Amazon Web Service (AWS)


Amazon DocumentDB is a managed NoSQL database service that supports document data structures with limited compatibility with MongoDB workloads, that allows you to store, query, and index JSON data.

  • apply_immediately - (Optional) Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false.
  • availability_zones - (Optional) A list of EC2 Availability Zones that instances in the DB cluster can be created in.
  • backup_retention_period - (Optional) The days to retain backups for. Default 1
  • cluster_identifier_prefix - (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier.
  • cluster_identifier - (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier.
  • db_subnet_group_name - (Optional) A DB subnet group to associate with this DB instance.
  • db_cluster_parameter_group_name - (Optional) A cluster parameter group to associate with the cluster.
  • deletion_protection - (Optional) A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.
  • enabled_cloudwatch_logs_exports - (Optional) List of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, profiler.
  • engine_version - (Optional) The database engine version. Updating this argument results in an outage.
  • engine - (Optional) The name of the database engine to be used for this DB cluster. Defaults to docdb. Valid Values: docdb
  • final_snapshot_identifier - (Optional) The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.
  • global_cluster_identifier - (Optional) The global cluster identifier specified on aws_docdb_global_cluster.
  • kms_key_id - (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true.
  • master_password - (Required unless a snapshot_identifier or unless a global_cluster_identifier is provided when the cluster is the "secondary" cluster of a global database) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the DocDB Naming Constraints.
  • master_username - (Required unless a snapshot_identifier or unless a global_cluster_identifier is provided when the cluster is the "secondary" cluster of a global database) Username for the master DB user.
  • port - (Optional) The port on which the DB accepts connections
  • preferred_backup_window - (Optional) The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC Default: A 30-minute window selected at random from an 8-hour block of time per regionE.g., 04:00-09:00
  • preferred_maintenance_window - (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g., wed:04:00-wed:04:30
  • skip_final_snapshot - (Optional) Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier. Default is false.
  • snapshot_identifier - (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.
  • storage_encrypted - (Optional) Specifies whether the DB cluster is encrypted. The default is false.
  • tags - (Optional) A map of tags to assign to the DB cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • vpc_security_group_ids - (Optional) List of VPC security groups to associate with the Cluster
Associating resources with a
Resources do not "belong" to a
Rather, one or more Security Groups are associated to a resource.
via Terraform:
The following HCL creates a DocDB cluster

resource "aws_docdb_cluster" "docdb" {
 cluster_identifier      = "my-docdb-cluster"
 engine                  = "docdb"
 master_username         = "foo"
 master_password         = "mustbeeightchars"
 backup_retention_period = 5
 preferred_backup_window = "07:00-09:00"
 skip_final_snapshot     = true

via CLI:

[--availability-zones <value>]
[--backup-retention-period <value>]
--db-cluster-identifier <value>
[--db-cluster-parameter-group-name <value>]
[--vpc-security-group-ids <value>]
[--db-subnet-group-name <value>]
--engine <value>
[--engine-version <value>]
[--port <value>]
[--master-username <value>]
[--master-user-password <value>]
[--preferred-backup-window <value>]
[--preferred-maintenance-window <value>]
[--tags <value>]
[--storage-encrypted | --no-storage-encrypted]
[--kms-key-id <value>]
[--pre-signed-url <value>]
[--enable-cloudwatch-logs-exports <value>]
[--deletion-protection | --no-deletion-protection]
[--global-cluster-identifier <value>]
[--source-region <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws docdb create-db-cluster \
   --db-cluster-identifier sample-cluster \
   --engine docdb \
   --master-username master-user \
   --master-user-password password \
   --preferred-maintenance-window Sun:20:30-Sun:21:00

Best Practices for

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
All Resources