RDS, Aurora & ElastiCache

Question 1

What is RDS?

Answer 1

Relational database service

Question 2

What dies RDS manged?

Answer 2

• Automated provisioning, OS patching
• Continuous backups and restore to specific timestamp (Point in Time Restore)!
• Monitoring dashboards
• Read replicas for improved read performance
• Multi AZ setup for DR (Disaster Recovery)
• Maintenance windows for upgrades
• Scaling capability (vertical and horizontal)
• Storage backed by EBS (gp2 or io1)

Question 3

What you can’t do on RDS?

Answer 3

You cannot SSH into your instance

Question 4

Which backups does RDS have?

Answer 4

Full daily backup

Logs - every 5 min.

Question 5

How long are the backups kept? Which point in time can you go back to?

Answer 5

Ability to restore to any point in time (from 5 minutes ago or seven days ago)

7 days retention - can increase to 35

Question 6

What features do DB snapshots have?

Answer 6

Manually triggered

Kept of as long as you want

Question 7

What features do RDS storage auto scaling have?

Answer 7

Helps increase storage dynamically

increase automatically when DB run out of free space - avoid manually scaling

Question 8

What are the conditions for RDS to start auto scaling?

Answer 8

• Free storage is less than 10% of allocated storage
• Low-storage lasts at least 5 min
• 6 hours have passed since last modification

Question 9

What kinds of applications can benefit from RDS auto scaling?

Answer 9

Useful for applications with unpredictable workloads

Question 10

What are the features of RDS read replicas for read scalability?

Answer 10

1. Up to 5 read replicas: (1)Within AZ (2)Cross AZ (3) Cross region.
2. ASYNC - reads are eventually consistent.
3. Promoted to their won DB.
4. Must update the connection string to leverage read replicas

Question 11

How do the network costs for RDS read replications in various AZs and the same region differ?

Answer 11

For RDS read replicas within the same region - you don’t need to pay that fee.

Question 12

What are the benefits of RDS Multi AZ?

Answer 12

• SYNC replication
• One DNS name – automatic app failover to standby.
• Increase availability
• Failover in case of loss of AZ, loss of network, instance or storage failure.
• No manual intervention in apps.
• Not used for scaling
• Multi-AZ replication is free.
• Note:The Read Replicas be setup as Multi AZ for Disaster Recovery (DR)

Question 13

Can the Read Replicas be setup as Multi AZ for Disaster Recovery (DR)?

Answer 13

Yes!

Question 14

Hod do we make a RDS goes from single AZ to multi AZ?

Answer 14

1. Click “modify” for the database.
2. Zero downtime operation (no need to stop the DB)

Question 15

What append internally when you go from single AZ to multi AZ?

Answer 15

• A snapshot is taken
• A new DB is restored from the snapshot in a new AZ
• Synchronization is established between the two databases

Question 16

RDS security - What is “at rest encryption” features?

Answer 16

• Possibility to encrypt the master & read replicas with AWS KMS - AES-256 encryption
• Encryption has to be defined at launch time
• Master must be encrypted if not cannot be encrypted
• Transparent Data Encryption (TDE) available for Oracle and SQL Server

Question 17

RDS security - What is “in flight encryption” features?

Answer 17

• SSL certificates to encrypt data to RDS in flight.
• Provide SSL options with trust certificate when connecting to database.

Question 18

How to encrypt RDS backups?

Answer 18

• Snapshots of un-encrypted RDS databases are un-encrypted.
• Snapshots of encrypted RDS databases are encrypted.

Can copy a snapshot into an encrypted one.

Question 19

How to encrypt un-encrypted RDS database?

Answer 19

• Create a snapshot of the un-encrypted database
• Copy the snapshot and enable encryption for the snapshot
• Restore the database from the encrypted snapshot
• Migrate applications to the new database, and delete the old database

Question 20

What are the RDS network security two features?

Answer 20

1. RDS databases are usually deployed within a private subnet, not in a public one.
2. RDS security works by leveraging security groups (the same concept as for EC2 instances) – it controls which IP / security group can communicate with RDS

Question 21

What are the RDS IAM features?

Answer 21

1. IAM policies help control who can manage AWS RDS (through the RDS API).
2. Traditional Username and Password can be used to login into the database or authentication token obtained through IAM & RDS API calls (lifetime of 15 minutes)
3. IAM-based authentication can be used to login into RDS MySQL & PostgreSQL - Only!!

Question 22

What are the benefits of IAM authentication?

Answer 22

1. Network in/out must be encrypted using SSL.
2. IAM to centrally manage users instead of DB.
3. Can leverage IAM Roles and EC2 Instance profiles for easy integration

Question 23

What is yours responsibility at RDS security?

Answer 23

1. Check the ports / IP / security group inbound rules in DB’s SG
2. In-database user creation and permissions or manage through IAM
3. Creating a database with or without public access
4. Ensure parameter groups or DB is configured to only allow SSL connections

Question 24

What is amazon Aurora?

Answer 24

• Aurora is a proprietary technology from AWS (not open sourced)
• Aurora support Postgres and MySQL
• “AWS cloud optimized” and claims 5x performance improvement over MySQL on RDS, over 3x the performance of Postgres on RDS.
• storage automatically grows in increments of 10GB, up to 128 TB.
• can have 15 replicas, the replication process is faster (sub 10 ms replica lag).
• Failover in Aurora is instantaneous - High available native
• Cost 20%more then RDS.

Question 25

What makes Aurora High Availability and Read Scaling

Answer 25

• 6 copies of your data across 3 AZ:
  • 4 copies out of 6 needed for writes
  • 3 copies out of 6 need for reads
  • Self healing with peer-to-peer replication
  • Storage is striped across 100s of volumes
• The master Instance takes writes
• Automated failover for master in less than 30 seconds.
• Master + up to 15 Aurora Read Replicas serve reads.
• Support for Cross Region Replication

Question 26

What are Aurora features?

Answer 26

• Automatic fail-over
• Backup and Recovery
• Isolation and security
• Industry compliance
• Push-button scaling
• Automated Patching with Zero Downtime
• Advanced Monitoring
• Routine Maintenance
• Backtrack: restore data at any point of time without using backups

Question 27

What are Aurora security features?

Answer 27

• Similar to RDS because uses the same engines
• Encryption at rest using KMS
• Automated backups, snapshots and replicas are also encrypted
• Encryption in flight using SSL (same process as MySQL or Postgres)
• Possibility to authenticate using IAM token (same method as RDS)
• You are responsible for protecting the instance with security groups
• You can’t SSH

Question 28

What is Aurora custom endpoints?

Answer 28

# **Define a subset of Aurora Instances as a Custom Endpoint**
• Example: **Run analytical** queries on **specific replicas**
• The Reader Endpoint is generally not used after defining Custom Endpoints

Question 29

What is Aurora serverless? What are the benefits?

Answer 29

Automated database instantiation and auto- scaling based on actual usage

• Good for infrequent, intermittent or unpredictable workloads
• No capacity planning needed
• Pay per second, can be more cost-effective

Question 30

How do I obtain immediate Aurora failover?

Answer 30

by creating multi-master node - multiple DB connections

every node does R/W

Question 31

What is “Global Aurora”?

Answer 31

• Aurora Cross Region Read Replicas:
  • Useful for disaster recovery
  • Simple to put in place
• Aurora Global Database (recommended):
  • 1 Primary Region (read / write)
  • Up to 5 secondary (read-only) regions, replication lag is less than 1 second
  • Up to 16 Read Replicas per secondary region
  • Helps for decreasing latency
  • Promoting another region (for disaster recovery) has an RTO of < 1 minute

Question 32

What is Aurora machine learning?

Answer 32

• Enables you to add ML-based predictions to your applications via SQL
• Simple, optimized, and secure integration between Aurora and AWS ML services
• You don’t need to have ML experience

Question 33

Which services are Aurora ML support?

Answer 33

• Amazon SageMaker (use with any ML model)
• Amazon Comprehend (for sentiment analysis)

Question 34

Use cases for Aurora ML?

Answer 34

1. fraud detection
2. ads targeting
3. sentiment analysis
4. product recommendations

Question 35

What is Amazon ElasticeCache?

Answer 35

• ElastiCache is to get managed Redis or Memcached
• Caches are in-memory databases with really high performance, low latency

Question 36

What is Amazon ElasticeCache use for?

Answer 36

• Helps reduce load off of databases for read intensive workloads
• Helps make your application stateless
• AWS takes care of OS maintenance / patching, optimizations, setup, configuration, monitoring, failure recovery and backups

Question 37

What does Using ElastiCache involves?

Answer 37

Using ElastiCache involves heavy application code changes

Question 38

What the ElastiCache don’t support?

Answer 38

Do not support IAM authentication