CreateCluster
The CreateCluster API allows you to create both single-Region clusters and multi-Region clusters. With the addition of the multiRegionProperties parameter, you can create a cluster with witness Region support and establish peer relationships with clusters in other Regions during creation.
Note
Creating multi-Region clusters requires additional IAM permissions beyond those needed for single-Region clusters, as detailed in the Required permissions section below.
Required permissions
- dsql:CreateCluster
- 
            Required to create a cluster. Resources: arn:aws:dsql:region:account-id:cluster/*
- dsql:TagResource
- 
            Permission to add tags to a resource. Resources: arn:aws:dsql:region:account-id:cluster/*
- dsql:PutMultiRegionProperties
- 
            Permission to configure multi-Region properties for a cluster. Resources: arn:aws:dsql:region:account-id:cluster/*
- dsql:AddPeerCluster
- 
            When specifying multiRegionProperties.clusters, permission to add peer clusters.Resources: - 
                  Local cluster: arn:aws:dsql:region:account-id:cluster/*
- 
                  Each peer cluster: exact ARN of each specified peer cluster 
 
- 
                  
- dsql:PutWitnessRegion
- 
            When specifying multiRegionProperties.witnessRegion, permission to set a witness Region. This permission is checked both in the cluster Region and in the witness Region.Resources: arn:aws:dsql:region:account-id:cluster/*Condition Keys: dsql:WitnessRegion(matching the specified witness region)
Important
- 
            The witness Region specified in multiRegionProperties.witnessRegioncannot be the same as the cluster's Region.
Request Syntax
POST /cluster HTTP/1.1
Content-type: application/json
{
   "bypassPolicyLockoutSafetyCheck": boolean,
   "clientToken": "string",
   "deletionProtectionEnabled": boolean,
   "kmsEncryptionKey": "string",
   "multiRegionProperties": { 
      "clusters": [ "string" ],
      "witnessRegion": "string"
   },
   "policy": "string",
   "tags": { 
      "string" : "string" 
   }
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- bypassPolicyLockoutSafetyCheck
- 
               An optional field that controls whether to bypass the lockout prevention check. When set to true, this parameter allows you to apply a policy that might lock you out of the cluster. Use with caution. Type: Boolean Required: No 
- clientToken
- 
               A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect. If you don't specify a client token, the AWS SDK automatically generates one. Type: String Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: [!-~]+Required: No 
- deletionProtectionEnabled
- 
               If enabled, you can't delete your cluster. You must first disable this property before you can delete your cluster. Type: Boolean Required: No 
- kmsEncryptionKey
- 
               The AWS KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have AWS create a default key for you. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: [a-zA-Z0-9:/_-]+Required: No 
- multiRegionProperties
- 
               The configuration settings when creating a multi-Region cluster, including the witness region and linked cluster properties. Type: MultiRegionProperties object Required: No 
- policy
- 
               An optional resource-based policy document in JSON format that defines access permissions for the cluster. Type: String Length Constraints: Minimum length of 1. Maximum length of 20480. Required: No 
- 
               A map of key and value pairs to use to tag your cluster. Type: String to string map Map Entries: Minimum number of 0 items. Maximum number of 200 items. Key Length Constraints: Minimum length of 1. Maximum length of 128. Key Pattern: [a-zA-Z0-9_.:/=+\-@ ]*Value Length Constraints: Minimum length of 0. Maximum length of 256. Value Pattern: [a-zA-Z0-9_.:/=+\-@ ]*Required: No 
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
   "arn": "string",
   "creationTime": number,
   "deletionProtectionEnabled": boolean,
   "encryptionDetails": { 
      "encryptionStatus": "string",
      "encryptionType": "string",
      "kmsKeyArn": "string"
   },
   "identifier": "string",
   "multiRegionProperties": { 
      "clusters": [ "string" ],
      "witnessRegion": "string"
   },
   "status": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- arn
- 
               The ARN of the created cluster. Type: String Pattern: arn:aws(-[^:]+)?:dsql:[a-z0-9-]{1,20}:[0-9]{12}:cluster/[a-z0-9]{26}
- creationTime
- 
               The time of when created the cluster. Type: Timestamp 
- deletionProtectionEnabled
- 
               Whether deletion protection is enabled on this cluster. Type: Boolean 
- encryptionDetails
- 
               The encryption configuration for the cluster that was specified during the creation process, including the AWS KMS key identifier and encryption state. Type: EncryptionDetails object 
- identifier
- 
               The ID of the created cluster. Type: String Pattern: [a-z0-9]{26}
- multiRegionProperties
- 
               The multi-Region cluster configuration details that were set during cluster creation Type: MultiRegionProperties object 
- status
- 
               The status of the created cluster. Type: String Valid Values: CREATING | ACTIVE | IDLE | INACTIVE | UPDATING | DELETING | DELETED | FAILED | PENDING_SETUP | PENDING_DELETE
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
- 
               You do not have sufficient access to perform this action. HTTP Status Code: 403 
- ConflictException
- 
               The submitted action has conflicts. - resourceId
- 
                        Resource Id 
- resourceType
- 
                        Resource Type 
 HTTP Status Code: 409 
- InternalServerException
- 
               The request processing has failed because of an unknown error, exception or failure. - retryAfterSeconds
- 
                        Retry after seconds. 
 HTTP Status Code: 500 
- ServiceQuotaExceededException
- 
               The service limit was exceeded. - message
- 
                        The service exception for exceeding a quota. 
- quotaCode
- 
                        The service exceeds a quota. 
- resourceId
- 
                        The resource ID exceeds a quota. 
- resourceType
- 
                        The resource type exceeds a quota. 
- serviceCode
- 
                        The request exceeds a service quota. 
 HTTP Status Code: 402 
- ThrottlingException
- 
               The request was denied due to request throttling. - message
- 
                        The message that the request was denied due to request throttling. 
- quotaCode
- 
                        The request exceeds a request rate quota. 
- retryAfterSeconds
- 
                        The request exceeds a request rate quota. Retry after seconds. 
- serviceCode
- 
                        The request exceeds a service quota. 
 HTTP Status Code: 429 
- ValidationException
- 
               The input failed to satisfy the constraints specified by an AWS service. - fieldList
- 
                        A list of fields that didn't validate. 
- reason
- 
                        The reason for the validation exception. 
 HTTP Status Code: 400 
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: