Amazon Relational Database Service - Part2
Utkarsh Rastogi
Amazon Cloud Concepts Learning --> Day24
Multi-AZ Deployments v/s Read Replicas
DB Subnet Group
A DB subnet group is a collection of subnets (typically private) that you create in a VPC and that you then designate for your DB instances.
Subnets in at least two Availability Zones within a given region should be included in each DB subnet group.
You may choose which DB subnet group and which AZ inside the group to put the RDS DB instance in when creating an RDS instance.
You are unable to select an IP address inside the designated subnet.
RDS Backup and Restore
When your DB instance or multi-AZ DB cluster has a backup window, Amazon RDS automatically generates and stores backups of both.
Rather than backing up individual databases, RDS produces a storage volume snapshot of your database instance.
RDS provides two ways to backup data i.e. Automated Backup and Manual Backup
Automated Backup
RDS Backups are incremental. The first snapshot of a DB instance contains the data for the full database. Subsequent snapshots of the same database are incremental, which means that only the data that has changed after your most recent snapshot is saved.
Automated backups are enabled by default for a new DB instance.
This backup occurs during a daily user-configurable 30-minute period known as the backup window. Automated backups are kept for a configurable number of days (called the backup retention period).
Your automatic backup retention period can be configured to up to thirty-five days.
Your DB instance must be in the available state for automated backups to occur
Manual Backup (Snapshots)
Database snapshots are user-initiated backups of your instance that are maintained in Amazon S3 until you remove them specifically.
Anytime you would like, you may start a fresh instance from a database snapshot.
Database snapshots function like complete backups in theory, but you are only charged for the incremental storage that you utilize.
RDS Automated Backups v/s Manual Snapshots
The following table compares RDS manual snapshots and RDS automatic backups
Amazon RDS Proxy
You may enhance the scalability of your apps by enabling them to share and pool database connections by utilizing Amazon RDS Proxy.
Applications run more securely, scalable, and robust against database failures with the help of Amazon RDS Proxy, a fully managed, highly available database proxy for Amazon Relational Database Service (RDS).
Amazon Identity and Access Management (IAM) and TLS/SSL are two of the current RDS security methods that RDS Proxy accesses.
20 Proxies for each AWS Account is permitted.
Encryption in RDS
Enabling the encryption option for your Amazon RDS DB instance will allow you to encrypt both your instances and snapshots while they are at rest.
All database types are supported for encryption at rest, and AWS KMS is used.
You cannot encrypt an existing DB, you need to create a snapshot, copy it, encrypt the copy, then build an encrypted DB from the snapshot.
Data that is encrypted at rest includes the underlying storage for a DB instance, its automated backups, Read Replicas, and snapshots.
When using encryption at rest these elements are also encrypted such as all DB snapshots, Backups, DB instance storage and Read Replicas.
Amazon RDS Best Security Practices
Assign each person managing RDS resources their own unique IAM account. When managing RDS resources, never use your AWS root credentials.
Give each user the minimal amount of access necessary to carry out their responsibilities.
To efficiently handle rights for several users, utilize IAM groups.
To restrict which IP addresses or Amazon EC2 instances are allowed to connect to your databases on a DB instance, use security groups.
Use an Amazon Virtual Private Cloud (VPC) to run your database instance if you want the best network access control.
Rotate your IAM credentials regularly.
Configure AWS Secrets Manager to automatically rotate the secrets for Amazon RDS.
Note: All Images are from AWS Official Document
References & Additional Resources
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html
https://aws.amazon.com/rds/features/backup/
https://aws.amazon.com/rds/faqs/
https://aws.amazon.com/rds/proxy/
"Thank you for reading! If you found this blog helpful, don't forget to subscribe and follow for more insightful content. Your support keeps me motivated to bring you valuable insights. Stay updated and never miss out on our latest posts. Feel free to leave comments or suggestions for future topics. Happy learning!"
https://awslearner.hashnode.dev/amazon-web-services-via-category
https://awslearner.hashnode.dev/aws-beginner-level-project-ideas
Subscribe to my newsletter
Read articles from Utkarsh Rastogi directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Utkarsh Rastogi
Utkarsh Rastogi
๐จโ๐ป AWS Cloud Engineer | Around 6 years of Corporate Experience | Driving Innovation in Cloud Solutions ๐ง Day-to-Day Tasks: Specialize in creating AWS infrastructure for Migration Projects. Leveraging services such as S3, SNS, SQS, IAM, Lambda, System Manager, Kinesis, OpenSearch, Cognito, Storage Gateway, Cloud Watch, API Gateway, AWS Event Scheduler, Secret Manager, ECS, Application Load Balancer, VPC among others. Additionally, I excel in crafting Splunk Dashboards and implementing alerting mechanisms for Cloud Watch logs to monitor failures. My approach involves constructing AWS infrastructure using the Serverless framework and Cloud Formation templates, while automating tasks through Boto3 (Python Scripting) Lambdas. ๐ฏ Passion: I am deeply passionate about continuously learning new technologies and eagerly anticipate the transformative impact of cloud computing on the tech landscape. ๐ง Connect: Feel free to reach out to me at awslearningoals@gmail.com. Let's connect and explore potential collaborations! https://www.linkedin.com/in/rastogiutkarsh/