amazon rds - aws

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Gowri Balasubramanian, Principal SA, AWSKathy Gibbs, Sr. Database SA, AWS

6/29/2020

Amazon RDSRunning production PostgreSQL databases on Amazon RDS for PostgreSQL


Learning Objectives

By the end of this session you will be able to:

• Understand Amazon RDS Offerings

• Learn how to provision and configure RDS PostgreSQL

• Leverage RDS in-built features for high-availability, backup, security

and monitoring


Virtual Workshop Instructions

1. Use your personal or test AWS Account

2. Sign-in using your IAM User credentials

3. Walkthrough will be based on us-west-2 (Oregon) Region

4. Download the Workshop Guide https://bit.ly/38bMSQW

5. Ask for help using the chat function of the tool


Introduction


Amazon RDSManaged relational database service with a choice of six popular database engines

Available & durable

Automatic Multi-AZ data replication;

automated backup, snapshots, failover

Easy to administer

Easily deploy and maintain hardware, OS and DB software; built-

in monitoring

Performant & scalable

Scale compute and storage with a few

clicks; minimal downtime for your application

Secure & compliant

Data encryption at rest and in transit; industry

compliance and assurance programs

Amazon Aurora


Schema design Query construction Query optimization

Automatic fail-overBackup & recoveryIsolation & securityIndustry compliancePush-button scalingAutomated patching & upgradesAdvanced monitoringRoutine maintenance

You AWS

Amazon RDS - fully managed

Spend time innovating & building new apps, not managing infrastructure


Move to managed relational databases

Amazon AuroraMySQL, PostgreSQL

Reduce DB administrative burdenNo need to rearchitect existing applicationsGet better performance, availability, scalability, and security

Migrate on-premises or cloud-hosted relational databases to managed services

Amazon RDSMySQL, PostgreSQL, MariaDB, Oracle, SQL Server


Hundreds of thousands of customers use Amazon RDS


Open-source database In active development for 20+ years Owned by a foundation, not a single company Permissive, innovation-friendly open source license High performance out of the box Object-oriented and ANSI-SQL:2008 compatible Most geospatial features of any open source database Supports stored procedures in 12 languages (Java, Perl,

Python, Ruby, Tcl, C/C++, its own Oracle-like PL/pgSQL, etc.)

Most Oracle-compatible open-source database

PostgreSQL fast facts

Open Source Initiative


Customer Credentials

Infor provides ERP application software. Infor has introduced a SaaS model based entirely in the cloud. By utilizing Amazon Web Services and Amazon RDS for PostgreSQL, Infor's customers are able to quickly deploy their applications in the cloud.

Instacart offers its customers a new method to order same-day groceries online. The company turned to AWS to run its database on Amazon RDS for PostgreSQL. As a result, the company can now add millions of new items to its database every month.

"RDS for PostgreSQL solves one of the biggest operational overheads we have dealt with since the inception of our company. We have spent countless hours setting up, backing up, replicating, restoring, replacing, scaling, swapping, and tuning our PostgreSQL databases”. - Mark Corner, CTO


Running PostgreSQL on AWS

Self-managed on Amazon Elastic Compute Cloud

(Amazon EC2)

Fully-managed services

Aurora with PostgreSQL compatibility

Amazon RDS for PostgreSQL


Regions and Availability ZonesAWS Cloud

Availability Zone A Availability Zone B

Availability Zone C

Region


StandbyPrimary

Amazon RDS for PostgreSQL• PostgreSQL community version

with easy configuration and management

• Supports 9.4, 9.5, 9.6, 10, 11,12• High availability across two

availability zones• In-region and Cross-region

Replicas• Close lockstep with community

releases• Available in more instance

classes and smaller sizes

Availability Zone 1 Availability Zone 2

Applications

VPC

Region

Bastion


Secure network accessControlled through Amazon Virtual Private Cloud (VPC) security groups

Protocol Port range Source

TCP 5432 172.31.0.0/16

TCP 5432 “Applicationsecurity group”

Corporate admins

Application tier

Amazon RDS

VPC


Amazon RDS for PostgreSQL: Instance types

R family

• Memory-optimized instances• 2 vCPU/16 GiB RAM > 64 vCPU

488 GiB RAM• High-performance networking• Good for query-intensive

workloads or high connection counts

• R5 offers up to 96 vCPU 768 GiB RAM

T family

• Burstable instances• 1 vCPU/1 GB RAM > 8 vCPU

32 GB RAM• Moderate networking

performance• Good for smaller or variable

workloads• T2.micro is eligible for the

AWS Free Tier• T3 will enable unlimited

mode—can burst above baseline for extra charge

M family

• General purpose instances• 2 vCPU/8 GiB RAM > 64

vCPU 256 GiB RAM• High-performance

networking• Good for running CPU-

intensive workloads • M5 offers up to 96 vCPU /

384 GiB RAM


High-performance database storage

General purpose (GP2)

• SSD storage• Auto scale up to 64 TiB• Latency in milliseconds• IOPS determined by volume

size• Affordable performance

Provisioned IOPS (IO1)• SSD storage• Auto scale up to 64 TiB• Single digit millisecond

latencies• Maximum of 80 K IOPS• Delivers within 10% of

the IOPS performance, 99.9% of the time

• High performance and consistency


High Availability


RDS Multi-AZ

• Fully managed secondary in-region

• Distinct EC2 and EBS resources

• Synchronous storage replication

• Failover in 1-2 minutes• Crash recovery• CNAME propagation

• 99.95% monthly uptime SLA

Availability zone A Availability zone B

MDB Instance

SDB instance

standby

Volume Volume

RDS monitoring and automation

SDB instance

standby

MDB Instance

Region


UP Identify failure

Crash recovery UP

DNS propagation

Typical failover time: 1–2 minutest0 tN

Multi-AZ deployment: Failover


Scale


Performance Factors

ComputeCapabilities

vCPUs

MemoryCapabilitiesGB of RAM

NetworkPerformance

MB/s (Throughput)

StoragePerformance

I/O Performance

RDS DB Instance Class

RDS Storage Type


Scale compute and storage with ease

Scale compute to handle increased load• Up to 96 vCPU and 768

GiB of RAM (db.r5.24xlarge)

Scale storage for larger data sets• Quickly scale EBS storage

up to 64TiB

• No downtime for storage scaling

Scale down to control costs• As little as 2vCPU / 1

GiB of RAM (db.t3.micro)


Scale for read workloads

• Up to five replicas in a region or cross-region

• Relieve pressure on your master node with additional read capacity

• Bring data close to your applicationsin different regions

• Promote a read replica to a master for faster recovery in the event of disaster

Application servers Database server

Asynchronous Streamingreplication

BI/reporting application server

Read only

Read/write Primary

Read replica


Backup


RDS backups

Automated backups• Daily snapshot during backup

window• Transaction logs to S3 every 5

minutes• Retained 1-35 days

Manual backups• Take a snapshot any time• Kept until you delete


DB Instance DB instance standby

EBS snapshotTransaction logs (5

minutes) (daily)

Region


RDS Snapshots

bucket

volume

Snapshot 2Snapshot 1 Snapshot 3

Amazon S3

Amazon EBS

BA C C1 D B1 EBA A C1 D

• Always incremental

• Amazon S3 99.999999999% durability

• Supports encryption

• Copy across accounts, across regions


Restore from snapshot

• Restore from any snapshot• Copy snapshots to other

regions or accounts

Refresh test environmentsTest upgradesInstantiate logical replicas Snapshot New instance

RestoreDBInstanceFromDBSnapshot

Original instance


Restore to a point in time

• Restore to any second in backup retention

• Available in-region/account• Latest restorable time

typically <5 minutes

Oops… I dropped a tableRecover from application

errors or logical corruptionSnapshot New instance

RestoreDBInstanceToPointInTime

Original instance

Transaction logs


Security


Private subnet

RDS Access Control at a Glance

DBA and Ops

Controlled with IAM

Network Connectivity from other services

Users and DBAApplications

Access control at DB level

Amazon RDS

Users, roles and privileges

Schema/object level privileges

Network Security

Amazon RDS

Security group and ACLs

RDS Management permissions (launch,

delete,snapshot)

VPC


Prevent unauthorized access

Amazon Virtual Private Cloud• Define VPC security group

ingress/egress rules• Keep databases in private

subnets• Control egress when using

outbound network access (dblinks, postgres_fdw)

Public subnet Private subnet

DB InstanceEC2 instances

VPC


Data Encryption

• Storage encryption with Amazon KMS integration

• Manage/bring your own keys• Enable when creating instance• Encrypt existing snapshots and

restore as encrypted instances

Encryption at Rest

AWS Key Management Service

An SSL certificate is available on RDS instances

• Used to encrypt network traffic• Also used to verify the endpoint

to guard against spoofing attacks

By default, SSL is optional • Set rds.force_ssl to 1 to force

SSL

The client requests the type of SSL connection

Encryption in Transit


AWS Secrets Manager

Lifecycle management for secrets such as database passwords

Safely rotates passwords

Built-in integration with RDS and Aurora PostgreSQL

With restricted password management, all passwords can be controlled by Secrets Manager

AWS Secrets Manager


Monitoring


Monitoring

Enhanced monitoring for Amazon RDS• Access to over 50 CPU, memory, file

system, and disk I/O metrics

Amazon CloudWatch Metrics• Displayed in the RDS console or in

personalized CloudWatch dashboards

Amazon CloudWatch alarms• Alarms triggered based on metric

values crossing configurable thresholds

Enhanced Monitoring

Performance Insights

CloudWatch Logs

CloudWatch Alarms

CloudWatch Metrics


RDS Performance insightsDatabase performance tuning and monitoring feature

Dashboard shows database load over time

Performance Counter metrics

Identifies source of bottlenecksSort by top SQLSlice by host, user, wait events

Store up to 2 years of metrics


RDS Features


Transportable databases

Fast method of data export and import between RDS instances with minimal downtime

Supported on RDS PostgreSQL versions 11.5 and 10.10 onwards

Available through the pg_transport extension

Source database is made read-only during transport


Source RDS PostgreSQL

instance

Target RDS PostgreSQL

instance

DB1

DB2

VPC

Region


Amazon S3 integration• Loads a file from Amazon S3 directly

into a PostgreSQL table using the COPY syntax

• Available using the aws_s3 extension

• Files containing JSON documents need to be regularly loaded from an Amazon Simple Storage Service (S3) bucket

• Users need to run queries on the documents, along with other transactional data

AWS Lambda


Primary Standby

VPC

Region

Amazon S3 Bucket


Q & [email protected]

mailto:[email protected]


[email protected]

mailto:[email protected]


Amazon Relational Database Service: Moving to Managed Services in the Cloud

Join us for the Next session!!

amazon rds - aws

Documents