Amazon RDS

What is Amazon RDS? What are RDS Backups?

Amazon RDS is a service which provides database connectivity through the Internet. RDS makes it very simple and easy to set-up a relational database in the cloud.

Instead of concentrating on database features, you can concentrate more on the application to provide high availability, security, and compatibility. RDS is a fully managed RDBMS service.

Amazon RDS stands for Relational Database Service

It’s a managed DB service for DB use SQL as a query language.

RDS is a managed service:

  • Automated provisioning, OS patching
  • Continuous backups and restore to specific timestamp (Point in Time Restore)!
  • Monitoring dashboards
  • Read replicas for improved read performance
  • Multi AZ setup for DR (Disaster Recovery)
  • Maintenance windows for upgrades
  • Scaling capability (vertical and horizontal)
  • Storage backed by EBS (gp2 or io1)

BUT you can’t SSH into your instances.

Benefits of Amazon RDS:

  1. Reduced Administration Burden: Using RDS, you can easily deploy the database from project conception to production.

There is no need to install any database software and provide the infrastructure. AWS automatically installs the latest software patches to the RDS instance which you have launched.

  1. Cost-effective: You just pay for what you use, and nothing more. No upfront payment is needed, just the monthly usage payment.
  2. Security: Using AWS Key Management Service (KMS), you can create encryption keys for maintaining security and authorized access for your database.
  3. High Availability and Durability: The automated recovery feature of RDS enables point-in-time recovery for your database instance. Multi-AZs provide high availability and durability across the globe.
  4. Scalability: It just takes a few minutes to scale your infrastructure up or down, and you can scale up to a maximum of 32 vCPUs and 244 GiB.
  5. Free Tier: AWS gives you a free tier usage of Amazon RDS for 750 hours/month for 12 months.

Database Engines

There are six database engines which RDS provides, and they are:

Amazon Aurora

PostgreSQL

MySQL

MariaDB

Oracle Database

Microsoft SQL Server

RDS Backups:

Backups are automatically enabled in RDS

Automated backups:

  • Daily full backup of the database (during the maintenance window)
  • Transaction logs are backed-up by RDS every 5 minutes
  • ability to restore to any point in time (from oldest backup to 5 minutes ago)
  • 7 days retention (can be increased to 35 days)

DB Snapshots:

  • Manually triggered by the user
  • Retention of backup for as long as you want

Amazon RDS Read Replicas for read scalability:

Up to 5 Read Replicas

Within AZ, Cross AZ or Cross Region

Replication is ASYNC, so reads are eventually consistent

Replicas can be promoted to their own DB

Applications must update the connection string to leverage read replicas

Read replicas are used for SELECT (=read) only kind of statements (not INSERT, UPDATE, DELETE)

RDS Read Replicas – Network Cost:

In AWS there’s a network cost when data goes from one AZ to another

To reduce the cost, you can have your Read Replicas in the same AZ

RDS Multi AZ (Disaster Recovery):

  • SYNC replication
  • One DNS name – automatic app failover to standby
  • Increase availability
  • Failover in case of loss of AZ, loss of network, instance or storage failure
  • No manual intervention in apps
  • Not used for scaling

RDS Security – Encryption

At rest encryption:

Possibility to encrypt the master & read replicas with AWS KMS – AES-256 encryption

Encryption has to be defined at launch time

If the master is not encrypted, the read replicas cannot be encrypted

Transparent Data Encryption (TDE) available for Oracle and SQL Server

In-flight encryption:

SSL certificates to encrypt data to RDS in flight

Provide SSL options with trust certificate when connecting to database

Encrypting RDS backups:

  • Snapshots of un-encrypted RDS databases are un-encrypted
  • Snapshots of encrypted RDS databases are encrypted
  • Can copy a snapshot into an encrypted one

To encrypt an un-encrypted RDS database:

  • Create a snapshot of the un-encrypted database
  • Copy the snapshot and enable encryption for the snapshot
  • Restore the database from the encrypted snapshot
  • Migrate applications to the new database, and delete the old database

Network Security of RDS:

  • RDS databases are usually deployed within a private subnet, not in a public one
  • RDS security works by leveraging security groups

Access Management of RDS:

IAM policies help control who can manage AWS RDS (through the RDS API)

Traditional Username and Password can be used to login into the database

IAM-based authentication can be used to login into RDS MySQL & PostgreSQL

IAM database authentication works with MySQL and PostgreSQL

Auth token has a lifetime of 15 minutes

Benefits:

  • Network in/out must be encrypted using SSL
  • IAM to centrally manage users instead of DB
  • Can leverage IAM Roles and EC2 Instance profiles for easy integration

Related Posts:

Amazon Web Service – AWS Tutorial

Top 13 Reasons to Why Learn AWS in 2022

What is Amazon Aurora?

What Is Amazon ElastiCache

Amazon RedShift – Purpose, Features, Use cases, Redshift Cluster

Amazon DynamoDB – Benefits, Consistency Model

AWS Database Migration Service (DMS)