Sunday, July 12, 2020

RDS - Encryption, Replicas, Billing, Scaling, Monitoring

Security and Encryption
-         You can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created. However, because you can encrypt a copy of an unencrypted DB snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance
-         https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.Overview
-         Also:
          §  Create a new encrypted DB, migrate data over
          §  Create a new encrypted DB, restore from backup
-         SSL supported on communication w App instances
-         RDS will generate the SSL certificate
-         Support encryption at rest using AWS KMS (key management system):
          §  Snapshots
          §  Backups
          §  Data at storage
          §  Data replicas created from DB
-         Use IAM to control access to RDS API; assign individual IAM credentials to each user; change credential regularly

Read Replicas
-         https://aws.amazon.com/rds/details/read-replicas/
-         If you need to run an intense query, or I/O capacity is reaching limits – scale read's, shift your reads onto another source
-         Or need to read while source is unavailable
-         Replica – created from Primary; asynchronous continuous txn replication - time lag on updates.
-         Primary needs to have Automatic Backups enabled - back up retention >0
-         Can’t write to Replica
-         Multi-Region and Mulilt-AZ:
          §  Can have replicas in same or another AZ – can specify replica AZ
          §  Can have replicas in another REGION
-         Read replicas are available in Amazon RDS for MySQLMariaDBPostgreSQL and Oracle as well as Amazon Aurora.
-         Can have up to 5 replicas per source
-         Can size up Replica compared to source; can’t change DB engine type
-         Replica of a Replicaup to 4 DB's in a chain including the primary source. Write delay increases. Only available for MySQLMariaDB.
-         Delete source – replicas become stand-alone DB's. Replica or a Replica remains a replica.
-         Stop replication for 30 consecutive days - AWS terminates replication

Read scaling and disaster recovery

Can Promote Replica into another Region
-         Can Promote Replica to be a standalone DB. Will inherit:
          §  Backup retention period
          §  Backup window
          §  DB parameter group
          §  Can modify DB engine version / storage type
-         Transactional engine supported – InnoDB

Billing
-         No upfront cost.
-         Pay for:
          §  DB instance hours
          §  storage (GB/Month)
          §  IOPS/month
          §  Internet transfer
          §  Backup Storage (DB backups, snapshots)
          §  Multi-AZ DB – charged twice:
                  § Stand By run hours
                  § Stab By provisioned storage
                  § Double write I/O - replication
-         Free:
          §  Storage for automated RDS backups – up to the Provisioned instance's EBS vol size.
          §  AWS backs up into multiple AZ's for resilience – free back up storage is in a single AZ only, other AZ storage is chargeable.
          §  Data transfer during replication

Reserved DB Instances
          §  Region-specific, not AZ-specific
          §  1 to 3-year term options
          §  Reservation parameters: DB engine, DB Instance Class, Multi-AZ option, License Model, Region
          §  Cannot move Reserved Instances (RIs) b/w regions
          §  Can move b/w AZ's

Scaling
-         Can change storage type or storage capacity on all engines except MySQL
-         For MySQL – take a snapshot and start on a new instance of different size/type, update app w new endpoint of MySQL
-         Can scale up – not down
-         Can scale up storage while RDS is running
-         Scaling compute (switching form one instance to another) requires downtime
-         Refresher, 3 things that cause downtime:
          §  Upgrading the DB version on both Primary and Stand By
          §  Changing DB parameters – if Multi-AZ – failover, if Standalone – downtime
          §  Scaling changes

Monitoring
-         https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MonitoringOverview.html
-         Amazon RDS Events – Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB security group
-         Database log files – View, download, or watch database log files using the Amazon RDS console or Amazon RDS API operations
-         Amazon RDS Enhanced Monitoring — Look at metrics in real time for the operating system
-         Amazon RDS Performance Insights — Assess the load on your database, and determine when and where to take action
-         Amazon RDS Recommendations — Look at automated recommendations for database resources, such as DB instances, read replicas, and DB parameter groups
-         In addition, Amazon RDS integrates with Amazon CloudWatch, Amazon EventBridge, and AWS CloudTrail

Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)