c use non-CDB only. If you choose Multitenant architecture, RDS for Oracle converts your non-CDB into a CDB. This setting is supported only if your database is a non-CDB running Oracle Database 19c with the April 2021 or higher RU. After conversion, your CDB contains one pluggable database (PDB). For more information, see Overview of RDS for Oracle CDBs.	CLI option: `--engine oracle-ee-cdb` (multitenant) `--engine oracle-se2-cdb` (multitenant) API parameter: `Engine`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	Oracle
Auto minor version upgrade Yes to enable your DB instance to receive preferred minor DB engine version upgrades automatically when they become available. Amazon RDS performs automatic minor version upgrades in the maintenance window. Otherwise, No. For more information, see Automatically upgrading the minor engine version.	CLI option: `--auto-minor-version-upgrade\|--no-auto-minor-version-upgrade` RDS API parameter: `AutoMinorVersionUpgrade`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Backup replication Choose Enable replication to another Amazon Region to create backups in an additional Region for disaster recovery. Then choose the Destination Region for the additional backups.	Not available when modifying a DB instance. For information on enabling cross-Region backups using the Amazon CLI or RDS API, see Enabling cross-Region automated backups.	The change is applied asynchronously, as soon as possible.	Downtime doesn't occur during this change.	Oracle, PostgreSQL, SQL Server
Backup retention period The number of days that automatic backups are retained. To disable automatic backups, set the backup retention period to 0. For more information, see Working with backups. Note If you use Amazon Backup to manage your backups, this option doesn't apply. For information about Amazon Backup, see the Amazon Backup Developer Guide.	CLI option: `--backup-retention-period` RDS API parameter: `BackupRetentionPeriod`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, and you change the setting from a nonzero value to another nonzero value, the change is applied asynchronously, as soon as possible. Otherwise, the change occurs during the next maintenance window.	Downtime occurs if you change from 0 to a nonzero value, or from a nonzero value to 0. This applies to both Single-AZ and Multi-AZ DB instances.	All DB engines
Backup window The time range during which automated backups of your databases occur. The backup window is a start time in Universal Coordinated Time (UTC), and a duration in hours. For more information, see Working with backups. Note If you use Amazon Backup to manage your backups, this option doesn't appear. For information about Amazon Backup, see the Amazon Backup Developer Guide.	CLI option: `--preferred-backup-window` RDS API parameter: `PreferredBackupWindow`	The change is applied asynchronously, as soon as possible.	Downtime doesn't occur during this change.	All DB engines
Certificate authority The certificate authority (CA) for the server certificate used by the DB instance. For more information, see Using SSL/TLS to encrypt a connection to a DB instance.	CLI option: `--ca-certificate-identifier` RDS API parameter: `CACertificateIdentifier`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime only occurs if the DB engine doesn't support rotation without restart. You can use the describe-db-engine-versions Amazon CLI command to determine whether the DB engine supports rotation without restart.	All DB engines
Copy tags to snapshots If you have any DB instance tags, enable this option to copy them when you create a DB snapshot. For more information, see Tagging Amazon RDS resources.	CLI option: `--copy-tags-to-snapshot` or `--no-copy-tags-to-snapshot` RDS API parameter: `CopyTagsToSnapshot`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Database port The port that you want to use to access the DB instance. The port value must not match any of the port values specified for options in the option group that is associated with the DB instance. For more information, see Connecting to an Amazon RDS DB instance.	CLI option: `--db-port-number` RDS API parameter: `DBPortNumber`	The change occurs immediately. This setting ignores the apply immediately setting.	The DB instance is rebooted immediately.	All DB engines
DB engine version The version of the DB engine that you want to use. Before you upgrade your production DB instance, we recommend that you test the upgrade process on a test DB instance. Doing this helps verify its duration and validate your applications. For more information, see Upgrading a DB instance engine version.	CLI option: `--engine-version` RDS API parameter: `EngineVersion`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	All DB engines
DB instance class The DB instance class that you want to use. For more information, see DB instance classes.	CLI option: `--db-instance-class` RDS API parameter: `DBInstanceClass`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	All DB engines
DB instance identifier The new DB instance identifier. This value is stored as a lowercase string. For more information about the effects of renaming a DB instance, see Renaming a DB instance.	CLI option: `--new-db-instance-identifier` RDS API parameter: `NewDBInstanceIdentifier`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change unless your DB engine version supports dynamic SSL upload. To determine whether your version requires a restart, run the following Amazon CLI command: `aws rds describe-db-engine-versions \ --default-only \ --engine your-db-engine \ --query 'DBEngineVersions[*].SupportsCertificateRotationWithoutRestart'`	All DB engines
DB parameter group The DB parameter group that you want associated with the DB instance. For more information, see Working with parameter groups.	CLI option: `--db-parameter-group-name` RDS API parameter: `DBParameterGroupName`	The parameter group change occurs immediately.	Downtime doesn't occur during this change. When you associate a new DB parameter group with a DB instance, the modified static and dynamic parameters are applied only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot. For more information, see Working with parameter groups and Rebooting a DB instance.	All DB engines
Deletion protection Enable deletion protection to prevent your DB instance from being deleted. For more information, see Deleting a DB instance.	CLI option: `--deletion-protection\|--no-deletion-protection` RDS API parameter: `DeletionProtection`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Enhanced Monitoring Enable Enhanced Monitoring to enable gathering metrics in real time for the operating system that your DB instance runs on. For more information, see Monitoring OS metrics with Enhanced Monitoring.	CLI option: `--monitoring-interval` and `--monitoring-role-arn` RDS API parameter: `MonitoringInterval` and `MonitoringRoleArn`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
IAM DB authentication Enable IAM DB authentication to authenticate database users through users and roles. For more information, see IAM database authentication for MariaDB, MySQL, and PostgreSQL.	CLI option: `--enable-iam-database-authentication\|--no-enable-iam-database-authentication` RDS API parameter: `EnableIAMDatabaseAuthentication`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change.	Only MariaDB, MySQL, and PostgreSQL
Kerberos authentication Choose the Active Directory to move the DB instance to. The directory must exist prior to this operation. If a directory is already selected, you can specify None to remove the DB instance from its current directory. For more information, see Kerberos authentication.	CLI option: `--domain` and `--domain-iam-role-name` RDS API parameter: `Domain` and `DomainIAMRoleName`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	A brief downtime occurs during this change.	Only Microsoft SQL Server, MySQL, Oracle, and PostgreSQL
License model Choose bring-your-own-license to use your license for Oracle. Choose license-included to use the general license agreement for Microsoft SQL Server or Oracle. For more information, see Licensing Microsoft SQL Server on Amazon RDS and RDS for Oracle licensing options.	CLI option: `--license-model` RDS API parameter: `LicenseModel`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	Only Microsoft SQL Server and Oracle
Log exports The types of database log files to publish to Amazon CloudWatch Logs. For more information, see Publishing database logs to Amazon CloudWatch Logs.	CLI option: `--cloudwatch-logs-export-configuration` RDS API parameter: `CloudwatchLogsExportConfiguration`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Maintenance window The time range during which system maintenance occurs. System maintenance includes upgrades, if applicable. The maintenance window is a start time in Universal Coordinated Time (UTC), and a duration in hours. If you set the window to the current time, there must be at least 30 minutes between the current time and the end of the window. This timing helps ensure that any pending changes are applied. For more information, see The Amazon RDS maintenance window.	CLI option: `--preferred-maintenance-window` RDS API parameter: `PreferredMaintenanceWindow`	The change occurs immediately. This setting ignores the apply immediately setting.	If there are one or more pending actions that cause downtime, and the maintenance window is changed to include the current time, those pending actions are applied immediately and downtime occurs.	All DB engines
Manage master credentials in Amazon Secrets Manager Select Manage master credentials in Amazon Secrets Manager to manage the master user password in a secret in Secrets Manager. Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account. If RDS is already managing the master user password for the DB instance, you can rotate the master user password by choosing Rotate secret immediately. For more information, see Password management with Amazon RDS and Amazon Secrets Manager.	CLI option: `--manage-master-user-password \| --no-manage-master-user-password` `--master-user-secret-kms-key-id` `--rotate-master-user-password \| --no-rotate-master-user-password` RDS API parameter: `ManageMasterUserPassword` `MasterUserSecretKmsKeyId` `RotateMasterUserPassword`	If you are turning on or turning off automatic master user password management, the change occurs immediately. This change ignores the apply immediately setting. If you are rotating the master user password, you must specify that the change is applied immediately.	Downtime doesn't occur during this change.	All DB engines
Multi-AZ deployment Yes to deploy your DB instance in multiple Availability Zones. Otherwise, No. For more information, see Configuring and managing a Multi-AZ deployment.	CLI option: `--multi-az\|--no-multi-az` RDS API parameter: `MultiAZ`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change. However, there is a possible performance impact. For more information, see Modifying a DB instance to be a Multi-AZ DB instance deployment.	All DB engines
Network type The IP addressing protocols supported by the DB instance. IPv4 to specify that resources can communicate with the DB instance only over the Internet Protocol version 4 (IPv4) addressing protocol. Dual-stack mode to specify that resources can communicate with the DB instance over IPv4, Internet Protocol version 6 (IPv6), or both. Use dual-stack mode if you have any resources that must communicate with your DB instance over the IPv6 addressing protocol. Also, make sure that you associate an IPv6 CIDR block with all subnets in the DB subnet group that you specify. For more information, see Amazon RDS IP addressing.	CLI option: `--network-type` RDS API parameter: `NetworkType`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime is possible during this change.	All DB engines
New master password The password for your master user. The password must contain 8–41 alphanumeric characters.	CLI option: `--master-user-password` RDS API parameter: `MasterUserPassword`	The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Option group The option group that you want associated with the DB instance. For more information, see Working with option groups.	CLI option: `--option-group-name` RDS API parameter: `OptionGroupName`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change. One exception is adding the MariaDB Audit Plugin to an RDS for MariaDB or RDS for MySQL DB instance, which might cause an outage.	All DB engines
Performance Insights Enable Performance Insights to monitor your DB instance load so that you can analyze and troubleshoot your database performance. Performance Insights isn't available for some DB engine versions and DB instance classes. The Performance Insights section doesn't appear in the console if it isn't available for your DB instance. For more information, see Monitoring DB load with Performance Insights on Amazon RDS and Amazon RDS DB engine, Region, and instance class support for Performance Insights.	CLI option: `--enable-performance-insights\|--no-enable-performance-insights` RDS API parameter: `EnablePerformanceInsights`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Performance Insights Amazon KMS key The Amazon KMS key identifier for the Amazon KMS key for encryption of Performance Insights data. The key identifier is the Amazon Resource Name (ARN), Amazon KMS key identifier, or the key alias for the KMS key. For more information, see Turning Performance Insights on and off.	CLI option: `--performance-insights-kms-key-id` RDS API parameter: `PerformanceInsightsKMSKeyId`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Performance Insights Retention period The amount of time, in days, to retain Performance Insights data. The retention setting in the free tier is Default (7 days). To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see Pricing and data retention for Performance Insights. For more information, see Turning Performance Insights on and off.	CLI option: `--performance-insights-retention-period` RDS API parameter: `PerformanceInsightsRetentionPeriod`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Processor features The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. For more information, see Configuring the processor for a DB instance class in RDS for Oracle.	CLI option: `--processor-features` and `--use-default-processor-features \| --no-use-default-processor-features` RDS API parameter: `ProcessorFeatures` and `UseDefaultProcessorFeatures`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	Only Oracle
Provisioned IOPS The Provisioned IOPS (I/O operations per second) value for the DB instance. This setting is available only if you choose one of the following for Storage type: General purpose SSD (gp3) Provisioned IOPS SSD (io1) For more information, see Provisioned IOPS SSD storage and Amazon RDS DB instance storage.	CLI option: `--iops` RDS API parameter: `Iops`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change.	All DB engines
Public access Publicly accessible to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC. Not publicly accessible to make the DB instance accessible only from inside the VPC. For more information, see Hiding a DB instance in a VPC from the internet. To connect to a DB instance from outside its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group. In addition, other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance. If your DB instance isn't publicly accessible, you can also use an Amazon Site-to-Site VPN connection or an Amazon Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy.	CLI option: `--publicly-accessible\|--no-publicly-accessible` RDS API parameter: `PubliclyAccessible`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Security group The VPC security group that you want associated with the DB instance. For more information, see Controlling access with security groups.	CLI option: `--vpc-security-group-ids` RDS API parameter: `VpcSecurityGroupIds`	The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Storage autoscaling Enable storage autoscaling to enable Amazon RDS to automatically increase storage when needed to avoid having your DB instance run out of storage space. Use Maximum storage threshold to set the upper limit for Amazon RDS to automatically increase storage for your DB instance. The default is 1,000 GiB. For more information, see Managing capacity automatically with Amazon RDS storage autoscaling.	CLI option: `--max-allocated-storage` RDS API parameter: `MaxAllocatedStorage`	The change occurs immediately. This setting ignores the apply immediately setting.	Downtime doesn't occur during this change.	All DB engines
Storage throughput The new storage throughput value for the DB instance. This setting is available only if you choose General purpose SSD (gp3) for Storage type. For more information, see Amazon RDS DB instance storage.	CLI option: `--storage-throughput` RDS API parameter: `StorageThroughput`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime doesn't occur during this change.	All DB engines
Storage type The storage type that you want to use. If you choose General Purpose SSD (gp3), you can provision additional Provisioned IOPS and Storage throughput under Advanced settings. If you choose Provisioned IOPS SSD (io1), enter the Provisioned IOPS value. After Amazon RDS begins to modify your DB instance to change the storage size or type, you can't submit another request to change the storage size, performance, or type for six hours. For more information, see Amazon RDS storage types.	CLI option: `--storage-type` RDS API parameter: `StorageType`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	The following changes all result in a brief downtime while the process starts. After that, you can use your database normally while the change takes place. From General Purpose (SSD) or Provisioned IOPS (SSD) to Magnetic. From Magnetic to General Purpose (SSD) or Provisioned IOPS (SSD).	All DB engines
DB subnet group The DB subnet group for the DB instance. You can use this setting to move your DB instance to a different VPC. For more information, see Amazon VPC VPCs and Amazon RDS.	CLI option: `--db-subnet-group-name` RDS API parameter: `DBSubnetGroupName`	If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.	Downtime occurs during this change.	All DB engines

Allocated storage

The storage, in gibibytes, that you want to allocate for your DB instance. You can only increase the allocated storage. You can't reduce the allocated storage.

You can't modify the storage of some older DB instances, or DB instances restored from older DB snapshots. The Allocated storage setting is disabled in the console if your DB instance isn't eligible. You can check whether you can allocate more storage by using the CLI command describe-valid-db-instance-modifications. This command returns the valid storage options for your DB instance.

You can't modify allocated storage if the DB instance status is storage-optimization. You also can't modify allocated storage for a DB instance if it's been modified in the last six hours.

The maximum storage allowed depends on your DB engine and the storage type. For more information, see Amazon RDS DB instance storage.

CLI option:

--allocated-storage

RDS API parameter:

AllocatedStorage

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change. Performance might be degraded during the change.

All DB engines

Architecture settings

The architecture of the database: CDB (single-tenant) or non-CDB. Oracle Database 21c uses CDB architecture only. Oracle Database 19c can use either CDB or non-CDB architecture. Releases lower than Oracle Database 19c use non-CDB only.

If you choose Multitenant architecture, RDS for Oracle converts your non-CDB into a CDB. This setting is supported only if your database is a non-CDB running Oracle Database 19c with the April 2021 or higher RU. After conversion, your CDB contains one pluggable database (PDB).

For more information, see Overview of RDS for Oracle CDBs.

CLI option:

--engine oracle-ee-cdb (multitenant)

--engine oracle-se2-cdb (multitenant)

API parameter:

Engine

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

Oracle

Auto minor version upgrade

Yes to enable your DB instance to receive preferred minor DB engine version upgrades automatically when they become available. Amazon RDS performs automatic minor version upgrades in the maintenance window. Otherwise, No.

For more information, see Automatically upgrading the minor engine version.

CLI option:

--auto-minor-version-upgrade|--no-auto-minor-version-upgrade

RDS API parameter:

AutoMinorVersionUpgrade

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Backup replication

Choose Enable replication to another Amazon Region to create backups in an additional Region for disaster recovery.

Then choose the Destination Region for the additional backups.

Not available when modifying a DB instance. For information on enabling cross-Region backups using the Amazon CLI or RDS API, see Enabling cross-Region automated backups.

The change is applied asynchronously, as soon as possible.

Downtime doesn't occur during this change.

Oracle, PostgreSQL, SQL Server

Backup retention period

The number of days that automatic backups are retained. To disable automatic backups, set the backup retention period to 0.

For more information, see Working with backups.

Note

If you use Amazon Backup to manage your backups, this option doesn't apply. For information about Amazon Backup, see the Amazon Backup Developer Guide.

CLI option:

--backup-retention-period

RDS API parameter:

BackupRetentionPeriod

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, and you change the setting from a nonzero value to another nonzero value, the change is applied asynchronously, as soon as possible. Otherwise, the change occurs during the next maintenance window.

Downtime occurs if you change from 0 to a nonzero value, or from a nonzero value to 0.

This applies to both Single-AZ and Multi-AZ DB instances.

All DB engines

Backup window

The time range during which automated backups of your databases occur. The backup window is a start time in Universal Coordinated Time (UTC), and a duration in hours.

For more information, see Working with backups.

Note

If you use Amazon Backup to manage your backups, this option doesn't appear. For information about Amazon Backup, see the Amazon Backup Developer Guide.

CLI option:

--preferred-backup-window

RDS API parameter:

PreferredBackupWindow

The change is applied asynchronously, as soon as possible.

Downtime doesn't occur during this change.

All DB engines

Certificate authority

The certificate authority (CA) for the server certificate used by the DB instance.

For more information, see Using SSL/TLS to encrypt a connection to a DB instance.

CLI option:

--ca-certificate-identifier

RDS API parameter:

CACertificateIdentifier

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime only occurs if the DB engine doesn't support rotation without restart. You can use the describe-db-engine-versions Amazon CLI command to determine whether the DB engine supports rotation without restart.

All DB engines

Copy tags to snapshots

If you have any DB instance tags, enable this option to copy them when you create a DB snapshot.

For more information, see Tagging Amazon RDS resources.

CLI option:

--copy-tags-to-snapshot or --no-copy-tags-to-snapshot

RDS API parameter:

CopyTagsToSnapshot

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Database port

The port that you want to use to access the DB instance.

The port value must not match any of the port values specified for options in the option group that is associated with the DB instance.

For more information, see Connecting to an Amazon RDS DB instance.

CLI option:

--db-port-number

RDS API parameter:

DBPortNumber

The change occurs immediately. This setting ignores the apply immediately setting.

The DB instance is rebooted immediately.

All DB engines

DB engine version

The version of the DB engine that you want to use. Before you upgrade your production DB instance, we recommend that you test the upgrade process on a test DB instance. Doing this helps verify its duration and validate your applications.

For more information, see Upgrading a DB instance engine version.

CLI option:

--engine-version

RDS API parameter:

EngineVersion

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

All DB engines

DB instance class

The DB instance class that you want to use.

For more information, see DB instance classes.

CLI option:

--db-instance-class

RDS API parameter:

DBInstanceClass

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

All DB engines

DB instance identifier

The new DB instance identifier. This value is stored as a lowercase string.

For more information about the effects of renaming a DB instance, see Renaming a DB instance.

CLI option:

--new-db-instance-identifier

RDS API parameter:

NewDBInstanceIdentifier

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change unless your DB engine version supports dynamic SSL upload. To determine whether your version requires a restart, run the following Amazon CLI command:


aws rds describe-db-engine-versions \
--default-only \
--engine your-db-engine \
--query 'DBEngineVersions[*].SupportsCertificateRotationWithoutRestart'

All DB engines

DB parameter group

The DB parameter group that you want associated with the DB instance.

For more information, see Working with parameter groups.

CLI option:

--db-parameter-group-name

RDS API parameter:

DBParameterGroupName

The parameter group change occurs immediately.

Downtime doesn't occur during this change.

When you associate a new DB parameter group with a DB instance, the modified static and dynamic parameters are applied only after the DB instance is rebooted. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these changes are applied immediately without a reboot.

For more information, see Working with parameter groups and Rebooting a DB instance.

All DB engines

Deletion protection

Enable deletion protection to prevent your DB instance from being deleted.

For more information, see Deleting a DB instance.

CLI option:

--deletion-protection|--no-deletion-protection

RDS API parameter:

DeletionProtection

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Enhanced Monitoring

Enable Enhanced Monitoring to enable gathering metrics in real time for the operating system that your DB instance runs on.

For more information, see Monitoring OS metrics with Enhanced Monitoring.

CLI option:

--monitoring-interval and --monitoring-role-arn

RDS API parameter:

MonitoringInterval and MonitoringRoleArn

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

IAM DB authentication

Enable IAM DB authentication to authenticate database users through users and roles.

For more information, see IAM database authentication for MariaDB, MySQL, and PostgreSQL.

CLI option:

--enable-iam-database-authentication|--no-enable-iam-database-authentication

RDS API parameter:

EnableIAMDatabaseAuthentication

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change.

Only MariaDB, MySQL, and PostgreSQL

Kerberos authentication

Choose the Active Directory to move the DB instance to. The directory must exist prior to this operation. If a directory is already selected, you can specify None to remove the DB instance from its current directory.

For more information, see Kerberos authentication.

CLI option:

--domain and --domain-iam-role-name

RDS API parameter:

Domain and DomainIAMRoleName

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

A brief downtime occurs during this change.

Only Microsoft SQL Server, MySQL, Oracle, and PostgreSQL

License model

Choose bring-your-own-license to use your license for Oracle.

Choose license-included to use the general license agreement for Microsoft SQL Server or Oracle.

For more information, see Licensing Microsoft SQL Server on Amazon RDS and RDS for Oracle licensing options.

CLI option:

--license-model

RDS API parameter:

LicenseModel

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

Only Microsoft SQL Server and Oracle

Log exports

The types of database log files to publish to Amazon CloudWatch Logs.

For more information, see Publishing database logs to Amazon CloudWatch Logs.

CLI option:

--cloudwatch-logs-export-configuration

RDS API parameter:

CloudwatchLogsExportConfiguration

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Maintenance window

The time range during which system maintenance occurs. System maintenance includes upgrades, if applicable. The maintenance window is a start time in Universal Coordinated Time (UTC), and a duration in hours.

If you set the window to the current time, there must be at least 30 minutes between the current time and the end of the window. This timing helps ensure that any pending changes are applied.

For more information, see The Amazon RDS maintenance window.

CLI option:

--preferred-maintenance-window

RDS API parameter:

PreferredMaintenanceWindow

The change occurs immediately. This setting ignores the apply immediately setting.

If there are one or more pending actions that cause downtime, and the maintenance window is changed to include the current time, those pending actions are applied immediately and downtime occurs.

All DB engines

Manage master credentials in Amazon Secrets Manager

Select Manage master credentials in Amazon Secrets Manager to manage the master user password in a secret in Secrets Manager.

Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account.

If RDS is already managing the master user password for the DB instance, you can rotate the master user password by choosing Rotate secret immediately.

For more information, see Password management with Amazon RDS and Amazon Secrets Manager.

CLI option:

--manage-master-user-password | --no-manage-master-user-password

--master-user-secret-kms-key-id

--rotate-master-user-password | --no-rotate-master-user-password

RDS API parameter:

ManageMasterUserPassword

MasterUserSecretKmsKeyId

RotateMasterUserPassword

If you are turning on or turning off automatic master user password management, the change occurs immediately. This change ignores the apply immediately setting.

If you are rotating the master user password, you must specify that the change is applied immediately.

Downtime doesn't occur during this change.

All DB engines

Multi-AZ deployment

Yes to deploy your DB instance in multiple Availability Zones. Otherwise, No.

For more information, see Configuring and managing a Multi-AZ deployment.

CLI option:

--multi-az|--no-multi-az

RDS API parameter:

MultiAZ

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change. However, there is a possible performance impact. For more information, see Modifying a DB instance to be a Multi-AZ DB instance deployment.

All DB engines

Network type

The IP addressing protocols supported by the DB instance.

IPv4 to specify that resources can communicate with the DB instance only over the Internet Protocol version 4 (IPv4) addressing protocol.

Dual-stack mode to specify that resources can communicate with the DB instance over IPv4, Internet Protocol version 6 (IPv6), or both. Use dual-stack mode if you have any resources that must communicate with your DB instance over the IPv6 addressing protocol. Also, make sure that you associate an IPv6 CIDR block with all subnets in the DB subnet group that you specify.

For more information, see Amazon RDS IP addressing.

CLI option:

--network-type

RDS API parameter:

NetworkType

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime is possible during this change.

All DB engines

New master password

The password for your master user. The password must contain 8–41 alphanumeric characters.

CLI option:

--master-user-password

RDS API parameter:

MasterUserPassword

The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Option group

The option group that you want associated with the DB instance.

For more information, see Working with option groups.

CLI option:

--option-group-name

RDS API parameter:

OptionGroupName

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change. One exception is adding the MariaDB Audit Plugin to an RDS for MariaDB or RDS for MySQL DB instance, which might cause an outage.

All DB engines

Performance Insights

Enable Performance Insights to monitor your DB instance load so that you can analyze and troubleshoot your database performance.

Performance Insights isn't available for some DB engine versions and DB instance classes. The Performance Insights section doesn't appear in the console if it isn't available for your DB instance.

For more information, see Monitoring DB load with Performance Insights on Amazon RDS and Amazon RDS DB engine, Region, and instance class support for Performance Insights.

CLI option:

--enable-performance-insights|--no-enable-performance-insights

RDS API parameter:

EnablePerformanceInsights

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Performance Insights Amazon KMS key

The Amazon KMS key identifier for the Amazon KMS key for encryption of Performance Insights data. The key identifier is the Amazon Resource Name (ARN), Amazon KMS key identifier, or the key alias for the KMS key.

For more information, see Turning Performance Insights on and off.

CLI option:

--performance-insights-kms-key-id

RDS API parameter:

PerformanceInsightsKMSKeyId

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Performance Insights Retention period

The amount of time, in days, to retain Performance Insights data. The retention setting in the free tier is Default (7 days). To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see Pricing and data retention for Performance Insights.

For more information, see Turning Performance Insights on and off.

CLI option:

--performance-insights-retention-period

RDS API parameter:

PerformanceInsightsRetentionPeriod

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Processor features

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

For more information, see Configuring the processor for a DB instance class in RDS for Oracle.

CLI option:

--processor-features and --use-default-processor-features | --no-use-default-processor-features

RDS API parameter:

ProcessorFeatures and UseDefaultProcessorFeatures

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

Only Oracle

Provisioned IOPS

The Provisioned IOPS (I/O operations per second) value for the DB instance. This setting is available only if you choose one of the following for Storage type:

General purpose SSD (gp3)
Provisioned IOPS SSD (io1)

For more information, see Provisioned IOPS SSD storage and Amazon RDS DB instance storage.

CLI option:

--iops

RDS API parameter:

Iops

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change.

All DB engines

Public access

Publicly accessible to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC.

Not publicly accessible to make the DB instance accessible only from inside the VPC.

For more information, see Hiding a DB instance in a VPC from the internet.

To connect to a DB instance from outside its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group. In addition, other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance.

If your DB instance isn't publicly accessible, you can also use an Amazon Site-to-Site VPN connection or an Amazon Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy.

CLI option:

--publicly-accessible|--no-publicly-accessible

RDS API parameter:

PubliclyAccessible

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Security group

The VPC security group that you want associated with the DB instance.

For more information, see Controlling access with security groups.

CLI option:

--vpc-security-group-ids

RDS API parameter:

VpcSecurityGroupIds

The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Storage autoscaling

Enable storage autoscaling to enable Amazon RDS to automatically increase storage when needed to avoid having your DB instance run out of storage space.

Use Maximum storage threshold to set the upper limit for Amazon RDS to automatically increase storage for your DB instance. The default is 1,000 GiB.

For more information, see Managing capacity automatically with Amazon RDS storage autoscaling.

CLI option:

--max-allocated-storage

RDS API parameter:

MaxAllocatedStorage

The change occurs immediately. This setting ignores the apply immediately setting.

Downtime doesn't occur during this change.

All DB engines

Storage throughput

The new storage throughput value for the DB instance. This setting is available only if you choose General purpose SSD (gp3) for Storage type.

For more information, see Amazon RDS DB instance storage.

CLI option:

--storage-throughput

RDS API parameter:

StorageThroughput

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime doesn't occur during this change.

All DB engines

Storage type

The storage type that you want to use.

If you choose General Purpose SSD (gp3), you can provision additional Provisioned IOPS and Storage throughput under Advanced settings.

If you choose Provisioned IOPS SSD (io1), enter the Provisioned IOPS value.

After Amazon RDS begins to modify your DB instance to change the storage size or type, you can't submit another request to change the storage size, performance, or type for six hours.

For more information, see Amazon RDS storage types.

CLI option:

--storage-type

RDS API parameter:

StorageType

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

The following changes all result in a brief downtime while the process starts. After that, you can use your database normally while the change takes place.

From General Purpose (SSD) or Provisioned IOPS (SSD) to Magnetic.
From Magnetic to General Purpose (SSD) or Provisioned IOPS (SSD).

All DB engines

DB subnet group

The DB subnet group for the DB instance. You can use this setting to move your DB instance to a different VPC.

For more information, see Amazon VPC VPCs and Amazon RDS.

CLI option:

--db-subnet-group-name

RDS API parameter:

DBSubnetGroupName

If you choose to apply the change immediately, it occurs immediately.

If you don't choose to apply the change immediately, it occurs during the next maintenance window.

Downtime occurs during this change.

All DB engines

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Connecting a Lambda function

Maintaining a DB instance