Restore Db Cluster to Point in Time

Restores a DB cluster to an arbitrary point in time


Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group.

For Aurora, this operation only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the create_db_instance operation to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the restore_db_cluster_to_point_in_time operation has completed and the DB cluster is available.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.


  RestoreType, SourceDBClusterIdentifier, RestoreToTime,
  UseLatestRestorableTime, Port, DBSubnetGroupName, OptionGroupName,
  VpcSecurityGroupIds, Tags, KmsKeyId, EnableIAMDatabaseAuthentication,
  BacktrackWindow, EnableCloudwatchLogsExports,
  DBClusterParameterGroupName, DeletionProtection, CopyTagsToSnapshot,
  Domain, DomainIAMRoleName, ScalingConfiguration, EngineMode,
  DBClusterInstanceClass, StorageType, PubliclyAccessible, Iops,
  ServerlessV2ScalingConfiguration, NetworkType,
  SourceDbClusterResourceId, RdsCustomClusterConfiguration,



[required] The name of the new DB cluster to be created.


  • Must contain from 1 to 63 letters, numbers, or hyphens

  • First character must be a letter

  • Can't end with a hyphen or contain two consecutive hyphens

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The type of restore to be performed. You can specify one of the following values:

  • full-copy - The new DB cluster is restored as a full copy of the source DB cluster.

  • copy-on-write - The new DB cluster is restored as a clone of the source DB cluster.

If you don't specify a RestoreType value, then the new DB cluster is restored as a full copy of the source DB cluster.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The identifier of the source DB cluster from which to restore.


  • Must match the identifier of an existing DBCluster.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The date and time to restore the DB cluster to.

Valid Values: Value must be a time in Universal Coordinated Time (UTC) format


  • Must be before the latest restorable time for the DB instance

  • Must be specified if UseLatestRestorableTime parameter isn't provided

  • Can't be specified if the UseLatestRestorableTime parameter is enabled

  • Can't be specified if the RestoreType parameter is copy-on-write

Example: ⁠2015-03-07T23:45:00Z⁠

Valid for: Aurora DB clusters and Multi-AZ DB clusters


Specifies whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster isn't restored to the latest restorable backup time.

Constraints: Can't be specified if RestoreToTime parameter is provided.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The port number on which the new DB cluster accepts connections.

Constraints: A value from 1150-65535.

Default: The default port for the engine.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The DB subnet group name to use for the new DB cluster.

Constraints: If supplied, must match the name of an existing DBSubnetGroup.

Example: mydbsubnetgroup

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The name of the option group for the new DB cluster.

DB clusters are associated with a default option group that can't be modified.


A list of VPC security groups that the new DB cluster belongs to.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different from the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the KmsKeyId parameter.

If you don't specify a value for the KmsKeyId parameter, then the following occurs:

  • If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.

  • If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.

If DBClusterIdentifier refers to a DB cluster that isn't encrypted, then the restore request is rejected.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


Specifies whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information, see IAM Database Authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only


The target backtrack window, in seconds. To disable backtracking, set this value to 0.

Default: 0


  • If specified, this value must be set to a number from 0 to 259,200 (72 hours).

Valid for: Aurora MySQL DB clusters only


The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.


Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The name of the custom DB cluster parameter group to associate with this DB cluster.

If the DBClusterParameterGroupName parameter is omitted, the default DB cluster parameter group for the specified engine is used.


  • If supplied, must match the name of an existing DB cluster parameter group.

  • Must be 1 to 255 letters, numbers, or hyphens.

  • First character must be a letter.

  • Can't end with a hyphen or contain two consecutive hyphens.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


Specifies whether to enable deletion protection for the DB cluster. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


Specifies whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.

Valid for: Aurora DB clusters and Multi-AZ DB clusters


The Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation.

For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see Kerberos Authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only


The name of the IAM role to be used when making API calls to the Directory Service.

Valid for: Aurora DB clusters only


For DB clusters in serverless DB engine mode, the scaling properties of the DB cluster.

Valid for: Aurora DB clusters only


The engine mode of the new cluster. Specify provisioned or serverless, depending on the type of the cluster you are creating. You can create an Aurora Serverless v1 clone from a provisioned cluster, or a provisioned clone from an Aurora Serverless v1 cluster. To create a clone that is an Aurora Serverless v1 cluster, the original cluster must be an Aurora Serverless v1 cluster or an encrypted provisioned cluster.

Valid for: Aurora DB clusters only


The compute and memory capacity of the each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.

For the full list of DB instance classes, and availability for your engine, see DB instance class in the Amazon RDS User Guide.

Valid for: Multi-AZ DB clusters only


Specifies the storage type to be associated with the DB cluster.

When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required.

Valid Values: aurora, aurora-iopt1 (Aurora DB clusters); io1 (Multi-AZ DB clusters)

Default: aurora (Aurora DB clusters); io1 (Multi-AZ DB clusters)

Valid for: Aurora DB clusters and Multi-AZ DB clusters


Specifies whether the DB cluster is publicly accessible.

When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB cluster doesn't permit it.

When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

  • If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.

  • If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.

If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

  • If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.

  • If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.

Valid for: Multi-AZ DB clusters only


The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

For information about valid IOPS values, see Amazon RDS Provisioned IOPS storage in the Amazon RDS User Guide.

Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB instance.

Valid for: Multi-AZ DB clusters only


The network type of the DB cluster.

Valid Values:

  • IPV4

  • DUAL

The network type is determined by the DBSubnetGroup specified for the DB cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).

For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only


The resource ID of the source DB cluster from which to restore.


Reserved for future use.


The life cycle type for this DB cluster.

By default, this value is set to open-source-rds-extended-support, which enrolls your DB cluster into Amazon RDS Extended Support. At the end of standard support, you can avoid charges for Extended Support by setting the value to open-source-rds-extended-support-disabled. In this case, RDS automatically upgrades your restored DB cluster to a higher engine version, if the major engine version is past its end of standard support date.

You can use this setting to enroll your DB cluster into Amazon RDS Extended Support. With RDS Extended Support, you can run the selected major engine version on your DB cluster past the end of standard support for that engine version. For more information, see the following sections:

Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters

Valid Values: open-source-rds-extended-support | open-source-rds-extended-support-disabled

Default: open-source-rds-extended-support


A list with the following syntax:

  DBCluster = list(
    AllocatedStorage = 123,
    AvailabilityZones = list(
    BackupRetentionPeriod = 123,
    CharacterSetName = "string",
    DatabaseName = "string",
    DBClusterIdentifier = "string",
    DBClusterParameterGroup = "string",
    DBSubnetGroup = "string",
    Status = "string",
    AutomaticRestartTime = as.POSIXct(
    PercentProgress = "string",
    EarliestRestorableTime = as.POSIXct(
    Endpoint = "string",
    ReaderEndpoint = "string",
    CustomEndpoints = list(
    MultiAZ = TRUE|FALSE,
    Engine = "string",
    EngineVersion = "string",
    LatestRestorableTime = as.POSIXct(
    Port = 123,
    MasterUsername = "string",
    DBClusterOptionGroupMemberships = list(
        DBClusterOptionGroupName = "string",
        Status = "string"
    PreferredBackupWindow = "string",
    PreferredMaintenanceWindow = "string",
    ReplicationSourceIdentifier = "string",
    ReadReplicaIdentifiers = list(
    StatusInfos = list(
        StatusType = "string",
        Normal = TRUE|FALSE,
        Status = "string",
        Message = "string"
    DBClusterMembers = list(
        DBInstanceIdentifier = "string",
        IsClusterWriter = TRUE|FALSE,
        DBClusterParameterGroupStatus = "string",
        PromotionTier = 123
    VpcSecurityGroups = list(
        VpcSecurityGroupId = "string",
        Status = "string"
    HostedZoneId = "string",
    StorageEncrypted = TRUE|FALSE,
    KmsKeyId = "string",
    DbClusterResourceId = "string",
    DBClusterArn = "string",
    AssociatedRoles = list(
        RoleArn = "string",
        Status = "string",
        FeatureName = "string"
    IAMDatabaseAuthenticationEnabled = TRUE|FALSE,
    CloneGroupId = "string",
    ClusterCreateTime = as.POSIXct(
    EarliestBacktrackTime = as.POSIXct(
    BacktrackWindow = 123,
    BacktrackConsumedChangeRecords = 123,
    EnabledCloudwatchLogsExports = list(
    Capacity = 123,
    EngineMode = "string",
    ScalingConfigurationInfo = list(
      MinCapacity = 123,
      MaxCapacity = 123,
      AutoPause = TRUE|FALSE,
      SecondsUntilAutoPause = 123,
      TimeoutAction = "string",
      SecondsBeforeTimeout = 123
    RdsCustomClusterConfiguration = list(
      InterconnectSubnetId = "string",
      TransitGatewayMulticastDomainId = "string",
      ReplicaMode = "open-read-only"|"mounted"
    DeletionProtection = TRUE|FALSE,
    HttpEndpointEnabled = TRUE|FALSE,
    ActivityStreamMode = "sync"|"async",
    ActivityStreamStatus = "stopped"|"starting"|"started"|"stopping",
    ActivityStreamKmsKeyId = "string",
    ActivityStreamKinesisStreamName = "string",
    CopyTagsToSnapshot = TRUE|FALSE,
    CrossAccountClone = TRUE|FALSE,
    DomainMemberships = list(
        Domain = "string",
        Status = "string",
        FQDN = "string",
        IAMRoleName = "string",
        OU = "string",
        AuthSecretArn = "string",
        DnsIps = list(
    TagList = list(
        Key = "string",
        Value = "string"
    GlobalWriteForwardingStatus = "enabled"|"disabled"|"enabling"|"disabling"|"unknown",
    GlobalWriteForwardingRequested = TRUE|FALSE,
    PendingModifiedValues = list(
      PendingCloudwatchLogsExports = list(
        LogTypesToEnable = list(
        LogTypesToDisable = list(
      DBClusterIdentifier = "string",
      MasterUserPassword = "string",
      IAMDatabaseAuthenticationEnabled = TRUE|FALSE,
      EngineVersion = "string",
      BackupRetentionPeriod = 123,
      AllocatedStorage = 123,
      RdsCustomClusterConfiguration = list(
        InterconnectSubnetId = "string",
        TransitGatewayMulticastDomainId = "string",
        ReplicaMode = "open-read-only"|"mounted"
      Iops = 123,
      StorageType = "string",
      CertificateDetails = list(
        CAIdentifier = "string",
        ValidTill = as.POSIXct(
    DBClusterInstanceClass = "string",
    StorageType = "string",
    Iops = 123,
    PubliclyAccessible = TRUE|FALSE,
    AutoMinorVersionUpgrade = TRUE|FALSE,
    MonitoringInterval = 123,
    MonitoringRoleArn = "string",
    PerformanceInsightsEnabled = TRUE|FALSE,
    PerformanceInsightsKMSKeyId = "string",
    PerformanceInsightsRetentionPeriod = 123,
    ServerlessV2ScalingConfiguration = list(
      MinCapacity = 123.0,
      MaxCapacity = 123.0
    NetworkType = "string",
    DBSystemId = "string",
    MasterUserSecret = list(
      SecretArn = "string",
      SecretStatus = "string",
      KmsKeyId = "string"
    IOOptimizedNextAllowedModificationTime = as.POSIXct(
    LocalWriteForwardingStatus = "enabled"|"disabled"|"enabling"|"disabling"|"requested",
    AwsBackupRecoveryPointArn = "string",
    LimitlessDatabase = list(
      Status = "active"|"not-in-use"|"enabled"|"disabled"|"enabling"|"disabling"|"modifying-max-capacity"|"error",
      MinRequiredACU = 123.0
    StorageThroughput = 123,
    CertificateDetails = list(
      CAIdentifier = "string",
      ValidTill = as.POSIXct(
    EngineLifecycleSupport = "string"

Request syntax

  DBClusterIdentifier = "string",
  RestoreType = "string",
  SourceDBClusterIdentifier = "string",
  RestoreToTime = as.POSIXct(
  UseLatestRestorableTime = TRUE|FALSE,
  Port = 123,
  DBSubnetGroupName = "string",
  OptionGroupName = "string",
  VpcSecurityGroupIds = list(
  Tags = list(
      Key = "string",
      Value = "string"
  KmsKeyId = "string",
  EnableIAMDatabaseAuthentication = TRUE|FALSE,
  BacktrackWindow = 123,
  EnableCloudwatchLogsExports = list(
  DBClusterParameterGroupName = "string",
  DeletionProtection = TRUE|FALSE,
  CopyTagsToSnapshot = TRUE|FALSE,
  Domain = "string",
  DomainIAMRoleName = "string",
  ScalingConfiguration = list(
    MinCapacity = 123,
    MaxCapacity = 123,
    AutoPause = TRUE|FALSE,
    SecondsUntilAutoPause = 123,
    TimeoutAction = "string",
    SecondsBeforeTimeout = 123
  EngineMode = "string",
  DBClusterInstanceClass = "string",
  StorageType = "string",
  PubliclyAccessible = TRUE|FALSE,
  Iops = 123,
  ServerlessV2ScalingConfiguration = list(
    MinCapacity = 123.0,
    MaxCapacity = 123.0
  NetworkType = "string",
  SourceDbClusterResourceId = "string",
  RdsCustomClusterConfiguration = list(
    InterconnectSubnetId = "string",
    TransitGatewayMulticastDomainId = "string",
    ReplicaMode = "open-read-only"|"mounted"
  EngineLifecycleSupport = "string"