Amazon Aurora MySQL Database on the AWS Cloud
Quick Start Reference Deployment

March 2021
Arabinda Pani, AWS PSA Database Specialist team
Dave May, AWS Quick Start team
Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start. |
This Quick Start was created by Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.
Overview
This guide provides instructions for deploying the Amazon Aurora MySQL Database Quick Start reference architecture on the AWS Cloud with high availability and failover support. This Quick Start is for users who are looking for a repeatable, customizable reference architecture for Aurora MySQL using AWS CloudFormation.
You can also use this Quick Start as a building block for other automated deployments. To do this, use the existing-VPC deployment option, which creates only the Aurora database components. The template for this option plugs in to your existing AWS CloudFormation templates and replaces your MySQL database.
Amazon Aurora MySQL Database on AWS
Amazon Aurora is a fully managed relational database engine that’s compatible with MySQL and PostgreSQL. With Aurora, you can use the code, tools, and applications you use today with your existing MySQL and PostgreSQL databases. For some workloads, Aurora can deliver up to five times the throughput of MySQL without requiring changes to most of your existing applications.
As part of Amazon Relational Database Service (Amazon RDS), Aurora takes advantage of Amazon RDS features for database management and administration. It eliminates the need to maintain database infrastructure: servers, replication, backups, and so on.
AWS costs
You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start. There is no additional cost for using the Quick Start.
The AWS CloudFormation templates for Quick Starts include configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.
After you deploy the Quick Start, create AWS Cost and Usage Reports to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. These reports provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports? |
Software licenses
MySQL is free and open-source, so no license is required to use this Quick Start.
Architecture
Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following Aurora MySQL environment in the AWS Cloud.

As shown in Figure 1, the Quick Start sets up the following:
-
A highly available architecture that spans two Availability Zones.*
-
A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
-
In the public subnets:
-
Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
-
A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to resources in the private subnets.*
-
-
In the private subnets, an Aurora database (DB) cluster in a security group, including one DB reader and one DB writer.
-
An Amazon CloudWatch alarm to monitor the CPU on the bastion host and send alarm notifications using Amazon Simple Notification Service (Amazon SNS).
-
An encryption key using AWS Key Management Service (AWS KMS). The key enables encryption at rest for the Aurora DB cluster.
*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.
Planning the deployment
Specialized knowledge
This deployment requires a moderate level of familiarity with AWS services. If you’re new to AWS, see Getting Started Resource Center and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.
This Quick Start assumes familiarity with database concepts and usage as described in the following documentation:
AWS account
If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.
Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.
Technical requirements
Before you launch the Quick Start, review the following information and ensure that your account is properly configured. Otherwise, deployment might fail.
Resource quotas
If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see What is Service Quotas? and AWS service quotas.
Resource | This deployment uses |
---|---|
VPCs |
1 |
AWS Identity and Access Management (IAM) security groups |
2 |
IAM roles |
1 |
Auto Scaling groups |
1 |
db.r4.large instances |
2 |
t2.micro instances |
1 |
Supported AWS Regions
For any Quick Start to work in a Region other than its default Region, all the services it deploys must be supported in that Region. You can launch a Quick Start in any Region and see if it works. If you get an error such as “Unrecognized resource type,” the Quick Start is not supported in that Region.
For an up-to-date list of AWS Regions and the AWS services they support, see AWS Regional Services.
Certain Regions are available on an opt-in basis. For more information, see Managing AWS Regions. |
IAM permissions
Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions. For more information, see AWS managed policies for job functions.
Requirements for deploying Aurora into an existing VPC
If you plan to deploy Aurora into an existing VPC, check the following:
-
Your VPC must have two private subnets in different Availability Zones for the database instances. This Quick Start does not support shared subnets.
-
To download packages and software without exposing instances to the internet, the private subnets require NAT gateways in their route tables.
-
The domain name must be configured in the Dynamic Host Configuration Protocol (DHCP) options. For more information, see DHCP options sets.
-
You must have a Linux bastion host to run the tests discussed in the Test the deployment section. To install the bastion host, launch the AWS CloudFormation template that we provide for an existing subnet. When you launch the Quick Start, you are prompted for your VPC settings.
If you don’t have an existing VPC that satisfies these requirements, use the new-VPC deployment option so that the Quick Start builds a VPC for you in addition to deploying Aurora MySQL.
Deployment options
This Quick Start provides two deployment options:
-
Deploy Aurora MySQL into a new VPC. This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, a security group, bastion hosts, and other infrastructure components. It then deploys Aurora MySQL into this new VPC.
-
Deploy Aurora MySQL into an existing VPC. This option provisions Aurora MySQL in your existing AWS infrastructure.
This Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Aurora MySQL settings, as discussed later in this guide.
Deployment steps
Sign in to your AWS account
-
Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see Planning the deployment, earlier in this guide.
-
Ensure that your AWS account is configured correctly, as discussed in the Technical requirements section.
Launch the Quick Start
This Quick Start does not support shared subnets. If you’re deploying Aurora MySQL into an existing VPC, ensure that your VPC has two private subnets in different Availability Zones for the workload instances. And ensure that the subnets aren’t shared. These subnets require NAT gateways in their route tables to allow the instances to download packages and software without exposing them to the internet. |
Each deployment takes about 30 minutes to complete.
-
Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see Deployment options, earlier in this guide.
-
Check the AWS Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for Aurora MySQL is built. The template launches in the us-east-1 Region by default. For other choices, see Amazon Aurora endpoints and quotas.
-
On the Create stack page, keep the default setting for the template URL, and then choose Next.
-
On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary.
+
+ . On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next. . On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros. . Choose Create stack to deploy the stack. . Monitor the status of the stack. When the status is CREATE_COMPLETE, the Aurora MySQL deployment is ready. . To view the created resources, see the values displayed in the Outputs tab for the stack.
Test the deployment
To test the deployment, confirm that the MySQL database is accepting connections by following these steps. This optional test requires that you have bastion-host access with TCP forwarding capabilities (the parameters EnableBastion
and EnableTCPForwarding
are both set to "true").
-
Download the latest version of MySQL Workbench, and install it on the workstation from which you will be connecting to the Aurora MySQL DB cluster.
-
From the AWS CloudFormation console, on the BastionStack Outputs tab, note the value for
EIP1
, as shown in Figure 2.
-
From the AWS CloudFormation console, on the AuroraStack Outputs tab, note the values of
DBName
,DBMasterUsername
,AuroraClusterEndpoint
, andAuroraClusterPort
, as shown in Figure 3.
-
Create an SSH tunnel to the bastion host using the following command, filling in the values for the bracketed terms. For <KeyPairName>, enter the path for the EC2 key pair that you specified for the
KeyPairName
parameter while creating the AWS CloudFormation stack.ssh -N -L <AuroraClusterPort>:<AuroraClusterEndpoint>:<AuroraClusterPort> ec2-user@EIP1 -i <KeyPairName>
A message appears indicating that you’ve connected to the bastion host.
-
Launch MySQL Workbench on your workstation.
-
On the Database menu, choose Connect to Database, as shown in Figure 4.
-
Enter the following in the Connect to Database dialog box, shown in Figure 5.
-
In the Connect to MySQL Server dialog box, shown in Figure 6, enter the administrator password (
DBMasterUserPassword
) that you entered during stack creation. If theRotateDBPassword
parameter was set to true during stack creation, the administrator password for Aurora MySQL was rotated after creation. In this case, retrieve the new password as follows:-
From the AWS CloudFormation console, on the AuroraStack Outputs tab, note the values for
AuroraMasterUserSecret
. -
On the AWS Secrets Manager console, choose the secret you noted above.
-
Choose Retrieve Secret Value, and copy the password.
A MySQL Workbench dashboard appears, as shown in Figure 7.
-
-
In the Navigator pane, under PERFORMANCE, choose Dashboard. Database-performance metrics appear, as shown in Figure 8.
-
Terminate the SSH tunnel by pressing Ctrl+C. You’ve completed the testing.
FAQ
Q. I encountered a CREATE_FAILED error when I launched the Quick Start.
A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to Disabled. (This setting is under Advanced in the AWS CloudFormation console, Options page.) With this setting, the stack’s state is retained so you can troubleshoot the issue.
When you set Rollback on failure to Disabled, you continue to incur AWS charges for the stack. Delete the stack when you finish troubleshooting. |
For more information, see Troubleshooting AWS CloudFormation.
Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.
A. Launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer, or from a location other than an S3 bucket, you might encounter template size limitations. For more information, see AWS CloudFormation quotas.
Customer responsibility
After you successfully deploy this Quick Start, confirm that your resources and services are updated and configured — including any required patches — to meet your security and other needs. For more information, see the AWS Shared Responsibility Model.
Parameter reference
Unless you are customizing the Quick Start templates for your own deployment projects, keep the default settings for the parameters labeled Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these parameter settings automatically updates code references to point to a new Quick Start location. For more information, see the AWS Quick Start Contributor’s Guide. |
Parameters for deploying into a new VPC
Parameter label (name) | Default value | Description |
---|---|---|
Availability Zones
( |
|
Availability Zones to use for the subnets in the VPC. This deployment uses two Availability Zones. The logical order of your selections is preserved. |
VPC CIDR
( |
|
CIDR block for the VPC. |
Private subnet 1 CIDR
( |
|
CIDR block for private subnet 1 located in Availability Zone 1. |
Private subnet 2 CIDR
( |
|
CIDR block for private subnet 2 located in Availability Zone 2. |
Public subnet 1 CIDR
( |
|
CIDR block for the public subnet 1 located in Availability Zone 1. |
Public subnet 2 CIDR
( |
|
CIDR block for the public subnet 2 located in Availability Zone 2. |
Parameter label (name) | Default value | Description |
---|---|---|
Enable bastion stack
( |
|
If you do not want to create a Linux bastion stack, choose "false." You must have a bastion host to test the deployment as described in the deployment guide. |
Key-pair name
( |
|
Name of the existing key pair for connecting to your EC2 instance. A key pair consists of a private key and a public key. |
Permitted IP range
( |
|
Allowed CIDR block for external SSH access. |
Enable TCP forwarding
( |
|
With TCP forwarding on the bastion host, you can set up traffic forwarding to resources in private subnets. To enable TCP forwarding, choose "true." This setting enables only the capability; it doesn’t set up any traffic forwarding. You must enable TCP forwarding to test the deployment as described in the deployment guide. |
Parameter label (name) | Default value | Description |
---|---|---|
Database name
( |
|
Name of the Amazon Aurora database. |
Database administrator user name
( |
|
Administrator user name for the database account. |
Rotate database password
( |
|
To rotate the password on a schedule (every 89 days), choose "true." |
Database administrator password
( |
|
Administrator password for the database account. Must include 1 uppercase, 1 lowercase, 1 number, 1 symbol (not / @ " '). |
Database port
( |
|
Port on which the DB instance listens for connections. Aurora Serverless supports port 3306 only. |
Database automatic minor version upgrades
( |
|
To enable automatic minor version upgrades, choose "true." |
Database backup retention period
( |
|
Number of days (1 to 35) that automatic database snapshots are retained. |
Database engine version
( |
|
Version of the database engine. Currently Multi-Master is available only for Aurora-MySQL5.6.10a, Serverless is available only for Aurora-MySQL5.6.10a and Aurora-MySQL5.7-2.07.1. To see supported Aurora features by Regions and engine versions, see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraFeaturesRegionsDBEngines.grids.html. |
Database engine mode
( |
|
Engine mode of the cluster. With provisioned databases (the default), you provision and manage the server instance sizes. For descriptions of the other options, see https://aws.amazon.com/rds/aurora/faqs/. |
Multi-AZ deployment
( |
|
If the database instance is not in a multiple Availability Zone deployment, choose "false." Not applicable for Aurora Serverless. |
Database instance class
( |
|
Name of the compute and memory-capacity class of the database instance. Not applicable for Aurora Serverless. Supported instance type for Aurora Multi-Master is db.r4.[2/4/8/16]xlarge only. db.t3 instance class doesn’t support RDS Performance Insights |
Database encryption enabled
( |
|
To disable database encryption, choose "false." |
Database CloudWatch log exports
( |
|
Specify the comma-delimited list of database logs (error, slowquery, audit) to export to CloudWatch Logs. |
Aurora database backtracking
( |
|
Aurora database backtracking "rewinds" the DB cluster to a time you specify without needing to restore data from a backup. To enable database backtracking, choose "true." Not applicable for Aurora Serverless, Aurora Global Database and Aurora Multi-master. See https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html. |
SNS notification-list email address
( |
|
Email-list address used to configure an SNS topic for sending CloudWatch alarm and RDS event notifications. |
Parameter label (name) | Default value | Description |
---|---|---|
Minimum Aurora capacity unit
( |
|
Minimum capacity for an Aurora DB cluster in serverless DB engine mode. The minimum capacity must be less than or equal to the maximum capacity. |
Maximum Aurora capacity unit
( |
|
Maximum capacity for an Aurora DB cluster in serverless DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. |
Pause compute capacity
( |
|
To enable automatic pause for an Aurora DB cluster in serverless DB engine mode, choose "true." A DB cluster can be paused only when it’s idle (when it has no connections). |
Pause after time of inactivity
( |
|
Time, in seconds, before an Aurora DB cluster in serverless mode is automatically paused. Minimum = 300. Maximum = 86400 (24 hours). |
Parameter label (name) | Default value | Description |
---|---|---|
Environment stage
( |
|
(Optional) Environment stage of the associated AWS resource. |
Application name
( |
|
(Optional) Name of the application for the associated AWS resource. |
Application version
( |
|
(Optional) Version of the application. |
Project cost center
( |
|
(Optional) Cost center associated with the project of the associated AWS resource. |
Confidentiality classifier
( |
|
(Optional) Confidentiality classification of the data that is associated with the AWS resource. |
Compliance classifier
( |
|
(Optional) Compliance level for the AWS resource. |
Parameter label (name) | Default value | Description |
---|---|---|
Quick Start S3 bucket name
( |
|
Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. |
Quick Start S3 bucket Region
( |
|
AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html. |
Quick Start S3 key prefix
( |
|
S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. |
Parameters for deploying into an existing VPC
Parameter label (name) | Default value | Description |
---|---|---|
VPC ID
( |
|
ID of the VPC you are deploying Aurora into (e.g., vpc-0343606e). |
Private subnet 1 ID
( |
|
ID of the private subnet in Availability Zone 1. |
Private subnet 2 ID
( |
|
ID of the private subnet in Availability Zone 2. |
Custom security group ID
( |
|
ID of the security group (e.g., sg-0234se). One will be created for you if left empty. |
Database connection CIDR
( |
|
Allowed CIDR block for external access (use VPC CIDR). |
Parameter label (name) | Default value | Description |
---|---|---|
Database name
( |
|
Name of the Amazon Aurora database. |
Database administrator user name
( |
|
Administrator user name for the database account. |
Rotate database password
( |
|
To rotate the password on a schedule (every 89 days), choose "true." |
Database administrator password
( |
|
Administrator password for the database account. Minimum 8 characters. Must include 1 uppercase, 1 lowercase, 1 number, 1 symbol (not / @ " '). |
Database port
( |
|
Port on which the DB instance listens for connections. Aurora Serverless supports port 3306 only. |
Database automatic minor version upgrades
( |
|
To enable automatic minor version upgrades, choose "true." |
Database backup retention period
( |
|
Number of days (from 1 to 35) that automatic database snapshots are retained. |
Database engine mode
( |
|
Engine mode of the cluster. With provisioned databases (the default), you provision and manage the server instance sizes. For descriptions of the other options, see https://aws.amazon.com/rds/aurora/faqs/. |
Database engine version
( |
|
Version of the database engine. Currently Multi-Master is available only for Aurora-MySQL5.6.10a, Serverless is available only for Aurora-MySQL5.6.10a and Aurora-MySQL5.7-2.07.1. To see supported Aurora features by Regions and engine versions, see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraFeaturesRegionsDBEngines.grids.html. |
Multi-AZ deployment
( |
|
If the database instance is not in a multiple Availability Zone deployment, choose "false." Not applicable for Aurora Serverless. |
Database instance class
( |
|
Name of the compute and memory-capacity class of the database instance. Not applicable for Aurora Serverless. Supported instance type for Aurora Multi-Master is db.r4.[2/4/8/16]xlarge only. db.t3 instance class doesn’t support RDS Performance Insights. |
Database encryption enabled
( |
|
To disable database encryption, choose "false." |
Database CloudWatch log exports
( |
|
Specify the comma-delimited list of database logs (error, slowquery, audit) to export to CloudWatch Logs. Not applicable for Aurora Serverless. |
Aurora database backtracking
( |
|
Aurora database backtracking "rewinds" the DB cluster to a time you specify without needing to restore data from a backup. To enable database backtracking, choose "true." Not applicable for Aurora Serverless, Aurora Global Database and Aurora Multi-master. See https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html. |
SNS notification-list email address
( |
|
Email-list address used to configure an SNS topic for sending CloudWatch alarm and RDS event notifications. |
Parameter label (name) | Default value | Description |
---|---|---|
Minimum Aurora capacity unit
( |
|
Minimum capacity for an Aurora DB cluster in serverless DB engine mode. The minimum capacity must be less than or equal to the maximum capacity. |
Maximum Aurora capacity unit
( |
|
Maximum capacity for an Aurora DB cluster in serverless DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. |
Pause compute capacity
( |
|
To enable automatic pause for an Aurora DB cluster in serverless DB engine mode, choose "true." A DB cluster can be paused only when it’s idle (when it has no connections). |
Pause after time of inactivity
( |
|
Time, in seconds, before an Aurora DB cluster in serverless mode is automatically paused. Minimum = 300. Maximum = 86400 (24 hours). |
Parameter label (name) | Default value | Description |
---|---|---|
Environment stage
( |
|
(Optional) Environment stage of the associated AWS resource. |
Application name
( |
|
(Optional) Name of the application for the associated AWS resource. |
Application version
( |
|
(Optional) Version of the application. |
Project cost center
( |
|
(Optional) Cost center associated with the project of the associated AWS resource. |
Confidentiality classifier
( |
|
(Optional) Confidentiality classification of the data that is associated with the AWS resource. |
Compliance classifier
( |
|
(Optional) Compliance level for the AWS resource. |
Parameter label (name) | Default value | Description |
---|---|---|
Quick Start S3 bucket name
( |
|
Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. |
Quick Start S3 key prefix
( |
|
S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. |
Send us feedback
To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, see the Quick Start Contributor’s Guide.
Quick Start reference deployments
See the AWS Quick Start home page.
GitHub repository
Visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.
Notices
This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.
The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.