aws_accessanalyzer_analyzeraws_accessanalyzer_findingaws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_acmpca_certificate_authorityaws_amplify_appaws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_methodaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_app_runner_serviceaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_appsync_graphql_apiaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_jobaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_lookup_eventaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_codestar_notification_ruleaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_certificateaws_dms_endpointaws_dms_replication_instanceaws_dms_replication_taskaws_docdb_clusteraws_docdb_cluster_instanceaws_docdb_cluster_snapshotaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_load_balancer_listener_ruleaws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_registry_scanning_configurationaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_application_versionaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_emr_security_configurationaws_eventbridge_busaws_eventbridge_ruleaws_fms_app_listaws_fms_policyaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_iot_fleet_metricaws_iot_thingaws_iot_thing_groupaws_iot_thing_typeaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_kms_key_rotationaws_lambda_aliasaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_bucketaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_memorydb_clusteraws_mgn_applicationaws_mq_brokeraws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_targetaws_organizations_rootaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_engine_versionaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_recommendationaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_vpc_association_authorizationaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_s3_object_versionaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_enabled_product_subscriptionaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicecatalog_provisioned_productaws_servicequotas_default_service_quotaaws_servicequotas_serviceaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_subscriptionaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssmincidents_response_planaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_timestreamwrite_databaseaws_timestreamwrite_tableaws_transfer_serveraws_transfer_useraws_trusted_advisor_check_summaryaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace
Table: aws_docdb_cluster - Query Amazon DocumentDB Cluster using SQL
The Amazon DocumentDB Cluster is a fully managed, MongoDB compatible database service designed for workloads that need high availability, reliability, and scalability. It allows you to store, query, and index JSON data. DocumentDB makes it easy to operate mission critical MongoDB workloads at scale.
Table Usage Guide
The aws_docdb_cluster table in Steampipe provides you with information about Amazon DocumentDB clusters within AWS. This table allows you as a DevOps engineer, database administrator, or other technical professional to query cluster-specific details, including configurations, status, and associated metadata. You can utilize this table to gather insights on clusters, such as their availability, backup and restore settings, encryption status, and more. The schema outlines the various attributes of the DocumentDB cluster for you, including the cluster ARN, creation time, DB subnet group, associated VPC, and backup retention period.
Examples
Basic Info
select arn, db_cluster_identifier, deletion_protection, engine, status, regionfrom aws_docdb_cluster;select arn, db_cluster_identifier, deletion_protection, engine, status, regionfrom aws_docdb_cluster;List clusters which are not encrypted
Discover the segments that are not encrypted within your database clusters. This can help enhance your security measures by identifying potential vulnerabilities.
select db_cluster_identifier, status, cluster_create_time, kms_key_id, storage_encryptedfrom aws_docdb_clusterwhere not storage_encrypted;select db_cluster_identifier, status, cluster_create_time, kms_key_id, storage_encryptedfrom aws_docdb_clusterwhere storage_encrypted = 0;List clusters where backup retention period is greater than 7 days
Identify instances where the backup retention period for database clusters exceeds a week. This could be useful in managing data storage and ensuring compliance with data retention policies.
select db_cluster_identifier, backup_retention_periodfrom aws_docdb_clusterwhere backup_retention_period > 7;select db_cluster_identifier, backup_retention_periodfrom aws_docdb_clusterwhere backup_retention_period > 7;Get avalability zone count for each cluster
Determine the number of availability zones for each database cluster in your AWS DocumentDB service to better manage and distribute your databases across different zones for high availability and fault tolerance.
select db_cluster_identifier, jsonb_array_length(availability_zones) as availability_zones_countfrom aws_docdb_cluster;select db_cluster_identifier, json_array_length(availability_zones) as availability_zones_countfrom aws_docdb_cluster;List clusters where deletion protection is disabled
Discover the segments that have deletion protection disabled in order to identify potential vulnerabilities and enhance security measures. This is particularly useful in maintaining data integrity by preventing accidental deletions.
select db_cluster_identifier, status, cluster_create_time, deletion_protectionfrom aws_docdb_clusterwhere not deletion_protection;select db_cluster_identifier, status, cluster_create_time, deletion_protectionfrom aws_docdb_clusterwhere deletion_protection = 0;List cluster members details
Identify instances where you can assess the status and roles of members within your AWS DocumentDB clusters. This enables you to understand the configuration of each cluster member, including their promotion tier and whether they have write access.
select db_cluster_identifier, member ->> 'DBClusterParameterGroupStatus' as db_cluster_parameter_group_status, member ->> 'DBInstanceIdentifier' as db_instance_identifier, member ->> 'IsClusterWriter' as is_cluster_writer, member ->> 'PromotionTier' as promotion_tierfrom aws_docdb_cluster cross join jsonb_array_elements(members) as member;select db_cluster_identifier, json_extract(member.value, '$.DBClusterParameterGroupStatus') as db_cluster_parameter_group_status, json_extract(member.value, '$.DBInstanceIdentifier') as db_instance_identifier, json_extract(member.value, '$.IsClusterWriter') as is_cluster_writer, json_extract(member.value, '$.PromotionTier') as promotion_tierfrom aws_docdb_cluster, json_each(members) as member;List clusters where deletion protection is disabled
Determine the areas in which deletion protection is disabled for your clusters. This can help in identifying potential vulnerabilities and ensuring your data is secure.
select db_cluster_identifier, status, cluster_create_time, deletion_protectionfrom aws_docdb_clusterwhere not deletion_protection;select db_cluster_identifier, status, cluster_create_time, deletion_protectionfrom aws_docdb_clusterwhere not deletion_protection = 0;Control examples
- All Controls > DocumentDB > AWS DocumentDB clusters should be encrypted at rest
- All Controls > DocumentDB > DocumentDB clusters should have deletion protection enabled
- AWS DocumentDB clusters should have an adequate backup retention period
- AWS Foundational Security Best Practices > DocumentDB > 1 Amazon DocumentDB clusters should be encrypted at rest
- AWS Foundational Security Best Practices > DocumentDB > 2 Amazon DocumentDB clusters should have an adequate backup retention period
- AWS Foundational Security Best Practices > DocumentDB > 5 Amazon DocumentDB clusters should have deletion protection enabled
Schema for aws_docdb_cluster
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| arn | text | The Amazon Resource Name (ARN) for the Cluster. | |
| associated_roles | jsonb | A list of AWS IAM roles that are associated with the cluster. | |
| availability_zones | jsonb | A list of Availability Zones (AZs) where instances in the cluster can be created. | |
| backup_retention_period | bigint | Specifies the number of days for which automatic snapshots are retained. | |
| clone_group_id | text | Identifies the clone group to which the DB cluster is associated. | |
| cluster_create_time | timestamp with time zone | Specifies the time when the cluster was created. | |
| db_cluster_identifier | text | = | Contains a user-supplied cluster identifier. This identifier is the unique key that identifies a cluster. |
| db_cluster_parameter_group | text | Specifies the name of the cluster parameter group for the cluster. | |
| db_cluster_resource_id | text | The Region-unique, immutable identifier for the cluster. | |
| db_subnet_group | text | Specifies information on the subnet group associated with the cluster. | |
| deletion_protection | boolean | Specifies whether the cluster has deletion protection enabled, or not. | |
| earliest_restorable_time | timestamp with time zone | The earliest time to which a database can be restored with point-in-time restore. | |
| enabled_cloudwatch_logs_exports | jsonb | A list of log types that this cluster is configured to export to Amazon CloudWatch Logs. | |
| endpoint | text | Specifies the connection endpoint for the primary instance of the DB cluster. | |
| engine | text | The name of the database engine to be used for this DB cluster. | |
| engine_version | text | Indicates the database engine version. | |
| hosted_zone_id | text | Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. | |
| kms_key_id | text | The AWS KMS key identifier for the encrypted cluster. | |
| latest_restorable_time | timestamp with time zone | Specifies the latest time to which a database can be restored with point-in-time restore. | |
| master_user_name | text | Contains the master username for the cluster. | |
| members | jsonb | A list of instances that make up the cluster. | |
| multi_az | boolean | Specifies whether the cluster has instances in multiple Availability Zones, or not. | |
| partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
| percent_progress | text | Specifies the progress of the operation as a percentage. | |
| port | bigint | Specifies the port that the database engine is listening on. | |
| preferred_backup_window | text | Specifies the daily time range during which automated backups are created. | |
| preferred_maintenance_window | text | Specifies the weekly time range during which system maintenance can occur | |
| read_replica_identifiers | jsonb | A list of identifiers of the read replicas associated with this cluster. | |
| reader_endpoint | text | The reader endpoint for the DB cluster. | |
| region | text | The AWS Region in which the resource is located. | |
| replication_source_identifier | text | Contains the identifier of the source cluster if this cluster is a secondary cluster. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| status | text | Specifies the current state of this cluster. | |
| storage_encrypted | boolean | Specifies whether the cluster is encrypted, or not. | |
| storage_type | text | Storage type associated with your cluster Storage type associated with the cluster. | |
| tags | jsonb | A map of tags for the resource. | |
| tags_src | jsonb | A list of tags attached to the Cluster. | |
| title | text | Title of the resource. | |
| vpc_security_groups | jsonb | A list of VPC security groups that the DB cluster belongs to. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awsYou can pass the configuration to the command with the --config argument:
steampipe_export_aws --config '<your_config>' aws_docdb_cluster