+1

Amazon Relational Database Service (Amazon RDS)

Introduction

In this article, we will learn about Amazon Relational Database Service (AWS RDS) in the most detail, and use cases for your business.

What is Amazon Relational Database Service (Amazon RDS)?

Similar to an on-premises database, Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.

With Amazon RDS, you can offload some of the unrelated work of creating and managing a database. You can focus on the tasks that differentiate your application, instead of focusing on infrastructure-related tasks, like provisioning, patching, scaling, and restoring.

Amazon RDS supports most of the popular RDBMSs, ranging from commercial options to open-source options and even a specific AWS option. Supported Amazon RDS engines include the following:

  • Commercial: Oracle, SQL Server
  • Open source: MySQL, PostgreSQL, MariaDB
  • Cloud native: Aurora

Database instances

A DB instance is an isolated database environment in the AWS Cloud. The basic building block of Amazon RDS is the DB instance. Your DB instance can contain one or more user-created databases. You can access your DB instance by using the same tools and applications that you use with a standalone database instance.

Database instance classes

A DB instance class determines the computation and memory capacity of a DB instance. A DB instance class consists of both the DB instance type and the size. Each instance type offers different compute, memory, and storage capabilities.

DB instance storage

Amazon EBS offers durable, block-level storage volumes that can be attached to running instances. DB instance storage types include General Purpose (SSD), Provisioned IOPS (PIOPS), and Magnetic, each with different performance characteristics and pricing options. It's crucial to meet minimum and maximum storage requirements based on the storage type and supported database engine to ensure database growth and support for engine features.

Amazon RDS in an Amazon Virtual Private Cloud

When creating a DB instance, you designate the Amazon VPC and select subnets for it, forming a DB subnet group spanning at least two Availability Zones. These subnets should be private, without access to the internet gateway, ensuring database access only from the application backend.

Further access control is achieved through network ACLs and security groups, offering granular control over traffic types accessing the database. These layers of security ensure that only backend instances can access the database, enhancing infrastructure security.

Redundancy with Amazon RDS Multi-AZ

In an Amazon RDS Multi-AZ deployment, a redundant copy of your database is created in another Availability Zone to enhance availability. This setup includes a primary database copy in one Availability Zone subnet and a standby copy in another. The primary copy serves data to applications, while changes are synchronously replicated to the standby copy. Automatic failover is triggered if the primary database encounters connectivity issues, promoting the standby to primary. Two methods exist to create a new standby: demoting the previous primary or setting up a new standby instance. Multi-AZ configuration allows selecting multiple subnets across different Availability Zones for primary and standby copies to ensure robustness.

Amazon RDS security

AWS prioritizes cloud security with robust data center and network architecture meeting high security standards. The shared responsibility model divides security into "Security of the cloud," handled by AWS, and "Security in the cloud," which is the user's responsibility. AWS manages infrastructure security, while users control access and data sensitivity. This documentation guides users on configuring Amazon RDS securely, emphasizing network access control, IAM policies, security groups, SSL/TLS connections, encryption, and DB engine security features for comprehensive protection.

END


All rights reserved

Viblo
Hãy đăng ký một tài khoản Viblo để nhận được nhiều bài viết thú vị hơn.
Đăng kí