docs.aws.amazon.com Open in urlscan Pro
18.66.147.13  Public Scan

Form analysis
1 forms found in the DOM

GET ../../search.html

<form class="form-search margin-top-1em" action="../../search.html" method="get">
  <label for="searchbox">Search box</label>
  <input id="searchbox" type="search" name="q" style="width: 105px" class="input-small search-query" autocomplete="off">
  <button type="submit" class="btn btn-small">Search</button>
  <input type="hidden" name="check_keywords" value="yes">
  <input type="hidden" name="area" value="default">
</form>

Text Content

SELECT YOUR COOKIE PREFERENCES

We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics so
we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can click “Customize cookies” to decline
performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To continue without accepting these cookies,
click “Continue without accepting.” To make more detailed choices or learn more,
click “Customize cookies.”

Accept all cookiesContinue without acceptingCustomize cookies


CUSTOMIZE COOKIE PREFERENCES

We use cookies and similar tools (collectively, "cookies") for the following
purposes.


ESSENTIAL

Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.




PERFORMANCE

Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.

Allow performance category
Allowed


FUNCTIONAL

Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.

Allow functional category
Allowed


ADVERTISING

Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.

Allow advertising category
Allowed

Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.

CancelSave preferences




UNABLE TO SAVE COOKIE PREFERENCES

We will only store essential cookies at this time, because we were unable to
save your cookie preferences.

If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.

Dismiss


AWS CLI Command Reference
 * Home
 * User Guide
 * Forum
 * GitHub




NAVIGATION

 * index
 * next |
 * previous |
 * AWS CLI 1.29.35 Command Reference »
 * aws »
 * rds »

 * ← modify-activity-stream /
 * modify-current-db-cluster-capacity →


TABLE OF CONTENTS

 * modify-certificates
   * Description
   * Synopsis
   * Options
   * Global Options
   * Examples
   * Output


QUICK SEARCH

Search box Search


FEEDBACK

Did you find this page useful? Do you have a suggestion to improve the
documentation? Give us feedback.
If you would like to suggest an improvement or fix for the AWS CLI, check out
our contributing guide on GitHub.


USER GUIDE

First time using the AWS CLI? See the User Guide for help getting started.


NOTE:

You are viewing the documentation for an older major version of the AWS CLI
(version 1).



AWS CLI version 2, the latest major version of AWS CLI, is now stable and
recommended for general use. To view this page for the AWS CLI version 2, click
here. For more information see the AWS CLI version 2 installation instructions
and migration guide.

[ aws . rds ]


MODIFY-CERTIFICATES¶


DESCRIPTION¶

Override the system-default Secure Sockets Layer/Transport Layer Security
(SSL/TLS) certificate for Amazon RDS for new DB instances, or remove the
override.

By using this operation, you can specify an RDS-approved SSL/TLS certificate for
new DB instances that is different from the default certificate provided by RDS.
You can also use this operation to remove the override, so that new DB instances
use the default certificate provided by RDS.

You might need to override the default certificate in the following situations:

 * You already migrated your applications to support the latest certificate
   authority (CA) certificate, but the new CA certificate is not yet the RDS
   default CA certificate for the specified Amazon Web Services Region.
 * RDS has already moved to a new default CA certificate for the specified
   Amazon Web Services Region, but you are still in the process of supporting
   the new CA certificate. In this case, you temporarily need additional time to
   finish your application changes.

For more information about rotating your SSL/TLS certificate for RDS DB engines,
see Rotating Your SSL/TLS Certificate in the Amazon RDS User Guide .

For more information about rotating your SSL/TLS certificate for Aurora DB
engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide .

See also: AWS API Documentation


SYNOPSIS¶

  modify-certificates
[--certificate-identifier <value>]
[--remove-customer-override | --no-remove-customer-override]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]



OPTIONS¶

--certificate-identifier (string)

> The new default certificate identifier to override the current one with.
> 
> To determine the valid values, use the describe-certificates CLI command or
> the DescribeCertificates API operation.

--remove-customer-override | --no-remove-customer-override (boolean)

> A value that indicates whether to remove the override for the default
> certificate. If the override is removed, the default certificate is the system
> default.

--cli-input-json (string) Performs service operation based on the JSON string
provided. The JSON string follows the format provided by
--generate-cli-skeleton. If other arguments are provided on the command line,
the CLI values will override the JSON-provided values. It is not possible to
pass arbitrary binary values using a JSON-provided value as the string will be
taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output
without sending an API request. If provided with no value or the value input,
prints a sample input JSON that can be used as an argument for --cli-input-json.
If provided with the value output, it validates the command inputs and returns a
sample output JSON for that command.


GLOBAL OPTIONS¶

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each
SSL connection, the AWS CLI will verify SSL certificates. This option overrides
the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

 * json
 * text
 * table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

 * on
 * off
 * auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is
provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides
config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket
read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket
connect will be blocking and not timeout. The default value is 60 seconds.


EXAMPLES¶


NOTE

To use the following examples, you must have the AWS CLI installed and
configured. See the Getting started guide in the AWS CLI User Guide for more
information.

Unless otherwise stated, all examples have unix-like quotation rules. These
examples will need to be adapted to your terminal's quoting rules. See Using
quotation marks with strings in the AWS CLI User Guide .

To temporarily override the system-default SSL/TLS certificate for new DB
instances

The following modify-certificates example temporarily overrides the
system-default SSL/TLS certificate for new DB instances.

aws rds modify-certificates \
    --certificate-identifier rds-ca-2019


Output:

{
    "Certificate": {
        "CertificateIdentifier": "rds-ca-2019",
        "CertificateType": "CA",
        "Thumbprint": "EXAMPLE123456789012",
        "ValidFrom": "2019-09-19T18:16:53Z",
        "ValidTill": "2024-08-22T17:08:50Z",
        "CertificateArn": "arn:aws:rds:us-east-1::cert:rds-ca-2019",
        "CustomerOverride": true,
        "CustomerOverrideValidTill": "2024-08-22T17:08:50Z"
    }
}


For more information, see Rotating your SSL/TLS certificate in the Amazon RDS
User Guide and Rotating your SSL/TLS certificate in the Amazon Aurora User
Guide.


OUTPUT¶

Certificate -> (structure)

> A CA certificate for an Amazon Web Services account.
> 
> For more information, see Using SSL/TLS to encrypt a connection to a DB
> instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a
> connection to a DB cluster in the Amazon Aurora User Guide .
> 
> CertificateIdentifier -> (string)
> 
> > The unique key that identifies a certificate.
> 
> CertificateType -> (string)
> 
> > The type of the certificate.
> 
> Thumbprint -> (string)
> 
> > The thumbprint of the certificate.
> 
> ValidFrom -> (timestamp)
> 
> > The starting date from which the certificate is valid.
> 
> ValidTill -> (timestamp)
> 
> > The final date that the certificate continues to be valid.
> 
> CertificateArn -> (string)
> 
> > The Amazon Resource Name (ARN) for the certificate.
> 
> CustomerOverride -> (boolean)
> 
> > Whether there is an override for the default certificate identifier.
> 
> CustomerOverrideValidTill -> (timestamp)
> 
> > If there is an override for the default certificate identifier, when the
> > override expires.


 * ← modify-activity-stream /
 * modify-current-db-cluster-capacity →


NAVIGATION

 * index
 * next |
 * previous |
 * AWS CLI 1.29.35 Command Reference »
 * aws »
 * rds »

Privacy | Site terms | Cookie preferences | © 2023, Amazon Web Services, Inc. or
its affiliates. All rights reserved.