rds_umn_20250211

Reviewed-by: Székely, Ond <ond.szekely@t-systems.com>
Co-authored-by: Ru, Li Yi <liyiru7@huawei.com>
Co-committed-by: Ru, Li Yi <liyiru7@huawei.com>

docs/rds/umn/en-us_topic_0000001191146839.html

@@ -8,7 +8,13 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="EN-US_TOPIC_0000001191146839__row57278405210"><td class="cellrowborder" valign="top" width="25.05%" headers="mcps1.3.1.1.3.1.1 "><p id="EN-US_TOPIC_0000001191146839__p872817401223">2024-10-12</p>
+<tbody><tr id="EN-US_TOPIC_0000001191146839__row125455479318"><td class="cellrowborder" valign="top" width="25.05%" headers="mcps1.3.1.1.3.1.1 "><p id="EN-US_TOPIC_0000001191146839__p122008510316">2024-12-13</p>
+</td>
+<td class="cellrowborder" valign="top" width="74.95%" headers="mcps1.3.1.1.3.1.2 "><p id="EN-US_TOPIC_0000001191146839__p17208713210">Modified the following content:</p>
+<p id="EN-US_TOPIC_0000001191146839__p020127153220">Added <a href="rds_pg_11_0011.html">Security Best Practices</a>.</p>
+</td>
+</tr>
+<tr id="EN-US_TOPIC_0000001191146839__row57278405210"><td class="cellrowborder" valign="top" width="25.05%" headers="mcps1.3.1.1.3.1.1 "><p id="EN-US_TOPIC_0000001191146839__p872817401223">2024-10-12</p>
 </td>
 <td class="cellrowborder" valign="top" width="74.95%" headers="mcps1.3.1.1.3.1.2 "><p id="EN-US_TOPIC_0000001191146839__p15112561626">Modified the following content:</p>
 <ul id="EN-US_TOPIC_0000001191146839__ul1483218310315"><li id="EN-US_TOPIC_0000001191146839__li7832432310"><a href="en-us_topic_scale_cluster.html">Scaling up Storage Space</a>.</li><li id="EN-US_TOPIC_0000001191146839__li15871031139"><a href="rds_pg_scale_cluster.html">Scaling up Storage Space</a>.</li><li id="EN-US_TOPIC_0000001191146839__li1844635020314"><a href="rds_sqlserver_scale_cluster.html">Scaling up Storage Space</a>.</li></ul>

docs/rds/umn/en-us_topic_0000002023864553.html

@@ -83,19 +83,6 @@
 <td class="cellrowborder" valign="top" width="16.66833316668333%" headers="mcps1.3.3.2.2.7.1.6 "><p id="EN-US_TOPIC_0000002023864553__p20441183315306">November 2025</p>
 </td>
 </tr>
-<tr id="EN-US_TOPIC_0000002023864553__row915541615228"><td class="cellrowborder" valign="top" width="11.938806119388062%" headers="mcps1.3.3.2.2.7.1.1 "><p id="EN-US_TOPIC_0000002023864553__p1744233318303">11</p>
-</td>
-<td class="cellrowborder" valign="top" width="17.848215178482153%" headers="mcps1.3.3.2.2.7.1.2 "><p id="EN-US_TOPIC_0000002023864553__p134422331308">Commercial use</p>
-</td>
-<td class="cellrowborder" valign="top" width="17.528247175282473%" headers="mcps1.3.3.2.2.7.1.3 "><p id="EN-US_TOPIC_0000002023864553__p1144293353019">October 2018</p>
-</td>
-<td class="cellrowborder" valign="top" width="18.188181181881813%" headers="mcps1.3.3.2.2.7.1.4 "><p id="EN-US_TOPIC_0000002023864553__p1644263383012">November 2023</p>
-</td>
-<td class="cellrowborder" valign="top" width="17.82821717828217%" headers="mcps1.3.3.2.2.7.1.5 "><p id="EN-US_TOPIC_0000002023864553__p2442153323014">February 2020</p>
-</td>
-<td class="cellrowborder" valign="top" width="16.66833316668333%" headers="mcps1.3.3.2.2.7.1.6 "><p id="EN-US_TOPIC_0000002023864553__p5442123393010">January 2025</p>
-</td>
-</tr>
 </tbody>
 </table>
 </div>

docs/rds/umn/en-us_topic_0043898356.html

@@ -25,9 +25,9 @@
 </tr>
 <tr id="en-us_topic_0043898356__row1223994413545"><td class="cellrowborder" valign="top" width="18.76%" headers="mcps1.3.3.2.5.1.1 "><p id="en-us_topic_0043898356__p12391244145410">PostgreSQL</p>
 </td>
-<td class="cellrowborder" valign="top" width="30.810000000000002%" headers="mcps1.3.3.2.5.1.2 "><ul id="en-us_topic_0043898356__ul153957284"><li id="en-us_topic_0043898356__li931795312120">16</li><li id="en-us_topic_0043898356__li859374122512">15</li><li id="en-us_topic_0043898356__li999014355212">14</li><li id="en-us_topic_0043898356__li578915812569">13</li><li id="en-us_topic_0043898356__li99033116571">12</li><li id="en-us_topic_0043898356__li14391771586">11</li></ul>
+<td class="cellrowborder" valign="top" width="30.810000000000002%" headers="mcps1.3.3.2.5.1.2 "><ul id="en-us_topic_0043898356__ul153957284"><li id="en-us_topic_0043898356__li931795312120">16</li><li id="en-us_topic_0043898356__li859374122512">15</li><li id="en-us_topic_0043898356__li999014355212">14</li><li id="en-us_topic_0043898356__li578915812569">13</li><li id="en-us_topic_0043898356__li99033116571">12</li></ul>
 </td>
-<td class="cellrowborder" valign="top" width="30.740000000000006%" headers="mcps1.3.3.2.5.1.3 "><ul id="en-us_topic_0043898356__ul679911214816"><li id="en-us_topic_0043898356__li095315710217">16</li><li id="en-us_topic_0043898356__li323388192520">15</li><li id="en-us_topic_0043898356__li6873739102110">14</li><li id="en-us_topic_0043898356__li11561141825619">13</li><li id="en-us_topic_0043898356__li877983015583">12</li><li id="en-us_topic_0043898356__li77990126815">11</li></ul>
+<td class="cellrowborder" valign="top" width="30.740000000000006%" headers="mcps1.3.3.2.5.1.3 "><ul id="en-us_topic_0043898356__ul679911214816"><li id="en-us_topic_0043898356__li095315710217">16</li><li id="en-us_topic_0043898356__li323388192520">15</li><li id="en-us_topic_0043898356__li6873739102110">14</li><li id="en-us_topic_0043898356__li11561141825619">13</li><li id="en-us_topic_0043898356__li877983015583">12</li></ul>
 </td>
 <td class="cellrowborder" valign="top" width="19.69%" headers="mcps1.3.3.2.5.1.4 "><p id="en-us_topic_0043898356__p92311432122413">Not supported</p>
 </td>

docs/rds/umn/rds_06_0001.html

@@ -636,7 +636,7 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="rds_06_0001__row103191528163717"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="rds_06_0001__p19319202833710">rds_instance_id</p>
+<tbody><tr id="rds_06_0001__row103191528163717"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="rds_06_0001__p112791171109">rds_cluster_id</p>
 </td>
 <td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="rds_06_0001__p73191528193718">MySQL DB instance ID</p>
 </td>

docs/rds/umn/rds_09_0043.html

@@ -3,7 +3,7 @@
 <h1 class="topictitle1">Installing and Uninstalling a Plugin Using SQL Commands</h1>
 <div id="body1506049288315"><p id="rds_09_0043__p25198097102146">RDS provides the PostgreSQL plugin management solution for user <strong id="rds_09_0043__b71501057206">root</strong>. Except the following plugins, you need to manually create other plugins by referring to this section.</p>
 <ul id="rds_09_0043__ul188621934204416"><li id="rds_09_0043__li1862123410445">auto_explain</li><li id="rds_09_0043__li93984694516">passwordcheck</li><li id="rds_09_0043__li47711921154610">pg_profile_pro</li><li id="rds_09_0043__li63304120479">pg_sql_history</li><li id="rds_09_0043__li1337124122719">plpgsql</li><li id="rds_09_0043__li521675217453">wal2json</li><li id="rds_09_0043__li141511727508">test_decoding</li></ul>
-<div class="note" id="rds_09_0043__note1634217251043"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="rds_09_0043__ul2251012115714"><li id="rds_09_0043__li1525131215578">RDS for PostgreSQL plugins only take effect on the databases you created the plugins for. To use a plugin on databases, it has to be created separately for each database.</li><li id="rds_09_0043__li8251012125713">The latest minor versions of RDS for PostgreSQL 11, 12, 13, and 14 allow the <strong id="rds_09_0043__b4269313977">root</strong> user to create plugins (create extension) or delete plugins (drop extension).</li></ul>
+<div class="note" id="rds_09_0043__note1634217251043"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="rds_09_0043__ul2251012115714"><li id="rds_09_0043__li1525131215578">RDS for PostgreSQL plugins only take effect on the databases you created the plugins for. To use a plugin on databases, it has to be created separately for each database.</li><li id="rds_09_0043__li8251012125713">The latest minor versions of RDS for PostgreSQL 12, 13, and 14 allow the <strong id="rds_09_0043__b4269313977">root</strong> user to create plugins (create extension) or delete plugins (drop extension).</li></ul>
 </div></div>
 <div class="section" id="rds_09_0043__section3157625911310"><h4 class="sectiontitle">Creating a Plugin</h4><p id="rds_09_0043__p16422945121418">Connect to the database where a plugin needs to be created as user <strong id="rds_09_0043__b225724331614">root</strong> and run the following SQL statements:</p>
 <p id="rds_09_0043__p1296982753412"><strong id="rds_09_0043__b65319543343">select control_extension('create','</strong><em id="rds_09_0043__i5561254153411">&lt;EXTENSION_NAME&gt;</em><strong id="rds_09_0043__b1889095610345">', '</strong><em id="rds_09_0043__i1289219566345">&lt;SCHEMA&gt;</em><strong id="rds_09_0043__b1889105663415">');</strong></p>

docs/rds/umn/rds_11_0000.html

@@ -0,0 +1,15 @@
+<a name="rds_11_0000"></a><a name="rds_11_0000"></a>
+
+
+  <h1 class="topictitle1">Best Practices</h1>
+
+  <div id="body0000002150474289"><p id="rds_11_0000__p8060118"></p>
+</div>
+
+<div>
+<ul class="ullinks">
+<li class="ulchildlink"><strong><a href="rds_pg_11_0000.html">RDS for PostgreSQL</a></strong><br>
+</li>
+</ul>
+</div>
+

docs/rds/umn/rds_faq_0119.html

@@ -1,7 +1,7 @@
 <a name="rds_faq_0119"></a><a name="rds_faq_0119"></a>
 
 <h1 class="topictitle1">Does RDS for PostgreSQL Support the test_decoding Plugin?</h1>
-<div id="body1575365508926"><p id="rds_faq_0119__p56031312183512">PostgreSQL 10, PostgreSQL 11, PostgreSQL 12 and PostgreSQL 13 support test_decoding. For more information about test_decoding, see <a href="https://www.postgresql.org/docs/11/test-decoding.html" target="_blank" rel="noopener noreferrer">test_decoding introduction</a>.</p>
+<div id="body1575365508926"><p id="rds_faq_0119__p56031312183512">PostgreSQL 12 and PostgreSQL 13 support test_decoding. For more information about test_decoding, see <a href="https://www.postgresql.org/docs/11/test-decoding.html" target="_blank" rel="noopener noreferrer">test_decoding introduction</a>.</p>
 <p id="rds_faq_0119__p1481782114542">To use test_decoding, set <span class="parmname" id="rds_faq_0119__parmname4532192295417"><b>wal_level</b></span> to <span class="parmvalue" id="rds_faq_0119__parmvalue553242225412"><b>logical</b></span>.</p>
 <ol id="rds_faq_0119__ol1134925225415"><li id="rds_faq_0119__li17616348171"><span>Log in to the management console.</span></li><li id="rds_faq_0119__li146168481712"><span>Click <span><img id="rds_faq_0119__rds_modify_instance_name_en-us_topic_0192953815_image192529212293" src="en-us_image_0000001191211679.png"></span> in the upper left corner and select a region and a project.</span></li><li id="rds_faq_0119__li96167481711"><span>Click <strong id="rds_faq_0119__rds_modify_instance_name_b171171523153019">Service List</strong>. Under <strong id="rds_faq_0119__rds_modify_instance_name_b111722319302">Database</strong>, click <strong id="rds_faq_0119__rds_modify_instance_name_b15118152363010">Relational Database Service</strong>. The RDS console is displayed.</span></li><li id="rds_faq_0119__li922653755512"><span>On the <strong id="rds_faq_0119__b63115471344">Instances</strong> page, click the target DB instance.</span></li><li id="rds_faq_0119__li1322610372559"><span>In the navigation pane on the left, choose <strong id="rds_faq_0119__b455612584417">Parameters</strong>. On the <strong id="rds_faq_0119__b45392110519">Parameters</strong> tab page, locate <strong id="rds_faq_0119__b2036120251957">wal_level</strong> and change its value to <strong id="rds_faq_0119__b741520347515">logical</strong>.</span></li><li id="rds_faq_0119__li10226103775512"><span>Click <strong id="rds_faq_0119__b1041105113611">Save</strong>. In the displayed dialog box, click <strong id="rds_faq_0119__b3424511668">Yes</strong>.</span></li></ol>
 </div>

docs/rds/umn/rds_pg_05_0003.html

@@ -6,8 +6,7 @@
 <div class="section" id="rds_pg_05_0003__section16560101913301"><h4 class="sectiontitle">Precautions</h4><ul id="rds_pg_05_0003__ul845382217301"><li id="rds_pg_05_0003__li4664120171612">When any new minor version is released to address vulnerabilities and other issues from the open source community, <a href="#rds_pg_05_0003__section14931659203611">perform a minor version upgrade</a> for your instance.</li><li id="rds_pg_05_0003__li13453192217308">The upgrade will cause the instance to reboot and interrupt services for a period of time. The length of the interruption depends on service volume. To minimize the impact of the upgrade, perform the upgrade during off-peak hours, or ensure that your applications support automatic reconnection.</li><li id="rds_pg_05_0003__li393824419450">When you upgrade the minor version of a primary instance, the minor versions of read replicas (if any) will also be upgraded automatically. Read replicas cannot be upgraded separately.</li><li id="rds_pg_05_0003__li94531822173017">A minor version upgrade cannot be rolled back after the upgrade is complete. If the upgrade fails, the DB instance will be automatically rolled back to the source version.</li><li id="rds_pg_05_0003__li14278201613345">You are advised to perform a full backup before upgrading a minor version.</li><li id="rds_pg_05_0003__li3807250143412">You need to re-establish a DR relationship after upgrading the minor version of a DR instance.</li><li id="rds_pg_05_0003__li17860363188">Before upgrading minor versions earlier than RDS for PostgreSQL 12.6, you need to stop all logical replications and delete all logical replication slots. Otherwise, the upgrade will fail.<ul id="rds_pg_05_0003__ul143961125216"><li id="rds_pg_05_0003__li14987155792018">Querying a replication slot: <strong id="rds_pg_05_0003__b10244450214">select * from pg_replication_slots;</strong></li><li id="rds_pg_05_0003__li83261036102017">Deleting a replication slot: <strong id="rds_pg_05_0003__b1853694922118">select pg_drop_replication_slot('SLOT_NAME');</strong></li></ul>
 </li></ul>
 </div>
-<div class="section" id="rds_pg_05_0003__section5641111512100"><h4 class="sectiontitle">Constraints</h4><ul id="rds_pg_05_0003__ul2904522191111"><li id="rds_pg_05_0003__li1263687139">The minor version cannot be upgraded for instances with abnormal nodes.</li><li id="rds_pg_05_0003__li1363313751414">The following minor versions cannot be upgraded:<ul id="rds_pg_05_0003__ul18724173215191"><li id="rds_pg_05_0003__li16651330191912">Versions earlier than 11.2 for RDS for PostgreSQL 11</li></ul>
-</li><li id="rds_pg_05_0003__li1333245057">The upgrade will be performed immediately upon the submission of your request. Delayed upgrade of minor versions is not supported.</li></ul>
+<div class="section" id="rds_pg_05_0003__section5641111512100"><h4 class="sectiontitle">Constraints</h4><ul id="rds_pg_05_0003__ul2904522191111"><li id="rds_pg_05_0003__li1263687139">The minor version cannot be upgraded for instances with abnormal nodes.</li><li id="rds_pg_05_0003__li1333245057">The upgrade will be performed immediately upon the submission of your request. Delayed upgrade of minor versions is not supported.</li></ul>
 </div>
 <div class="section" id="rds_pg_05_0003__section14931659203611"><a name="rds_pg_05_0003__section14931659203611"></a><a name="section14931659203611"></a><h4 class="sectiontitle">Procedure</h4><ol id="rds_pg_05_0003__ol6724161419271"><li id="rds_pg_05_0003__li17616348171"><span>Log in to the management console.</span></li><li id="rds_pg_05_0003__li146168481712"><span>Click <span><img id="rds_pg_05_0003__rds_modify_instance_name_en-us_topic_0192953815_image192529212293" src="en-us_image_0000001191211679.png"></span> in the upper left corner and select a region and a project.</span></li><li id="rds_pg_05_0003__li96167481711"><span>Click <strong id="rds_pg_05_0003__rds_modify_instance_name_b171171523153019">Service List</strong>. Under <strong id="rds_pg_05_0003__rds_modify_instance_name_b111722319302">Database</strong>, click <strong id="rds_pg_05_0003__rds_modify_instance_name_b15118152363010">Relational Database Service</strong>. The RDS console is displayed.</span></li><li id="rds_pg_05_0003__li61161897172844"><span>On the <strong id="rds_pg_05_0003__b189053720157">Instances</strong> page, click the primary instance name.</span></li><li id="rds_pg_05_0003__li34958503397"><span>In the <strong id="rds_pg_05_0003__b321916206168">DB Information</strong> area on the <strong id="rds_pg_05_0003__b2022032020162">Basic Information</strong> page, click <strong id="rds_pg_05_0003__b922122020168">Upgrade Minor Version</strong> next to the <strong id="rds_pg_05_0003__b1322211209169">DB Engine Version</strong> field.</span></li><li id="rds_pg_05_0003__li36398892172958"><span>In the displayed dialog box, click <strong id="rds_pg_05_0003__b44161642131620">OK</strong>.</span><p><p id="rds_pg_05_0003__p4813017143819">RDS upgrades the minor version to the latest version immediately.</p>
 </p></li></ol>

docs/rds/umn/rds_pg_05_0004.html

@@ -4,7 +4,7 @@
 <div id="body0000001908336701"><div class="section" id="rds_pg_05_0004__en-us_topic_0000001551538538_section8881153513515"><h4 class="sectiontitle">Scenarios</h4><p id="rds_pg_05_0004__en-us_topic_0000001551538538_p887062932811">RDS for PostgreSQL allows you to upgrade the major version of your DB instance in either of the following methods:</p>
 <ul id="rds_pg_05_0004__en-us_topic_0000001551538538_ul1099494116282"><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li799444112817">Upgrade without cutover: You can use it to test service compatibility of a new version. Upgrading a major version may cause service compatibility issues. A compatibility test is strongly recommended. After the test is passed, perform an upgrade in cutover mode. An upgrade without service cutover will not affect the original instance.</li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li11994134111289">Upgrade with cutover: During an upgrade, the original instance is set to read-only and services are interrupted for minutes. After the upgrade is complete, the original and new instances automatically exchange their virtual IP addresses and the application connection will be switched to the new instance. No changes need to be made to your application.</li></ul>
 </div>
-<div class="section" id="rds_pg_05_0004__en-us_topic_0000001551538538_section5498125563716"><h4 class="sectiontitle">Constraints</h4><ul id="rds_pg_05_0004__en-us_topic_0000001551538538_ul078310199299"><li id="rds_pg_05_0004__li1347961715304">Major version upgrades are available to the following versions:<ul id="rds_pg_05_0004__ul14404121863013"><li id="rds_pg_05_0004__li14269152120307">RDS for PostgreSQL 12: 12.7 or later</li><li id="rds_pg_05_0004__li07831119142918">RDS for PostgreSQL 13: 13.3 or later</li><li id="rds_pg_05_0004__li121051520124511">RDS for PostgreSQL 14: 14.4 or later</li><li id="rds_pg_05_0004__li733653516126">Major version upgrades are unavailable to RDS for PostgreSQL 11.</li></ul>
+<div class="section" id="rds_pg_05_0004__en-us_topic_0000001551538538_section5498125563716"><h4 class="sectiontitle">Constraints</h4><ul id="rds_pg_05_0004__en-us_topic_0000001551538538_ul078310199299"><li id="rds_pg_05_0004__li1347961715304">Major version upgrades are available to the following versions:<ul id="rds_pg_05_0004__ul14404121863013"><li id="rds_pg_05_0004__li14269152120307">RDS for PostgreSQL 12: 12.7 or later</li><li id="rds_pg_05_0004__li07831119142918">RDS for PostgreSQL 13: 13.3 or later</li><li id="rds_pg_05_0004__li121051520124511">RDS for PostgreSQL 14: 14.4 or later</li></ul>
 </li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li16783151902912">Due to OS restrictions, some instances do not support major version upgrades. To learn which versions your instance can be upgraded to, see the list of available versions on the <strong id="rds_pg_05_0004__b16661175716391">Major Version Upgrade</strong> page.</li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li778431917297">Before a major version upgrade, perform an upgrade check. If there is no successful upgrade check in the validity period, a major version upgrade is not allowed.</li></ul>
 </div>
 <div class="section" id="rds_pg_05_0004__en-us_topic_0000001551538538_section193751912153813"><h4 class="sectiontitle">Precautions</h4><ul id="rds_pg_05_0004__en-us_topic_0000001551538538_ul1623023223110"><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li72301132193118">After a major version upgrade is complete, rollback cannot be performed. Before upgrading a major version, perform a thorough test.</li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li1123053263116">After a major version upgrade is complete, a new DB instance is created. The original DB instance is still retained and billed. You can release the original instance when the workloads on the new instance run stably.</li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li14230173213319">Read replicas do not support major version upgrades. If your DB instance has read replicas and DR instances, the read replicas and DR instances will not be upgraded synchronously. You need to create them again after a major version upgrade. For details, see <a href="rds_add_read_replica_pg.html">Creating a Read Replica</a>.</li><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li2467141183117">A major version upgrade has the following impacts:<ul id="rds_pg_05_0004__en-us_topic_0000001551538538_ul6470142193116"><li id="rds_pg_05_0004__en-us_topic_0000001551538538_li15787854123113">If you upgrade your instance with service cutover, the instance will be set to read-only during the upgrade and services will be interrupted for minutes. Perform the upgrade during off-peak hours. If you upgrade your instance without service cutover, there is no impact on your services.<div class="notice" id="rds_pg_05_0004__en-us_topic_0000001551538538_note63790510385"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="rds_pg_05_0004__en-us_topic_0000001551538538_p16379656385">The <strong id="rds_pg_05_0004__b2420162417171">default_transaction_read_only</strong> parameter controls the read-only settings. Before the upgrade, check whether any modification has been made to this parameter. If yes, the data inserted into the instance during the cutover will be lost after the upgrade.</p>

docs/rds/umn/rds_pg_06_0001.html

@@ -273,7 +273,7 @@
 </th>
 </tr>
 </thead>
-<tbody><tr id="rds_pg_06_0001__row153601641503"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="rds_pg_06_0001__p1636013465020">postgresql_instance_id</p>
+<tbody><tr id="rds_pg_06_0001__row153601641503"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.1 "><p id="rds_pg_06_0001__p3977183619203">postgresql_cluster_id</p>
 </td>
 <td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.5.2.1.3.1.2 "><p id="rds_pg_06_0001__p1536013465018">PostgreSQL DB instance ID</p>
 </td>

docs/rds/umn/rds_pg_10_0001.html

@@ -4,7 +4,7 @@
 <div id="body0000001091432220"><p id="rds_pg_10_0001__p480044911287">Parameters are key configuration items in a database system. Improper parameter settings may adversely affect the stable running of databases. This section describes some important parameters for your reference. For details, visit the <a href="https://www.postgresql.org/docs/current/runtime-config.html" target="_blank" rel="noopener noreferrer">PostgreSQL official website</a>.</p>
 <p id="rds_pg_10_0001__p3870192515447">For details on how to modify PostgreSQL parameters on the console, see <a href="rds_pg_configuration.html">Modifying Instance Parameters</a>.</p>
 <div class="section" id="rds_pg_10_0001__section37541120104511"><h4 class="sectiontitle">Sensitive Parameters</h4><p id="rds_pg_10_0001__p52964904153216">The following parameters can result in system security and stability issues if set improperly:</p>
-<ul id="rds_pg_10_0001__ul7143855112611"><li id="rds_pg_10_0001__li1335045125741">The <strong id="rds_pg_10_0001__b1539317714419">search_path</strong> parameter must be set to a schema sequence where schemas are separated by commas (,). Ensure that the schemas exist. Otherwise, the database performance will be affected.</li><li id="rds_pg_10_0001__li24627017203748">If you enable the parameter <strong id="rds_pg_10_0001__b1775510105414">log_duration</strong>, SQL statements containing sensitive information may be recorded in logs. You are advised to disable this parameter.</li><li id="rds_pg_10_0001__li43592373152455"><span class="parmname" id="rds_pg_10_0001__parmname141331959191114"><b>log_min_duration_statement</b></span> specifies how many milliseconds a query has to run before it has to be logged. The unit is millisecond. Setting this parameter to <strong id="rds_pg_10_0001__b146746214576">0</strong> means that all statements are recorded. Setting this parameter to <strong id="rds_pg_10_0001__b1682520598573">-1</strong> means that no statement is recorded. For details, see <a href="slow_query_log-pg.html">Viewing Slow Query Logs</a>.</li><li id="rds_pg_10_0001__li1846913219410">The <span class="parmname" id="rds_pg_10_0001__parmname4469122184110"><b>temp_file_limit</b></span> parameter specifies the maximum amount of disk space (in KB) that a session can use for temporary files. It supports PostgreSQL 11, 12, 13 and 14 only. Changing this parameter value is a high-risk operation. Exercise caution when deciding to perform this operation.<ul id="rds_pg_10_0001__ul15469152114118"><li id="rds_pg_10_0001__li4469102184111">If the parameter value exceeds the threshold, the DB instance will become unavailable.</li><li id="rds_pg_10_0001__li04701321174110">If the parameter value is changed to a larger value for temporary use but is not changed to the original value after the use, the disk space will be continuously used to store temporary files. If the disk space is used up, services will be interrupted and the DB instance will become unavailable.</li></ul>
+<ul id="rds_pg_10_0001__ul7143855112611"><li id="rds_pg_10_0001__li1335045125741">The <strong id="rds_pg_10_0001__b1539317714419">search_path</strong> parameter must be set to a schema sequence where schemas are separated by commas (,). Ensure that the schemas exist. Otherwise, the database performance will be affected.</li><li id="rds_pg_10_0001__li24627017203748">If you enable the parameter <strong id="rds_pg_10_0001__b1775510105414">log_duration</strong>, SQL statements containing sensitive information may be recorded in logs. You are advised to disable this parameter.</li><li id="rds_pg_10_0001__li43592373152455"><span class="parmname" id="rds_pg_10_0001__parmname141331959191114"><b>log_min_duration_statement</b></span> specifies how many milliseconds a query has to run before it has to be logged. The unit is millisecond. Setting this parameter to <strong id="rds_pg_10_0001__b146746214576">0</strong> means that all statements are recorded. Setting this parameter to <strong id="rds_pg_10_0001__b1682520598573">-1</strong> means that no statement is recorded. For details, see <a href="slow_query_log-pg.html">Viewing Slow Query Logs</a>.</li><li id="rds_pg_10_0001__li1846913219410">The <span class="parmname" id="rds_pg_10_0001__parmname4469122184110"><b>temp_file_limit</b></span> parameter specifies the maximum amount of disk space (in KB) that a session can use for temporary files. It supports PostgreSQL 12, 13 and 14 only. Changing this parameter value is a high-risk operation. Exercise caution when deciding to perform this operation.<ul id="rds_pg_10_0001__ul15469152114118"><li id="rds_pg_10_0001__li4469102184111">If the parameter value exceeds the threshold, the DB instance will become unavailable.</li><li id="rds_pg_10_0001__li04701321174110">If the parameter value is changed to a larger value for temporary use but is not changed to the original value after the use, the disk space will be continuously used to store temporary files. If the disk space is used up, services will be interrupted and the DB instance will become unavailable.</li></ul>
 </li></ul>
 </div>
 <div class="section" id="rds_pg_10_0001__section5602829104512"><h4 class="sectiontitle">Performance Parameters</h4><p id="rds_pg_10_0001__p2710730415956">The following parameters can affect database performance:</p>

docs/rds/umn/rds_pg_11_0000.html

@@ -0,0 +1,19 @@
+<a name="rds_pg_11_0000"></a><a name="rds_pg_11_0000"></a>
+
+
+  <h1 class="topictitle1">RDS for PostgreSQL</h1>
+
+  <div id="body0000002150554825"><p id="rds_pg_11_0000__p8060118"></p>
+</div>
+
+<div>
+<ul class="ullinks">
+<li class="ulchildlink"><strong><a href="rds_pg_11_0011.html">Security Best Practices</a></strong><br>
+</li>
+</ul>
+
+<div class="familylinks">
+<div class="parentlink"><strong>Parent topic:</strong> <a href="rds_11_0000.html">Best Practices</a></div>
+</div>
+</div>
+

docs/rds/umn/rds_pg_11_0011.html

@@ -0,0 +1,46 @@
+<a name="rds_pg_11_0011"></a><a name="rds_pg_11_0011"></a>
+
+<h1 class="topictitle1">Security Best Practices</h1>
+<div id="body0000002114795980"><p id="rds_pg_11_0011__p994385117557">PostgreSQL has earned a reputation for reliability, stability, and data consistency, and has become the preferred choice as an open-source relational database for many enterprises. RDS for PostgreSQL is a cloud-based web service that is reliable, scalable, easy to manage, and immediately ready for use.</p>
+<p id="rds_pg_11_0011__p1094495110557">Make security configurations from the following dimensions to meet your service needs.</p>
+<ul id="rds_pg_11_0011__ul1740505995710"><li id="rds_pg_11_0011__li83771252732"><a href="#rds_pg_11_0011__section191901740105814">Configuring the Maximum Number of Connections to the Database</a></li><li id="rds_pg_11_0011__li134063592573"><a href="#rds_pg_11_0011__section17110125465819">Configuring the Timeout for Client Authentication</a></li><li id="rds_pg_11_0011__li3406105915714"><a href="#rds_pg_11_0011__section419316113594">Configuring SSL and Encryption Algorithm</a></li><li id="rds_pg_11_0011__li1040635925713"><a href="#rds_pg_11_0011__section1244942714596">Configuring Password Encryption</a></li><li id="rds_pg_11_0011__li10406105985712"><a href="#rds_pg_11_0011__section17384134317596">Disabling the Backslash Quote</a></li><li id="rds_pg_11_0011__li20406759195717"><a href="#rds_pg_11_0011__section11632185016594">Periodically Checking and Deleting Roles That Are No Longer Used</a></li><li id="rds_pg_11_0011__li940695945716"><a href="#rds_pg_11_0011__section1547261618018">Revoking All Permissions on the public Schema</a></li><li id="rds_pg_11_0011__li1740612595576"><a href="#rds_pg_11_0011__section19367142416014">Setting a Proper Password Validity Period for a User Role</a></li><li id="rds_pg_11_0011__li1140675916572"><a href="#rds_pg_11_0011__section104480459018">Configuring the Log Level to Record SQL Statements That Cause Errors</a></li><li id="rds_pg_11_0011__li13406185955715"><a href="#rds_pg_11_0011__section1319417131615">Enabling Data Backup</a></li><li id="rds_pg_11_0011__li154063591577"><a href="#rds_pg_11_0011__section733814410110">Avoiding Binding an EIP to Your RDS for PostgreSQL Instance</a></li><li id="rds_pg_11_0011__li6969204521111"><a href="#rds_pg_11_0011__section183391014201212">Configuring the Delay for Account Authentication Failures</a></li></ul>
+<div class="section" id="rds_pg_11_0011__section191901740105814"><a name="rds_pg_11_0011__section191901740105814"></a><a name="section191901740105814"></a><h4 class="sectiontitle">Configuring the Maximum Number of Connections to the Database</h4><p id="rds_pg_11_0011__p176121233155819">The <strong id="rds_pg_11_0011__b11683131374">max_connections</strong> parameter specifies the maximum concurrent connections allowed in a database. If the value of this parameter is large, the RDS for PostgreSQL database may request more System V shared memory or semaphore. As a result, the requested shared memory or semaphore may exceed the default value on the OS. Set <strong id="rds_pg_11_0011__b112201020173916">max_connections</strong> based on service complexity. For details, see <a href="rds_pg_10_0001.html">Suggestions on PostgreSQL Parameter Tuning</a>.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section17110125465819"><a name="rds_pg_11_0011__section17110125465819"></a><a name="section17110125465819"></a><h4 class="sectiontitle">Configuring the Timeout for Client Authentication</h4><p id="rds_pg_11_0011__p434905014582">The <strong id="rds_pg_11_0011__b123861043172514">authentication_timeout</strong> parameter specifies the maximum duration allowed to complete client authentication, in seconds. This parameter prevents clients from occupying a connection for a long time. The default value is 60s. If client authentication is not complete within the specified period, the connection is forcibly closed. Using this parameter can enhance the security of your RDS for PostgreSQL instance.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section419316113594"><a name="rds_pg_11_0011__section419316113594"></a><a name="section419316113594"></a><h4 class="sectiontitle">Configuring SSL and Encryption Algorithm</h4><p id="rds_pg_11_0011__p4958132614">SSL is recommended for TCP/IP connections because SSL ensures that all communications between clients and servers are encrypted, preventing data leakage and tampering and ensuring data integrity. When configuring SSL, configure the TLS protocol and encryption algorithm on the server. TLSv1.2 and EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EDH+aRSA+AESGCM:EDH+aDSS+AESGCM:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!SRP:!RC4 are recommended. For details, see <a href="rds_02_0016.html">SSL Connection</a>.</p>
+<p id="rds_pg_11_0011__p16101187105913">To configure the TLS protocol and encryption algorithm, use the parameters <strong id="rds_pg_11_0011__b113183703814">ssl_min_protocol_version</strong> and <strong id="rds_pg_11_0011__b0334210193815">ssl_ciphers</strong>.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section1244942714596"><a name="rds_pg_11_0011__section1244942714596"></a><a name="section1244942714596"></a><h4 class="sectiontitle">Configuring Password Encryption</h4><p id="rds_pg_11_0011__p1027162411610">Passwords must be encrypted. When you use <strong id="rds_pg_11_0011__b326512365616">CREATE USER</strong> or <strong id="rds_pg_11_0011__b15112174011612">ALTER ROLE</strong> to change a password, the password is stored in a system catalog after being encrypted by default. <strong id="rds_pg_11_0011__b6238345194619">scram-sha-256</strong> is recommended for password encryption. To change the password encryption algorithm, change the value of <strong id="rds_pg_11_0011__b1852053984617">password_encryption</strong>.</p>
+<p id="rds_pg_11_0011__p4991024145914">The <strong id="rds_pg_11_0011__b11311122164710">MD5</strong> option is used only for compatibility with earlier versions. New DB instances use <strong id="rds_pg_11_0011__b344124974915">scram-sha-256</strong> by default.</p>
+<div class="notice" id="rds_pg_11_0011__note494521214521"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="rds_pg_11_0011__p12217131718525">The modification of <strong id="rds_pg_11_0011__b61231551135013">password_encryption</strong> takes effect only after the password is reset.</p>
+</div></div>
+</div>
+<div class="section" id="rds_pg_11_0011__section17384134317596"><a name="rds_pg_11_0011__section17384134317596"></a><a name="section17384134317596"></a><h4 class="sectiontitle">Disabling the Backslash Quote</h4><p id="rds_pg_11_0011__p97092393598">The <strong id="rds_pg_11_0011__b1614972910234">backslash_quote</strong> parameter specifies whether a single quotation mark (') in a string can be replaced by a backslash quote (\'). The preferred, SQL-standard way to represent a single quotation mark is by doubling it (''). If client-side code does escaping incorrectly then an SQL-injection attack is possible. You are advised to set <strong id="rds_pg_11_0011__b97203919318">backslash_quote</strong> to <strong id="rds_pg_11_0011__b23509424319">safe_encoding</strong> to reject queries in which a single quotation mark appears to be escaped by a backslash, preventing SQL injection risks.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section11632185016594"><a name="rds_pg_11_0011__section11632185016594"></a><a name="section11632185016594"></a><h4 class="sectiontitle">Periodically Checking and Deleting Roles That Are No Longer Used</h4><p id="rds_pg_11_0011__p3710133917598">Check whether all roles are mandatory. Every unknown role must be reviewed to ensure that it is used properly. If any role is no longer used, delete it. To query roles, run the following command:</p>
+<p id="rds_pg_11_0011__p157104391590"><strong id="rds_pg_11_0011__b164429241771">SELECT rolname FROM pg_roles;</strong></p>
+</div>
+<div class="section" id="rds_pg_11_0011__section1547261618018"><a name="rds_pg_11_0011__section1547261618018"></a><a name="section1547261618018"></a><h4 class="sectiontitle">Revoking All Permissions on the public Schema</h4><p id="rds_pg_11_0011__p15486712404">The <strong id="rds_pg_11_0011__b139181154412">public</strong> schema is the default schema. All users can access objects in it, including tables, functions, and views, which may cause security vulnerabilities. You can run the following command as user <strong id="rds_pg_11_0011__b201101334204511">root</strong> to revoke the permissions:</p>
+<p id="rds_pg_11_0011__p18486201213012"><strong id="rds_pg_11_0011__b1710072814710">revoke all on schema public from public;</strong></p>
+</div>
+<div class="section" id="rds_pg_11_0011__section19367142416014"><a name="rds_pg_11_0011__section19367142416014"></a><a name="section19367142416014"></a><h4 class="sectiontitle">Setting a Proper Password Validity Period for a User Role</h4><p id="rds_pg_11_0011__p4487312509">When creating a role, you can use the <u id="rds_pg_11_0011__u9967912114">VALID UNTIL</u> keyword to specify when the password of the role becomes invalid. If this keyword is ignored, the password will be valid permanently. You are advised to change the password periodically, for example, every three months. To configure a password validity period, run the following command:</p>
+<p id="rds_pg_11_0011__p19487101219010"><strong id="rds_pg_11_0011__b014114306812">CREATE ROLE name WITH PASSWORD </strong><em id="rds_pg_11_0011__i1314310301487">'password'</em><strong id="rds_pg_11_0011__b2142193013816"> VALID UNTIL 'timestamp';</strong></p>
+<p id="rds_pg_11_0011__p048716121001">To check whether a password validity period is configured, run the following command:</p>
+<p id="rds_pg_11_0011__p1948891213010"><strong id="rds_pg_11_0011__b682619371812">SELECT rolname,rolvaliduntil FROM pg\_roles WHERE rolsuper = false AND rolvaliduntil IS NULL;</strong></p>
+</div>
+<div class="section" id="rds_pg_11_0011__section104480459018"><a name="rds_pg_11_0011__section104480459018"></a><a name="section104480459018"></a><h4 class="sectiontitle">Configuring the Log Level to Record SQL Statements That Cause Errors</h4><p id="rds_pg_11_0011__p1476664019010">The <strong id="rds_pg_11_0011__b9799759520">log_min_error_statement</strong> parameter specifies which SQL statements that cause errors can be recorded in server logs. The SQL statements of the specified level or higher are recorded in logs. Valid values include <strong id="rds_pg_11_0011__b147191681772">debug5</strong>, <strong id="rds_pg_11_0011__b1824151317719">debug4</strong>, <strong id="rds_pg_11_0011__b6843151516719">debug3</strong>, <strong id="rds_pg_11_0011__b18700161817714">debug2</strong>, <strong id="rds_pg_11_0011__b17291221578">debug1</strong>, <strong id="rds_pg_11_0011__b15273524578">info</strong>, <strong id="rds_pg_11_0011__b1273314261718">notice</strong>, <strong id="rds_pg_11_0011__b11754112915719">warning</strong>, <strong id="rds_pg_11_0011__b1216710588">error</strong>, <strong id="rds_pg_11_0011__b15627512381">log</strong>, <strong id="rds_pg_11_0011__b55886363719">fatal</strong>, and <strong id="rds_pg_11_0011__b17900113916717">panic</strong>. The value of <strong id="rds_pg_11_0011__b1335820491689">log_min_error_statement</strong> must be at least <strong id="rds_pg_11_0011__b183571754284">error</strong>.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section1319417131615"><a name="rds_pg_11_0011__section1319417131615"></a><a name="section1319417131615"></a><h4 class="sectiontitle">Enabling Data Backup</h4><p id="rds_pg_11_0011__p83886591708">When you create an RDS DB instance, an automated backup policy is enabled by default with the retention period set to seven days. You can change the backup retention period as required. RDS for PostgreSQL DB instances support automated backups and manual backups. You can periodically back up your instance. If the instance fails or data is damaged, restore it using backups to ensure data reliability. For details, see Data Backups.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section733814410110"><a name="rds_pg_11_0011__section733814410110"></a><a name="section733814410110"></a><h4 class="sectiontitle">Avoiding Binding an EIP to Your RDS for PostgreSQL Instance</h4><p id="rds_pg_11_0011__p1864720354112">Do not deploy your instance on the Internet or in a demilitarized zone (DMZ). Instead, deploy it on a private network and use routers or firewalls to control access to your instance. Do not bind an EIP to your instance to prohibit unauthorized access and DDoS attacks from the Internet. If you have bound an EIP to your instance, you are advised to unbind it. If you do need an EIP, configure security group rules to restrict the source IP addresses that can access your instance.</p>
+</div>
+<div class="section" id="rds_pg_11_0011__section183391014201212"><a name="rds_pg_11_0011__section183391014201212"></a><a name="section183391014201212"></a><h4 class="sectiontitle">Configuring the Delay for Account Authentication Failures</h4><p id="rds_pg_11_0011__p44484421121">By default, RDS for PostgreSQL instances have a built-in auth_delay extension. auth_delay causes the server to stop for a short period of time before an authentication failure message is returned, making it more difficult to crack the database password. To configure the delay for account authentication failures, change the value of the <strong id="rds_pg_11_0011__b360941317458">auth_delay.milliseconds</strong> parameter (which indicates the number of milliseconds to wait before reporting an authentication failure) by referring to Modifying Parameters of an RDS for PostgreSQL Instance. The default value of this parameter is <strong id="rds_pg_11_0011__b1267436164619">0</strong>.</p>
+</div>
+</div>
+<div>
+<div class="familylinks">
+<div class="parentlink"><strong>Parent topic:</strong> <a href="rds_pg_11_0000.html">RDS for PostgreSQL</a></div>
+</div>
+</div>
+