RDS
Owner | |
---|---|
Verification | |
Tags | |
Last edited time |
PostgreSQL, MySQL, MariaDB. Oracle, Microsoft SQL Server
Need to provision DB instance, launched within a VPC in a private subnet with security groups
Uses GP2/IO1 EBS volume - can increase volume size with auto scaling - – need to set threshold
RDS Backup
Auto enabled, full daily 7-35 days retention policy
5m =point in time restore, snapshot – can shear - are exported to S3
- use RDS backup to RDS for Oracle , use RMAN to restore to non RDS
RDS Proxy
Connection between private DB to Lambda (deploy in public subnet)
- resolve too many connections error (connection polling)
Parameter Groups
can configure DB using, modify – reboot
Encryption
Can enforce to encrypt by default per region
Enable server side at launch, work with KMS AES-256,
If master is not encrypted - then copy will not be encrypted as well.
SSL for in-flight - can enforce.
Enhanced Monitoring
(EC2 agent = HW monitoring) to view detailed CPU information
Performance Insights
(analyze issue by waits- CPU, IO/SQL/host/users. DB load – connections
Read Replica = Durability
Read Replicas enable you to create up to five read-only copies of your database instance, within or across Regions, for greater scalability
RDS Multi AZ = Availability.
RDS Multi-AZ deployments provide enhanced availability for database instances
within a single Region data is synchronously replicated
Security
KMS encryption at rest for EBS & snapshots
TDE - transparent data encryption (Oracle & SQL)
SSL for in flight
IAM authentication (MySQL & PostgreSQL)