[AWS] 6. AWS Fundamentals: RDS (Relational Database Service) + Amazon Aurora + ElastiCache

Source: Dev.to

What is Amazon RDS?

• RDS = Relational Database Service – a fully‑managed database service that uses SQL as the query language.
• Lets you create, run, and scale relational databases in the AWS cloud without handling the underlying infrastructure.

Supported Engines

Core Managed‑Service Features

• Automated provisioning & OS patching
• Continuous backups → Point‑in‑Time Restore (PITR)
• Monitoring dashboards (CloudWatch)
• Read replicas – improve read performance
• Multi‑AZ deployments – disaster recovery (DR)
• Maintenance windows for upgrades
• Vertical & horizontal scaling
• EBS‑backed storage

Note: You cannot SSH directly into a standard RDS instance.

Storage Auto‑Scaling

• RDS can dynamically increase storage when free space falls below a threshold.
• Maximum storage threshold must be set (upper limit).
• Auto‑scale triggers when all conditions are met:
  1. Free storage falls below the defined threshold.

Network cost: Data transfer between AZs incurs a fee, but in‑region replica traffic is free.

Multi‑AZ (Synchronous) Replication

• Provides a single DNS name that automatically fails over to a standby instance.
• Increases availability; no application changes required.
• Not intended for scaling reads.
• Can be combined with read replicas for DR.

Zero‑Downtime Modification

1. Click Modify in the console.
2. RDS takes a snapshot.
3. Restores a new DB in a different AZ.
4. Synchronizes the two instances.

RDS Custom vs. Standard RDS

Tip: De‑activate automation mode before customizing; take a snapshot first.

Amazon Aurora

• Proprietary, cloud‑optimized engine (compatible with PostgreSQL & MySQL).
• Claims 5× MySQL performance and 3× PostgreSQL performance on RDS.
• Storage auto‑scales in 10 GB increments up to 256 TB.
• Up to 15 read replicas with sub‑10 ms replica lag.
• Instantaneous failover (HA native).

Architecture Highlights

• 6 copies of data across 3 AZs:
  • 4 copies for writes
  • 3 copies for reads
• Peer‑to‑peer replication → self‑healing.
• Data striped across hundreds of volumes.

Features

• Automatic fail‑over

Tip: Even a stopped RDS instance incurs storage charges. If you plan to stop it for an extended period, snapshot & restore instead of leaving it stopped.

Restoring Backups

RDS / Aurora Backup → New DB Instance

1. Create a backup of your on‑premises database.
2. Store the backup on Amazon S3 (object storage).
3. Restore the backup file onto a new RDS instance running MySQL.

Aurora Cluster → New Cluster (from S3)

1. Use Percona XtraBackup (or another tool) to back up the on‑premises DB.
2. Store the backup file on Amazon S3.
3. Restore the file onto a new Aurora cluster running MySQL.

Clone an Existing Aurora DB Cluster

• Faster than snapshot & restore because it uses a copy‑on‑write protocol.
• The new cluster initially shares the same data volume (no data copy).
• When the new cluster is updated, additional storage is allocated and data is copied, keeping the two clusters independent.
• Use case: Create a “staging” database from production without impacting the production workload.

Encryption

At‑Rest Encryption

• Database master and replicas are encrypted with AWS KMS (must be defined at launch).
• If the master is not encrypted, read replicas cannot be encrypted.
• To encrypt an existing unencrypted DB:
  1. Take a DB snapshot.
  2. Restore the snapshot with encryption enabled.

In‑Flight Encryption

• TLS is enabled by default; use the AWS TLS root certificates on the client side.

Authentication & Access Control

• IAM Authentication: Use IAM roles instead of traditional username/passwords.
• Security Groups: Control network access to RDS/Aurora instances.
• SSH Access: Not available except on RDS Custom.

Audit & Monitoring

• Enable Audit Logs and forward them to CloudWatch Logs for longer retention.

RDS Proxy

• Fully managed database proxy for RDS/Aurora.
• Benefits:
  • Pools and shares DB connections, reducing CPU/RAM load and connection‑timeouts.
  • Server‑less, auto‑scaling, highly available (multi‑AZ).
  • Reduces failover time by up to 66 %.
• Supports:
  • RDS (MySQL, PostgreSQL, MariaDB, MSSQL Server)
  • Aurora (MySQL, PostgreSQL)
• No code changes required for most applications.
• Enforce IAM authentication and store credentials securely in AWS Secrets Manager.
• Never publicly accessible – must be accessed from within a VPC.

Managed Caching: ElastiCache

IAM Policies for ElastiCache

• Used only for AWS API‑level security (e.g., creating/modifying clusters).

Redis

• AUTH: Set a password/token when creating a Redis cluster for an extra security layer (in addition to security groups).
• Encryption in transit: Supports SSL/TLS.

Common Use Cases

• Gaming leaderboards: Use Sorted Sets for unique, ordered elements with real‑time ranking.

Memcached

• Supports SASL‑based authentication (advanced).

Caching Strategies

Quote: “There are only two hard things in Computer Science: cache invalidation and naming things.”

Important Ports

You don’t need to memorize every number; just be able to differentiate an “important” port (e.g., HTTPS 443) from an “RDS database” port (e.g., PostgreSQL 5432).