feat(client-rds): This Amazon RDS release adds support for managed master user passwords for Oracle CDBs.

Author: awstools

clients/client-rds/src/commands/CreateTenantDatabaseCommand.ts

@@ -45,9 +45,11 @@ export interface CreateTenantDatabaseCommandOutput extends CreateTenantDatabaseR
  *   DBInstanceIdentifier: "STRING_VALUE", // required
  *   TenantDBName: "STRING_VALUE", // required
  *   MasterUsername: "STRING_VALUE", // required
- *   MasterUserPassword: "STRING_VALUE", // required
+ *   MasterUserPassword: "STRING_VALUE",
  *   CharacterSetName: "STRING_VALUE",
  *   NcharCharacterSetName: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  *   Tags: [ // TagList
  *     { // Tag
  *       Key: "STRING_VALUE",
@@ -74,6 +76,11 @@ export interface CreateTenantDatabaseCommandOutput extends CreateTenantDatabaseR
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",
@@ -98,6 +105,9 @@ export interface CreateTenantDatabaseCommandOutput extends CreateTenantDatabaseR
  * @throws {@link InvalidDBInstanceStateFault} (client fault)
  *  <p>The DB instance isn't in a valid state.</p>
  *
+ * @throws {@link KMSKeyNotAccessibleFault} (client fault)
+ *  <p>An error occurred accessing an Amazon Web Services KMS key.</p>
+ *
  * @throws {@link TenantDatabaseAlreadyExistsFault} (client fault)
  *  <p>You attempted to either create a tenant database that already exists or
  *                 modify a tenant database to use the name of an existing tenant database.</p>

clients/client-rds/src/commands/DeleteTenantDatabaseCommand.ts

@@ -67,6 +67,11 @@ export interface DeleteTenantDatabaseCommandOutput extends DeleteTenantDatabaseR
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",

clients/client-rds/src/commands/DescribeTenantDatabasesCommand.ts

@@ -75,6 +75,11 @@ export interface DescribeTenantDatabasesCommandOutput extends TenantDatabasesMes
  * //         MasterUserPassword: "STRING_VALUE",
  * //         TenantDBName: "STRING_VALUE",
  * //       },
+ * //       MasterUserSecret: { // MasterUserSecret
+ * //         SecretArn: "STRING_VALUE",
+ * //         SecretStatus: "STRING_VALUE",
+ * //         KmsKeyId: "STRING_VALUE",
+ * //       },
  * //       TagList: [ // TagList
  * //         { // Tag
  * //           Key: "STRING_VALUE",

clients/client-rds/src/commands/ModifyTenantDatabaseCommand.ts

@@ -47,6 +47,9 @@ export interface ModifyTenantDatabaseCommandOutput extends ModifyTenantDatabaseR
  *   TenantDBName: "STRING_VALUE", // required
  *   MasterUserPassword: "STRING_VALUE",
  *   NewTenantDBName: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   RotateMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new ModifyTenantDatabaseCommand(input);
  * const response = await client.send(command);
@@ -67,6 +70,11 @@ export interface ModifyTenantDatabaseCommandOutput extends ModifyTenantDatabaseR
  * //       MasterUserPassword: "STRING_VALUE",
  * //       TenantDBName: "STRING_VALUE",
  * //     },
+ * //     MasterUserSecret: { // MasterUserSecret
+ * //       SecretArn: "STRING_VALUE",
+ * //       SecretStatus: "STRING_VALUE",
+ * //       KmsKeyId: "STRING_VALUE",
+ * //     },
  * //     TagList: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE",
@@ -91,6 +99,9 @@ export interface ModifyTenantDatabaseCommandOutput extends ModifyTenantDatabaseR
  * @throws {@link InvalidDBInstanceStateFault} (client fault)
  *  <p>The DB instance isn't in a valid state.</p>
  *
+ * @throws {@link KMSKeyNotAccessibleFault} (client fault)
+ *  <p>An error occurred accessing an Amazon Web Services KMS key.</p>
+ *
  * @throws {@link TenantDatabaseAlreadyExistsFault} (client fault)
  *  <p>You attempted to either create a tenant database that already exists or
  *                 modify a tenant database to use the name of an existing tenant database.</p>

clients/client-rds/src/commands/RestoreDBInstanceFromDBSnapshotCommand.ts

@@ -115,6 +115,8 @@ export interface RestoreDBInstanceFromDBSnapshotCommandOutput
  *   DedicatedLogVolume: true || false,
  *   CACertificateIdentifier: "STRING_VALUE",
  *   EngineLifecycleSupport: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceFromDBSnapshotCommand(input);
  * const response = await client.send(command);

clients/client-rds/src/commands/RestoreDBInstanceToPointInTimeCommand.ts

@@ -112,6 +112,8 @@ export interface RestoreDBInstanceToPointInTimeCommandOutput
  *   DedicatedLogVolume: true || false,
  *   CACertificateIdentifier: "STRING_VALUE",
  *   EngineLifecycleSupport: "STRING_VALUE",
+ *   ManageMasterUserPassword: true || false,
+ *   MasterUserSecretKmsKeyId: "STRING_VALUE",
  * };
  * const command = new RestoreDBInstanceToPointInTimeCommand(input);
  * const response = await client.send(command);

clients/client-rds/src/models/models_0.ts

@@ -5218,7 +5218,8 @@ export interface CreateDBClusterMessage {
   /**
    * <p>Specifies whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window.
    *             By default, minor engine upgrades are applied automatically.</p>
-   *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster</p>
+   *          <p>Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB cluster.</p>
+   *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
    * @public
    */
   AutoMinorVersionUpgrade?: boolean | undefined;
@@ -6414,6 +6415,7 @@ export interface DBCluster {
   /**
    * <p>Indicates whether minor version patches are applied automatically.</p>
    *          <p>This setting is for Aurora DB clusters and Multi-AZ DB clusters.</p>
+   *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
    * @public
    */
   AutoMinorVersionUpgrade?: boolean | undefined;
@@ -8057,6 +8059,7 @@ export interface CreateDBInstanceMessage {
    *           By default, minor engine upgrades are applied automatically.</p>
    *          <p>If you create an RDS Custom DB instance, you must set <code>AutoMinorVersionUpgrade</code> to
    *           <code>false</code>.</p>
+   *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
    * @public
    */
   AutoMinorVersionUpgrade?: boolean | undefined;
@@ -9423,6 +9426,7 @@ export interface DBInstance {
 
   /**
    * <p>Indicates whether minor version patches are applied automatically.</p>
+   *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
    * @public
    */
   AutoMinorVersionUpgrade?: boolean | undefined;
@@ -10152,6 +10156,7 @@ export interface CreateDBInstanceReadReplicaMessage {
    *             read replica during the maintenance window.</p>
    *          <p>This setting doesn't apply to RDS Custom DB instances.</p>
    *          <p>Default: Inherits the value from the source DB instance.</p>
+   *          <p>For more information about automatic minor version upgrades, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades">Automatically upgrading the minor engine version</a>.</p>
    * @public
    */
   AutoMinorVersionUpgrade?: boolean | undefined;
@@ -10993,7 +10998,21 @@ export interface UserAuthConfig {
   IAMAuth?: IAMAuthMode | undefined;
 
   /**
-   * <p>The type of authentication the proxy uses for connections from clients.</p>
+   * <p>The type of authentication the proxy uses for connections from clients. The following values are defaults for the corresponding engines:</p>
+   *          <ul>
+   *             <li>
+   *                <p>RDS for MySQL: <code>MYSQL_CACHING_SHA2_PASSWORD</code>
+   *                </p>
+   *             </li>
+   *             <li>
+   *                <p>RDS for SQL Server: <code>SQL_SERVER_AUTHENTICATION</code>
+   *                </p>
+   *             </li>
+   *             <li>
+   *                <p>RDS for PostgreSQL: <code>POSTGRES_SCRAM_SHA2_256</code>
+   *                </p>
+   *             </li>
+   *          </ul>
    * @public
    */
   ClientPasswordAuthType?: ClientPasswordAuthType | undefined;
@@ -13162,10 +13181,14 @@ export interface CreateTenantDatabaseMessage {
    *                     (<code>/</code>), double quote (<code>"</code>), at symbol (<code>@</code>),
    *                     ampersand (<code>&</code>), or single quote (<code>'</code>).</p>
    *             </li>
+   *             <li>
+   *                <p>Can't be specified when <code>ManageMasterUserPassword</code> is
+   *                     enabled.</p>
+   *             </li>
    *          </ul>
    * @public
    */
-  MasterUserPassword: string | undefined;
+  MasterUserPassword?: string | undefined;
 
   /**
    * <p>The character set for your tenant database. If you don't specify a value, the
@@ -13180,6 +13203,39 @@ export interface CreateTenantDatabaseMessage {
    */
   NcharCharacterSetName?: string | undefined;
 
+  /**
+   * <p>Specifies whether to manage the master user password with Amazon Web Services Secrets Manager.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+   *             in the <i>Amazon RDS User Guide.</i>
+   *          </p>
+   *          <p>Constraints:</p>
+   *          <ul>
+   *             <li>
+   *                <p>Can't manage the master user password with Amazon Web Services Secrets Manager if <code>MasterUserPassword</code>
+   *                     is specified.</p>
+   *             </li>
+   *          </ul>
+   * @public
+   */
+  ManageMasterUserPassword?: boolean | undefined;
+
+  /**
+   * <p>The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and
+   *             managed in Amazon Web Services Secrets Manager.</p>
+   *          <p>This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets
+   *             Manager for the DB instance.</p>
+   *          <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
+   *             To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p>
+   *          <p>If you don't specify <code>MasterUserSecretKmsKeyId</code>, then the <code>aws/secretsmanager</code>
+   *             KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't
+   *             use the <code>aws/secretsmanager</code> KMS key to encrypt the secret, and you must use a customer
+   *             managed KMS key.</p>
+   *          <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account
+   *             has a different default KMS key for each Amazon Web Services Region.</p>
+   * @public
+   */
+  MasterUserSecretKmsKeyId?: string | undefined;
+
   /**
    * <p>A list of tags.</p>
    *          <p>For more information, see
@@ -13288,6 +13344,16 @@ export interface TenantDatabase {
    */
   PendingModifiedValues?: TenantDatabasePendingModifiedValues | undefined;
 
+  /**
+   * <p>Contains the secret managed by RDS in Amazon Web Services Secrets Manager for the master user password.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+   *             in the <i>Amazon RDS User Guide</i> and <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html">Password management with Amazon Web Services Secrets Manager</a>
+   *             in the <i>Amazon Aurora User Guide.</i>
+   *          </p>
+   * @public
+   */
+  MasterUserSecret?: MasterUserSecret | undefined;
+
   /**
    * <p>A list of tags.</p>
    *          <p>For more information, see