Please enable JavaScript.

Coggle requires JavaScript to display documents.

RDS, Aurora & ElastiCache - Coggle Diagram

- - - - At rest
        
        Can encrypt master and read replicas with AWS KMS
        
        Encryption can be defined at launch time
        
        If master not encrypted replicas cannot be encrypted
        
        TDE for Oracle and SQL server
      - In-flight
        
        SSL cert to encrypt data to RDS in flight
        
        Provide SSL opts with trust certificate when connecting to DB
    - - RDS db usually in private subnet
      - RDS works by leveraging security groups
    - - IAM policies controls who can manage AWS RDS
      - Traditional username and pass can be used for login
      - IAM based authN can be used for RDS MySQL and PostgreSQL
  - - - Daily full backup
      - TX logs backup up by RDS every 5 minutes
      - Can restore to any point in time
      - 7 to 35 days retention
  - - - When running out of free DB storage, auto scales
      - Must set Maximum Storage Threshold
      - Useful for apps with unpredictable workloads
      - Supports all RDS DB engines
    - - Up to 5 Read Replicas
      - Within AZ, Cross AZ and Cross Region
      - Replication is ASYNC, reads are eventually consistent
      - Replicas can be promoted to own DB
      - Apps must update connection string to use read replicas
      - Network cost is 0 for Read Replicas in same region
- - - - Useful for disaster recovery
      - Simple to put in place
    - - 1 primary region
      - Up to 5 secondary readonly regions
      - Up to 16 Read replicas per secondary region
      - Promoting to other region, RTO < 1 minute