Per https://dba.stackexchange.com/questions/182840/repacking-rds-database-with-pg-repack-isnt-online (and personal experience), pg_repack on tables will cause issues because RDS uses a pseudo super user instead of the normal superuser that is expected.

The documentation should be updated to include the required permission changes

The web page is available at
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.AWSCLI.PostgreSQL.html

It also has a small error:

export PGPASSWORD="$(aws rds generated-db-auth-token --hostname $RDSHOST --port 3306 --region us-west-2 --username jane_doe )"

it should be aws rds generate-db-auth-token …

i see below error when i update the code. can anyone help on same ?

Hi

I was checking the documentation, and making a RDS migration from VPC. It now says
DB instance status: moving-to-vpc

There is no status information on this section of DB instance status: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Status.html

There is a good description of the process here: https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/

Also, I think that there is a restriction of the number of movements in parallel but I got no information about this.

Quote from the doc

"The string can contain only the set of Unicode letters, digits, white-space, '', '.', '/', '=', '+', '-' (Java regex: "^([\p{L}\p{Z}\p{N}.:/=+\-]*)$")."

But if you look at the regex it seems ':' is also allowed so statement should probably look like
Do note addition of ':'

"The string can contain only the set of Unicode letters, digits, white-space, '', '.', ':', '/', '=', '+', '-' (Java regex: "^([\p{L}\p{Z}\p{N}.:/=+\-]*)$")."

I'm currently running into an issue with pg_tranport that only outputs the following message: ERROR: failed to download file data
SQL state: XX000

There is no documentation on errors that are outputted from the function, and given the closed source nature of the function, there is simply no way to understand what might be missing.

I am trying to export the cloudwatch logs from my aurora postgres instance running version 9.6.8, but I am getting the following when running the command:

$ aws rds modify-db-cluster --db-cluster-identifier <db-cluster-id> --cloudwatch-logs-export-configuration '{"EnableLogTypes":["postgresql", "upgrade"]}'

An error occurred (InvalidParameterCombination) when calling the ModifyDBCluster operation: Engine aurora-postgresql 9.6.8 does not support exporting to CloudWatch Logs. For supported engine versions, see the documentation.

The documentation states in https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/USER_LogAccess.Concepts.PostgreSQL.md that "Publishing log files to CloudWatch Logs is only supported for PostgreSQL versions 9.6.6 and above and 10.4 and above."

If you have ideas for our Amazon RDS User Guide, please let us know! Tell us about troubleshooting tips and tricks, examples, code samples, or other content you want to see more (or less) of.

You can submit a pull request as explained in these directions. You can also use the feedback button on any page in the Amazon RDS online documentation to send a notification directly to our inbox.

We look forward to hearing from you!

Line 22 of the user guide has reference to combined ca bundle available to download, https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem, but it has not been updated with the latest certificate.

$ openssl x509 -enddate -noout -in rds-combined-ca-bundle.pem
notAfter=Mar 5 09:11:31 2020 GMT

Folks may not remember how overwhelming it is to get started with AWS. In hindsight, after a couple of Google searches for the error you do eventually find a solution.

When creating the RDS instance you are prompted for a database name. This name turns out to be the instance name, not the database name. When using the commands for psql you will get an error along the lines of "the database name does not exist", which is in fact, true.

A database is created by default when there is no additional configuration and its name is postgres. I had this issue and using postgres as dbname solved my problem.

I created this PR to solve this issue: #61

https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/SQLServer.Procedural.Importing.md has bad information relating to the IAM role for encryption.

IAM kms:GenerateDataKey can not have specific resources according to IAM. This results in a warning and a missing permission.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:DescribeKey"
            ],
            "Resource": [
                "arn:aws:kms:<region>:<account_id>:key/<key_id>"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:GenerateDataKey"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket>"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket>/*"
            ]
        }
    ]
}

Even with the above it still fails with the following error:

[2018-03-12 19:08:22.130] Task execution has started. 
[2018-03-12 19:08:22.140] Aborted the task because of a task failure or an overlap with your preferred backup window for RDS automated backup. 
[2018-03-12 19:08:22.143] User: arn:aws:sts::<account_id>:assumed-role/NativeRDSBackups/RDS-SqlServerBackupRestore is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-east-1:<account_id>:key/<key_id>

configuring-iam-database-auth is missing from the description table and the effects of Apply Immediately are also missing from the PostgreSQL notes, (though they do appear in the MySQL notes).

Gateway Timeout
The gateway did not receive a timely response from the upstream server or application

Original text, last part of last paragraph in /awsdocs/amazon-rds-user-guide/tree/master/doc_source/USER_RebootInstance.md

To improve the reboot time, we recommend that you reduce database activities as much as possible during the reboot process Reduce database activity reduces rollback activity for in-transit transactions.

Should be changed to 2 distinct sentences:

To improve the reboot time, we recommend that you reduce database activities as much as possible during the reboot process. Reducing database activity reduces rollback activity for in-transit transactions.

I meet error when I use add-table in wal2json extension. Here is the error:

2018-09-14 17:00:01 UTC:10.255.2.147(47204):root@papayafm:[1018]:ERROR: option "add-tables"

Is there have a plan to support it?
I need to make my plugin to support aws jiamo/python-psql-replication@ad87359

Their got two setSslProperties() and one should be renamed to clearSslProperties()

Senario:- i have installed kunernetes in my linux instance and i have created 1 master and 2 minions by mentioning inside the /kubernet/cluster/conf. file and then up the server by sh kube_up.sh so at that time my minions and master is successfully created but when i got following link:-
Kubernetes master is running at https://52.13.137.209
Elasticsearch is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-s ystem/services/elasticsearch-logging
Heapster is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-system /services/heapster
Kibana is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-system/s ervices/kibana-logging
KubeDNS is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-system/ services/kube-dns
kubernetes-dashboard is running at https://52.13.137.209/api/v1/proxy/namespaces /kube-system/services/kubernetes-dashboard
Grafana is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-system/ services/monitoring-grafana
InfluxDB is running at https://52.13.137.209/api/v1/proxy/namespaces/kube-system /services/monitoring-influxdb

By entring these links in the browser with proper
username:- admin
passawrd:- *********

instead of getting kuberetes dashbord i have got :-

{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "the server could not find the requested resource",
"reason": "NotFound",
"details": {},
"code": 404
}

How to get the desired kunbernetes dashboard, is there any congfiguration changes required.

Under Compressing Backup files the docs state:
exec rdsadmin..rds_set_configuration 'S3 backup compression', 'true';
and exec rdsadmin..rds_set_configuration 'S3 backup compression', 'false';

These commands fail with Msg 50000, Level 15, State 1, Procedure rds_set_configuration, Line 34
Unrecognized configuration name provided: S3 backup compression

Correct commands appear to be:
exec rdsadmin..rds_set_configuration 'S3 Backup Compression', 'true'; and
exec rdsadmin..rds_set_configuration 'S3 Backup Compression', 'false';

Note case sensitivity.

Hi there,

I am wondering if this issue is still present in MySQL 5.7.21?

https://github.com/awsdocs/amazon-rds-user-guide/blob/bf9f9f4fd56500a7b1ec7987b5e1a67f0818be00/doc_source/MySQL.KnownIssuesAndLimitations.md#inconsistent-innodb-buffer-pool-size

The bug that is referenced (https://bugs.mysql.com/bug.php?id=79379) says "Version: 5.7.9". But I am not able to find the bug referenced in any 5.7 changelog items.

Thanks!

I can add an additional read-only endpoint to my RDS Proxy

So I guess we can rewrite this

https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/rds-proxy.md#connecting-to-a-database-through-rds-proxy

For an Aurora DB cluster, all proxy connections have read/write capability and use the writer instance. If you use the reader endpoint for read-only connections, you continue using the reader endpoint the same way.

As we could actually use RDS proxy to pool connections to RDS read slaves? (That's my understanding)

Short:
I expect to see the "Add all the subnets related to this VPC" option when making an DB Subnet, but instead all I see is a dropdown of all of my subnets which I must individually select.

Longer:
In the "Create a DB Subnet Group" guide's Step 5 it says:

In the Add subnets section, choose Add all the subnets related to this VPC.

Yet I did not see this option in the dropdown.

See the photo below where my 3 subnet IDs have been anonymized.

I believe the smallest instance type supported is now db.t2.micro

https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonrds.html references the DownloadCompleteDBLogFile API action which links to here https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/RESTReference.html#RESTReference.DownloadCompleteDBLogFile

This link is broken and redirects to the home page of the RDS User Guide: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

This API does not exist int he API documentation (control, data, and insights) so I suspect it's been deprecated and should be removed from the table. Is this correct?
Control API actions: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_Operations.html

If you try to migrate a snapshot or existing RDS MySQL database to Aurora that has options set that Aurora doesn't support (my example is Memcached, there may be others), it will fail and result in a broken cluster. Support didn't point me in the right direction, they assumed the snapshot was corrupted, but removing the offending options solves it.

Is this worth noting somewhere as it would have saved me a few hours of pain and back and forths with support?

(OR did it just miss it somewhere?)

https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/Appendix.SQLServer.CommonDBATasks.md
This is all I could find.
I was looking for a way to query a very basic RDS Instance property, its instance name, and couldn't even find a way to do that after 2 days of googling.

query : select * from table_name order by column_name

using workbench to connect with RDS server and mysql server

I’m getting this error: you don’t have admin privileges to import the DB while I already have the super admin access because I’m using the superuser I created while creating the RDS MySQL database. This error doesn’t arise all the time but sometimes. Still, I didn’t get any proper solution to get this issue resolved. I don’t know why it gives super admin privileges here and I think a solution should be provided here at the end of the doc because other users are also facing this problem. After all, I had seen other members also on stack overflow.

I work with RDS a good amount, but I work with lots of other AWS and non-AWS services and tools. Every time I come back to Option groups and/or Parameter groups, I always forget what the distinction is between the two and I end up here https://www.reddit.com/r/aws/comments/5r0l8e/what_is_the_difference_between_rds_option_groups/.

I would be helpful if you had another page here https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_RDS_Configuring.html, something short, literally titled Option groups vs Parameter groups. I suspect that I'm not alone. I am certain that users who are new to RDS will benefit from this.

In the Common DBA Tasks for PostgreSQL appendix, the pgBadger snippet no longer works for pgBadger version 10.x when used against Amazon RDS for PostgreSQL logs that worked previously:

$ pgbadger --version
pgBadger version 10.1
$ pgbadger -p '%t:%r:%u@%d:[%p]:' postgresql.log.2018-10-05-15
FATAL: unable to detect log file format from postgresql.log.2018-10-05-15, please use -f option.

According to darold/pgbadger#443, this is because pgBadger can no longer automatically detect the log format. The following snippet appears to work consistently:

$ pgbadger --version
pgBadger version 10.1
$ pgbadger -f stderr -p '%t:%r:%u@%d:[%p]:' postgresql.log.2018-10-05-15
[========================>] Parsed 56638 bytes of 56638 (100.00%), queries: 11, events: 0
LOG: Ok, generating html report...

From https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.ActiveSessions.html

I believe that both cells highlighted in blue below should be 380 instead of 360.

I would have made a pull request instead of opening an issue but I don't think this table is in the source. Good idea to put the docs on GitHub. Thanks.

>>> 360/180
2.0
>>> 360/240
1.5
>>> 
>>> 380/180
2.111111111111111
>>> 380/240
1.5833333333333333

In Step 4 of "To configure IAM permissions for using your cluster with Lambda" Documentation code says:

aws rds add-role-to-db-cluster \
       --db-cluster-identifier my-cluster-name \
       --feature-name Lambda \
       --role-arn  arn:aws:iam::444455556666:role/rds-lambda-role   \
       --region aws-region

I do not know where to find the db-cluster-identifier and I do not think I have one. Also when I look at AWS CLI documentation in the link you provided:
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/add-role-to-db-cluster.html
It states:

  add-role-to-db-cluster
--db-cluster-identifier <value>
--role-arn <value>
[--feature-name <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

And I am guessing db-cluster-identifier is the DB instance ID under the configuration tab in the AWS RDS console? Is that correct?

I can't find the table in the source file but this page contains a table of endpoints:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
that is missing the GovCloud US-East, Osaka, and Ningxia endpoints
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

On URI:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html
the maintenance time blocks isn't listed for EU (Paris) region as well as Stockholm, Bahrein.

Hello, I noticed that the default for RDS mysql 5.7 and 8 parameter groups SQL_MODE option is different from the MySql default.

The default on MySql 5.7 is specified here: https://dev.mysql.com/doc/refman/5.7/en/faqs-sql-modes.html#faq-mysql-what-default-mode

The default for mysql 8 is specified here: https://dev.mysql.com/doc/refman/8.0/en/faqs-sql-modes.html#:~:text=The%20default%20SQL%20mode%20in,%2C%20%E2%80%9CServer%20SQL%20Modes%E2%80%9D.

Whereas the RDS default seems to be NO_ENGINE_SUBSTITUTION for both versions.

I understand how to change it, but I wondered if it was possible to document why the default is different, whether there are any benefits to the different default and why AWS recommends this default?

The reason for asking is that we noticed a difference between our local environments and AWS RDS and we're unsure on whether we should deliberately override the AWS recommendation. All the documentation I can find is about changing it, not why it's set like this.

This statement from the Doc, seems to be misleading

"You can create an encrypted Read Replica of an unencrypted DB instance, and you can create an unencrypted Read Replica of an encrypted DB instance. "

Tried to reproduce this with Aurora, the encryption option is available and when you select it, it ends up not creating an encrypted instance from the unencrypted aurora instance.

This is made clear here --> https://aws.amazon.com/rds/aurora/faqs/

Q: Can I encrypt an existing unencrypted database?

Currently, encrypting an existing unencrypted Aurora instance is not supported. To use Amazon Aurora encryption for an existing unencrypted database, create a new DB Instance with encryption enabled and migrate your data into it.

Hi,

In https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/UsingWithRDS.IAMDBAuth.IAMPolicy.md you suggest to use a different ARN format to specify the resource an IAM user can connect to:

arn:aws:rds-db:region:account-id:dbuser:dbi-resource-id/database-user-name

vs the usual RDS form:

arn:aws:rds:us-east-2:123456789012:db:my-mysql-instance-1/database-user-name

Notce rds vs rds-db and dbuser vs db.

It seems like using the later RDS format works too, but it's not explicit in the doc.

Are both supposed to work? Or is it just an edge case that was forgotten and is not supposed to work?

Once I know, I can PR the doc to make it more explicit if you want.

Thanks!

In this page https://github.com/awsdocs/amazon-rds-user-
guide/blob/master/doc_source/Appendix.SQLServer.CommonDBATasks.Logs.md, it says we can use the following command to read the error log:

EXEC rdsadmin.dbo.rds_read_error_log @index = 0, @type = 1;

I tried the native command EXEC sp_readerrorlog and it also works. So what's the difference and why we need to use rdsadmin.dbo.rds_read_error_log?

On OSX
aws rds describe-db-instances --db-instance-identifier AcmeRDS --headers

returns
Unknown options: --headers

I'm running pg_transport and receiving odd errors:

no extensions except for pg_transport can be installed to use pg_transport

This error makes no sense and if we are required to have pg_statements and pg_transport as part of our standard_libraries in Postgres 11.5

Document says 9.6.12 can go to any 10.x version but only allows 10.7.

I have been trying to use cli to export my aurora-postgresql logs to cloudwatch but the log types doesn't seems to be supported.

Here is the error

$ aws rds modify-db-cluster --db-cluster-identifier xxxxxxx --cloudwatch-logs-export-configuration '{"EnableLogTypes":["postgresql"," upgrade", "audit", "slowquery"]}'

An error occurred (InvalidParameterCombination) when calling the ModifyDBCluster operation: You cannot use the log types ' upgrade', 'audit', 'slowquery' with engine version aurora-postgresql 9.6.12. For supported log types, see the documentation.

I've also tried with aurora-postgres version 10.7 and got the same error.
Please let me know what log types are supported by this feature for the two versions of aurora as I cannot find it in any of the AWS documentation.

I have also done extensive reading of this documentation:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.CloudWatch.html

The cluster-level DB parameter server_audit_logs_upload parameter mentioned in the documentation above doesn't seems to be a valid parameter as I could not find it in my cluster parameter group. Is there something i'm missing or you need to update to your documentation to reflect how it actually works?

I have enabled read replication(in 2 different AZs) for my RDS instance running mysql v5.7.19. I am trying to get the details about the events that are taking place in the instance. For this, I want the bin logs from the instance.
I have tried to export the logs using the mysqlbinlog utility in my EC2 and I get the following error:
Command:

mysqlbinlog \
    --read-from-remote-server \
    --host=host.rds.amazonaws.com \
    --port=3306  \
    --user username \
    --password password \
    --raw \
    --result-file=/tmp/ \
    mysql-bin-changelog.000105

ERROR: Got error reading packet from server: Could not find first log file name in binary log index file.

Could someone please tell me how to export the RDS bin logs to EC2 or to S3 and view the bin logs?

This page states that you cannot remove encryption from an RDS instance: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Limitations

That's fine but you could also mention workarounds for this. I believe that you can accomplish this by using a tool like DMS, a home grown script or a connector from a third party vendor.
While generally, you wouldn't want to remove encryption, it's the kind of thing you might need to do in an emergency.

It's frustrating when the AWS doc leads to dead ends like this with a "Oh well, you're screwed if you're stuck in this situation".

com.amazonaws.services.rdsdata.model.AWSRDSDataException: Rate exceeded (Service: AWSRDSData; Status Code: 400; Error Code: ThrottlingException;

I can't find the above error content for API Limit in the document.

General

Sadly there's no way to send a pull request for the content on https://aws.amazon.com/rds/instance-types/ and the support is only about billing or technical stuff. I found no better way than to report it here.

Missing Prefix

In section Memory Optimized, tab X1, the models in the tables are missing the db. prefix (x1.16xlarge vs db.x1.16xlarge).

This is relevant, because it makes it harder to scrape the page and use the result to check eg. https://github.com/cloudtools/troposphere/blob/dbf1ab10b02e0efc3c55548c9dee3782af801c9e/troposphere/constants.py#L332-L410 for completeness.

At the time of deleting the parameter group from aws console of rds i am facing following problem:-

error:- Failed to delete default.aurora-mysql5.7: Default DBParameterGroup cannot be deleted: default.aurora-mysql5.7 (Service: AmazonRDS; Status Code: 400; Error Code: InvalidDBParameterGroupState; Request ID: 5e839386-71ef-45ef-baaf-a136a880f49f)

the same thing i tried with awscli following error is coming:-
command:- aws rds delete-db-parameter-group --db-parameter-group-name default.aurora-mysql5.7
error:- An error occurred (InvalidDBParameterGroupState) when calling the DeleteDBParameterGroup operation: Default DBParameterGroup cannot be deleted: default.aurora-mysql5.7

The Working with PostGIS guide is a little misleading. It's not setting up only the postgis extension, but also the extras fuzzystrmatch, postgis_tiger_geocoder, and postgis_topology.

Loading these extras is unnecessary for applications that only use basic PostGIS functionality. This includes the popular Django GIS extension which is what I am looking at setting up.

I suggest it be split into two guides: PostGIS (basically only CREATE EXTENSION IF NOT EXISTS postgis, and the PostGIS extras.

https://github.com/awsdocs/amazon-rds-user-guide/blob/master/doc_source/CHAP_Storage.md#combining-provisioned-iops-storage-with-multi-az-deployments-or-read-replicas

You can also use Provisioned IOPS SSD storage with read replicas for MySQL, MariaDB or PostgreSQL. The type of storage for a read replica is independent of that on the master DB instance. For example, you might use General Purpose SSD for read replicas ith a master DB instance that uses Provisioned IOPS SSD storage to reduce costs. However, your read replica's performance in this case might differ from that of a configuration where both the master DB instance and the read replicas use Provisioned IOPS SSD storage.

For example, you might use General Purpose SSD for read replicas ith a master DB instance that uses Provisioned IOPS SSD storage to reduce costs.

'ith' should be 'with'. it's a little typo.

I am working on consolidation of AWS RDS postgres db instances. There are around 40 individual postgres RDS db instances. These 40 instances are not utilized fully. CPU Utilization is below 5% for all. So planning to migrate / consolidate these 40 instances into few instances like around 4. I am thinking of two options. 1. Use pg_dump and 2. Use pg_transport. I would like to know what is the best option for this. I haven't used pg_transport. Any suggestions highly appreciated. I am little new to AWS RDS postgres db instances.

aws rds create-db-cluster --db-cluster-identifier sample-cluster --engine aurora-mysql
--engine-version 5.7.12 --master-username user-name --master-user-password password
--db-subnet-group-name mysubnetgroup --vpc-security-group-ids sg-c7e5b0d2

when we entered above code this cluster module is not available and if we entered aws rds help so in that to this create-db-cluster module is not available thn why they why it is available in aws official documentation.