AWS Relational Database Service - RDS

- Relational Database Service – RDS is a web service that makes it easier to set up, operate, and scale a relational database in the cloud. - provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks such as hardware provisioning, database setup, patching, and backups. - features & benefits - CPU, memory, storage, and IOPs can be scaled independently. - manages backups, software patching, automatic failure detection, and recovery. - [automated backups](https://jayendrapatil.com/aws-rds-db-snapshot-backup-restore/) can be performed as needed, or manual backups can be triggered as well. Backups can be used to restore a database, and the restore process works reliably and efficiently. - provides [Multi-AZ](https://jayendrapatil.com/rds-multi-az-deployment/) high availability with a primary instance and a synchronous standby secondary instance that can failover seamlessly when a problem occurs. - provides elasticity & scalability by enabling Read Replicas to increase read scaling. - supports MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server, and the new, MySQL-compatible Aurora DB engine - supports IAM users and permissions to control who has access to the RDS database service - databases can be further protected by putting them in a VPC, using SSL for data in transit and encryption for data in rest - However, **as it is a managed service, shell (root ssh) access to DB instances is not provided**, and this restricts access to certain system procedures and tables that require advanced privileges. ## RDS Components - **DB Instance** - is a basic building block of RDS - is an isolated database environment in the cloud - each DB instance runs a DB engine. AWS currently supports MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server & Aurora DB engines - can be accessed from AWS command-line tools, RDS APIs, or the AWS Management RDS Console. - computation and memory capacity of a DB instance is determined by its DB instance class, which can be selected as per the needs - supports three storage types: Magnetic, General Purpose (SSD), and Provisioned IOPS (SSD), which differ in performance and price - each DB instance has a DB instance identifier, which is a customer-supplied name and must be unique for that customer in an AWS region. It uniquely identifies the DB instance when interacting with the RDS API and AWS CLI commands. - each DB instance can host multiple user-created databases or a single Oracle database with multiple schemas. - can be hosted in an AWS VPC environment for better control - **Regions and Availability Zones** - AWS resources are housed in highly available data center facilities in different areas of the world, these data centers are called regions which further contain multiple distinct locations called Availability Zones - Each AZ is engineered to be isolated from failures in other AZs and to provide inexpensive, low-latency network connectivity to other AZs in the same region - DB instances can be hosted in different AZs, an option called a Multi-AZ deployment. - RDS automatically provisions and maintains a **synchronous** standby replica of the DB instance in a different AZ. - Primary DB instance is synchronously replicated across AZs to the standby replica - Provides data redundancy, failover support, eliminates I/O freezes, and minimizes latency spikes during system backups. - **Security Groups** - security group controls the access to a DB instance, by allowing access to the specified IP address ranges or EC2 instances - **DB Parameter Groups** - A DB parameter group contains engine configuration values that can be applied to one or more DB instances of the same instance type - help define configuration values specific to the selected DB Engine _for e.g. `max_connections, force_ssl` , `autocommit`_ - supports default parameter group, which cannot be edited. - supports custom parameter group, to override values - supports static and dynamic parameter groups - changes to dynamic parameters are applied immediately (irrespective of apply immediately setting) - changes to static parameters are **NOT** applied immediately and require a manual reboot. - **DB Option Groups** - Some DB engines offer tools or optional features that simplify managing the databases and making the best use of data. - RDS makes such tools available through option groups _for e.g. Oracle Application Express (APEX), SQL Server Transparent Data Encryption, and MySQL Memcached support._ ## RDS Interfaces - RDS can be interacted with multiple interfaces - AWS RDS Management console - Command Line Interface - Programmatic Interfaces which include SDKs, libraries in different languages, and RDS API ## [[AWS RDS Replication - Multi-AZ vs Read Replica|RDS Multi-AZ & Read Replicas]] - [[AWS RDS Multi-AZ Deployment|Multi-AZ deployment]] - provides high availability, durability, and automatic failover support - helps improve the durability and availability of a critical system, enhancing availability during planned system maintenance, DB instance failure, and Availability Zone disruption. - automatically provisions and manages a **synchronous** standby instance in a different AZ. - automatically fails over in case of any issues with the primary instance - A [[AWS RDS Multi-AZ Deployment#AWS RDS Multi-AZ DB Instance RDS Multi-AZ DB Instance Deployment|Multi-AZ DB instance deployment]] has one standby DB instance that provides failover support but doesn’t serve read traffic. - A [[AWS RDS Multi-AZ DB Cluster|Multi-AZ DB cluster deployment]] has two standby DB instances that provide failover support and can also serve read traffic. - [[AWS RDS Read Replicas|Read replicas]] - enable increased scalability and database availability in the case of an AZ failure. - allow elastic scaling beyond the capacity constraints of a single DB instance for read-heavy database workloads ## [RDS Security](https://jayendrapatil.com/aws-rds-security/) - DB instance can be hosted in a VPC for the greatest possible network access control. - [IAM](https://jayendrapatil.com/aws-iam-overview/) policies can be used to assign permissions that determine who is allowed to manage RDS resources. - [Security groups](https://jayendrapatil.com/aws-vpc-security-group-vs-nacls/#Security_Groups) allow control of what IP addresses or EC2 instances can connect to the databases on a DB instance. - RDS supports [encryption in transit](https://jayendrapatil.com/aws-rds-security/#RDS_Encryption_in_Transit_-_SSL) using SSL connections - RDS supports [encryption at rest](https://jayendrapatil.com/aws-rds-security/#RDS_Encryption_at_Rest) to secure instances and snapshots at rest. - Network encryption and transparent data encryption (TDE) with Oracle DB instances - Authentication can be implemented using Password, Kerberos, and [IAM database authentication](https://jayendrapatil.com/aws-rds-security/#IAM_Database_Authentication). ## [RDS Backups, Snapshot](https://jayendrapatil.com/aws-rds-db-snapshot-backup-restore/) - Automated backups - are enabled by default for a new DB instance. - enables recovery of the database to any point in time, with database change logs, during the backup retention period, up to the last five minutes of database usage. - DB snapshots are manual, user-initiated backups that enable backup of the DB instance to a known state, and restore to that specific state at any time. ## [RDS Monitoring & Notification](https://jayendrapatil.com/aws-rds-monitoring-notification/) - RDS integrates with [CloudWatch](https://jayendrapatil.com/aws-cloudwatch-overview/) and provides metrics for monitoring - CloudWatch alarms can be created over a single metric that sends an SNS message when the alarm changes state - RDS also provides [SNS](https://jayendrapatil.com/aws-sns-simple-notification-service/) notification whenever any RDS event occurs - [RDS Performance Insights](https://jayendrapatil.com/aws-rds-monitoring-notification/#RDS_Performance_Insights) is a database performance tuning and monitoring feature that helps illustrate the database’s performance and help analyze any issues that affect it - [RDS Recommendations](https://jayendrapatil.com/aws-rds-monitoring-notification/#RDS_Recommendations) provides automated recommendations for database resources. ## RDS Pricing - Instance class - Pricing is based on the class (e.g., micro) of the DB instance consumed. - Running time - Usage is billed in one-second increments, with a minimum of 10 mins. - Storage - Storage capacity provisioned for the DB instance is billed per GB per month - If the provisioned storage capacity is scaled within the month, the bill will be pro-rated. - I/O requests per month - Total number of storage I/O requests made in a billing cycle. - Provisioned IOPS (per IOPS per month) - Provisioned IOPS rate, regardless of IOPS consumed, for RDS Provisioned IOPS (SSD) storage only. - Provisioned storage for EBS volumes is billed in one-second increments, with a minimum of 10 minutes. - Backup storage - Automated backups & any active database snapshots consume storage - Increasing backup retention period or taking additional database snapshots increases the backup storage consumed by the database. - RDS provides backup storage up to 100% of the provisioned database storage at no additional charge _for e.g., if you have 10 GB-months of provisioned database storage, RDS provides up to 10 GB-months of backup storage at no additional charge._ - Most databases require less raw storage for a backup than for the primary dataset, so if multiple backups are not maintained, you will never pay for backup storage. - Backup storage is free only for active DB instances. - Data transfer - Internet data transfer out of the DB instance. - Reserved Instances - In addition to regular RDS pricing, reserved DB instances can be purchased ### Further Reading - [RDS Multi-AZ and Read Replica](https://jayendrapatil.com/aws-rds-replication-multi-az-read-replica/) - [RDS Storage](https://jayendrapatil.com/aws-rds-storage/) - [RDS Snapshots, Backup & Restore](https://jayendrapatil.com/aws-rds-db-snapshot-backup-restore/) - [RDS Security](https://jayendrapatil.com/aws-rds-security/) - [RDS Maintenance & Upgrades](https://jayendrapatil.com/aws-rds-db-maintenance-upgrades/) - [RDS Monitoring & Notification](https://jayendrapatil.com/aws-rds-monitoring-notification/) ## Sources [AWS\_Relational\_Database\_Service\_RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html) [AWS Relational Database Service - RDS](https://jayendrapatil.com/aws-relational-database-service-rds/)