Please enable JavaScript.
Coggle requires JavaScript to display documents.
RDS - Coggle Diagram
RDS
RDS Security
Encryption
Data at rest
Features:
- Can encrypt Master & Read Replicas with AWS KMS (AES-256 encryption)
- Encryption to be defined when I first create the DB instance
- Read Replicas cannot be encrypted if the Master is not encrypted
- TDE available for Oracle & SQL Server
- SSL certificates to encrypt data to RDS in flight
- Provide SSL options with trust certificate when connecting to database
-
Encrypting RDS backups
Features:
- Snapshots of un-encrypted RDS databases are un-encrypted
- Snapshots of encrypted RDS databases are encrypted
- Can Copy a Snapshot into an encrypted one
-
Network Security
Features:
- RDS databases are deployed within a private subset
- Leverage Security Groups (IP/ Security Group can communicate with RDS)
Access Management
-
Features:
- IAM policies helps to control who can manage RDS through RDS API
- Traditional Username and Password can be used to login RDS database
-
Storage Auto Scaling
Pros:
- RDS scales automatically when it detects free database storage is running out
- Avoid manually scaling my database storage
- Useful for applications with unpredictable workloads
Examples:
- Free storage < 10% of allocate storage
- Low storage lasts at least 5 minutes
- 6 hours have passed since last modification
Features:
- Increase storage on my RDS DB instance dynamically
- Have to set Maximum Storage Threshold (maximum limit for DB storage)
- Supports all RDS engines: Postgres, MySQL, MariaDB, Oracle, Microsoft SQL server
RDS Backups
Automatically backups
Features:
- Automatically enabled
- Daily full backup during maintenance window
- Transaction logs backup every 5 minutes
- 7 days retention (can be increased to 35 days)
DB Snapshots
Features:
- Manually triggered by user
- Retention of backup is up to individuals
RDS Read Replicas
Use Cases:
- Reporting application to run some analytics
- Create a Read Replica to take on the new workload
- Let production database takes on normal load and unaffected
Features:
- Up to 5 Read Replicas
- Within AZ, Cross AZs, Cross Regions
- Replica is ASYNC so reads eventually consistent
- Replicas can be promoted to their own DB
- Applications must update the connection string to leverage read replicas
- Read Replicas are used for SELECT only kind of statements
- Is free within the same region
RDS Multi AZ (for DR)
Features:
- SYNC replication
- 1 DNS name (automatic application failover in case of loss of AZ, loss of network, instance or storage failure to standby)
- Increase availability
- Not require manual intervention at application level
- Zero downtime operation (just click modify database and enable Multi AZ setting)
- Not meant for Scaling
- Read Replicas can be setup as Multi AZ for DR
-
Examples: Postgres, MySQL, MariaDB, Oracle, Microsoft SQL server, AWS Aurora
Pros:
- Automated provisioning (EC2, EBS), OS patching
- Continuous backups and restore to specific timestamp
- Monitoring dashboards to view performance
- Read replicas for improved read performance
- Multiple AZs setup for DR
- Maintenance windows for upgrades
- Vertical (increasing instance type) or horizontal (add read replicas) scaling capability
- Storage backed by EBS (gp2 or io1)
- Point in time restore
- Monitoring through CloudWatch
-
Enhanced Monitoring:
- Enhanced monitoring metrics that CloudWatch gathers from RDS DB instances
- OS processes, RDS processes, RDS child processes