feat(client-rds): This release adds support for specifying the CA certificate to use for the new db instance when restoring from db snapshot, restoring from s3, restoring to point in time, and creating a db instance read replica.

Author: awstools

clients/client-rds/src/commands/CreateDBInstanceReadReplicaCommand.ts

@@ -108,6 +108,7 @@ export interface CreateDBInstanceReadReplicaCommandOutput extends CreateDBInstan
  *   SourceDBClusterIdentifier: "STRING_VALUE",
  *   DedicatedLogVolume: true || false,
  *   UpgradeStorageConfig: true || false,
+ *   CACertificateIdentifier: "STRING_VALUE",
  * };
  * const command = new CreateDBInstanceReadReplicaCommand(input);
  * const response = await client.send(command);
@@ -345,6 +346,11 @@ export interface CreateDBInstanceReadReplicaCommandOutput extends CreateDBInstan
  * @see {@link CreateDBInstanceReadReplicaCommandOutput} for command's `response` shape.
  * @see {@link RDSClientResolvedConfig | config} for RDSClient's `config` shape.
  *
+ * @throws {@link CertificateNotFoundFault} (client fault)
+ *  <p>
+ *             <code>CertificateIdentifier</code> doesn't refer to an
+ *         existing certificate.</p>
+ *
  * @throws {@link DBClusterNotFoundFault} (client fault)
  *  <p>
  *             <code>DBClusterIdentifier</code> doesn't refer to an existing DB cluster.</p>

clients/client-rds/src/commands/RestoreDBInstanceFromDBSnapshotCommand.ts

@@ -109,6 +109,7 @@ export interface RestoreDBInstanceFromDBSnapshotCommandOutput
  *   DBClusterSnapshotIdentifier: "STRING_VALUE",
  *   AllocatedStorage: Number("int"),
  *   DedicatedLogVolume: true || false,
+ *   CACertificateIdentifier: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceFromDBSnapshotCommand(input);
  * const response = await client.send(command);
@@ -354,6 +355,11 @@ export interface RestoreDBInstanceFromDBSnapshotCommandOutput
  *
  * @throws {@link BackupPolicyNotFoundFault} (client fault)
  *
+ * @throws {@link CertificateNotFoundFault} (client fault)
+ *  <p>
+ *             <code>CertificateIdentifier</code> doesn't refer to an
+ *         existing certificate.</p>
+ *
  * @throws {@link DBClusterSnapshotNotFoundFault} (client fault)
  *  <p>
  *             <code>DBClusterSnapshotIdentifier</code> doesn't refer to an existing DB cluster snapshot.</p>

clients/client-rds/src/commands/RestoreDBInstanceFromS3Command.ts

@@ -108,6 +108,7 @@ export interface RestoreDBInstanceFromS3CommandOutput extends RestoreDBInstanceF
  *   ManageMasterUserPassword: true || false,
  *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  *   DedicatedLogVolume: true || false,
+ *   CACertificateIdentifier: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceFromS3Command(input);
  * const response = await client.send(command);
@@ -353,6 +354,11 @@ export interface RestoreDBInstanceFromS3CommandOutput extends RestoreDBInstanceF
  *
  * @throws {@link BackupPolicyNotFoundFault} (client fault)
  *
+ * @throws {@link CertificateNotFoundFault} (client fault)
+ *  <p>
+ *             <code>CertificateIdentifier</code> doesn't refer to an
+ *         existing certificate.</p>
+ *
  * @throws {@link DBInstanceAlreadyExistsFault} (client fault)
  *  <p>The user already has a DB instance with the given identifier.</p>
  *

clients/client-rds/src/commands/RestoreDBInstanceToPointInTimeCommand.ts

@@ -109,6 +109,7 @@ export interface RestoreDBInstanceToPointInTimeCommandOutput
  *   StorageThroughput: Number("int"),
  *   AllocatedStorage: Number("int"),
  *   DedicatedLogVolume: true || false,
+ *   CACertificateIdentifier: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceToPointInTimeCommand(input);
  * const response = await client.send(command);
@@ -354,6 +355,11 @@ export interface RestoreDBInstanceToPointInTimeCommandOutput
  *
  * @throws {@link BackupPolicyNotFoundFault} (client fault)
  *
+ * @throws {@link CertificateNotFoundFault} (client fault)
+ *  <p>
+ *             <code>CertificateIdentifier</code> doesn't refer to an
+ *         existing certificate.</p>
+ *
  * @throws {@link DBInstanceAlreadyExistsFault} (client fault)
  *  <p>The user already has a DB instance with the given identifier.</p>
  *

clients/client-rds/src/models/models_0.ts

@@ -4752,7 +4752,8 @@ export interface CreateDBClusterMessage {
 
   /**
    * <p>The DB engine mode of the DB cluster, either <code>provisioned</code> or <code>serverless</code>.</p>
-   *          <p>The <code>serverless</code> engine mode only applies for Aurora Serverless v1 DB clusters.</p>
+   *          <p>The <code>serverless</code> engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the
+   *         <code>provisioned</code> engine mode.</p>
    *          <p>For information about limitations and requirements for Serverless DB clusters, see the
    *             following sections in the <i>Amazon Aurora User Guide</i>:</p>
    *          <ul>
@@ -10274,6 +10275,18 @@ export interface CreateDBInstanceReadReplicaMessage {
    * @public
    */
   UpgradeStorageConfig?: boolean;
+
+  /**
+   * <p>The CA certificate identifier to use for the read replica's server certificate.</p>
+   *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *                 instance</a> in the <i>Amazon RDS User Guide</i> and
+   *                 <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *                     Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *                         User Guide</i>.</p>
+   * @public
+   */
+  CACertificateIdentifier?: string;
 }
 
 /**

clients/client-rds/src/models/models_1.ts

@@ -12767,6 +12767,18 @@ export interface RestoreDBInstanceFromDBSnapshotMessage {
    * @public
    */
   DedicatedLogVolume?: boolean;
+
+  /**
+   * <p>The CA certificate identifier to use for the DB instance's server certificate.</p>
+   *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *                 Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *                     User Guide</i>.</p>
+   * @public
+   */
+  CACertificateIdentifier?: string;
 }
 
 /**
@@ -13363,6 +13375,18 @@ export interface RestoreDBInstanceFromS3Message {
    * @public
    */
   DedicatedLogVolume?: boolean;
+
+  /**
+   * <p>The CA certificate identifier to use for the DB instance's server certificate.</p>
+   *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *                 Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *                     User Guide</i>.</p>
+   * @public
+   */
+  CACertificateIdentifier?: string;
 }
 
 /**
@@ -14026,6 +14050,18 @@ export interface RestoreDBInstanceToPointInTimeMessage {
    * @public
    */
   DedicatedLogVolume?: boolean;
+
+  /**
+   * <p>The CA certificate identifier to use for the DB instance's server certificate.</p>
+   *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *                 instance</a> in the <i>Amazon RDS User Guide</i> and
+   *                 <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *                     Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *                         User Guide</i>.</p>
+   * @public
+   */
+  CACertificateIdentifier?: string;
 }
 
 /**

clients/client-rds/src/protocols/Aws_query.ts

@@ -11045,6 +11045,9 @@ const se_CreateDBInstanceReadReplicaMessage = (
   if (input[_USC] != null) {
     entries[_USC] = input[_USC];
   }
+  if (input[_CACI] != null) {
+    entries[_CACI] = input[_CACI];
+  }
   return entries;
 };
 
@@ -15487,6 +15490,9 @@ const se_RestoreDBInstanceFromDBSnapshotMessage = (
   if (input[_DLV] != null) {
     entries[_DLV] = input[_DLV];
   }
+  if (input[_CACI] != null) {
+    entries[_CACI] = input[_CACI];
+  }
   return entries;
 };
 
@@ -15677,6 +15683,9 @@ const se_RestoreDBInstanceFromS3Message = (input: RestoreDBInstanceFromS3Message
   if (input[_DLV] != null) {
     entries[_DLV] = input[_DLV];
   }
+  if (input[_CACI] != null) {
+    entries[_CACI] = input[_CACI];
+  }
   return entries;
 };
 
@@ -15855,6 +15864,9 @@ const se_RestoreDBInstanceToPointInTimeMessage = (
   if (input[_DLV] != null) {
     entries[_DLV] = input[_DLV];
   }
+  if (input[_CACI] != null) {
+    entries[_CACI] = input[_CACI];
+  }
   return entries;
 };
 

codegen/sdk-codegen/aws-models/rds.json

@@ -4297,7 +4297,7 @@
         "EngineMode": {
           "target": "com.amazonaws.rds#String",
           "traits": {
-            "smithy.api#documentation": "<p>The DB engine mode of the DB cluster, either <code>provisioned</code> or <code>serverless</code>.</p>\n         <p>The <code>serverless</code> engine mode only applies for Aurora Serverless v1 DB clusters.</p>\n         <p>For information about limitations and requirements for Serverless DB clusters, see the \n            following sections in the <i>Amazon Aurora User Guide</i>:</p>\n         <ul>\n            <li>\n               <p>\n                  <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations\">Limitations of Aurora\n                        Serverless v1</a>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html\">Requirements\n                        for Aurora Serverless v2</a>\n               </p>\n            </li>\n         </ul>\n         <p>Valid for Cluster Type: Aurora DB clusters only</p>"
+            "smithy.api#documentation": "<p>The DB engine mode of the DB cluster, either <code>provisioned</code> or <code>serverless</code>.</p>\n         <p>The <code>serverless</code> engine mode only applies for Aurora Serverless v1 DB clusters. Aurora Serverless v2 DB clusters use the \n        <code>provisioned</code> engine mode.</p>\n         <p>For information about limitations and requirements for Serverless DB clusters, see the \n            following sections in the <i>Amazon Aurora User Guide</i>:</p>\n         <ul>\n            <li>\n               <p>\n                  <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations\">Limitations of Aurora\n                        Serverless v1</a>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html\">Requirements\n                        for Aurora Serverless v2</a>\n               </p>\n            </li>\n         </ul>\n         <p>Valid for Cluster Type: Aurora DB clusters only</p>"
           }
         },
         "ScalingConfiguration": {
@@ -5255,6 +5255,9 @@
         "target": "com.amazonaws.rds#CreateDBInstanceReadReplicaResult"
       },
       "errors": [
+        {
+          "target": "com.amazonaws.rds#CertificateNotFoundFault"
+        },
         {
           "target": "com.amazonaws.rds#DBClusterNotFoundFault"
         },
@@ -5613,6 +5616,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Whether to upgrade the storage file system configuration on the read replica. This option\n            migrates the read replica from the old storage file system layout to the preferred layout.</p>"
           }
+        },
+        "CACertificateIdentifier": {
+          "target": "com.amazonaws.rds#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The CA certificate identifier to use for the read replica's server certificate.</p>\n         <p>This setting doesn't apply to RDS Custom DB instances.</p>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html\">Using SSL/TLS to encrypt a connection to a DB \n                instance</a> in the <i>Amazon RDS User Guide</i> and \n                <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html\">\n                    Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora \n                        User Guide</i>.</p>"
+          }
         }
       },
       "traits": {
@@ -27451,6 +27460,9 @@
         {
           "target": "com.amazonaws.rds#BackupPolicyNotFoundFault"
         },
+        {
+          "target": "com.amazonaws.rds#CertificateNotFoundFault"
+        },
         {
           "target": "com.amazonaws.rds#DBClusterSnapshotNotFoundFault"
         },
@@ -27791,6 +27803,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies whether to enable a dedicated log volume (DLV) for the DB instance.</p>"
           }
+        },
+        "CACertificateIdentifier": {
+          "target": "com.amazonaws.rds#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The CA certificate identifier to use for the DB instance's server certificate.</p>\n         <p>This setting doesn't apply to RDS Custom DB instances.</p>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html\">Using SSL/TLS to encrypt a connection to a DB \n            instance</a> in the <i>Amazon RDS User Guide</i> and \n            <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html\">\n                Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora \n                    User Guide</i>.</p>"
+          }
         }
       },
       "traits": {
@@ -27824,6 +27842,9 @@
         {
           "target": "com.amazonaws.rds#BackupPolicyNotFoundFault"
         },
+        {
+          "target": "com.amazonaws.rds#CertificateNotFoundFault"
+        },
         {
           "target": "com.amazonaws.rds#DBInstanceAlreadyExistsFault"
         },
@@ -28187,6 +28208,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies whether to enable a dedicated log volume (DLV) for the DB instance.</p>"
           }
+        },
+        "CACertificateIdentifier": {
+          "target": "com.amazonaws.rds#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The CA certificate identifier to use for the DB instance's server certificate.</p>\n         <p>This setting doesn't apply to RDS Custom DB instances.</p>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html\">Using SSL/TLS to encrypt a connection to a DB \n            instance</a> in the <i>Amazon RDS User Guide</i> and \n            <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html\">\n                Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora \n                    User Guide</i>.</p>"
+          }
         }
       },
       "traits": {
@@ -28219,6 +28246,9 @@
         {
           "target": "com.amazonaws.rds#BackupPolicyNotFoundFault"
         },
+        {
+          "target": "com.amazonaws.rds#CertificateNotFoundFault"
+        },
         {
           "target": "com.amazonaws.rds#DBInstanceAlreadyExistsFault"
         },
@@ -28645,6 +28675,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies whether to enable a dedicated log volume (DLV) for the DB instance.</p>"
           }
+        },
+        "CACertificateIdentifier": {
+          "target": "com.amazonaws.rds#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The CA certificate identifier to use for the DB instance's server certificate.</p>\n         <p>This setting doesn't apply to RDS Custom DB instances.</p>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html\">Using SSL/TLS to encrypt a connection to a DB \n                instance</a> in the <i>Amazon RDS User Guide</i> and \n                <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html\">\n                    Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora \n                        User Guide</i>.</p>"
+          }
         }
       },
       "traits": {