So you’ve decided to have some control and governance over the provisioning of RDS database in your accounts. The days of the Wild West are OVER! Security rules are going to be enforced, same as backup policies. Time to automate this stuff and run it all through Service Catalog. YES!!!!
There’s a small catch.
Not all parameters that you can set either via the console, the RDS API or the CLI can be set in CloudFormation…I hit one recently became a blocker for our deployments and you may suffer too if you work with Oracle. You CANNOT set the NLS_NCHAR_CHARACTERSET usinc CloudFormation. There is no parameter option for it. Here is the documentation for setting the CharacterSet, but as you’ll be able to see there is no corresponding option for nCharacterSet: https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-rds.DatabaseInstance.html#charactersetname
Now, given that NCHAR isn’t a commonly used data type and Oracle themselves recommend that you use AL16UTF16, which is the AWS RDS Oracle default, this may not impact you or your company. But if like us we had a vendor who was specifying the usage of UTF8 for NCHAR fields it mattered a great deal.
I’ve raised the issue with AWS Support to try to get all RDS API and CLI parameters matched in CloudFormation because if any option exists, then it should exist for all interactions.
Let me know in the comments if you’ve come across any other blockers like this when using CloudFormation or CDK.