Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.

1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
@ric__harvey
Amazon RDS Deep Dive
Ric Harvey, Technical Developer Evangelist

2. Agenda
• Quick intro to RDS
• Security
• Metrics and Monitoring
• High Availability
• Scaling
• Backups and Snapshots
• Migrating

3. Amazon Relational Database Service (RDS)
No infrastructure
management
Application
compatibility
Cost-effective Scale up/down
Instant provisioning

4. Trade-offs with a managed service
Fully managed host and OS
• No access to the database host operating system
• Limited ability to modify configuration that is managed on the
host operating system
• No functions that rely on configuration from the host OS
Fully managed storage
• Max storage limits
• Microsoft SQL Server - 16TB
• MySQL, MariaDB, PostgreSQL,Oracle - 6TB
• Aurora - 64TB

5. Amazon RDS Engines
Commercial Open source Cloud Native
Amazon Aurora

6. Hundreds of thousands of active customers
Aurora is the fastest growing service in the history of AWS!

7. Security

8. AmazonVirtual Private Cloud (AmazonVPC)
Securely control network configuration

9. Security Groups
Protocol Port Range Source
TCP 3306 172.31.0.0/16
TCP 3306
“Application
security group”
Database IP firewall protection

10. AWS IAM governed access
You can use AWS Identity and Access
Management (IAM) to:
• Control who can perform actions on RDS
• Authenticate to your RDS MySQL / Aurora DB
• MySQL 5.6.34 / 5.7.16 or higherAurora 1.10 or higher
• Not available for db.t1.micro / db.m1.small
RDS
DBA and Ops

11. Compliance

12. Compliance

13. SSL
Database traffic encryption
Available for all six engines

14. At rest encryption

15. Transparent Data Encryption
M

16. At Rest Encryption for all RDS Engines AWS Key
Management Service (KMS)
Two-tiered key hierarchy using envelope encryption:
• Unique data key encrypts customer data
• AWS KMS master keys encrypt data keys
• Available for ALL RDS engines
Benefits:
• Limits risk of compromised data key
• Better performance for encrypting large data
• Easier to manage small number of master keys
than millions of data keys
• Centralized access and audit of key activity

17. How keys are used to protect your data
1. Launch your RDS instance
2. RDS instance requests encryption key to use to encrypt data, passes reference to master key in account 3. Client
request authenticated based on permissions set on both the user and the key
4. A unique data encryption key is created and encrypted under the KMS master key
5. Plaintext and encrypted data key returned to RDS
6. Plaintext data key stored in memory and used to encrypt/decrypt RDS data

18. Enabling encryption
AWS Command Line Interface (AWS CLI)

19. Metrics and Monitoring

20. Standard monitoring
Amazon CloudWatch metrics for
Amazon RDS
• CPU utilization
• Storage
• Memory
• Swap usage
• DB connections
• I/O (read and write)
• Latency (read and write)
• Throughput (read and write)
• Replica lag
• Many more
Amazon CloudWatch Alarms
• Similar to on-premises custom
monitoring tools

21. Enhanced monitoring
Access to over 50 new CPU, memory, file system, and disk I/O metrics as low as 1
second intervals

22. Simplify monitoring with AWS Management Console
Amazon Performance Insights for RDS
• Database Load : Identifies database
bottlenecks
• Easy
• Powerful
• Identifies source of bottlenecks
• Top SQL
• AdjustableTime frame
• Hour, day, week and longer
AWS re:Invent 2016 DAT206: https://youtu.be/ztmtJJTC8_Y?t=39m53s

23. High availability

24. Multi-AZ deployment DNS failover
S

25. Read Replicas
Bring data close to your
customer’s applications in
different regions
Relieve pressure on your master
node for supporting reads and
writes
Promote a Read Replica to a
master for faster recovery in the
event of disaster
Within or cross-region
• MySQL
• MariaDB
• PostgreSQL
• Aurora

26. High availability - Amazon Aurora storage
• Storage volume automatically grows up to 64TB
• Quorum system for read/write; latency tolerant
• Peer-to-peer gossip replication to fill in holes
• Continuous backup to Amazon S3 (built for 11 9s
durability)
• Continuous monitoring of nodes and disks for repair
• 10 GB segments as unit of repair or hotspot rebalance
• Quorum membership changes do not stall writes

27. High availability - Amazon Aurora nodes
• Aurora cluster contains primary node and up to 15
secondary nodes
• Failing database nodes are automatically detected and
replaced
• Failing database processes are automatically detected
and recycled
• Secondary nodes automatically promoted on persistent
outage, no single point of failure
• Customer application can scale out read traffic across
secondary nodes

28. Scaling

29. Why Scale?
• Handle higher load or lower usage
• Naturally grow over time
• Control costs

30. What can you scale?
Database instances Read Replicas Storage

31. Amazon Aurora - Balanced Read Replica Access

32. Scaling your instance up/down

33. Scaling a single AZ deployment

34. Scaling a multi AZ deployment

35. Scaling automation
Via crontab

36. Scaling automation
AWS Lambda and Amazon Cloudwatch events

37. Scaling automation
Metrics-based scaling
• Amazon CloudWatch and AWS Lambda!

38. Automate switching of dev/test instances
MySQL
MariaDB
PostgreSQL
Oracle
SQL Server

39. Backups and snapshots

40. Automated backups
MySQL, PostgreSQL, MariaDB, Oracle, SQL Server
• Scheduled daily volume backup of entire instance
• Archive database change logs
• 35-day retention
• Taken from standby when running multi-AZ
Aurora
• Automatic, continuous, incremental backups
• No impact on database performance
• 35-day retention

41. How do automated backups work?

42. Restoring
• Creates an entire new database instance
• You define all the instance configuration, just like creating a
new instance

43. Snapshots
• Full copies of your RDS database
• Independent of scheduled backups
• Used to create a new RDS instance
• Taken from the standby when running multi-AZ

44. Migrating onto RDS

45. MySQL backup to Aurora via S3

46. MySQL backup to Aurora via S3

49. Coming soon

50. Aurora Multi-Masters
Seamlessrecovery fromread replicafailures
Auto-scalenewread replicas
Up to 15 read replicasacross3 availability zones
Application
ReadReplica
1
Master
Node
ReadReplica
2
Shared Distributed Storage Volume
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Application
Read/Write
Master 2
Read/Write
Master 1
Shared Distributed Storage Volume
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Read/Write
Master 3
Zero applicationdowntimefromANYnodefailure
Zero applicationdowntimefromANYAZ failure
Multi-region coming in2018
Faster writeperformance
First relational DB service with scale out for both read and write across multiple DC’s

51. Aurora Serverless
Aut omat ically
scalescapacity up
and down
Pay per second
and only for t he
dat abase
capacit y youuse
St art supon
demandand
shut sdownwhen
not inuse
Noneedt o
provision
inst ances
On-demand, auto-scaling database for applications with unpredictable or
cyclical workloads

52. @ric__harvey