# Modifying an Amazon RDS DB instance
<a name="Overview.DBInstance.Modifying"></a>

You can change the settings of a DB instance to accomplish tasks such as adding additional storage or changing the DB instance class. In this topic, you can find out how to modify an Amazon RDS DB instance and learn about the settings for DB instances. 

We recommend that you test any changes on a test instance before modifying a production instance. Doing this helps you to fully understand the impact of each change. Testing is especially important when upgrading database versions. 

Most modifications to a DB instance you can either apply immediately or defer until the next maintenance window. Some modifications, such as parameter group changes, require that you manually reboot your DB instance for the change to take effect. 

**Important**  
Some modifications result in downtime because Amazon RDS must reboot your DB instance for the change to take effect. Review the impact to your database and applications before modifying your DB instance settings. 

## Console
<a name="USER_ModifyInstance.Console"></a>

**To modify a DB instance**

1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).

1. In the navigation pane, choose **Databases**, and then choose the DB instance that you want to modify. 

1. Choose **Modify**. The **Modify DB instance** page appears.

1. Change any of the settings that you want. For information about each setting, see [Settings for DB instances](USER_ModifyInstance.Settings.md). 

1. When all the changes are as you want them, choose **Continue** and check the summary of modifications. 

1. (Optional) Choose **Apply immediately** to apply the changes immediately. Choosing this option can cause downtime in some cases. For more information, see [Using the schedule modifications setting](USER_ModifyInstance.ApplyImmediately.md). 

1. On the confirmation page, review your changes. If they are correct, choose **Modify DB instance** to save your changes. 

   Or choose **Back** to edit your changes or **Cancel** to cancel your changes. 

## AWS CLI
<a name="USER_ModifyInstance.CLI"></a>

To modify a DB instance by using the AWS CLI, call the [modify-db-instance](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html) command. Specify the DB instance identifier and the values for the options that you want to modify. For information about each option, see [Settings for DB instances](USER_ModifyInstance.Settings.md). 

**Example**  
The following code modifies `mydbinstance` by setting the backup retention period to 1 week (7 days). The code enables deletion protection by using `--deletion-protection`. To disable deletion protection, use `--no-deletion-protection`. The changes are applied during the next maintenance window by using `--no-apply-immediately`. Use `--apply-immediately` to apply the changes immediately. For more information, see [Using the schedule modifications setting](USER_ModifyInstance.ApplyImmediately.md).   
For Linux, macOS, or Unix:  

```
aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --backup-retention-period 7 \
    --deletion-protection \
    --no-apply-immediately
```
For Windows:  

```
aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --backup-retention-period 7 ^
    --deletion-protection ^
    --no-apply-immediately
```

**Example**  
The following example adds a storage volume to an RDS for Oracle DB instance. The additional volume uses gp3 storage with 5000 GiB of allocated storage and 12000 IOPS.  

```
aws rds modify-db-instance \
     --db-instance-identifier my-oracle-instance \
     --additional-storage-volumes '[{ \
             "VolumeName": "rdsdbdata2", \
             "StorageType": "gp3",
             "AllocatedStorage": 5000, \
             "IOPS": 12000 \
         }]'
```

## RDS API
<a name="USER_ModifyInstance.API"></a>

To modify a DB instance by using the Amazon RDS API, call the [ModifyDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html) operation. Specify the DB instance identifier, and the parameters for the settings that you want to modify. For information about each parameter, see [Settings for DB instances](USER_ModifyInstance.Settings.md). 

# Using the schedule modifications setting
<a name="USER_ModifyInstance.ApplyImmediately"></a>

When you modify your DB instance, you decide when you want the modifications to occur.

![\[Schedule modifications either immediately or during the maintenance window.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/schedule-modifications.png)


To apply changes immediately rather than in the next maintenance window, choose the **Apply Immediately** option in the AWS Management Console. Or you use the `--apply-immediately` parameter when calling the AWS CLI or set the `ApplyImmediately` parameter to `true` when using the Amazon RDS API. 

If you don't choose to apply changes immediately, RDS puts the changes into the pending modifications queue. During the next maintenance window, RDS applies any pending changes in the queue. If you choose to apply changes immediately, your new changes and any changes in the pending modifications queue are applied.

To see the modifications that are pending for the next maintenance window, use the [describe-db-instances](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/describe-db-instances.html) AWS CLI command and check the `PendingModifiedValues` field.

**Important**  
If any of the pending modifications require the DB instance to be temporarily unavailable (*downtime*), choosing the apply immediately option can cause unexpected downtime.  
When you choose to apply a change immediately, any pending modifications are also applied immediately, instead of during the next maintenance window.   
If you don't want a pending change to be applied in the next maintenance window, you can modify the DB instance to revert the change. You can do this by using the AWS CLI and specifying the `--apply-immediately` option.  
When you are adding an additional storage volume using the `modify-db-instance` command, the RDS adds the storage volume immediately regardless of the `--no-apply-immediately` parameter. If you have other modifications in the request, they will be applied baed on the schedule modifications.

Changes to some database settings are applied immediately, even if you choose to defer your changes. To see how the different database settings interact with the apply immediately setting, see [Settings for DB instances](USER_ModifyInstance.Settings.md).

# Settings for DB instances
<a name="USER_ModifyInstance.Settings"></a>

In the following table, you can find details about which settings you can and can't modify. You can also find when changes can be applied and whether the changes cause downtime for your DB instance. By using Amazon RDS features such as Multi-AZ, you can minimize downtime if you later modify the DB instance. For more information, see [Configuring and managing a Multi-AZ deployment for Amazon RDS](Concepts.MultiAZ.md). 

You can modify a DB instance using the console, the [https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html](https://docs.aws.amazon.com/cli/latest/reference/rds/modify-db-instance.html) CLI command, or the [https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBInstance.html) RDS API operation.


****  

| Console setting and description | CLI option and RDS API parameter | When the change occurs | Downtime notes | Supported DB engines | 
| --- | --- | --- | --- | --- | 
|  **Allocated storage** The storage, in gibibytes, that you want to allocate for your DB instance. You can only increase the allocated storage. You can't reduce the allocated storage. You can't modify the storage of some older DB instances, or DB instances restored from older DB snapshots. The **Allocated storage** setting is disabled in the console if your DB instance isn't eligible. You can check whether you can allocate more storage by using the CLI command [describe-valid-db-instance-modifications](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-valid-db-instance-modifications.html). This command returns the valid storage options for your DB instance.  You can't modify allocated storage if the DB instance status is **storage-optimization**. You also can't modify allocated storage for a DB instance if it's been modified in the last six hours. The maximum storage allowed depends on your DB engine and the storage type. For more information, see [Amazon RDS DB instance storage](CHAP_Storage.md).   |  **CLI option:** `--allocated-storage` **RDS API parameter:** `AllocatedStorage`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change. Performance might be degraded during the change.  |  All DB engines  | 
|  **Architecture configuration** A configuration that allows multiple tenant databases to reside in your DB instance. Currently, only RDS for Oracle container databases (CDBs) support this setting. If your CDB is in the single-tenant configuration, you can modify it to use the **Multi-tenant configuration**. In this configuration, you can use RDS APIs to create 1–30 tenant databases, depending on the database edition and any required option licenses. Application PDBs and proxy PDBs aren't supported. The multi-tenant configuration is permanent, which means that you can't later convert your CDB back to the single-tenant configuration.  The Amazon RDS configuration is called "multi-tenant" rather than "multitenant" because it is a capability of Amazon RDS, not just the Oracle DB engine. Similarly, the RDS term "tenant" refers to any tenant in an RDS configuration, not just Oracle PDBs. In the RDS documentation, the unhyphenated term "Oracle multitenant" refers exclusively to the Oracle database CDB architecture, which is compatible with both on-premises and RDS deployments.  For more information, see [Overview of RDS for Oracle CDBs](Oracle.Concepts.CDBs.md).  |  **CLI option:** `--multi-tenant` (multi-tenant configuration of the CDB architecture) `--no-multi-tenant` (single-tenant configuration of the CDB architecture) **API parameter:** `MultiTenant`  |  The change occurs immediately.  |  Downtime doesn't occur during this change.  |  Oracle  | 
|  **Architecture settings** The architecture of the Oracle database: CDB or non-CDB. If you choose **Oracle multitenant architecture**, RDS for Oracle converts your non-CDB into a CDB that uses the single-tenant configuration. This setting is supported only if your database is a non-CDB running Oracle Database 19c with the April 2021 or higher RU. After conversion, your CDB contains one initial pluggable database (PDB). The architecture change is permanent, which means that you can't convert your CDB back to a non-CDB.  To convert a CDB in the single-tenant configuration to the multi-tenant configuration, modify your CDB instance again and choose **Multi-tenant configuration** for your **Architecture configuration**.  For more information, see [Single-tenant configuration of the CDB architecture](Oracle.Concepts.CDBs.md#Oracle.Concepts.single-tenant). |  **CLI option:** `--engine oracle-ee-cdb` (Oracle multitenant) `--engine oracle-se2-cdb` (Oracle multitenant) **API parameter:** `Engine`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  Oracle  | 
|  **Auto minor version upgrade** Choose **Enable auto minor version upgrade** to enable your DB instance to receive preferred minor DB engine version upgrades automatically when they become available. This is the default behavior. Amazon RDS performs automatic minor version upgrades in the maintenance window. If you don't choose **Enable auto minor version upgrade**, your DB instance isn't upgraded automatically when new minor versions become available. For more information, see [Automatically upgrading the minor engine version](USER_UpgradeDBInstance.Upgrading.md#USER_UpgradeDBInstance.Upgrading.AutoMinorVersionUpgrades).   |  **CLI option:** `--auto-minor-version-upgrade` \$1 `--no-auto-minor-version-upgrade` **RDS API parameter:** `AutoMinorVersionUpgrade`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Backup replication** Choose **Enable replication to another AWS Region** to create backups in an additional Region for disaster recovery.Then choose the **Destination Region** for the additional backups. |  Not available when modifying a DB instance. For information on enabling cross-Region backups using the AWS CLI or RDS API, see [Enabling cross-Region automated backups for Amazon RDS](AutomatedBackups.Replicating.Enable.md).  |  The change is applied asynchronously, as soon as possible.  |  Downtime doesn't occur during this change.  | All DB engines | 
|  **Backup retention period** The number of days that automatic backups are retained. To disable automatic backups, set the backup retention period to 0.  For more information, see [Introduction to backups](USER_WorkingWithAutomatedBackups.md).   If you use AWS Backup to manage your backups, this option doesn't apply. For information about AWS Backup, see the [https://docs.aws.amazon.com/aws-backup/latest/devguide](https://docs.aws.amazon.com/aws-backup/latest/devguide).   |  **CLI option:** `--backup-retention-period` **RDS API parameter:** `BackupRetentionPeriod`  |  If you choose to apply the change immediately, it occurs immediately.  If you don't choose to apply the change immediately, and you change the setting from a nonzero value to another nonzero value, the change is applied asynchronously, as soon as possible. Otherwise, the change occurs during the next maintenance window.   |  Downtime occurs if you change from 0 to a nonzero value, or from a nonzero value to 0. This applies to both Single-AZ and Multi-AZ DB instances.  |  All DB engines  | 
|  **Backup window** The time range during which automated backups of your databases occur. The backup window is a start time in Universal Coordinated Time (UTC), and a duration in hours.  For more information, see [Introduction to backups](USER_WorkingWithAutomatedBackups.md).  If you use AWS Backup to manage your backups, this option doesn't appear. For information about AWS Backup, see the [https://docs.aws.amazon.com/aws-backup/latest/devguide](https://docs.aws.amazon.com/aws-backup/latest/devguide).   |  **CLI option:** `--preferred-backup-window` **RDS API parameter:** `PreferredBackupWindow`  |  The change is applied asynchronously, as soon as possible.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Certificate authority** The certificate authority (CA) for the server certificate used by the DB instance. For more information, see [Using SSL/TLS to encrypt a connection to a DB instance or cluster ](UsingWithRDS.SSL.md).   |  **CLI option:** `--ca-certificate-identifier` **RDS API parameter:** `CACertificateIdentifier`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime only occurs if the DB engine doesn't support rotation without restart. You can use the [ describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html) AWS CLI command to determine whether the DB engine supports rotation without restart.  |  All DB engines  | 
|  **Copy tags to snapshots** If you have any DB instance tags, enable this option to copy them when you create a DB snapshot.  For more information, see [Tagging Amazon RDS resources](USER_Tagging.md).   |  **CLI option:** `--copy-tags-to-snapshot` or `--no-copy-tags-to-snapshot` **RDS API parameter:** `CopyTagsToSnapshot`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Database port** The port that you want to use to access the DB instance.  The port value must not match any of the port values specified for options in the option group that is associated with the DB instance.  For more information, see [Connecting to an Amazon RDS DB instance](CHAP_CommonTasks.Connect.md).   |  **CLI option:** `--db-port-number` **RDS API parameter:** `DBPortNumber`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  The DB instance is rebooted immediately.  |  All DB engines  | 
|  **DB engine version** The version of the DB engine that you want to use. Before you upgrade your production DB instance, we recommend that you test the upgrade process on a test DB instance. Doing this helps verify its duration and validate your applications.  For more information, see [Upgrading a DB instance engine version](USER_UpgradeDBInstance.Upgrading.md).   |  **CLI option:** `--engine-version` **RDS API parameter:** `EngineVersion`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  All DB engines  | 
|  **DB instance class** The DB instance class that you want to use.  For more information, see [DB instance classes](Concepts.DBInstanceClass.md).   |  **CLI option:** `--db-instance-class` **RDS API parameter:** `DBInstanceClass`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  All DB engines  | 
|  **DB instance identifier** The new DB instance identifier. This value is stored as a lowercase string.  For more information about the effects of renaming a DB instance, see [Renaming a DB instance](USER_RenameInstance.md).   |  **CLI option:** `--new-db-instance-identifier` **RDS API parameter:** `NewDBInstanceIdentifier`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change unless your DB engine version supports dynamic SSL upload. To determine whether your version requires a restart, run the following AWS CLI command: <pre>aws rds describe-db-engine-versions \<br />--default-only \<br />--engine your-db-engine \<br />--query 'DBEngineVersions[*].SupportsCertificateRotationWithoutRestart'</pre>  |  All DB engines  | 
|  **DB parameter group** The DB parameter group that you want associated with the DB instance.  For more information, see [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md).   |  **CLI option:** `--db-parameter-group-name` **RDS API parameter:** `DBParameterGroupName`  |  The association of the new DB parameter group with the DB instance occurs immediately.  |  Downtime doesn't occur when you associate a new DB parameter group with your DB instance. The association of a DB parameter group is different from the application of parameter changes within a parameter group. RDS applies modified static and dynamic parameter settings in the newly associated group only after you manually reboot the DB instance. However, if you modify dynamic parameters in the DB parameter group after you associate it with the DB instance, these parameter settings are applied immediately without requiring a reboot. For more information, see [Parameter groups for Amazon RDS](USER_WorkingWithParamGroups.md) and [Rebooting a DB instance](USER_RebootInstance.md).  |  All DB engines  | 
|  **Dedicated Log Volume** Use a dedicated log volume (DLV) to store database transaction logs on a storage volume that's separate from the volume containing the database tables. For more information, see [Using a dedicated log volume (DLV)](USER_PIOPS.dlv.md).  |  **CLI option:** `-dedicated-log-volume` **RDS API parameter:** `DedicatedLogVolume`  |  The change is applied when the DB instance is rebooted.  |  Downtime occurs while the DB instance is rebooted.  |  MariaDB, MySQL, PostgreSQL  | 
|  **Deletion protection** **Enable deletion protection** to prevent your DB instance from being deleted. For more information, see [Deleting a DB instance](USER_DeleteInstance.md).  |  **CLI option:** `--deletion-protection\|--no-deletion-protection` **RDS API parameter:** `DeletionProtection`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Enhanced Monitoring** **Enable Enhanced Monitoring** to enable gathering metrics in real time for the operating system that your DB instance runs on.  For more information, see [Monitoring OS metrics with Enhanced Monitoring](USER_Monitoring.OS.md).   |  **CLI option:** `--monitoring-interval` and `--monitoring-role-arn` **RDS API parameter:** `MonitoringInterval` and `MonitoringRoleArn`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **IAM DB authentication** **Enable IAM DB authentication** to authenticate database users through users and roles. For more information, see [IAM database authentication for MariaDB, MySQL, and PostgreSQL](UsingWithRDS.IAMDBAuth.md).  |  **CLI option:** `--enable-iam-database-authentication\|--no-enable-iam-database-authentication` **RDS API parameter:** `EnableIAMDatabaseAuthentication`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change.  |  Only MariaDB, MySQL, and PostgreSQL  | 
|  **Kerberos authentication** Choose the Active Directory to move the DB instance to. The directory must exist prior to this operation. If a directory is already selected, you can specify **None** to remove the DB instance from its current directory.  For more information, see [Kerberos authentication](database-authentication.md#kerberos-authentication).   |  **CLI option:** `--domain` and `--domain-iam-role-name` **RDS API parameter:** `Domain` and `DomainIAMRoleName`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  A brief downtime occurs during this change.  |  Only Microsoft SQL Server, MySQL, Oracle, and PostgreSQL  | 
|  **License model**  Choose **bring-your-own-license** to use your license for Db2 and Oracle. Choose **license-included** to use the general license agreement for Microsoft SQL Server or Oracle. For more information, see [Amazon RDS for Db2 licensing options](db2-licensing.md), [Licensing Microsoft SQL Server on Amazon RDS](SQLServer.Concepts.General.Licensing.md), and [RDS for Oracle licensing options](Oracle.Concepts.Licensing.md).  |  **CLI option:** `--license-model` **RDS API parameter:** `LicenseModel`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  Only Microsoft SQL Server and Oracle  | 
|  **Log exports** The types of database log files to publish to Amazon CloudWatch Logs.  For more information, see [Publishing database logs to Amazon CloudWatch Logs](USER_LogAccess.Procedural.UploadtoCloudWatch.md).   |  **CLI option:** `--cloudwatch-logs-export-configuration` **RDS API parameter:** `CloudwatchLogsExportConfiguration`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Maintenance window** The time range during which system maintenance occurs. System maintenance includes upgrades, if applicable. The maintenance window is a start time in Universal Coordinated Time (UTC), and a duration in hours.  If you set the window to the current time, there must be at least 30 minutes between the current time and the end of the window. This timing helps ensure that any pending changes are applied.  For more information, see [Amazon RDS maintenance window](USER_UpgradeDBInstance.Maintenance.md#Concepts.DBMaintenance).   |  **CLI option:** `--preferred-maintenance-window` **RDS API parameter:** `PreferredMaintenanceWindow`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  If there are one or more pending actions that cause downtime, and the maintenance window is changed to include the current time, those pending actions are applied immediately and downtime occurs.  |  All DB engines  | 
|  Manage master credentials in AWS Secrets Manager Select **Manage master credentials in AWS Secrets Manager** to manage the master user password in a secret in Secrets Manager. Optionally, choose a KMS key to use to protect the secret. Choose from the KMS keys in your account, or enter the key from a different account. If RDS is already managing the master user password for the DB instance, you can rotate the master user password by choosing **Rotate secret immediately**. For more information, see [Password management with Amazon RDS and AWS Secrets Manager](rds-secrets-manager.md).  |  **CLI option:** `--manage-master-user-password \| --no-manage-master-user-password` `--master-user-secret-kms-key-id` `--rotate-master-user-password \| --no-rotate-master-user-password` **RDS API parameter:** `ManageMasterUserPassword` `MasterUserSecretKmsKeyId` `RotateMasterUserPassword`  |  If you are turning on or turning off automatic master user password management, the change occurs immediately. This change ignores the apply immediately setting. If you are rotating the master user password, you must specify that the change is applied immediately.  |  Downtime doesn't occur during this change.  | All DB engines | 
|  **Multi-AZ deployment** **Yes** to deploy your DB instance in multiple Availability Zones. Otherwise, **No**. For more information, see [Configuring and managing a Multi-AZ deployment for Amazon RDS](Concepts.MultiAZ.md).   |  **CLI option:** `--multi-az\|--no-multi-az` **RDS API parameter:** `MultiAZ`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change. However, there is a possible performance impact. For more information, see [Converting a DB instance to a Multi-AZ deployment for Amazon RDS](Concepts.MultiAZ.Migrating.md).  |  All DB engines  | 
|  **Network type** The IP addressing protocols supported by the DB instance. **IPv4** to specify that resources can communicate with the DB instance only over the Internet Protocol version 4 (IPv4) addressing protocol. **Dual-stack mode** to specify that resources can communicate with the DB instance over IPv4, Internet Protocol version 6 (IPv6), or both. Use dual-stack mode if you have any resources that must communicate with your DB instance over the IPv6 addressing protocol. Also, make sure that you associate an IPv6 CIDR block with all subnets in the DB subnet group that you specify. For more information, see [Amazon RDS IP addressing](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.IP_addressing).  |  **CLI option:** `--network-type` **RDS API parameter:** `NetworkType`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime is possible during this change.  |  All DB engines  | 
|  **New master password** The password for your master user. The password must contain 8–41 alphanumeric characters.   |  **CLI option:** `--master-user-password` **RDS API parameter:** `MasterUserPassword`  |  The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Option group** The option group that you want associated with the DB instance.  For more information, see [Working with option groups](USER_WorkingWithOptionGroups.md).   |  **CLI option:** `--option-group-name` **RDS API parameter:** `OptionGroupName`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change. One exception is adding the MariaDB Audit Plugin to an RDS for MariaDB or RDS for MySQL DB instance, which might cause an outage.  |  All DB engines  | 
|  **Performance Insights** **Enable Performance Insights** to monitor your DB instance load so that you can analyze and troubleshoot your database performance.  Performance Insights isn't available for some DB engine versions and DB instance classes. The **Performance Insights** section doesn't appear in the console if it isn't available for your DB instance. For more information, see [Monitoring DB load with Performance Insights on Amazon RDS](USER_PerfInsights.md) and [Amazon RDS DB engine, Region, and instance class support for Performance Insights](USER_PerfInsights.Overview.Engines.md).   |  **CLI option:** `--enable-performance-insights\| --no-enable-performance-insights` **RDS API parameter:** `EnablePerformanceInsights`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All except Db2  | 
|  **Performance Insights AWS KMS key** The AWS KMS key identifier for the AWS KMS key for encryption of Performance Insights data. The key identifier is the Amazon Resource Name (ARN), AWS KMS key identifier, or the key alias for the KMS key.  For more information, see [Turning Performance Insights on and off for Amazon RDS](USER_PerfInsights.Enabling.md).   |  **CLI option:** `--performance-insights-kms-key-id` **RDS API parameter:** `PerformanceInsightsKMSKeyId`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All except Db2  | 
|  **Performance Insights Retention period** The amount of time, in days, to retain Performance Insights data. The retention setting is **Default (7 days)**. To retain your performance data for longer, specify 1–24 months. For more information about retention periods, see [Pricing and data retention for Performance Insights](USER_PerfInsights.Overview.cost.md).  For more information, see [Turning Performance Insights on and off for Amazon RDS](USER_PerfInsights.Enabling.md).   |  **CLI option:** `--performance-insights-retention-period` **RDS API parameter:** `PerformanceInsightsRetentionPeriod`  |  The change occurs immediately. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All except Db2  | 
|  **Processor features** The number of CPU cores and the number of threads per core for the DB instance class of the DB instance. For more information, see [Configuring the processor for a DB instance class in RDS for Oracle](USER_ConfigureProcessor.md).   |  **CLI option:** `--processor-features` and `--use-default-processor-features \| --no-use-default-processor-features` **RDS API parameter:** `ProcessorFeatures` and `UseDefaultProcessorFeatures`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  Only Oracle  | 
|  **Provisioned IOPS** The Provisioned IOPS (I/O operations per second) value for the DB instance. This setting is available only if you choose one of the following for **Storage type**: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ModifyInstance.Settings.html) For more information, see [Provisioned IOPS SSD storage](CHAP_Storage.md#USER_PIOPS) and [gp3 storage (recommended)](CHAP_Storage.md#gp3-storage).  |  **CLI option:** `--iops` **RDS API parameter:** `Iops`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Public access** **Publicly accessible** to give the DB instance a public IP address, meaning that it's accessible outside the VPC. To be publicly accessible, the DB instance also has to be in a public subnet in the VPC. **Not publicly accessible** to make the DB instance accessible only from inside the VPC. For more information, see [Hiding a DB instance in a VPC from the internet](USER_VPC.WorkingWithRDSInstanceinaVPC.md#USER_VPC.Hiding).  To connect to a DB instance from outside its VPC, the DB instance must be publicly accessible. Also, access must be granted using the inbound rules of the DB instance's security group. In addition, other requirements must be met. For more information, see [Can't connect to Amazon RDS DB instance](CHAP_Troubleshooting.md#CHAP_Troubleshooting.Connecting). If your DB instance isn't publicly accessible, you can also use an AWS Site-to-Site VPN connection or an Direct Connect connection to access it from a private network. For more information, see [Internetwork traffic privacy](inter-network-traffic-privacy.md).  |  **CLI option:** `--publicly-accessible \| --no-publicly-accessible` **RDS API parameter:** `PubliclyAccessible`  |  The change occurs immediately. This setting ignores the apply immediately setting.  |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Security group** The VPC security group that you want associated with the DB instance.  For more information, see [Controlling access with security groups](Overview.RDSSecurityGroups.md).   |  **CLI option:** `--vpc-security-group-ids` **RDS API parameter:** `VpcSecurityGroupIds`  |  The change is applied asynchronously, as soon as possible. This setting ignores the apply immediately setting.   |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Storage autoscaling** **Enable storage autoscaling** to enable Amazon RDS to automatically increase storage when needed to avoid having your DB instance run out of storage space. Use **Maximum storage threshold** to set the upper limit for Amazon RDS to automatically increase storage for your DB instance. The default is 1,000 GiB. For more information, see [Managing capacity automatically with Amazon RDS storage autoscaling](USER_PIOPS.Autoscaling.md).   |  **CLI option:** `--max-allocated-storage` **RDS API parameter:** `MaxAllocatedStorage`  |  The change occurs immediately. This setting ignores the apply immediately setting.  |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Storage throughput** The new storage throughput value for the DB instance. This setting is available only if you choose **General purpose SSD (gp3)** for **Storage type**. For more information, see [gp3 storage (recommended)](CHAP_Storage.md#gp3-storage).  |  **CLI option:** `--storage-throughput` **RDS API parameter:** `StorageThroughput`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime doesn't occur during this change.  |  All DB engines  | 
|  **Storage type** The storage type that you want to use. If you choose **General Purpose SSD (gp3)**, you can provision additional **Provisioned IOPS** and **Storage throughput** under **Advanced settings**. If you choose **Provisioned IOPS SSD (io1)** or **Provisioned IOPS SSD (io2)**, enter the **Provisioned IOPS** value. After Amazon RDS begins to modify your DB instance to change the storage size or type, you can't submit another request to change the storage size, performance, or type for six hours. For more information, see [Amazon RDS storage types](CHAP_Storage.md#Concepts.Storage).  |  **CLI option:** `--storage-type` **RDS API parameter:** `StorageType`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  The following changes all result in a brief downtime while the process starts. After that, you can use your database normally while the change takes place. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ModifyInstance.Settings.html)  |  All DB engines  | 
| Additional storage volumes  |  **CLI option:** `--additional-storage-volumes` **RDS API parameter:** `AdditionalStorageVolumes`  |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ModifyInstance.Settings.html)  |  You can add up to three additional storage volumes to your RDS for Oracle or RDS for SQL Server DB instance. You can configure each additional volume to use gp3 or io2 storage types. You can also specify different allocated storage, IOPS, and throughput settings to optimize for your workload requirements. Make sure you specify the volume names as `rdsdbdata2`, `rdsdbdata3`, or `rdsdbdata4`. The combined storage across the primary and additional volumes cannot exceed 256 TiB.  | RDS for Oracle and RDS for SQL Server  | 
|  **DB subnet group** The DB subnet group for the DB instance. You can use this setting to move your DB instance to a different VPC. For more information, see [Amazon VPC and Amazon RDS](USER_VPC.md).   |  **CLI option:** `--db-subnet-group-name` **RDS API parameter:** `DBSubnetGroupName`  |  If you choose to apply the change immediately, it occurs immediately. If you don't choose to apply the change immediately, it occurs during the next maintenance window.  |  Downtime occurs during this change.  |  All DB engines  |