import type { Construct } from 'constructs'; import type { DatabaseClusterAttributes, IDatabaseCluster } from './cluster-ref'; import { Endpoint } from './endpoint'; import type { BackupProps, Login, RotationMultiUserOptions } from './props'; import * as ec2 from '../../aws-ec2'; import type { IRole } from '../../aws-iam'; import type * as kms from '../../aws-kms'; import * as logs from '../../aws-logs'; import type { CaCertificate } from '../../aws-rds'; import * as secretsmanager from '../../aws-secretsmanager'; import type { Duration } from '../../core'; import { RemovalPolicy, Resource } from '../../core'; import type { DBClusterReference, IDBClusterParameterGroupRef } from '../../interfaces/generated/aws-docdb-interfaces.generated'; /** * ServerlessV2 scaling configuration for DocumentDB clusters */ export interface ServerlessV2ScalingConfiguration { /** * The minimum number of DocumentDB capacity units (DCUs) for a DocumentDB instance in a DocumentDB Serverless cluster. */ readonly minCapacity: number; /** * The maximum number of DocumentDB capacity units (DCUs) for a DocumentDB instance in a DocumentDB Serverless cluster. */ readonly maxCapacity: number; } /** * The storage type of the DocDB cluster */ export declare enum StorageType { /** * Standard storage */ STANDARD = "standard", /** * I/O-optimized storage */ IOPT1 = "iopt1" } /** * Properties for a new database cluster */ export interface DatabaseClusterProps { /** * What version of the database to start * * @default - the latest major version */ readonly engineVersion?: string; /** * The port the DocumentDB cluster will listen on * * @default DatabaseCluster.DEFAULT_PORT */ readonly port?: number; /** * Username and password for the administrative user */ readonly masterUser: Login; /** * Backup settings * * @default - Backup retention period for automated backups is 1 day. * Backup preferred window is set to a 30-minute window selected at random from an * 8-hour block of time for each AWS Region, occurring on a random day of the week. * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/backup-restore.db-cluster-snapshots.html#backup-restore.backup-window */ readonly backup?: BackupProps; /** * The KMS key for storage encryption. * * @default - default master key. */ readonly kmsKey?: kms.IKey; /** * Whether to enable storage encryption * * @default true */ readonly storageEncrypted?: boolean; /** * An optional identifier for the cluster * * @default - A name is automatically generated. */ readonly dbClusterName?: string; /** * Base identifier for instances * * Every replica is named by appending the replica number to this string, 1-based. * Only applicable for provisioned clusters. * * @default - `dbClusterName` is used with the word "Instance" appended. If `dbClusterName` is not provided, the * identifier is automatically generated. */ readonly instanceIdentifierBase?: string; /** * What type of instance to start for the replicas. * Required for provisioned clusters, not applicable for serverless clusters. * * @default None */ readonly instanceType?: ec2.InstanceType; /** * Number of DocDB compute instances * @default 1 */ readonly instances?: number; /** * ServerlessV2 scaling configuration. * When specified, the cluster will be created as a serverless cluster. * * @default None */ readonly serverlessV2ScalingConfiguration?: ServerlessV2ScalingConfiguration; /** * The identifier of the CA certificate used for the instances. * * Specifying or updating this property triggers a reboot. * * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html * * @default - DocumentDB will choose a certificate authority */ readonly caCertificate?: CaCertificate; /** * What subnets to run the DocumentDB instances in. * * Must be at least 2 subnets in two different AZs. */ readonly vpc: ec2.IVpc; /** * Where to place the instances within the VPC * * @default private subnets */ readonly vpcSubnets?: ec2.SubnetSelection; /** * Security group. * * @default a new security group is created. */ readonly securityGroup?: ec2.ISecurityGroup; /** * The DB parameter group to associate with the instance. * * @default no parameter group */ readonly parameterGroup?: IDBClusterParameterGroupRef; /** * A weekly time range in which maintenance should preferably execute. * * Must be at least 30 minutes long. * * Example: 'tue:04:17-tue:04:47' * * @default - 30-minute window selected at random from an 8-hour block of time for * each AWS Region, occurring on a random day of the week. * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-maintain.html#maintenance-window */ readonly preferredMaintenanceWindow?: string; /** * The removal policy to apply when the cluster and its instances are removed * or replaced during a stack update, or when the stack is deleted. This * removal policy also applies to the implicit security group created for the * cluster if one is not supplied as a parameter. * * When set to `SNAPSHOT`, the removal policy for the instances and the security group * will default to `DESTROY` as those resources do not support the policy. * * Use the `instanceRemovalPolicy` and `securityGroupRemovalPolicy` to change the behavior. * * @default - Retain cluster. */ readonly removalPolicy?: RemovalPolicy; /** * Specifies whether this cluster can be deleted. If deletionProtection is * enabled, the cluster cannot be deleted unless it is modified and * deletionProtection is disabled. deletionProtection protects clusters from * being accidentally deleted. * * @default - false */ readonly deletionProtection?: boolean; /** * Whether the profiler logs should be exported to CloudWatch. * Note that you also have to configure the profiler log export in the Cluster's Parameter Group. * * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/profiling.html#profiling.enable-profiling * @default false */ readonly exportProfilerLogsToCloudWatch?: boolean; /** * Whether the audit logs should be exported to CloudWatch. * Note that you also have to configure the audit log export in the Cluster's Parameter Group. * * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html#event-auditing-enabling-auditing * @default false */ readonly exportAuditLogsToCloudWatch?: boolean; /** * The number of days log events are kept in CloudWatch Logs. When updating * this property, unsetting it doesn't remove the log retention policy. To * remove the retention policy, set the value to `Infinity`. * * @default - logs never expire */ readonly cloudWatchLogsRetention?: logs.RetentionDays; /** * The IAM role for the Lambda function associated with the custom resource * that sets the retention policy. * * @default - a new role is created. */ readonly cloudWatchLogsRetentionRole?: IRole; /** * A value that indicates whether to enable Performance Insights for the instances in the DB Cluster. * * @default - false */ readonly enablePerformanceInsights?: boolean; /** * The removal policy to apply to the cluster's instances. * * Cannot be set to `SNAPSHOT`. * * @default - `RemovalPolicy.DESTROY` when `removalPolicy` is set to `SNAPSHOT`, `removalPolicy` otherwise. * * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html */ readonly instanceRemovalPolicy?: RemovalPolicy; /** * The removal policy to apply to the cluster's security group. * * Cannot be set to `SNAPSHOT`. * * @default - `RemovalPolicy.DESTROY` when `removalPolicy` is set to `SNAPSHOT`, `removalPolicy` otherwise. * * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html */ readonly securityGroupRemovalPolicy?: RemovalPolicy; /** * Whether to copy tags to the snapshot when a snapshot is created. * * @default - false */ readonly copyTagsToSnapshot?: boolean; /** * The storage type of the DocDB cluster. * * I/O-optimized storage is supported starting with engine version 5.0.0. * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-storage-configs.html * @see https://docs.aws.amazon.com/documentdb/latest/developerguide/release-notes.html#release-notes.11-21-2023 * * @default StorageType.STANDARD */ readonly storageType?: StorageType; } /** * A new or imported clustered database. */ declare abstract class DatabaseClusterBase extends Resource implements IDatabaseCluster { /** * Identifier of the cluster */ abstract readonly clusterIdentifier: string; /** * Identifiers of the replicas */ abstract readonly instanceIdentifiers: string[]; /** * The endpoint to use for read/write operations */ abstract readonly clusterEndpoint: Endpoint; /** * Endpoint to use for load-balanced read-only operations. */ abstract readonly clusterReadEndpoint: Endpoint; /** * Endpoints which address each individual replica. */ abstract readonly instanceEndpoints: Endpoint[]; /** * Access to the network connections */ abstract readonly connections: ec2.Connections; /** * Security group identifier of this database */ abstract readonly securityGroupId: string; /** * A reference to this cluster. */ get dbClusterRef(): DBClusterReference; /** * Renders the secret attachment target specifications. */ asSecretAttachmentTarget(): secretsmanager.SecretAttachmentTargetProps; } /** * Create a clustered database with a given number of instances. * * @resource AWS::DocDB::DBCluster */ export declare class DatabaseCluster extends DatabaseClusterBase { /** * Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * The default number of instances in the DocDB cluster if none are * specified */ static readonly DEFAULT_NUM_INSTANCES = 1; /** * The default port Document DB listens on */ static readonly DEFAULT_PORT = 27017; /** * Import an existing DatabaseCluster from properties */ static fromDatabaseClusterAttributes(scope: Construct, id: string, attrs: DatabaseClusterAttributes): IDatabaseCluster; /** * The single user secret rotation application. */ private static readonly SINGLE_USER_ROTATION_APPLICATION; /** * The multi user secret rotation application. */ private static readonly MULTI_USER_ROTATION_APPLICATION; /** * Identifier of the cluster */ readonly clusterIdentifier: string; /** * The endpoint to use for read/write operations */ readonly clusterEndpoint: Endpoint; /** * Endpoint to use for load-balanced read-only operations. */ readonly clusterReadEndpoint: Endpoint; /** * The resource id for the cluster; for example: cluster-ABCD1234EFGH5678IJKL90MNOP. The cluster ID uniquely * identifies the cluster and is used in things like IAM authentication policies. * @attribute ClusterResourceId */ readonly clusterResourceIdentifier: string; /** * The connections object to implement IConnectable */ readonly connections: ec2.Connections; /** * Identifiers of the replicas */ readonly instanceIdentifiers: string[]; /** * Endpoints which address each individual replica. */ readonly instanceEndpoints: Endpoint[]; /** * Security group identifier of this database */ readonly securityGroupId: string; /** * The secret attached to this cluster */ readonly secret?: secretsmanager.ISecret; /** * The underlying CloudFormation resource for a database cluster. */ private readonly cluster; /** * The VPC where the DB subnet group is created. */ private readonly vpc; /** * The subnets used by the DB subnet group. */ private readonly vpcSubnets?; constructor(scope: Construct, id: string, props: DatabaseClusterProps); /** * Sets up CloudWatch log retention if configured. */ private setLogRetention; private getInstanceRemovalPolicy; private getSecurityGroupRemovalPolicy; /** * Adds the single user rotation of the master password to this cluster. * * @param [automaticallyAfter=Duration.days(30)] Specifies the number of days after the previous rotation * before Secrets Manager triggers the next automatic rotation. */ addRotationSingleUser(automaticallyAfter?: Duration): secretsmanager.SecretRotation; /** * Adds the multi user rotation to this cluster. */ addRotationMultiUser(id: string, options: RotationMultiUserOptions): secretsmanager.SecretRotation; /** * Adds security groups to this cluster. * @param securityGroups The security groups to add. */ addSecurityGroups(...securityGroups: ec2.ISecurityGroup[]): void; } export {};