Configuration template to launch an Aurora cluster with MySQL compatibility with one or more instances. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an Aurora cluster with PostgreSQL compatibility with one or more instances. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running MySQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running PostgreSQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running MariaDB. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Configuration template to launch an RDS instance running Microsoft SQL Server Standard (Enterprise, Web and Express are also supported). The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Create an RDS DB subnet group which is a collection of VPC subnets that are designated for database instances

This template creates an option group that specifies the Microsoft SQL Server native backup and restore option for the SQL Server DB engine version 12.00. The option group has an option setting `IAM_ROLE_ARN` with a value of `arn:aws:iam::333333333333333:role/service-role/sqlserverrestore`.

This template creates an option group that specifies the `MEMCACHED` option for the MySQL DB engine version 8.0. The option group has a port number of 1234 and is associated with a VPC security group. The `MEMCACHED` option has two additional settings: `CHUNK_SIZE` with a value of 32 and `BINDING_PROTOCOL` with a value of `ascii`.

This template creates an option group with two option configurations (`OEM` and `APEX`). The option group is for the Oracle DB engine version 12.1. The `OEM` option has a port number of 5500 and is associated with the default DB security group. The `APEX` option does not have any additional properties.

This template creates a new Aurora DB cluster, attaches it to a global database cluster (ExistingGlobalClusterId) as a read-only secondary cluster, and adds a DB instance to the new DB cluster. It includes a parameter for the global cluster identifier. The resources created include the Aurora DB cluster and the DB instance.

This template creates a global database cluster with an Aurora PostgreSQL DB cluster and DB instance. The resources created include the global cluster, the Aurora PostgreSQL DB cluster, and the DB instance.

This template creates a global database cluster with an Aurora MySQL DB cluster and DB instance. The resources created include the global cluster, the Aurora MySQL DB cluster, and the DB instance.

This template creates an RDS DB subnet group with two new subnets (in vpc-123456).

This template creates an RDS DB security group with multiple VPC security groups. The DB instance is associated with the security group using the `DBSecurityGroups` property. The security group allows ingress from two EC2 security groups specified by their IDs and owner IDs.

This template creates a custom DB proxy endpoint. It creates an AWS::RDS::DBProxyEndpoint resource with the specified properties. The properties include the DBProxyEndpointName, DBProxyName, VpcSubnetIds, VpcSecurityGroupIds, and TargetRole.

This template creates a DB proxy and registers a DB instance. It creates an AWS::RDS::DBProxy resource with properties such as DebugLogging, DBProxyName, EngineFamily, IdleClientTimeout, RequireTLS, Auth, and VpcSubnetIds. It also creates an AWS::RDS::DBProxyTargetGroup resource with properties such as DBProxyName, DBInstanceIdentifiers, TargetGroupName, and ConnectionPoolConfigurationInfo. It includes an IAM role to allow the template to access the secret which stores the RDS database password

This template creates a custom parameter group for an RDS database family. The parameter group is created for a MySQL DB instance and sets the `sql_mode`, `max_allowed_packet`, and `innodb_buffer_pool_size` parameters.

This template creates an encrypted read replica from a cross-region source DB instance (SourceDBInstanceIdentifier). The template also creates a KMS key for encryption.

This template creates an Amazon RDS MySQL DB instance with Enhanced Monitoring enabled. The DB instance is created with the specified parameters such as DB instance ID, DB name, DB instance class, allocated storage, username, and password. The template also specifies the engine version and the IAM role for Enhanced Monitoring.

This template creates a new Amazon RDS DB cluster parameter group. The parameter group is created for an Aurora MySQL DB cluster and sets the `time_zone` and `character_set_database` parameters.

This template creates an AWS CloudFormation stack with the AWS::RDS::DBInstance resource. The DB instance is created with the specified parameters such as master username, DB instance class, engine, allocated storage, auto minor version upgrade, and manage master user password. The template also creates a KMS key for encryption and sets the master user secret to use the KMS key.

This template creates an Amazon Aurora Serverless v1 DB cluster. The template includes a Secrets Manager secret for generating and storing the database password. The DB cluster uses the specified engine version and has a serverless engine mode. The scaling configuration is set to automatically pause the cluster after a specified number of seconds of inactivity.

This template creates an Amazon Aurora Serverless v2 DB cluster. The template includes a Secrets Manager secret for generating and storing the database password, as well as the minimum and maximum capacity for the cluster. The DB cluster uses the specified engine version and the db.serverless instance class.

This template creates an Amazon Aurora PostgreSQL DB cluster that exports logs to Amazon CloudWatch Logs. The template includes a Secrets Manager secret for generating and storing a password for the database. It also creates a cluster parameter group and a parameter group for configuring the cluster and instances. The DB instances are publicly accessible and use the db.r5.large instance class.

This template creates an Amazon Aurora DB cluster with two DB instances. The template uses AWS Secrets Manager for storing the password. It also creates a cluster parameter group and a parameter group for configuring the cluster and instances. The DB instances are publicly accessible and use the db.r3.xlarge instance class.

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

This template creates an AWS DMS replication task with the specified properties. The replication task is used to migrate data from a source endpoint to a target endpoint. The template includes the source endpoint ARN, target endpoint ARN, replication instance ARN, migration type, and table mappings.

This template creates an AWS DMS replication subnet group. The subnet group must contain at least two subnets in two different Availability Zones in the same AWS Region.

This template creates an AWS DMS replication instance with the specified replication instance class.

This template creates an event subscription for AWS Database Migration Service. It allows you to receive notifications for events related to the service through Amazon Simple Notification Service. The event subscription is associated with a specific replication instance and is configured to send notifications for specific event categories. The template also specifies the Amazon SNS topic ARN to which the notifications will be sent.

This template creates an AWS DMS endpoint with the specified properties. The endpoint is of type 'target' and uses the MySQL engine. It connects to the server 'server.db.amazon.com' on port 1234 with the provided username and password. The database name is 'my-db'. It also includes a tag with key 'type' and value 'new'.

This template creates an SSL certificate for encrypting connections between AWS DMS endpoints and the replication instance.

Custom RDS Event Subscription template to allow users to configure notifications for RDS Events (provided through an SNS topic)

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure events for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for failure, low storage, and availability event categories for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for backup events for RDS Instances.

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Snapshot events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Cluster Snapshot events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Parameter Group configuration changes events

RDS Event Subscriptions allow users to configure notifications for RDS Events (provided through an SNS topic). This template configures an event subscription for RDS Security Group configuration changes events

A policy that allows restoring RDS databases. This policy also provides the permissions necessary to complete this action programmatically and in the console.

A policy that allows tag owners full access to RDS resources that they have tagged (Tag key: Owner, Tag Value: <IAM username>). This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

An IAM policy that allows users to only launch RDS instances of a specific instance type and database engine (Default: t2.micro and mysql).

An IAM policy that grants permissions to allow a user to only create a DB instance that must use specific DB parameter group and DB security group.

An IAM policy that prevents a user from deleting a specific DB instance.

Checks whether storage encryption is enabled for your RDS DB instances.

Checks whether high availability is enabled for your RDS DB instances. (Note: This rule does not evaluate Amazon Aurora databases.)

Check that no RDS Instances are in Public Subnet.

A config rule that checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances

A Config rule that checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.

A config rule that checks whether RDS DB instances have backups enabled. Optionally, the rule checks the backup retention period and the backup window.

A config rule that checks whether the Amazon Relational Database Service instances are not publicaly accessible. The rule is NON_COMPLIANT if the publiclyAccessible field is true in the instance configuration item.

A config rule that checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. The rule is NON_COMPLIANT, if Amazon RDS DB snapshots are not encrypted.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled. This rule is NON_COMPLIANT if an RDS cluster does not have deletion protection enabled.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have deletion protection enabled i.e deletionProtection is set to false.

A config rule that checks if an Amazon Relational Database Service (Amazon RDS) instance has AWS Identity and Access Management (IAM) authentication enabled. This rule is NON_COMPLIANT if an Amazon RDS instance does not have AWS IAM authentication enabled i.e configuration.iAMDatabaseAuthenticationEnabled is set to false.

A config rule that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled. The rule is NON_COMPLIANT if any log types are not enabled.

A Config rule that checks whether Amazon RDS database is present in back plans of AWS Backup. The rule is NON_COMPLIANT if Amazon RDS databases are not included in any AWS Backup plan.

A Config rule that checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group. The rule is NON_COMPLIANT is there are any DB security groups that are not the default DB security group.

A Config rule that checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value. This rule will only run on RDS database instances. The rule is NON_COMPLIANT if the admin username is set to the default value.

A Config rule that checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value. This rule will only run on RDS database instances. The rule is NON_COMPLIANT if the admin username is set to the default value.

A Config rule that checks if an Amazon Aurora MySQL cluster has backtracking enabled. This rule is NON_COMPLIANT if the Aurora cluster uses MySQL and it does not have backtracking enabled.

A Config rule that checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades. The rule is NON_COMPLIANT if the value of autoMinorVersionUpgrade is false.

A Config rule that checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled. The rule is NON_COMPLIANT if an RDS Cluster does not have IAM authentication enabled.

Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value. The rule is NON_COMPLIANT if the admin username is set to the default value.

Checks if an Amazon Relational Database Service (Amazon RDS) cluster is encrypted at rest. The rule is NON_COMPLIANT if an Amazon RDS cluster is not encrypted at rest.

Checks if Multi-Availability Zone (Multi-AZ) replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS). The rule is NON_COMPLIANT if an Amazon RDS instance is not configured with Multi-AZ.

A security group that allows inbound access to a Maria DB instance.

A security group that allows inbound access to a Microsoft SQL server instance.

A security group that allows inbound access to a MySQL server instance.

A security group that allows inbound access to an Oracle server instance.

A security group that allows inbound access to an PostgreSQL server instance.