Learn how to monitor your database performance closely and troubleshoot database issues quickly using a variety of features provided by Amazon RDS and MySQL including database events, logs, and engine-specific features. You will also learn about the security best practices to use with Amazon RDS for MySQL as well as how to effectively move data between Amazon RDS and on-premises instances. Hear from Amazon RDS customer Airbnb about the best practices they have implemented in their RDS for MySQL architectures.
2. What’s new in Amazon RDS MySQL
AWS Key Management
Service (AWS KMS)
3. Selected RDS MySQL customers
Tens of thousands of customers. Hundreds of thousands of DB instances.
4. What we will cover in this session
Quick introduction to Amazon Relation Database Service (Amazon RDS)
Making the most out of RDS MySQL
Securing your data—encryption at rest
Database migration with minimal downtime
Improving performance by cache warming
Burst mode resources to reduce cost
Learn it from the experts—Airbnb
5. Why choose Amazon RDS?
Schema design
Query construction
Query optimization
High availability
Backup and recovery
Isolation and security
Industry compliance
Push-button scaling
Automated patching
Advanced monitoring
Routine maintenance
Amazon RDS takes care of your time-consuming database
management tasks, freeing you to focus on your applications and
business
You
RDS
6. We made it highly available, secure, easier, and cheaper
Push-button provisioning; automated scaling, patching, security, backups,
restores, and general care and feeding
Lower TCO because we manage the muck
► Get more leverage from your teams
► Focus on the things that differentiate you
Built-in high availability and cross-region replication across multiple data
centers
Now even a small startup can leverage multiple data centers to design highly
available apps with over 99.95% availability
7. High availability with Multi-AZ deployments
Enterprise-grade fault tolerance solution for production databases
An Availability Zone is a physically distinct, independent infrastructure
Your database is synchronously replicated to another AZ in the same AWS region
Failover occurs automatically in response to the most important failure scenarios
9. Choose cross-region read replicas for faster disaster
recovery and enhanced data locality
Promote a read replica to a
master for faster recovery in the
event of disaster
Bring data close to your
customer’s applications in
different regions
Promote to a master for easy
migration
10. Choose cross-region snapshot copy for even
greater durability, ease of migration
Copy a database snapshot to a different AWS
region
Warm standby for disaster recovery
Or use it as a base for migration to a different
region
11. Amazon RDS provides levels of security
difficult to achieve on-premises
Amazon RDS gives each database
instance IP firewall protection
RDS offers transparent encryption at
rest and SSL protection for data in
transit
Amazon VPC lets you isolate and
control network configuration and
connect securely to your IT
infrastructure
AWS Identity and Access
Management (IAM) provides
resource-level permission controls
AWS has achieved major compliances
13. Do you encrypt your database?
Protect your data at rest
Premium feature for most commercial databases included at no
additional cost to RDS customers
Data stored at rest in the underlying storage is encrypted, as are
its automated backups, read replicas, and snapshots
May be needed for compliance (HIPAA and FedRamp)
15. Services integration with AWS KMS
Two-tiered key hierarchy using envelope encryption
• Unique data key encrypts customer data
• AWS KMS master keys encrypt data keys
Benefits:
• Limits risk of compromised data key
• Better performance for encrypting large data
• Easier to manage small number of master keys
than millions of data keys
• Centralized access and audit of key activity
Data Key 1
Amazon
S3 Object
Amazon
EBS
Volume
Amazon
Redshift
Cluster
Data Key 2 Data Key 3 Data Key 4
Custom
Application
Customer Master
Key(s)
16. Your Application or
AWS Service
+
Data Key Encrypted Data Key
Encrypted
Data
Master Key(s) in
Customer’s Account
AWS KMS
1. Application requests encryption key to use to encrypt data, passes reference to master key in account
2. Client request authenticated based on master key permissions
3. New data encryption key created—copy encrypted under master key
4. Plaintext and encrypted data key returned to the client
5. Plaintext data key used to encrypt data and then deleted
6. Encrypted data key stored for later use and sent back to AWS KMS for when decryption occurs
How keys are used to protect your data
19. Move data to the same or different database engine
Keep your apps running during the migration
Start your first migration in 10 minutes or less
Replicate within, to, or from Amazon EC2 or RDS
AWS Database
Migration Service
20.
21.
22.
23.
24.
25.
26. Migrate from Oracle and SQL Server
Move your tables, views, stored procedures,
and data manipulation language (DML) to
MySQL, MariaDB, and Amazon Aurora
Highlight where manual edits are needed
AWS Schema
Conversion Tool
30. Burst mode—GP2 and T2
GP2—SSD based Amazon EBS storage
• 3 IOPS per GB base performance
• Earn credits when usage below base
• Burst to 3000+ IOPS
T2—Amazon EC2 instance with burst capability
• Base performance + burst
• Earn credits per hour when below base performance
• Can store up to 24 hours’ worth of credits
• Amazon CloudWatch metrics to see credits and usage
40. Airbnb
Using technology to provide unique global
travel experiences.
Exponential growth in: traffic, users, bookings,
data, number of engineers.
Engineers deploy their own code at any time of
day. Rapid experimentation.
Search. Discovery. Global payments. Trust and
safety. Customer experience.