The following table contains details about settings that you choose when you create an Aurora DB cluster.
NoteAdditional settings are available if you are creating an Aurora Serverless DB cluster. For information about these settings, see Creating an Aurora Serverless v1 DB cluster (p. 163).
Also, some settings aren't available for Aurora Serverless because of Aurora Serverless limitations. For more information, see Limitations of Aurora Serverless v1 (p. 150).
Console setting Setting description CLI option and RDS API parameter Auto minor version
upgrade Choose Enable auto minor version upgrade if you want to enable your Aurora DB cluster to receive preferred minor version upgrades to the DB engine automatically when they become available.
The Auto minor version upgrade setting applies to both Aurora PostgreSQL and Aurora MySQL DB clusters. For Aurora MySQL version 1 and version 2 clusters, this setting upgrades the clusters to a maximum version of 1.22.2 and 2.07.2, respectively.
For more information about engine updates for Aurora PostgreSQL, see Amazon Aurora PostgreSQL updates (p. 1602).
For more information about engine updates for Aurora MySQL, see Database engine updates for Amazon Aurora MySQL (p. 1086).
Set this value for every DB instance in your Aurora cluster. If any DB instance in your cluster has this setting turned off, the cluster isn't automatically upgraded.
Using the AWS CLI, run create-db-instance and set the --auto- minor-version-upgrade|--no-auto-minor-version-upgrade option.
Using the RDS API, call
CreateDBInstance and set the AutoMinorVersionUpgrade parameter.
AWS KMS key Only available if Encryption is set to Enable encryption. Choose the AWS KMS key to use for encrypting this DB cluster. For more information, see Encrypting Amazon Aurora resources (p. 1720).
Using the AWS CLI, run create-db-cluster and set the --kms-key-id option.
Using the RDS API, call
CreateDBCluster and set the KmsKeyId parameter.
Backtrack Applies only to Aurora MySQL.
Choose Enable Backtrack to enable backtracking or Disable Backtrack to disable backtracking. Using
Using the AWS CLI, run create-db-cluster and set the --backtrack-window option.
Available settings
Console setting Setting description CLI option and RDS API parameter backtracking, you can rewind a DB
cluster to a specific time, without creating a new DB cluster. It is disabled by default. If you enable backtracking, also specify the amount of time that you want to be able to backtrack your DB cluster (the target backtrack window). For more information, see Backtracking an Aurora DB cluster (p. 821).
Using the RDS API, call
CreateDBCluster and set the BacktrackWindow parameter.
Copy tags to snapshots Choose this option to copy any DB instance tags to a DB snapshot when you create a snapshot.
For more information, see Tagging Amazon RDS resources (p. 477).
Using the AWS CLI, run create-db-cluster and set the --copy-tags-to-snapshot | --no-copy-tags-to-snapshot option.
Using the RDS API, call
CreateDBCluster and set the CopyTagsToSnapshot parameter.
Database
authentication The database authentication you want to use.
For MySQL:
• Choose Password authentication to authenticate database users with database passwords only.
• Choose Password and IAM database authentication to authenticate database users with database passwords and user credentials through IAM users and roles. For more information, see IAM database through IAM users and roles.
For more information, see IAM database authentication (p. 1754).
• Choose Kerberos authentication to authenticate database
passwords and user credentials using Kerberos authentication.
For more information, see Using Kerberos authentication with Aurora PostgreSQL (p. 1539).
To use IAM database authentication with the AWS CLI, run create-db-cluster and set the --enable-iam-database-authentication
| --no-enable-iam-database-authentication option.
To use IAM database authentication with the RDS API, call
CreateDBCluster and set the
EnableIAMDatabaseAuthentication parameter.
To use Kerberos authentication with the AWS CLI, run create-db-cluster and set the --domain and --domain-iam-role-name options.
To use Kerberos authentication with the RDS API, call CreateDBCluster and set the Domain and
DomainIAMRoleName parameters.
Available settings
Console setting Setting description CLI option and RDS API parameter Database port Specify the port for applications
and utilities to use to access the database. Aurora MySQL DB clusters default to the default MySQL port, 3306, and Aurora PostgreSQL DB clusters default to the default PostgreSQL port, 5432. The firewalls at some companies block connections to these default ports.
If your company firewall blocks the default port, choose another port for the new DB cluster.
Using the AWS CLI, run create-db-cluster and set the --port option.
Using the RDS API, call
CreateDBCluster and set the Port parameter.
DB cluster identifier Enter a name for your DB cluster that is unique for your account in the AWS Region that you chose.
This identifier is used in the cluster endpoint address for your DB cluster.
For information on the cluster endpoint, see Amazon Aurora connection management (p. 32).
The DB cluster identifier has the following constraints:
• It must contain from 1 to 63 alphanumeric characters or hyphens.
• Its first character must be a letter.
• It cannot end with a hyphen or contain two consecutive hyphens.
• It must be unique for all DB clusters per AWS account, per AWS Region.
Using the AWS CLI, run create-db-cluster and set the --db-cluster-identifier option.
Using the RDS API, call
CreateDBCluster and set the DBClusterIdentifier parameter.
DB cluster parameter
group Choose a DB cluster parameter
group. Aurora has a default DB cluster parameter group you can use, or you can create your own DB cluster parameter group. For more information about DB cluster parameter groups, see Working with parameter groups (p. 342).
Using the AWS CLI, run create-db-cluster and set the --db-cluster-parameter-group-name option.
Using the RDS API, call
CreateDBCluster and set the DBClusterParameterGroupName parameter.
DB instance class Applies only to the provisioned capacity type. Choose a DB instance class that defines the processing and memory requirements for each instance in the DB cluster. For more information about DB instance classes, see Aurora DB instance classes (p. 54).
Set this value for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the --db-instance-class option.
Using the RDS API, call
CreateDBInstance and set the DBInstanceClass parameter.
Available settings
Console setting Setting description CLI option and RDS API parameter DB parameter group Choose a parameter group. Aurora
has a default parameter group you can use, or you can create your own parameter group. For more information about parameter groups, see Working with parameter groups (p. 342).
Set this value for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the --db-parameter-group-name option.
Using the RDS API, call CreateDBInstance and set the DBParameterGroupName parameter.
Enable deletion
protection Choose Enable deletion protection to prevent your DB cluster from being deleted. If you create a production DB cluster with the console, deletion protection is enabled by default.
Using the AWS CLI, run create-db-cluster and set the --deletion-protection | --no-deletion-protection option.
Using the RDS API, call
CreateDBCluster and set the DeletionProtection parameter.
Enable encryption Choose Enable encryption to enable encryption at rest for this DB cluster. For more information, see Encrypting Amazon Aurora resources (p. 1720).
Using the AWS CLI, run create-db-cluster and set the --storage-encrypted | --no-storage-encrypted option.
Using the RDS API, call
CreateDBCluster and set the StorageEncrypted parameter.
Enable Enhanced
Monitoring Choose Enable enhanced monitoring to enable gathering metrics in real time for the operating system that your DB cluster
runs on. For more information, see Monitoring OS metrics with Enhanced Monitoring (p. 630).
Set these values for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the monitoring-interval and --monitoring-role-arn options.
Using the RDS API, call CreateDBInstance and set the MonitoringInterval and MonitoringRoleArn parameters.
Available settings
Console setting Setting description CLI option and RDS API parameter Enable Performance
Insights Choose Enable Performance
Insights to enable Amazon RDS Performance Insights. For more information, see Monitoring DB load with Performance Insights on Amazon Aurora (p. 576).
Set these values for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the --enable-performance-insights |
Using the RDS API, call
CreateDBInstance and set the EnablePerformanceInsights, PerformanceInsightsKMSKeyId, and
PerformanceInsightsRetentionPeriod parameters.
Engine type Choose the database engine to be
used for this DB cluster. Using the AWS CLI, run create-db-cluster and set the --engine option.
Using the RDS API, call
CreateDBCluster and set the Engine parameter.
Engine version Applies only to the provisioned capacity type. Choose the version number of your DB engine.
Using the AWS CLI, run create-db-cluster and set the --engine-version option.
Using the RDS API, call
CreateDBCluster and set the EngineVersion parameter.
Failover priority Choose a failover priority for the instance. If you don't choose a value, the default is tier-1. This priority determines the order in which Aurora Replicas are promoted when recovering from a primary instance failure. For more information, see Fault tolerance for an Aurora DB cluster (p. 69).
Set this value for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the --promotion-tier option.
Using the RDS API, call
CreateDBInstance and set the PromotionTier parameter.
Available settings
Console setting Setting description CLI option and RDS API parameter Initial database name Enter a name for your default
database. If you don't provide a name for an Aurora MySQL DB cluster, Amazon RDS doesn't create a database on the DB cluster you are creating. If you don't provide a name for an Aurora PostgreSQL DB cluster, Amazon RDS creates a database named postgres.
For Aurora MySQL, the default database name has these constraints:
• It must contain 1–64 alphanumeric characters.
• It can't be a word reserved by the database engine.
For Aurora PostgreSQL, the default database name has these constraints:
• It must contain 1–63 alphanumeric characters.
• It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0–9).
• It can't be a word reserved by the database engine.
To create additional databases, connect to the DB cluster and use the SQL command CREATE DATABASE. For more information about connecting to the DB cluster, see Connecting to an Amazon Aurora DB cluster (p. 284).
Using the AWS CLI, run create-db-cluster and set the --database-name option.
Using the RDS API, call
CreateDBCluster and set the DatabaseName parameter.
Log exports In the Log exports section, choose the logs that you want to start publishing to Amazon CloudWatch Logs. For more information about publishing Aurora MySQL logs to CloudWatch Logs, see Publishing Amazon Aurora MySQL logs to Amazon CloudWatch Logs (p. 1021).
For more information about publishing Aurora PostgreSQL logs to CloudWatch Logs, see Publishing Aurora PostgreSQL logs to Amazon CloudWatch Logs (p. 1492).
Using the AWS CLI, run create-db-cluster and set the --enable-cloudwatch-logs-exports option.
Using the RDS API, call
CreateDBCluster and set the EnableCloudwatchLogsExports parameter.
Available settings
Console setting Setting description CLI option and RDS API parameter Maintenance window Choose Select window and specify
the weekly time range during which system maintenance can occur. Or choose No preference for Amazon RDS to assign a period randomly.
Using the AWS CLI, run create-db-cluster and set the
--preferred-maintenance-window option.
Using the RDS API, call
CreateDBCluster and set the PreferredMaintenanceWindow parameter.
Master password Enter a password to log on to your DB cluster:
• For Aurora MySQL, the password must contain 8–41 printable ASCII characters.
• For Aurora PostgreSQL, it must contain 8–128 printable ASCII characters.
• It can't contain /, ", @, or a space.
Using the AWS CLI, run create-db-cluster and set the --master-user-password option.
Using the RDS API, call
CreateDBCluster and set the MasterUserPassword parameter.
Master username Enter a name to use as the master user name to log on to your DB cluster:
• For Aurora MySQL, the name must contain 1–16 alphanumeric characters.
• For Aurora PostgreSQL, it must contain 1–63 alphanumeric characters.
• The first character must be a letter.
• The name can't be a word reserved by the database engine.
Using the AWS CLI, run create-db-cluster and set the --master-username option.
Using the RDS API, call
CreateDBCluster and set the MasterUsername parameter.
Multi-AZ deployment Applies only to the provisioned capacity type. Determine if you want to create Aurora Replicas in other Availability Zones for failover support. If you choose Create Replica in Different Zone, then Amazon RDS creates an Aurora Replica for you in your DB cluster in a different Availability Zone than the primary instance for your DB cluster.
For more information about multiple Availability Zones, see Regions and Availability Zones (p. 11).
Using the AWS CLI, run create-db-cluster and set the --availability-zones option.
Using the RDS API, call
CreateDBCluster and set the AvailabilityZones parameter.
Available settings
Console setting Setting description CLI option and RDS API parameter Option group Aurora has a default option group. Using the AWS CLI, run
create-db-cluster and set the --option-group-name option.
Using the RDS API, call
CreateDBCluster and set the OptionGroupName parameter.
Public access Choose Publicly accessible to give the DB cluster a public IP address, or choose Not publicly accessible.
The instances in your DB cluster can be a mix of both public and private DB instances. For more information about hiding instances from public access, see Hiding a DB instance in a VPC from the internet (p. 1800).
To connect to a DB instance from outside of its Amazon VPC, the DB instance must be publicly accessible, access must be granted using the inbound rules of the DB instance's security group, and other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance (p. 1825).
If your DB instance is isn't publicly accessible, you can also use an AWS Site-to-Site VPN connection or an AWS Direct Connect connection to access it from a private network. For more information, see Internetwork traffic privacy (p. 1734).
Set this value for every DB instance in your Aurora cluster.
Using the AWS CLI, run create-db-instance and set the --publicly-accessible | --no-publicly-accessible option.
Using the RDS API, call
CreateDBInstance and set the PubliclyAccessible parameter.
Retention period Choose the length of time, from 1 to 35 days, that Aurora retains backup copies of the database. Backup copies can be used for point-in-time restores (PITR) of your database down to the second.
Using the AWS CLI, run create-db-cluster and set the --backup-retention-period option.
Using the RDS API, call
CreateDBCluster and set the BackupRetentionPeriod parameter.
Subnet group Choose the DB subnet group to use for the DB cluster. For more information, see DB cluster prerequisites (p. 125).
Using the AWS CLI, run create-db-cluster and set the --db-subnet-group-name option.
Using the RDS API, call
CreateDBCluster and set the DBSubnetGroupName parameter.
Settings that don't apply to Aurora for DB clusters
Console setting Setting description CLI option and RDS API parameter Virtual Private Cloud
(VPC) Choose the VPC to host the DB
cluster. Choose Create a New VPC to have Amazon RDS create a VPC for you. For more information, see DB cluster prerequisites (p. 125).
For the AWS CLI and API, you specify the VPC security group IDs.
VPC security group Choose Create new to have Amazon RDS create a VPC security group for you. Or choose Choose existing and specify one or more VPC security groups to secure network access to the DB cluster.
When you choose Create new in the RDS console, a new security group is created with an inbound rule that allows access to the DB instance from the IP address detected in your browser.
For more information, see DB cluster prerequisites (p. 125).
Using the AWS CLI, run create-db-cluster and set the --vpc-security-group-ids option.
Using the RDS API, call
CreateDBCluster and set the VpcSecurityGroupIds parameter.