feat(client-rds): This release adds support for specifying which cert…

…ificate authority (CA) to use for a DB instance's server certificate during DB instance creation, as well as other CA enhancements.
aws · Jan 5, 2023 · c090672 · c090672
1 parent 62552ab
commit c090672
Show file tree

Hide file tree

Showing 6 changed files with 233 additions and 92 deletions.
diff --git a/clients/client-rds/src/RDS.ts b/clients/client-rds/src/RDS.ts
@@ -2683,6 +2683,11 @@ export class RDS extends RDSClient {
 
   /**
    * <p>Lists the set of CA certificates provided by Amazon RDS for this Amazon Web Services account.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *             User Guide</i>.</p>
    */
   public describeCertificates(
     args: DescribeCertificatesCommandInput,

diff --git a/clients/client-rds/src/commands/DescribeCertificatesCommand.ts b/clients/client-rds/src/commands/DescribeCertificatesCommand.ts
@@ -30,6 +30,11 @@ export interface DescribeCertificatesCommandOutput extends CertificateMessage, _
 
 /**
  * <p>Lists the set of CA certificates provided by Amazon RDS for this Amazon Web Services account.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+ *             instance</a> in the <i>Amazon RDS User Guide</i> and
+ *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+ *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+ *             User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-rds/src/commands/DescribeDBParametersCommand.ts b/clients/client-rds/src/commands/DescribeDBParametersCommand.ts
@@ -13,12 +13,8 @@ import {
   SerdeContext as __SerdeContext,
 } from "@aws-sdk/types";
 
-import {
-  DBParameterGroupDetails,
-  DBParameterGroupDetailsFilterSensitiveLog,
-  DescribeDBParametersMessage,
-  DescribeDBParametersMessageFilterSensitiveLog,
-} from "../models/models_0";
+import { DBParameterGroupDetails, DBParameterGroupDetailsFilterSensitiveLog } from "../models/models_0";
+import { DescribeDBParametersMessage, DescribeDBParametersMessageFilterSensitiveLog } from "../models/models_1";
 import {
   deserializeAws_queryDescribeDBParametersCommand,
   serializeAws_queryDescribeDBParametersCommand,

diff --git a/clients/client-rds/src/models/models_0.ts b/clients/client-rds/src/models/models_0.ts
@@ -3457,6 +3457,22 @@ export interface DBEngineVersion {
    *       </p>
    */
   CustomDBEngineVersionManifest?: string;
+
+  /**
+   * <p>A value that indicates whether the engine version supports rotating the server certificate without
+   *               rebooting the DB instance.</p>
+   */
+  SupportsCertificateRotationWithoutRestart?: boolean;
+
+  /**
+   * <p>A list of the supported CA certificate identifiers.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *             User Guide</i>.</p>
+   */
+  SupportedCACertificateIdentifiers?: string[];
 }
 
 /**
@@ -5690,6 +5706,27 @@ export class BackupPolicyNotFoundFault extends __BaseException {
   }
 }
 
+/**
+ * <p>
+ *             <code>CertificateIdentifier</code> doesn't refer to an
+ *         existing certificate.</p>
+ */
+export class CertificateNotFoundFault extends __BaseException {
+  readonly name: "CertificateNotFoundFault" = "CertificateNotFoundFault";
+  readonly $fault: "client" = "client";
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<CertificateNotFoundFault, __BaseException>) {
+    super({
+      name: "CertificateNotFoundFault",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, CertificateNotFoundFault.prototype);
+  }
+}
+
 /**
  * <p></p>
  */
@@ -6868,6 +6905,17 @@ export interface CreateDBInstanceMessage {
    *             has a different default KMS key for each Amazon Web Services Region.</p>
    */
   MasterUserSecretKmsKeyId?: string;
+
+  /**
+   * <p>Specifies the CA certificate identifier to use for the DB instance’s server certificate.</p>
+   *          <p>This setting doesn't apply to RDS Custom.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *             User Guide</i>.</p>
+   */
+  CACertificateIdentifier?: string;
 }
 
 /**
@@ -6914,6 +6962,26 @@ export enum AutomationMode {
   FULL = "full",
 }
 
+/**
+ * <p>Returns the details of the DB instance’s server certificate.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+ *             instance</a> in the <i>Amazon RDS User Guide</i> and
+ *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+ *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+ *             User Guide</i>.</p>
+ */
+export interface CertificateDetails {
+  /**
+   * <p>The CA identifier of the CA certificate used for the DB instance's server certificate.</p>
+   */
+  CAIdentifier?: string;
+
+  /**
+   * <p>The expiration date of the DB instance’s server certificate.</p>
+   */
+  ValidTill?: Date;
+}
+
 /**
  * <p>Automated backups of a DB instance replicated to another Amazon Web Services Region. They consist of system backups, transaction logs, and database instance properties.</p>
  */
@@ -7216,6 +7284,11 @@ export interface PendingModifiedValues {
 
   /**
    * <p>The identifier of the CA certificate for the DB instance.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *             User Guide</i>.</p>
    */
   CACertificateIdentifier?: string;
 
@@ -7559,6 +7632,11 @@ export interface DBInstance {
 
   /**
    * <p>The identifier of the CA certificate for this DB instance.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+   *             instance</a> in the <i>Amazon RDS User Guide</i> and
+   *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+   *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+   *             User Guide</i>.</p>
    */
   CACertificateIdentifier?: string;
 
@@ -7860,6 +7938,11 @@ export interface DBInstance {
    *          </p>
    */
   MasterUserSecret?: MasterUserSecret;
+
+  /**
+   * <p>The details of the DB instance's server certificate.</p>
+   */
+  CertificateDetails?: CertificateDetails;
 }
 
 export interface CreateDBInstanceResult {
@@ -11035,6 +11118,11 @@ export interface DescribeBlueGreenDeploymentsResponse {
 
 /**
  * <p>A CA certificate for an Amazon Web Services account.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html">Using SSL/TLS to encrypt a connection to a DB
+ *             instance</a> in the <i>Amazon RDS User Guide</i> and
+ *             <a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html">
+ *             Using SSL/TLS to encrypt a connection to a DB cluster</a> in the <i>Amazon Aurora
+ *             User Guide</i>.</p>
  */
 export interface Certificate {
   /**
@@ -11098,27 +11186,6 @@ export interface CertificateMessage {
   Marker?: string;
 }
 
-/**
- * <p>
- *             <code>CertificateIdentifier</code> doesn't refer to an
- *         existing certificate.</p>
- */
-export class CertificateNotFoundFault extends __BaseException {
-  readonly name: "CertificateNotFoundFault" = "CertificateNotFoundFault";
-  readonly $fault: "client" = "client";
-  /**
-   * @internal
-   */
-  constructor(opts: __ExceptionOptionType<CertificateNotFoundFault, __BaseException>) {
-    super({
-      name: "CertificateNotFoundFault",
-      $fault: "client",
-      ...opts,
-    });
-    Object.setPrototypeOf(this, CertificateNotFoundFault.prototype);
-  }
-}
-
 /**
  * <p></p>
  */
@@ -12425,51 +12492,6 @@ export interface DBParameterGroupDetails {
   Marker?: string;
 }
 
-export interface DescribeDBParametersMessage {
-  /**
-   * <p>The name of a specific DB parameter group to return details for.</p>
-   *          <p>Constraints:</p>
-   *          <ul>
-   *             <li>
-   *                <p>If supplied, must match the name of an existing DBParameterGroup.</p>
-   *             </li>
-   *          </ul>
-   */
-  DBParameterGroupName: string | undefined;
-
-  /**
-   * <p>The parameter types to return.</p>
-   *          <p>Default: All parameter types returned</p>
-   *          <p>Valid Values: <code>user | system | engine-default</code>
-   *          </p>
-   */
-  Source?: string;
-
-  /**
-   * <p>This parameter isn't currently supported.</p>
-   */
-  Filters?: Filter[];
-
-  /**
-   * <p>The maximum number of records to include in the response.
-   *         If more records exist than the specified <code>MaxRecords</code> value,
-   *             a pagination token called a marker is included in the response so that
-   *         you can retrieve the remaining results.</p>
-   *          <p>Default: 100</p>
-   *          <p>Constraints: Minimum 20, maximum 100.</p>
-   */
-  MaxRecords?: number;
-
-  /**
-   * <p>An optional pagination token provided by a previous
-   *         <code>DescribeDBParameters</code> request.
-   *             If this parameter is specified, the response includes
-   *         only records beyond the marker,
-   *         up to the value specified by <code>MaxRecords</code>.</p>
-   */
-  Marker?: string;
-}
-
 /**
  * @internal
  */
@@ -13013,6 +13035,13 @@ export const DBInstanceRoleFilterSensitiveLog = (obj: DBInstanceRole): any => ({
   ...obj,
 });
 
+/**
+ * @internal
+ */
+export const CertificateDetailsFilterSensitiveLog = (obj: CertificateDetails): any => ({
+  ...obj,
+});
+
 /**
  * @internal
  */
@@ -13774,10 +13803,3 @@ export const DescribeDBParameterGroupsMessageFilterSensitiveLog = (obj: Describe
 export const DBParameterGroupDetailsFilterSensitiveLog = (obj: DBParameterGroupDetails): any => ({
   ...obj,
 });
-
-/**
- * @internal
- */
-export const DescribeDBParametersMessageFilterSensitiveLog = (obj: DescribeDBParametersMessage): any => ({
-  ...obj,
-});