CreateCluster
The CreateCluster API allows you to create both single-Region clusters and multi-Region clusters. With the addition of the multiRegionProperties parameter, you can create a cluster with witness Region support and establish peer relationships with clusters in other Regions during creation.
Note
Creating multi-Region clusters requires additional IAM permissions beyond those needed for single-Region clusters, as detailed in the Required permissions section below.
Required permissions
- dsql:CreateCluster
-
Required to create a cluster.
Resources:
arn:aws:dsql:region:account-id:cluster/* - dsql:TagResource
-
Permission to add tags to a resource.
Resources:
arn:aws:dsql:region:account-id:cluster/* - dsql:PutMultiRegionProperties
-
Permission to configure multi-Region properties for a cluster.
Resources:
arn:aws:dsql:region:account-id:cluster/* - dsql:AddPeerCluster
-
When specifying
multiRegionProperties.clusters, permission to add peer clusters.Resources:
-
Local cluster:
arn:aws:dsql:region:account-id:cluster/* -
Each peer cluster: exact ARN of each specified peer cluster
-
- dsql:PutWitnessRegion
-
When specifying
multiRegionProperties.witnessRegion, permission to set a witness Region. This permission is checked both in the cluster Region and in the witness Region.Resources:
arn:aws:dsql:region:account-id:cluster/*Condition Keys:
dsql:WitnessRegion(matching the specified witness region)
Important
-
The witness Region specified in
multiRegionProperties.witnessRegioncannot be the same as the cluster's Region.
Request Syntax
POST /cluster HTTP/1.1
Content-type: application/json
{
"clientToken": "string",
"deletionProtectionEnabled": boolean,
"kmsEncryptionKey": "string",
"multiRegionProperties": {
"clusters": [ "string" ],
"witnessRegion": "string"
},
"tags": {
"string" : "string"
}
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- clientToken
-
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.
If you don't specify a client token, the AWS SDK automatically generates one.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[!-~]+Required: No
- deletionProtectionEnabled
-
If enabled, you can't delete your cluster. You must first disable this property before you can delete your cluster.
Type: Boolean
Required: No
- kmsEncryptionKey
-
The AWS KMS key that encrypts and protects the data on your cluster. You can specify the ARN, ID, or alias of an existing key or have AWS create a default key for you.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern:
[a-zA-Z0-9:/_-]+Required: No
- multiRegionProperties
-
The configuration settings when creating a multi-Region cluster, including the witness region and linked cluster properties.
Type: MultiRegionProperties object
Required: No
-
A map of key and value pairs to use to tag your cluster.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 200 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Key Pattern:
[a-zA-Z0-9_.:/=+\-@ ]*Value Length Constraints: Minimum length of 0. Maximum length of 256.
Value Pattern:
[a-zA-Z0-9_.:/=+\-@ ]*Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"arn": "string",
"creationTime": number,
"deletionProtectionEnabled": boolean,
"encryptionDetails": {
"encryptionStatus": "string",
"encryptionType": "string",
"kmsKeyArn": "string"
},
"identifier": "string",
"multiRegionProperties": {
"clusters": [ "string" ],
"witnessRegion": "string"
},
"status": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- arn
-
The ARN of the created cluster.
Type: String
Pattern:
arn:aws(-[^:]+)?:dsql:[a-z0-9-]{1,20}:[0-9]{12}:cluster/[a-z0-9]{26} - creationTime
-
The time of when created the cluster.
Type: Timestamp
- deletionProtectionEnabled
-
Whether deletion protection is enabled on this cluster.
Type: Boolean
- encryptionDetails
-
The encryption configuration for the cluster that was specified during the creation process, including the AWS KMS key identifier and encryption state.
Type: EncryptionDetails object
- identifier
-
The ID of the created cluster.
Type: String
Pattern:
[a-z0-9]{26} - multiRegionProperties
-
The multi-Region cluster configuration details that were set during cluster creation
Type: MultiRegionProperties object
- status
-
The status of the created cluster.
Type: String
Valid Values:
CREATING | ACTIVE | IDLE | INACTIVE | UPDATING | DELETING | DELETED | FAILED | PENDING_SETUP | PENDING_DELETE
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- ConflictException
-
The submitted action has conflicts.
HTTP Status Code: 409
- InternalServerException
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
- ServiceQuotaExceededException
-
The service limit was exceeded.
HTTP Status Code: 402
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 429
- ValidationException
-
The input failed to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
