docs.aws.amazon.com Open in urlscan Pro
108.138.36.55  Public Scan

Submitted URL: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.ServiceLinkedRoles.html
Effective URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.ServiceLinkedRoles.html
Submission: On November 25 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

SELECT YOUR COOKIE PREFERENCES

We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics,
so we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can choose “Customize” or “Decline” to
decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To accept or decline all non-essential cookies,
choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

AcceptDeclineCustomize


CUSTOMIZE COOKIE PREFERENCES

We use cookies and similar tools (collectively, "cookies") for the following
purposes.


ESSENTIAL

Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.




PERFORMANCE

Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.

Allow performance category
Allowed


FUNCTIONAL

Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.

Allow functional category
Allowed


ADVERTISING

Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.

Allow advertising category
Allowed

Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by selecting Cookie preferences in
the footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.

CancelSave preferences




UNABLE TO SAVE COOKIE PREFERENCES

We will only store essential cookies at this time, because we were unable to
save your cookie preferences.

If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.

Dismiss


Contact Us
English



Create an AWS Account
Feedback
Preferences


AMAZON RELATIONAL DATABASE SERVICE


USER GUIDE

 * What is Amazon RDS?
    * DB instances
    * DB instance classes
       * DB instance class types
       * Supported DB engines
       * Determining DB instance class support in AWS Regions
       * Configuring the processor for RDS for Oracle
       * Hardware specifications
   
    * DB instance storage
    * Regions, Availability Zones, and Local Zones
    * Supported Amazon RDS features by Region and engine
       * Blue/Green Deployments
       * Cross-Region automated backups
       * Cross-Region read replicas
       * Database activity streams
       * Dual-stack mode
       * Export snapshots to S3
       * IAM database authentication
       * Kerberos authentication
       * Multi-AZ DB clusters
       * Performance Insights
       * RDS Custom
       * Amazon RDS Proxy
       * Secrets Manager integration
       * Zero-ETL integrations
       * Engine-native features
   
    * DB instance billing for Amazon RDS
       * On-Demand DB instances
       * Reserved DB instances
          * Purchasing reserved DB instances
          * Viewing the billing for reserved DB instances

 * Setting up
 * Getting started
    * Creating and connecting to a MariaDB DB instance
    * Creating and connecting to a Microsoft SQL Server DB instance
    * Creating and connecting to a MySQL DB instance
    * Creating and connecting to an Oracle DB instance
    * Creating and connecting to a PostgreSQL DB instance
    * Tutorial: Create a web server and an Amazon RDS DB instance
       * Launch an EC2 instance to connect with your DB instance
       * Create a DB instance
       * Install a web server
   
    * Tutorial: Create a Lambda function to access your Amazon RDS DB instance

 * Tutorials and sample code
 * Best practices for Amazon RDS
 * Programmatic access to Amazon RDS
    * Console-to-Code

 * Configuring a DB instance
    * Creating a DB instance
       * Available settings
   
    * Creating resources with AWS CloudFormation
    * Connecting to a DB instance
       * Finding the connection information
       * Scenarios for accessing a DB instance
   
    * Working with option groups
    * Parameter groups
       * Overview of parameter groups
       * DB parameter groups
          * Creating a DB parameter group
          * Associating a DB parameter group to a DB instance
          * Modifying parameters in a DB parameter group
          * Resetting parameters in a DB parameter group
          * Copying a DB parameter group
          * Listing DB parameter groups
          * View parameter values for a DB parameter group
          * Deleting a DB parameter group
      
       * DB cluster parameter groups
          * Creating a DB cluster parameter group
          * Modifying parameters in a DB cluster parameter group
          * Resetting parameters in a DB cluster parameter group
          * Copying a DB cluster parameter group
          * Listing DB cluster parameter groups
          * Viewing parameter values for a DB cluster parameter group
          * Deleting a DB cluster parameter group
      
       * Comparing DB parameter groups
       * Specifying DB parameters
   
    * Creating an ElastiCache cache from Amazon RDS
    * Auto-migrating EC2 databases
       * Creating IAM resources
          * Secret access policy and role
          * Creating IAM role for DMS
      
       * Set up data migration
       * Managing migrations
       * Monitoring
   
    * Tutorial: Creating a MySQL DB instance with a custom parameter and custom
      option group

 * Managing a DB instance
    * Stopping a DB instance
    * Starting a DB instance
    * Rebooting a DB instance
    * Connecting an EC2 instance
    * Connecting a Lambda function
    * Modifying a DB instance
       * Scheduling modifications
       * Available settings
   
    * Maintaining a DB instance
       * Applying updates
       * Maintenance window
       * Operating system updates
   
    * Upgrading the engine version
    * Renaming a DB instance
    * Working with DB instance read replicas
       * Creating a read replica
       * Promoting a read replica
       * Monitoring read replication
       * Cross-Region read replicas
   
    * Tagging RDS resources
       * Tutorial: Specify which DB instances to stop by using tags
   
    * ARNs in Amazon RDS
       * Constructing an ARN
       * Getting an existing ARN
   
    * Working with storage
       * Increasing DB instance storage capacity
       * Managing capacity automatically with storage autoscaling
       * Upgrading the storage file system
       * Modifying Provisioned IOPS settings
       * I/O-intensive storage modifications
       * Modifying General Purpose (gp3) settings
       * Using a dedicated log volume (DLV)
   
    * Deleting a DB instance
    * Tutorial: Managing a MySQL DB instance

 * Configuring and managing a Multi-AZ deployment
    * Multi-AZ DB instance deployments
       * Converting a DB instance to a Multi-AZ deployment
       * Failing over a Multi-AZ DB instance
   
    * Multi-AZ DB cluster deployments
       * Creating a Multi-AZ DB cluster
       * Connecting to a Multi-AZ DB cluster
          * Connecting with the AWS drivers
      
       * Connecting an AWS compute resource and a Multi-AZ DB cluster
          * Connecting an EC2 instance and a Multi-AZ DB cluster
          * Connecting a Lambda function and a Multi-AZ DB cluster
      
       * Modifying a Multi-AZ DB cluster
       * Upgrading a Multi-AZ DB cluster
       * Renaming a Multi-AZ DB cluster
       * Rebooting a Multi-AZ DB cluster
       * Failing over a Multi-AZ DB cluster
       * PostgreSQL logical replication with Multi-AZ DB clusters
       * Working with Multi-AZ DB cluster read replicas
          * Migrating to a Multi-AZ DB cluster using a read replica
          * Creating a DB instance read replica from a Multi-AZ DB cluster
      
       * Setting up external replication from Multi-AZ DB clusters
       * Deleting a Multi-AZ DB cluster
       * Limitations of Multi-AZ DB clusters

 * RDS Extended Support
    * RDS Extended Support overview
    * RDS Extended Support charges
    * Versions with RDS Extended Support
    * Responsibilities with RDS Extended Support
    * Creating a DB instance or a Multi-AZ DB cluster
    * Viewing RDS Extended Support enrollment
    * Restoring a DB instance or a Multi-AZ DB cluster

 * Using Blue/Green Deployments for database updates
    * Overview of Blue/Green Deployments
       * Authorizing access
       * Limitations and considerations
       * Best practices
       * PostgreSQL replication methods
   
    * Creating a blue/green deployment
    * Viewing a blue/green deployment
    * Switching a blue/green deployment
    * Deleting a blue/green deployment

 * Backing up, restoring, and exporting data
    * Introduction to backups
    * Managing automated backups
       * Backup retention period
       * Enabling automated backups
       * Retaining automated backups
       * Deleting retained automated backups
       * Unsupported MySQL storage engines
       * Unsupported MariaDB storage engines
       * Cross-Region automated backups
          * Enabling cross-Region automated backups
          * Finding information about replicated backups
          * Point-in-time recovery from a replicated backup
          * Stopping backup replication
          * Deleting replicated backups
   
    * Managing manual backups
       * Creating a DB snapshot for a Single-AZ DB instance
       * Creating a Multi-AZ DB cluster snapshot
       * Deleting a DB snapshot
   
    * Restoring to a DB instance
       * Point-in-time recovery
       * Restoring a Multi-AZ DB cluster to a specified time
       * Restoring from a snapshot to a Multi-AZ DB cluster
       * Restoring from a Multi-AZ DB cluster snapshot to a DB instance
       * Tutorial: Restore a DB instance from a DB snapshot
   
    * Copying a DB snapshot
    * Sharing a DB snapshot
       * Sharing public snapshots
       * Sharing encrypted snapshots
       * Stopping snapshot sharing
   
    * Exporting DB snapshot data to Amazon S3
       * Monitoring snapshot exports
       * Canceling a snapshot export
       * Failure messages
       * Troubleshooting PostgreSQL permissions errors
       * File naming conventions
       * Data conversion
   
    * Using AWS Backup

 * Monitoring metrics in a DB instance
    * Monitoring tools
    * Viewing instance status
    * Recommendations from Amazon RDS
       * Viewing recommendations
       * Applying recommendations
       * Dismissing recommendations
       * Modifying dismissed recommendations to active
       * Recommendations reference
   
    * Viewing metrics in the Amazon RDS console
    * Viewing the Performance Insights dashboard
       * Choosing the new monitoring view from the Monitoring tab
       * Choosing the new monitoring view from the Performance Insights page
       * Choosing the legacy view
       * Creating a custom dashboard
       * Choosing the preconfigured dashboard
   
    * Monitoring RDS with CloudWatch
       * Viewing CloudWatch metrics
       * Exporting Performance Insights metrics to CloudWatch
          * Exporting Performance Insights metrics as a new dashboard to
            CloudWatch
          * Adding Performance Insights metrics to an existing CloudWatch
            dashboard
          * Viewing a Performance Insights metric widget in CloudWatch
      
       * Creating CloudWatch alarms
       * Tutorial: Creating a CloudWatch alarm for DB cluster replica lag
   
    * Monitoring DB load with Performance Insights
       * Overview of Performance Insights
          * Database load
          * Maximum CPU
          * Amazon RDS DB engine, Region, and instance class support for
            Performance Insights
          * Pricing and data retention for Performance Insights
      
       * Turning Performance Insights on and off
       * Performance Schema for MariaDB or MySQL
          * Determining whether Performance Insights is managing the Performance
            Schema
          * Turn on the Performance Schema for Amazon RDS for MariaDB or MySQL
      
       * Performance Insights policies
          * Creating a custom IAM policy for Performance Insights
          * Changing an AWS KMS policy for Performance Insights
          * Granting fine-grained access for Performance Insights
      
       * Analyzing metrics with the Performance Insights dashboard
          * Overview of the dashboard
          * Accessing the dashboard
          * Analyzing DB load
          * Analyzing database performance for a period of time
             * Creating a performance analysis report
             * Viewing a performance analysis report
             * Adding tags to a performance analysis report
             * Deleting a performance analysis report
         
          * Analyzing queries
             * Accessing more SQL text
                * Setting the SQL text limit
                * Viewing and downloading SQL text
            
             * Viewing SQL statistics
         
          * Analyzing Oracle PDBs
          * Analyzing execution plans
             * Analyzing Oracle execution plans
             * Analyzing SQL Server execution plans
      
       * Viewing Performance Insights proactive recommendations
       * Retrieving metrics with the Performance Insights API
          * Retrieving time-series metrics
          * AWS CLI examples for Performance Insights
      
       * Logging Performance Insights calls using AWS CloudTrail
       * VPC endpoints (AWS PrivateLink)
   
    * Analyzing performance with DevOps Guru for RDS
    * Monitoring the OS with Enhanced Monitoring
       * Setting up and enabling Enhanced Monitoring
       * Viewing OS metrics in the RDS console
       * Viewing OS metrics using CloudWatch Logs
   
    * RDS metrics reference
       * CloudWatch metrics for RDS
       * CloudWatch dimensions for RDS
       * CloudWatch metrics for Performance Insights
       * Counter metrics for Performance Insights
       * SQL statistics for Performance Insights
          * SQL statistics for MariaDB and MySQL
          * SQL statistics for Oracle
          * SQL statistics for SQL Server
          * SQL statistics for RDS PostgreSQL
      
       * OS metrics in Enhanced Monitoring

 * Monitoring events, logs, and database activity streams
    * Viewing logs, events, and streams in the Amazon RDS console
    * Monitoring RDS events
       * Viewing Amazon RDS events
       * Working with Amazon RDS event notification
          * Overview of Amazon RDS event notification
          * Granting permissions
          * Subscribing to Amazon RDS event notification
          * Amazon RDS event notification tags and attributes
          * Listing Amazon RDS event notification subscriptions
          * Modifying an Amazon RDS event notification subscription
          * Adding a source identifier to an Amazon RDS event notification
            subscription
          * Removing a source identifier from an Amazon RDS event notification
            subscription
          * Listing the Amazon RDS event notification categories
          * Deleting an Amazon RDS event notification subscription
      
       * Creating a rule that triggers on an Amazon RDS event
       * Amazon RDS event categories and event messages
   
    * Monitoring RDS logs
       * Viewing and listing database log files
       * Downloading a database log file
       * Watching a database log file
       * Publishing to CloudWatch Logs
       * Reading log file contents using REST
       * Db2 database log files
       * MariaDB database log files
          * Accessing MariaDB error logs
          * Accessing the MariaDB slow query and general logs
          * Publishing MariaDB logs to Amazon CloudWatch Logs
          * Log rotation and retention for MariaDB
          * Managing table-based MariaDB logs
          * Configuring MariaDB binary logging
          * Accessing MariaDB binary logs
          * Enabling MariaDB binary log annotation
      
       * Microsoft SQL Server database log files
       * MySQL database log files
          * Overview of RDS for MySQL database logs
          * Publishing MySQL logs to Amazon CloudWatch Logs
          * Sending MySQL log output to tables
          * Configuring RDS for MySQL binary logging
          * Configuring MySQL binary logging for Multi-AZ DB clusters
          * Accessing MySQL binary logs
      
       * Oracle database log files
       * PostgreSQL database log files
          * Parameters for logging
          * Turning on query logging
   
    * Monitoring RDS API calls in CloudTrail
    * Monitoring RDS with Database Activity Streams
       * Configuring Oracle unified auditing
       * Configuring SQL Server auditing
       * Starting a database activity stream
       * Modifying a database activity stream
       * Getting the activity stream status
       * Stopping a database activity stream
       * Monitoring activity streams
          * Accessing an activity stream from Kinesis
          * Audit logs
          * databaseActivityEventList JSON array
          * Processing an activity stream using the SDK
      
       * IAM policy examples for activity streams

 * Working with Amazon RDS Custom
    * RDS Custom architecture
    * RDS Custom security
       * Secure your Amazon S3 bucket against the confused deputy problem
       * Rotating credentials for RDS Custom for Oracle
   
    * Working with RDS Custom for Oracle
       * RDS Custom for Oracle workflow
       * Database architecture for Amazon RDS Custom for Oracle
       * Feature availability and support for RDS Custom for Oracle
       * RDS Custom for Oracle requirements and limitations
       * Setting up your RDS Custom for Oracle environment
       * Working with CEVs for RDS Custom for Oracle
          * Preparing to create a CEV
          * Creating a CEV
          * Modifying CEV status
          * Viewing CEV details
          * Deleting a CEV
      
       * Configuring an RDS Custom for Oracle DB instance
          * Connecting using Session Manager
          * Logging in as SYS
      
       * Managing an RDS Custom for Oracle DB instance
          * Working with container databases (CDBs) in RDS Custom for Oracle
          * Working with high availability features for RDS Custom for Oracle
          * Customizing your RDS Custom environment
          * Modifying your DB instance
          * Changing the character set of an RDS Custom for Oracle DB instance
          * Setting the NLS_LANG value in RDS Custom for Oracle
          * Tagging RDS Custom for Oracle resources
          * Deleting an RDS Custom for Oracle DB instance
      
       * Working with RDS Custom for Oracle replicas
          * Guidelines and limitations for replication
          * Promoting an RDS Custom for Oracle replica
      
       * Backing up and restoring an RDS Custom for Oracle DB instance
          * Creating an RDS Custom for Oracle snapshot
          * Restoring from an RDS Custom for Oracle DB snapshot
          * Point-in-time recovery
          * Deleting an RDS Custom for Oracle snapshot
          * Deleting RDS Custom for Oracle automated backups
      
       * Working with option groups in RDS Custom for Oracle
          * Oracle time zone
      
       * Migrating to RDS Custom for Oracle
       * Upgrading an RDS Custom for Oracle DB instance
          * Considerations for RDS Custom for Oracle database upgrades
          * Considerations for RDS Custom for Oracle OS upgrades
          * Viewing valid RDS Custom for Oracle upgrade targets
          * Upgrading an RDS Custom for Oracle DB instance
          * Viewing pending database upgrades
          * Upgrade failure
      
       * Troubleshooting RDS Custom for Oracle
       * Known issues for RDS Custom for Oracle
   
    * Working with RDS Custom for SQL Server
       * RDS Custom for SQL Server workflow
       * RDS Custom for SQL Server requirements and limitations
          * DB instance class support
          * Collation and character support
          * Local time zone
          * Using a Service Master Key
      
       * Setting up your RDS Custom for SQL Server environment
       * Bring Your Own Media with RDS Custom for SQL Server
       * Working with CEVs for RDS Custom for SQL Server
          * Preparing to create a CEV for RDS Custom for SQL Server
          * Creating a CEV for RDS Custom for SQL Server
          * Modifying a CEV for RDS Custom for SQL Server
             * Modifying an RDS Custom for SQL Server DB instance to use a new
               CEV
         
          * Viewing CEV details for Amazon RDS Custom for SQL Server
          * Deleting a CEV for RDS Custom for SQL Server
      
       * Creating and connecting to an RDS Custom for SQL Server DB instance
          * RDS Custom service-linked role
          * Connecting to your RDS Custom DB instance using AWS Systems Manager
          * Connecting to your RDS Custom DB instance using RDP
      
       * Managing an RDS Custom for SQL Server DB instance
          * Pausing and resuming RDS Custom automation
          * Modifying an RDS Custom for SQL Server DB instance
          * Modifying the storage for an RDS Custom for SQL Server DB instance
          * Tagging RDS Custom for SQL Server resources
          * Starting and stopping an RDS Custom for SQL Server DB instance
      
       * Working with Microsoft Active Directory with RDS Custom for SQL Server
          * Configure Self-Managed or On-premise AD
          * Configure Microsoft Active Directory using AWS Directory Service
          * Network configuration port rules
          * Network Validation
          * Setting up Windows Authentication
          * Managing a DB instance in a Domain
          * Understanding Domain membership
          * Troubleshooting Active Directory
      
       * Managing a Multi-AZ deployment for RDS Custom for SQL Server
          * Prerequisites
          * Modify Single-AZ to Multi-AZ
          * Modify Multi-AZ to Single-AZ
          * Failover process
      
       * Backing up and restoring an RDS Custom for SQL Server DB instance
          * Creating an RDS Custom for SQL Server snapshot
          * Restoring from an RDS Custom for SQL Server DB snapshot
          * Point-in-time recovery
          * Deleting an RDS Custom for SQL Server snapshot
          * Deleting RDS Custom for SQL Server automated backups
      
       * Copying an RDS Custom for SQL Server DB snapshot
       * Migrating an on-premises database to RDS Custom for SQL Server
       * Upgrading a DB instance for RDS Custom for SQL Server
       * Troubleshooting Amazon RDS Custom for SQL Server

 * Working with RDS on AWS Outposts
    * Support for Amazon RDS features
    * Supported DB instance classes
    * Customer-owned IP addresses
    * Multi-AZ deployments
    * Creating DB instances for RDS on Outposts
    * Creating read replicas for RDS on Outposts
    * Considerations for restoring DB instances

 * Using RDS Proxy
    * Planning where to use RDS Proxy
    * RDS Proxy concepts and terminology
    * Getting started with RDS Proxy
       * Set up a proxy network
       * Setting up database credentials in Secrets Manager
       * Setting up IAM policies
       * Creating an RDS Proxy
       * Viewing an RDS Proxy
       * Connecting through RDS Proxy
   
    * Managing an RDS Proxy
       * Modifying RDS Proxy
       * Adding a database user
       * RDS Proxy connection considerations
       * Avoid pinning RDS Proxy
       * Deleting an RDS Proxy
   
    * Working with RDS Proxy endpoints
       * Creating a proxy endpoint
       * Viewing proxy endpoints
       * Modifying a proxy endpoint
       * Deleting a proxy endpoint
   
    * Monitoring RDS Proxy with CloudWatch
    * Working with RDS Proxy events
    * Troubleshooting RDS Proxy
    * Using RDS Proxy with AWS CloudFormation

 * Working with zero-ETL integrations
    * Getting started with zero-ETL integrations
    * Creating zero-ETL integrations
    * Data filtering for zero-ETL integrations
    * Adding and querying data
    * Viewing and monitoring zero-ETL integrations
    * Modifying zero-ETL integrations
    * Deleting zero-ETL integrations
    * Troubleshooting zero-ETL integrations

 * Db2 on Amazon RDS
    * Db2 overview
       * Db2 features
       * Db2 versions
       * Db2 licensing
       * Db2 instance classes
       * Db2 default roles
       * Db2 parameters
       * EBCDIC collation
       * Db2 local time zone
   
    * DB instance prerequisites
    * Connecting to your Db2 DB instance
       * Finding the endpoint
       * IBM Db2 CLP
       * IBM CLPPlus
       * DBeaver
       * IBM Db2 Data Management Console
       * Security group considerations
   
    * Securing Db2 connections
       * Encrypting with SSL/TLS
       * Using Kerberos authentication
          * Setting up Kerberos authentication for DB instances
          * Connecting with Kerberos authentication
   
    * Administering your RDS for Db2 DB instance
       * System tasks
          * Granting and revoking privileges
          * Attaching to the remote DB instance
      
       * Database tasks
          * Buffer pools
          * Databases
          * Tablespaces
   
    * Integrating with S3
    * Migrating data to RDS for Db2
       * Migrating data with AWS services
          * Linux to Linux
          * Linux to Linux (near-zero downtime)
          * Linux to Linux (synchronous)
          * AIX or Windows to Linux
          * Migrating with Amazon S3
          * Migrating with AWS DMS
      
       * Migrating data with native Db2 tools
          * Connecting a client machine to RDS for Db2
          * Copying database metadata from Db2 with db2look
          * Importing from a client machine with IMPORT
          * Importing from a client machine with LOAD
          * Importing from Db2 with INSERT
          * Importing from Db2 with INGEST
   
    * Federation
    * Options for RDS for Db2 DB instances
       * Db2 audit logging
   
    * External stored procedures
    * Known issues and limitations
    * RDS for Db2 stored procedures
       * Granting and revoking privileges
       * Audit policies
       * Buffer pools
       * Databases
       * Storage access
       * Tablespaces
   
    * RDS for Db2 user-defined functions
    * Troubleshooting

 * MariaDB on Amazon RDS
    * MariaDB feature support
       * Supported storage engines
       * Cache warming
       * Features not supported
   
    * MariaDB versions
    * Connecting to a DB instance running MariaDB
       * Finding the connection information
       * Connecting from the command-line client
       * Connecting with the AWS drivers
       * Troubleshooting
   
    * Securing MariaDB connections
       * MariaDB security
       * Password validation plugins
       * Encrypting with SSL/TLS
          * SSL/TLS support for MariaDB
          * Requiring SSL/TLS for users
          * Requiring SSL/TLS for all connections
          * Connecting with SSL/TLS from CLI
      
       * Using new SSL/TLS certificates
   
    * Improving query performance with RDS Optimized Reads
    * Improving write performance with RDS Optimized Writes for MariaDB
    * Upgrades of the MariaDB DB engine
       * MariaDB version numbers
       * RDS version numbers
       * Major version upgrades
       * Automatic minor version upgrades
       * Upgrading with reduced downtime
   
    * Importing data into a MariaDB DB instance
       * Importing data from an external database
       * Importing data with reduced downtime
       * Importing data from any source
   
    * MariaDB replication
       * MariaDB read replicas
          * Configuring replication filters
          * Configuring delayed replication
          * Updating read replicas
          * Multi-AZ read replica deployments
          * Cascading read replicas
          * Monitoring replication lag
          * Starting and stopping replication
          * Troubleshooting
      
       * Configuring GTID-based replication with an external source instance
       * Configuring binary log file position replication with an external
         source instance
   
    * Options for MariaDB
    * Parameters for MariaDB
    * Migrating data from a MySQL DB snapshot to a MariaDB DB instance
    * MariaDB on Amazon RDS SQL reference
       * mysql.rds_replica_status
       * mysql.rds_set_external_master_gtid
       * mysql.rds_kill_query_id
   
    * Local time zone
    * Known issues and limitations for MariaDB

 * Microsoft SQL Server on Amazon RDS
    * DB instance class support
    * Security
       * Using SSL with a SQL Server DB instance
       * Configuring SQL Server security protocols and ciphers
       * Updating applications for new SSL/TLS certificates
   
    * Version support
    * Feature support
       * CDC support
       * Unsupported and limited feature support
   
    * Functions and stored procedures
    * Local time zone
    * Licensing SQL Server on Amazon RDS
    * Connecting to a DB instance running SQL Server
       * Connecting to your DB instance with SSMS
       * Connecting to your DB instance with SQL Workbench/J
       * Security group considerations
       * Troubleshooting
   
    * Working with Active Directory with RDS for SQL Server
       * Working with Self Managed Active Directory with a SQL Server DB
         instance
          * Requirements
          * Setting up Self Managed Active Directory
          * Managing a DB instance in a self-managed Active Directory Domain
          * Troubleshooting self-managed Active Directory
      
       * Working with AWS Managed Active Directory with RDS for SQL Server
          * Creating the endpoint
          * Setting up Windows authentication
          * Managing a DB instance in a Domain
          * Connecting with Windows authentication
   
    * Upgrades of the SQL Server DB engine
       * Major version upgrades
       * Upgrade considerations
       * Testing an upgrade
   
    * Importing and exporting SQL Server databases
       * Setting up
       * Using native backup and restore
       * Compressing backup files
       * Troubleshooting
       * Importing and exporting SQL Server data using other methods
   
    * SQL Server read replicas
       * Synchronizing database users and objects
       * Troubleshooting
   
    * Multi-AZ for RDS for SQL Server
       * Limitations, notes, and recommendations
       * Determining the location of the secondary
       * Migrating to Always On AGs
   
    * Additional features for SQL Server
       * Using password policy with a SQL Server DB instance
          * Master login considerations
      
       * Amazon S3 integration
          * Integration prerequisites
          * Enabling S3 integration
          * Transferring files
          * Listing files on the RDS DB instance
          * Deleting files on the RDS DB instance
          * Monitoring file transfers
          * Canceling a task
          * Disabling S3 integration
      
       * Using Database Mail
          * Enabling Database Mail
          * Configuring Database Mail
          * Sending messages
          * Viewing messages, logs, and attachments
          * Deleting messages
          * Starting and stopping mail queue
      
       * Instance store support for tempdb
       * Using extended events
       * Access to transaction log backups
          * Setting up access to transaction log backups
          * Listing available transaction log backups
          * Copying transaction log backups
          * Amazon S3 bucket folder and file structure
          * Tracking the status of tasks
          * Canceling a task
          * Troubleshooting
   
    * Options for SQL Server
       * Linked Servers with Oracle OLEDB
       * Native backup and restore
       * Transparent Data Encryption
          * Encrypting data
          * Backing up and restoring TDE certificates
          * Backing up and restoring TDE certificates for on-premises databases
          * Turning off TDE
      
       * SQL Server Audit
          * Adding SQL Server Audit to the DB instance options
          * Using SQL Server Audit
          * Viewing audit logs
          * Configuring an S3 bucket
          * Manually creating an IAM role for SQL Server Audit
      
       * SQL Server Analysis Services
          * Turning on SSAS
          * Deploying SSAS projects
          * Monitoring deployments
          * Using SSAS
          * Backing up an SSAS database
          * Restoring an SSAS database
          * Changing the SSAS mode
          * Turning off SSAS
          * Troubleshooting
      
       * SQL Server Integration Services
          * Administrative permissions on SSISDB
          * Deploying SSIS projects
          * Monitoring deployments
          * Using SSIS
          * Disable and drop SSIS database
      
       * SQL Server Reporting Services
          * Turning on SSRS
          * Accessing the SSRS web portal
          * Deploy and configure reports
          * SSRS Email
          * Revoking system-level permissions
          * Monitoring task status
          * Disabling and deleting SSRS databases
      
       * Microsoft Distributed Transaction Coordinator
          * Enabling MSDTC
          * Disabling MSDTC
          * Troubleshooting MSDTC
   
    * Common DBA tasks
       * Accessing the tempdb database
          * Modifying tempdb database options
          * Shrinking the tempdb database
          * TempDB configuration for Multi-AZ deployments
      
       * Analyzing database workload with Database Engine Tuning Advisor
          * Running a client-side trace on a SQL Server DB instance
          * Running a server-side trace on a SQL Server DB instance
          * Running Tuning Advisor with a trace
      
       * Changing the db_owner to the rdsa account for your database
       * Managing collations and character sets
       * Creating a database user
       * Determining a recovery model
       * Determining the last failover time
       * Deny or allow viewing database names
       * Disabling fast inserts
       * Dropping a SQL Server database
       * Renaming a Multi-AZ database
       * Resetting the db_owner role membership for master user
       * Restoring license-terminated DB instances
       * Transitioning a database from OFFLINE to ONLINE
       * Using CDC
       * Using SQL Server Agent
          * Adding a user to the SQLAgentUser role
          * Deleting a SQL Server Agent job
      
       * Working with SQL Server logs
       * Working with trace and dump files

 * MySQL on Amazon RDS
    * MySQL feature support
    * MySQL versions
    * Connecting to a DB instance running MySQL
       * Finding the connection information
       * Installing the commmand-line client
       * Connecting from the command-line client
       * Connecting from MySQL Workbench
       * Connecting with the AWS drivers
       * Troubleshooting
   
    * Securing MySQL connections
       * Password validation
       * Encrypting with SSL/TLS
          * SSL/TLS support with MySQL
          * Requiring SSL/TLS for users
          * Requiring SSL/TLS for all connections
          * Connecting with SSL/TLS from CLI
      
       * Using new SSL/TLS certificates
       * Using Kerberos authentication for MySQL
   
    * Improving query performance with RDS Optimized Reads
    * Improving write performance with RDS Optimized Writes for MySQL
    * Upgrades of the MySQL DB engine
       * MySQL version numbers
       * RDS version numbers
       * Major version upgrades
       * Testing an upgrade
       * Automatic minor version upgrades
       * Upgrading with reduced downtime
   
    * Upgrading a MySQL DB snapshot engine version
       * Upgrade options for unsupported engine versions
   
    * Importing data into a MySQL DB instance
       * Restoring a backup into a MySQL DB instance
       * Importing data from an external database
       * Importing data with reduced downtime
       * Importing data from any source
   
    * MySQL replication
       * MySQL read replicas
          * Configuring replication filters
          * Configuring delayed replication
          * Updating read replicas
          * Multi-AZ read replica deployments
          * Cascading read replicas
          * Monitoring replication lag
          * Starting and stopping replication
          * Troubleshooting
      
       * GTID-based replication
          * Enabling GTID-based replication for new read replicas
          * GTID-based replication for existing read replicas
          * Disabling GTID-based replication
      
       * Configuring binary log file position replication with an external
         source instance
       * Configuring multi-source replication
   
    * Configuring active-active clusters
       * Limitations and considerations for active-active clusters
       * Preparing for a cross-VPC active-active cluster
       * Required parameter settings for active-active clusters
       * Converting a DB instance to an active-active cluster
       * Setting up a new active-active cluster
       * Adding a DB instance to an active-active cluster
       * Monitoring active-active clusters
       * Stopping Group Replication in an active-active cluster
       * Renaming a DB instance in an active-active cluster
       * Removing a DB instance from an active-active cluster
   
    * Exporting data from a MySQL DB instance
    * Options for MySQL
       * MariaDB Audit Plugin
       * memcached
   
    * Parameters for MySQL
    * Common DBA tasks for MySQL
       * Role-based privilege model
       * Dynamic privileges
       * Ending a session or query
       * Skipping the current replication error
       * Improve crash recovery times
       * Managing the Global Status History
       * Configuring buffer pool size and redo log capacity
   
    * Local time zone
    * Known issues and limitations
    * RDS for MySQL stored procedures
       * Collecting and maintaining the Global Status History
       * Configuring, starting, and stopping binary log (binlog) replication
       * Ending a session or query
       * Managing active-active clusters
       * Managing multi-source replication
       * Replicating transactions using GTIDs
       * Rotating the query logs
       * Setting and showing binary log configuration
       * Warming the InnoDB cache

 * Oracle on Amazon RDS
    * Oracle overview
       * Oracle features
       * Oracle versions
       * Oracle licensing
       * Oracle users and privileges
       * Oracle instance classes
       * Oracle database architecture
       * Oracle parameters
       * Oracle character sets
       * Oracle limitations
   
    * Connecting to your Oracle DB instance
       * Finding the endpoint
       * SQL developer
       * SQL*Plus
       * Security group considerations
       * Dedicated and shared server processes
       * Troubleshooting
       * Modifying Oracle sqlnet.ora parameters
   
    * Securing Oracle connections
       * Encrypting with SSL
       * Using new SSL/TLS certificates
       * Encrypting with NNE
       * Configuring Kerberos authentication
          * Region and version availability
          * Setting up
          * Managing a DB instance
          * Connecting with Kerberos authentication
      
       * Configuring UTL_HTTP access
   
    * Working with CDBs
       * Overview of CDBs
       * Configuring a CDB
       * Backing up and restoring a CDB
       * Converting a non-CDB to a CDB
       * Converting the single-tenant configuration to multi-tenant
       * Adding an RDS for Oracle tenant database to your CDB instance
       * Modifying an RDS for Oracle tenant database
       * Deleting an RDS for Oracle tenant database from your CDB
       * Viewing tenant database details
       * Upgrading your CDB
   
    * Administering your Oracle DB instance
       * System tasks
          * Disconnecting a session
          * Terminating a session
          * Canceling a SQL statement in a session
          * Enabling and disabling restricted sessions
          * Flushing the shared pool
          * Granting SELECT or EXECUTE privileges to SYS objects
          * Revoking SELECT or EXECUTE privileges on SYS objects
          * RDS_X$ view tasks
          * Granting privileges to non-master users
          * Creating custom functions to verify passwords
             * create_verify_function
             * create_passthrough_verify_fcn
         
          * Setting and unsetting system-level events
      
       * Database tasks
          * Changing the global name of a database
          * Using tablespaces
             * Creating temporary tablespaces
         
          * Using tempfiles
          * Setting the database time zone
          * Working with external tables
          * Working with AWR
          * Adjusting database links for use with DB instances in a VPC
          * Setting the default edition
          * Enabling auditing for the SYS.AUD$ table
          * Disabling auditing for the SYS.AUD$ table
          * Cleaning up interrupted online index builds
          * Skipping corrupt blocks
          * Resizing tablespaces, data files, and temp files
          * Setting the default displayed values for full redaction
      
       * Log tasks
          * Resizing online redo logs
          * Retaining archived redo logs
          * Accessing transaction logs
          * Downloading archived logs
      
       * RMAN tasks
          * Prerequisites for RMAN backups
          * Common parameters
          * Validating DB instance files
          * Controlling block change tracking
          * Crosschecking archived redo logs
          * Backing up archived redo log files
          * Performing a full backup
          * Performing a full tenant database backup
          * Performing an incremental backup
          * Performing an incremental backup of a tenant database
          * Backing up a tablespace
          * Backing up a control file
          * Performing block media recovery
      
       * Oracle Scheduler tasks
       * Diagnosing problems
       * Other tasks
          * Transporting tablespaces
             * Importing transported tablespaces
             * Importing transportable tablespace metadata
             * Listing orphaned files
             * Deleting orphaned data files
   
    * Configuring advanced RDS for Oracle features
       * Configuring the instance store
          * Configuring an RDS for Oracle instance store
          * Working with an instance store on an Oracle read replica
          * Configuring a temporary tablespace group on an instance store and
            Amazon EBS
      
       * Turning on HugePages
       * Turning on extended data types
   
    * Importing data into Oracle
       * Importing using Oracle SQL Developer
       * Migrating using Oracle transportable tablespaces
       * Importing using Oracle Data Pump
       * Importing using Oracle Export/Import
       * Importing using Oracle SQL*Loader
       * Migrating with Oracle materialized views
   
    * Working with Oracle replicas
       * Overview of Oracle replicas
       * Requirements and considerations for Oracle replicas
       * Preparing to create an Oracle replica
       * Creating a mounted Oracle replica
       * Modifying the replica mode
       * Working with Oracle replica backups
       * Performing an Oracle Data Guard switchover
          * Requirements for the Oracle Data Guard switchover
          * Initiating the Oracle Data Guard switchover
          * Monitoring the Oracle Data Guard switchover
      
       * Troubleshooting Oracle replicas
   
    * Options for Oracle
       * Overview of Oracle DB options
       * Amazon S3 integration
          * Configuring IAM permissions
          * Adding the option
          * Transferring files
          * Removing the option
      
       * Application Express (APEX)
          * Requirements
          * Set up APEX and ORDS
          * Configuring Oracle Rest Data Services (ORDS)
          * Upgrading and removing
      
       * Amazon EFS integration
          * Configuring network permissions
          * Configuring IAM permissions
          * Adding the EFS option
          * Configuring EFS file system permissions
          * Transferring files
          * Removing the option
          * Troubleshooting Amazon EFS
      
       * Java virtual machine (JVM)
       * Enterprise Manager
          * OEM Database Express
          * OEM Management Agent
      
       * Label security
       * Locator
       * Native network encryption (NNE)
          * NATIVE_NETWORK_ENCRYPTION settings
          * Adding the option
          * Setting NNE values in the sqlnet.ora
          * Modifying NATIVE_NETWORK_ENCRYPTION option settings
          * Removing the option
      
       * OLAP
       * Secure Sockets Layer (SSL)
          * Adding the SSL option
          * Configuring SQL*Plus
          * Connecting using SSL
          * Setting up an SSL connection over JDBC
          * Enforcing a DN match
          * Troubleshooting
      
       * Spatial
       * SQLT
       * Statspack
       * Time zone
       * Time zone file autoupgrade
          * Overview
          * DST update strategies
          * Downtime during the update
          * Preparing to update
          * Adding the option
          * Checking your data
      
       * Transparent Data Encryption (TDE)
       * UTL_MAIL
       * XML DB
   
    * Upgrading the Oracle DB engine
       * Overview of Oracle upgrades
       * Major version upgrades
       * Minor version upgrades
       * Upgrade considerations
       * Testing an upgrade
       * Upgrading an RDS for Oracle DB instance
       * Upgrading an Oracle DB snapshot
   
    * Tools and third-party software for Oracle
       * Using Oracle GoldenGate
          * Oracle GoldenGate architecture
          * Setting up Oracle GoldenGate
          * Working with the EXTRACT and REPLICAT utilities
          * Monitoring Oracle GoldenGate
          * Troubleshooting Oracle GoldenGate
      
       * Using the Oracle Repository Creation Utility
       * Configuring CMAN
       * Installing a Siebel database on Oracle on Amazon RDS
   
    * Oracle Database engine releases

 * PostgreSQL on Amazon RDS
    * Common management tasks
    * Working with the Database Preview environment
       * Creating a new DB instance in the Database Preview environment
   
    * PostgreSQL versions
    * PostgreSQL extension versions
    * PostgreSQL features
       * Custom data types and enumerations
       * Event triggers
       * Huge pages
       * Performing logical replication
       * RAM disk for the stats_temp_directory
       * Tablespaces
       * Collations for EBCDIC and other mainframe migrations
       * Managing logical slot synchronization
   
    * Connecting to a PostgreSQL instance
       * Using pgAdmin to connect to a RDS for PostgreSQL DB instance
       * Using psql to connect to your RDS for PostgreSQL DB instance
       * Connecting to RDS for PostgreSQL with the AWS JDBC Driver
       * Connecting to RDS for PostgreSQL with the AWS Python Driver
       * Troubleshooting connections to your RDS for PostgreSQL instance
   
    * Securing connections with SSL/TLS
       * Using SSL with a PostgreSQL DB instance
       * Updating applications to use new SSL/TLS certificates
   
    * Using Kerberos authentication
       * Setting up
       * Managing an RDS for PostgreSQL DB instance in an Active Directory
         domain
       * Connecting with Kerberos authentication
   
    * Using a custom DNS server for outbound network access
    * Upgrades of the PostgreSQL DB engine
       * PostgreSQL version numbers
       * RDS version numbers
       * Choosing a major version upgrade
       * How to perform a major version upgrade
       * Automatic minor version upgrades
       * Upgrading PostgreSQL extensions
   
    * Upgrading a PostgreSQL DB snapshot engine version
    * Working with read replicas for RDS for PostgreSQL
    * Improving query performance with RDS Optimized Reads
    * Importing data into PostgreSQL
       * Importing a PostgreSQL database from an Amazon EC2 instance
       * Using the \copy command to import data to a table on a PostgreSQL DB
         instance
       * Importing data from Amazon S3 into RDS for PostgreSQL
          * Installing the extension
          * Overview of importing data Amazon S3
          * Setting up access to an Amazon S3 bucket
          * Importing data from Amazon S3 to your RDS for PostgreSQL DB instance
          * Function reference
      
       * Transporting PostgreSQL databases between DB instances
          * Setting up a DB instance for transport
          * Transporting a PostgreSQL database
          * Transportable databases function reference
          * Transportable databases parameter reference
   
    * Exporting PostgreSQL data to Amazon S3
       * Setting up access to an Amazon S3 bucket
       * Exporting query data using the aws_s3.query_export_to_s3 function
       * Function reference
       * Troubleshooting access to Amazon S3
   
    * Invoking a Lambda function from RDS for PostgreSQL
       * Examples: Invoking Lambda functions
       * Lambda function error messages
       * Lambda function and parameter reference
   
    * Common DBA tasks for RDS for PostgreSQL
       * Collations supported in RDS for PostgreSQL
       * Understanding PostgreSQL roles and permissions
          * Understanding the rds_superuser role
          * Controlling user access to PostgreSQL
          * Delegating and controlling user password management
          * Using SCRAM for PostgreSQL password encryption
      
       * Working with PostgreSQL autovacuum
          * Determining if the tables in your database need vacuuming
          * Determining which tables are currently eligible for autovacuum
          * Determining if autovacuum is currently running and for how long
          * Performing a manual vacuum freeze
          * Reindexing a table when autovacuum is running
          * Managing autovacuum with large indexes
          * Other parameters that affect autovacuum
          * Setting table-level autovacuum parameters
          * Logging autovacuum and vacuum activities
          * Understanding the behavior of autovacuum with invalid databases
          * Identifying vacuum blockers
             * Installing autovacuum monitoring tools
             * Functions of postgres_get_av_diag()
             * Resolving identifiable vacuum blockers
             * Resolving unidentifiable vacuum blockers
             * Resolving vacuum performance issues
             * Explanation of the NOTICE messages
      
       * Managing temporary files with PostgreSQL
          * Viewing temporary file usage with Performance Insights
      
       * Working with parameters
   
    * Tuning with wait events for RDS for PostgreSQL
       * Essential concepts for RDS for PostgreSQL tuning
          * RDS for PostgreSQL wait events
          * RDS for PostgreSQL memory
          * RDS for PostgreSQL processes
      
       * RDS for PostgreSQL wait events
       * Client:ClientRead
       * Client:ClientWrite
       * CPU
       * IO:BufFileRead and IO:BufFileWrite
       * IO:DataFileRead
       * IO:WALWrite
       * Lock:advisory
       * Lock:extend
       * Lock:Relation
       * Lock:transactionid
       * Lock:tuple
       * LWLock:BufferMapping (LWLock:buffer_mapping)
       * LWLock:BufferIO (IPC:BufferIO)
       * LWLock:buffer_content (BufferContent)
       * LWLock:lock_manager (LWLock:lockmanager)
       * Timeout:PgSleep
       * Timeout:VacuumDelay
   
    * Tuning RDS for PostgreSQL with Amazon DevOps Guru proactive insights
    * Using PostgreSQL extensions
       * Using functions from orafce
       * Using Amazon RDS delegated extension support for PostgreSQL
       * Managing partitions with the pg_partman extension
       * Using pgAudit to log database activity
          * Setting up the pgAudit extension
          * Auditing database objects
          * Excluding users or databases from audit logging
          * Reference for pgAudit extension parameters
      
       * Scheduling maintenance with the pg_cron extension
       * Using pglogical to synchronize data
          * Setting up the pglogical extension
          * Setting up logical replication
          * Reestablishing logical replication after upgrading
          * Managing logical replication slots
          * Parameter reference for pglogical extension parameters
      
       * Using pgactive to create active-active replication
       * Reducing bloat with the pg_repack extension
       * Upgrading and using PLV8
       * Using PL/Rust to write functions in the Rust language
       * Managing spatial data with PostGIS
   
    * Supported foreign data wrappers in Amazon RDS for PostgreSQL
       * Using the log_fdw extension
       * Using postgres_fdw to access external data
       * Working with a MySQL database
       * Working with an Oracle database
       * Working with a SQL Server database
   
    * Working with Trusted Language Extensions for PostgreSQL
       * Terminology
       * Requirements for using Trusted Language Extensions
       * Setting up Trusted Language Extensions
       * Overview of Trusted Language Extensions
       * Creating TLE extensions
       * Dropping your TLE extensions from a database
       * Uninstalling Trusted Language Extensions
       * Using PostgreSQL hooks with your TLE extensions
       * Using Custom Data Types in Trusted Language Extensions
       * Function reference for Trusted Language Extensions
       * Hooks reference for Trusted Language Extensions

 * Code examples
    * Basics
       * Hello Amazon RDS
       * Learn the basics
       * Actions
          * CreateDBInstance
          * CreateDBParameterGroup
          * CreateDBSnapshot
          * DeleteDBInstance
          * DeleteDBParameterGroup
          * DescribeAccountAttributes
          * DescribeDBEngineVersions
          * DescribeDBInstances
          * DescribeDBParameterGroups
          * DescribeDBParameters
          * DescribeDBSnapshots
          * DescribeOrderableDBInstanceOptions
          * GenerateRDSAuthToken
          * ModifyDBInstance
          * ModifyDBParameterGroup
          * RebootDBInstance
   
    * Scenarios
       * Create an Aurora Serverless work item tracker
   
    * Serverless examples
       * Connecting to an Amazon RDS database in a Lambda function

 * Security
    * Database authentication
    * Password management with RDS and Secrets Manager
    * Data protection
       * Data encryption
          * Encrypting Amazon RDS resources
          * AWS KMS key management
          * Using SSL/TLS to encrypt a connection
          * Rotating your SSL/TLS certificate
      
       * Internetwork traffic privacy
   
    * Identity and access management
       * How Amazon RDS works with IAM
       * Identity-based policy examples
          * Permission policies to create, modify and, delete resources in
            Amazon RDS
          * Example policies: Using condition keys
          * Using custom tags
      
       * AWS managed policies
       * Policy updates
       * Cross-service confused deputy prevention
       * IAM database authentication
          * Enabling and disabling
          * Creating and using an IAM policy for IAM database access
          * Creating a database account using IAM authentication
          * Connecting to your DB instance using IAM authentication
             * Connecting to your DB instance using IAM authentication with the
               AWS drivers
             * Connecting using IAM: AWS CLI and mysql client
             * Connecting using IAM authentication from the command line: AWS
               CLI and psql client
             * Connecting using IAM authentication and the AWS SDK for .NET
             * Connecting using IAM authentication and the AWS SDK for Go
             * Connecting using IAM authentication and the AWS SDK for Java
             * Connecting using IAM authentication and the AWS SDK for Python
               (Boto3)
      
       * Troubleshooting
   
    * Logging and monitoring
    * Compliance validation
    * Resilience
    * Infrastructure security
    * VPC endpoints (AWS PrivateLink)
    * Security best practices
    * Controlling access with security groups
    * Master user account privileges
    * Service-linked roles
    * Using Amazon RDS with Amazon VPC
       * Working with a DB instance in a VPC
       * Updating the VPC for a DB instance
       * Scenarios for accessing a DB instance in a VPC
       * Tutorial: Create a VPC for use with a DB instance (IPv4 only)
       * Tutorial: Create a VPC for use with a DB instance (dual-stack mode)
       * Moving a DB instance into a VPC

 * Quotas and constraints
 * Troubleshooting
 * Amazon RDS API reference
    * Using the Query API
    * Troubleshooting applications

 * Document history
 * AWS Glossary

 1. AWS
 2. ...
    
    
 3. Documentation
 4. Amazon RDS
 5. User Guide

 1. AWS
 2. Documentation
 3. Amazon RDS
 4. User Guide

USING SERVICE-LINKED ROLES FOR AMAZON RDS

PDF
RSS
Focus mode


ON THIS PAGE

 1. Service-linked role permissions for Amazon RDS
 2. Service-linked role permissions for Amazon RDS Custom
 3. Service-linked role permissions for Amazon RDS Beta
 4. Service-linked role for Amazon RDS Preview




RELATED RESOURCES

Amazon RDS API Reference
AWS CLI commands for Amazon RDS
SDKs & Tools 




DID THIS PAGE HELP YOU?

Yes
No
Provide feedback

Using service-linked roles for Amazon RDS - Amazon Relational Database Service
AWSDocumentationAmazon RDSUser Guide
Service-linked role permissions for Amazon RDSService-linked role permissions
for Amazon RDS CustomService-linked role permissions for Amazon RDS
BetaService-linked role for Amazon RDS Preview

Amazon RDS uses AWS Identity and Access Management (IAM) service-linked roles. A
service-linked role is a unique type of IAM role that is linked directly to
Amazon RDS. Service-linked roles are predefined by Amazon RDS and include all
the permissions that the service requires to call other AWS services on your
behalf.

A service-linked role makes using Amazon RDS easier because you don't have to
manually add the necessary permissions. Amazon RDS defines the permissions of
its service-linked roles, and unless defined otherwise, only Amazon RDS can
assume its roles. The defined permissions include the trust policy and the
permissions policy, and that permissions policy cannot be attached to any other
IAM entity.

You can delete the roles only after first deleting their related resources. This
protects your Amazon RDS resources because you can't inadvertently remove
permission to access the resources.

For information about other services that support service-linked roles, see AWS
services that work with IAM and look for the services that have Yes in the
Service-Linked Role column. Choose a Yes with a link to view the service-linked
role documentation for that service.


SERVICE-LINKED ROLE PERMISSIONS FOR AMAZON RDS


Amazon RDS uses the service-linked role named AWSServiceRoleForRDS to allow
Amazon RDS to call AWS services on behalf of your DB instances.

The AWSServiceRoleForRDS service-linked role trusts the following services to
assume the role:

 * rds.amazonaws.com

This service-linked role has a permissions policy attached to it called
AmazonRDSServiceRolePolicy that grants it permissions to operate in your
account.

For more information about this policy, including the JSON policy document, see
AmazonRDSServiceRolePolicy in the AWS Managed Policy Reference Guide.

NOTE

You must configure permissions to allow an IAM entity (such as a user, group, or
role) to create, edit, or delete a service-linked role. If you encounter the
following error message:

Unable to create the resource. Verify that you have permission to create service
linked role. Otherwise wait and try again later.

Make sure you have the following permissions enabled:

{
    "Action": "iam:CreateServiceLinkedRole",
    "Effect": "Allow",
    "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
    "Condition": {
        "StringLike": {
            "iam:AWSServiceName":"rds.amazonaws.com"
        }
    }
}
    

For more information, see Service-linked role permissions in the IAM User Guide.


CREATING A SERVICE-LINKED ROLE FOR AMAZON RDS

You don't need to manually create a service-linked role. When you create a DB
instance, Amazon RDS creates the service-linked role for you.

IMPORTANT

If you were using the Amazon RDS service before December 1, 2017, when it began
supporting service-linked roles, then Amazon RDS created the
AWSServiceRoleForRDS role in your account. To learn more, see A new role
appeared in my AWS account.

If you delete this service-linked role, and then need to create it again, you
can use the same process to recreate the role in your account. When you create a
DB instance, Amazon RDS creates the service-linked role for you again.


EDITING A SERVICE-LINKED ROLE FOR AMAZON RDS

Amazon RDS does not allow you to edit the AWSServiceRoleForRDS service-linked
role. After you create a service-linked role, you cannot change the name of the
role because various entities might reference the role. However, you can edit
the description of the role using IAM. For more information, see Editing a
service-linked role in the IAM User Guide.


DELETING A SERVICE-LINKED ROLE FOR AMAZON RDS

If you no longer need to use a feature or service that requires a service-linked
role, we recommend that you delete that role. That way you don't have an unused
entity that is not actively monitored or maintained. However, you must delete
all of your DB instances before you can delete the service-linked role.

CLEANING UP A SERVICE-LINKED ROLE

Before you can use IAM to delete a service-linked role, you must first confirm
that the role has no active sessions and remove any resources used by the role.

TO CHECK WHETHER THE SERVICE-LINKED ROLE HAS AN ACTIVE SESSION IN THE IAM
CONSOLE

 1. Sign in to the AWS Management Console and open the IAM console at
    https://console.aws.amazon.com/iam/.

 2. In the navigation pane of the IAM console, choose Roles. Then choose the
    name (not the check box) of the AWSServiceRoleForRDS role.

 3. On the Summary page for the chosen role, choose the Access Advisor tab.

 4. On the Access Advisor tab, review recent activity for the service-linked
    role.
    
    NOTE
    
    If you are unsure whether Amazon RDS is using the AWSServiceRoleForRDS role,
    you can try to delete the role. If the service is using the role, then the
    deletion fails and you can view the AWS Regions where the role is being
    used. If the role is being used, then you must wait for the session to end
    before you can delete the role. You cannot revoke the session for a
    service-linked role.

If you want to remove the AWSServiceRoleForRDS role, you must first delete all
of your DB instances .

DELETING ALL OF YOUR INSTANCES

Use one of these procedures to delete each of your instances.

TO DELETE AN INSTANCE (CONSOLE)

 1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.

 2. In the navigation pane, choose Databases.

 3. Choose the instance that you want to delete.

 4. For Actions, choose Delete.

 5. If you are prompted for Create final Snapshot?, choose Yes or No.

 6. If you chose Yes in the previous step, for Final snapshot name enter the
    name of your final snapshot.

 7. Choose Delete.

TO DELETE AN INSTANCE (CLI)

See delete-db-instance in the AWS CLI Command Reference.

TO DELETE AN INSTANCE (API)

See DeleteDBInstance in the Amazon RDS API Reference.

You can use the IAM console, the IAM CLI, or the IAM API to delete the
AWSServiceRoleForRDS service-linked role. For more information, see Deleting a
service-linked role in the IAM User Guide.


SERVICE-LINKED ROLE PERMISSIONS FOR AMAZON RDS CUSTOM


Amazon RDS Custom uses the service-linked role named AWSServiceRoleForRDSCustom
to allow RDS Custom to call AWS services on behalf of your RDS DB resources.

The AWSServiceRoleForRDSCustom service-linked role trusts the following services
to assume the role:

 * custom.rds.amazonaws.com

This service-linked role has a permissions policy attached to it called
AmazonRDSCustomServiceRolePolicy that grants it permissions to operate in your
account.

Creating, editing, or deleting the service-linked role for RDS Custom works the
same as for Amazon RDS. For more information, see AWS managed policy:
AmazonRDSCustomServiceRolePolicy.

NOTE

You must configure permissions to allow an IAM entity (such as a user, group, or
role) to create, edit, or delete a service-linked role. If you encounter the
following error message:

Unable to create the resource. Verify that you have permission to create service
linked role. Otherwise wait and try again later.

Make sure you have the following permissions enabled:

{
    "Action": "iam:CreateServiceLinkedRole",
    "Effect": "Allow",
    "Resource": "arn:aws:iam::*:role/aws-service-role/custom.rds.amazonaws.com/AmazonRDSCustomServiceRolePolicy",
    "Condition": {
        "StringLike": {
            "iam:AWSServiceName":"custom.rds.amazonaws.com"
        }
    }
}
    

For more information, see Service-linked role permissions in the IAM User Guide.


SERVICE-LINKED ROLE PERMISSIONS FOR AMAZON RDS BETA


Amazon RDS uses the service-linked role named AWSServiceRoleForRDSBeta to allow
Amazon RDS to call AWS services on behalf of your RDS DB resources.

The AWSServiceRoleForRDSBeta service-linked role trusts the following services
to assume the role:

 * rds.amazonaws.com

This service-linked role has a permissions policy attached to it called
AmazonRDSBetaServiceRolePolicy that grants it permissions to operate in your
account. For more information, see AWS managed policy:
AmazonRDSBetaServiceRolePolicy.

NOTE

You must configure permissions to allow an IAM entity (such as a user, group, or
role) to create, edit, or delete a service-linked role. If you encounter the
following error message:

Unable to create the resource. Verify that you have permission to create service
linked role. Otherwise wait and try again later.

Make sure you have the following permissions enabled:

{
    "Action": "iam:CreateServiceLinkedRole",
    "Effect": "Allow",
    "Resource": "arn:aws:iam::*:role/aws-service-role/custom.rds.amazonaws.com/AmazonRDSBetaServiceRolePolicy",
    "Condition": {
        "StringLike": {
            "iam:AWSServiceName":"custom.rds.amazonaws.com"
        }
    }
}
    

For more information, see Service-linked role permissions in the IAM User Guide.


SERVICE-LINKED ROLE FOR AMAZON RDS PREVIEW


Amazon RDS uses the service-linked role named AWSServiceRoleForRDSPreview to
allow Amazon RDS to call AWS services on behalf of your RDS DB resources.

The AWSServiceRoleForRDSPreview service-linked role trusts the following
services to assume the role:

 * rds.amazonaws.com

This service-linked role has a permissions policy attached to it called
AmazonRDSPreviewServiceRolePolicy that grants it permissions to operate in your
account. For more information, see AWS managed policy:
AmazonRDSPreviewServiceRolePolicy.

NOTE

You must configure permissions to allow an IAM entity (such as a user, group, or
role) to create, edit, or delete a service-linked role. If you encounter the
following error message:

Unable to create the resource. Verify that you have permission to create service
linked role. Otherwise wait and try again later.

Make sure you have the following permissions enabled:

{
    "Action": "iam:CreateServiceLinkedRole",
    "Effect": "Allow",
    "Resource": "arn:aws:iam::*:role/aws-service-role/custom.rds.amazonaws.com/AmazonRDSPreviewServiceRolePolicy",
    "Condition": {
        "StringLike": {
            "iam:AWSServiceName":"custom.rds.amazonaws.com"
        }
    }
}
    

For more information, see Service-linked role permissions in the IAM User Guide.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.

Document Conventions
Master user account privileges
Using Amazon RDS with Amazon VPC
Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of
it.



Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.





NEXT TOPIC:

Using Amazon RDS with Amazon VPC

PREVIOUS TOPIC:

Master user account privileges

NEED HELP?

 * Try AWS re:Post 
 * Connect with an AWS IQ expert 

PrivacySite termsCookie preferences
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.