Databases

Question 1

What is RDS?

Answer 1

Relational Database Service

• Managed by AWS
• SSH not available
• Automated backups, OS patching and provisioning
• Read replicas available
• Multi AZ
• Storage backed by EBS (gp2 or io1)
• no way to audit underlying instance

Question 2

What are the types of RDS?

Answer 2

• Postgres
• MySQL
• MS SQL Server
• Oracle
• Maria
• Aurora (AWS proprietary)

Question 3

What are the RDS backup types?

Answer 3

• Daily full backups (during maintenance window)
• Every 5min Transaction log backups
• Backups automatically retained for 7 days (max 35 days)
• DB snapshots (manually triggered by user retained for as long as you want)

Question 4

What are RDS read replicas?

Answer 4

A copy of a database with read only access (i.e. SELECT)

• up to 5 read replicas per DB
• can be within AZ, Cross AZ, or Cross Region
• Asynchronous replication, so eventually consistent
• can be promoted to their own DB
• cost to replicate across AZs

Question 5

What are characteristics of Multi-AZ RDS?

Answer 5

• Synchronous replication
• One DNS name for failover standby (High Availability)
• Automatic failover
• Not used for scaling

Question 6

What kind of encryption is available for RDS?

Answer 6

• At Rest encryption
• In-flight encryption
• Backup/snapshot encryption

Question 7

What is At Rest encryption?

Answer 7

Ability to encrypt at launch time the master and read replicas with AWS KMS(AES-256)

• master DB must be encrypted before read replicas can be encrypted
• Transparent Data Encryption (TDE) available for Oracle and SQL Server

Question 8

What is In-flight encryption?

Answer 8

Ability to encrypt the data as it flows into the RDS

• uses SSL certificates to encrypt the data

Question 9

How are RDS backups encrypted?

Answer 9

Only snapshots of encrypted databases will automatically be encrypted. Un-encrypted snapshots will remain un-encrypted.

• Note: you can copy an un-encrypted snapshot to an encrypted database

Question 10

What are the steps for encrypting an RDS?

Answer 10

1. Create a snapshot of the un-encrypted database
2. Copy the snapshot with encryption enabled
3. Restore the database from the encrypted snapshot
4. Migrate applications to the new database and delete the old one

Question 11

What are the RDS Security options?

Answer 11

• Encryption
• Network Security (security groups and IP control)
• IAM policies
• IAM-based authentication for PostgreSQL & MySQL only (uses authentication token with life of 15 min)
• No SSH

Question 12

What are the RDS Security responsibilites?

Answer 12

We are responsible for…

• IP & Port restrictions via security group inbound rules
• Database user creation & permission or manage through IAM
• Public or Private access designation
• parameter groups or only SSL connection configuration

AWS is responsible for…

• Database patching
• OS patching

Question 13

What is Aurora?

Answer 13

A proprietary AWS database cloud optimized technology

• can have up to 15 read replicas
• failover is instantaneous (High Availability native)
• supports Postgres & MySQL database drivers
• automatically grows in increments of 10GB (max 64TB)
• pay per second, costs 20% more than RDS, but more efficient
• automated patching with zero downtime
• advanced monitoring

Question 14

What kind of fault tolerance is available for Aurora?

Answer 14

• up to 6 copies of your data across 3 AZs
• Self healing with peer to peer replication
• storage is striped across 100s of volumes
• one instance (master) take writes
• Failover for master in less than 30 seconds
• supports Cross Region Replication
• can restore to any point in time without using backups

Question 15

What are the Aurora Security options?

Answer 15

• At Rest encryption using KMS
• In-flight encryption
• IAM token authentication
• No SSH
• Security Groups
• Backup/snapshot encryption

Question 16

What is Global Aurora?

Answer 16

A cross region Aurora database.

• 1 primary region for read/write
• up to 5 secondary regions for read only
• up to 16 read replicas per secondary region
• promoting a secondary region for DR takes less than 1 minute

Question 17

What is ElastiCache?

Answer 17

In-memory database for read intensive workloads.

• Fully managed by AWS (OS maintenance, optimizations, setup, configuration, monitoring, backups and failover)
• must have an invalidation strategy to make sure only most current data is used

Question 18

What are the ElastiCache types?

Answer 18

Redis :

• Multi-AZ with auto failover
• read replicas to scale
• Data durability using AOF persistance
• Backup and restore features

Memcached:

• Multi-node for partitioning of data (sharding)
• non persistent
• no backup and restore
• multi-threaded

Question 19

What are the ElastiCache Security options?

Answer 19

• supports SSL in-flight encryption
• NO IAM authentication
• IAM policies only for API-level security
• Redis Auth token
• Memcached SASL based authentication
• Security Groups

Question 20

What are the available ElastiCache patterns?

Answer 20

• Lazy Loading where all the data is cached (can become stale)
• Write Through adds or updates data in cache every time data is written to database
• Session store where data is temporarily stored for that session in cache

Question 21

How can i instantiate an database instance quickly?

Answer 21

Restore from snapshot

Question 22

What is DynamoDB?

Answer 22

A fully managed, highly available, no SQL database with replication across 3 AZs.

• Made up of tables with a primary key
• Each table can have infinite number of items
• Each item has attributes that can be added over time
• Max item size is 400KB
• Data Types include string, number, binary, boolean, null, list, map, string set, number set, binary set.
• Can coordinate insert, update, delete actions across multiple tables using transactions (up to 10 unique items or 4MB data)
  *

Question 23

What are the advantages of DynamoDB?

Answer 23

• Scales to massive workloads (Provisioned or On Demand)
• Handles millions of request/sec and trillions of rows
• Can use 100s of TB of storage
• Integrated with IAM for security, authorization and admin
• Enable event driven programming with DynamoDB Streams
• Low cost and auto scaling
• Point in time restore (like RDS)
• Can launch a local copy of DB on your own computer for development purposes.

Question 24

What is RCU/WCU?

Answer 24

RCU is Read Capacity Units, WCU is Write Capacity Units. The are provisioned for the DynamoDB to manage throughput. Throughput can be exceeded temporarily by using ‘burst credits’ earned. If there are no ‘burst credits’ available you will get a ProvisionedThroughputException.

Question 25

What is DAX?

Answer 25

DAX is a DynamoDB accelerator which provides seamless cache for DynamoDB without application rewrite.

• Provides microsecond latency for cached reads & queries
• Solves Hot Key problem for too many reads
• 5min TTL for cache by default
• Up to 10 nodes in cluster
• Multi AZ
• Secure Encryption at rest with KMS, VPC, IAM, CloudTrail…

Question 26

What are Dynamo Streams?

Answer 26

A means to capture Create, Update & Delete actions on one or more tables in a DynamoDB and then react to changes in real time, create analytics, create derivative tables/views or insert data into ElasticSearch. This can be used to replicate data across regions and retains data for 24 hours.

Question 27

What kind of security is available for DynamoDB?

Answer 27

• VPC endpoints
• Full access control through IAM
• Encryption at rest using KMS
• Encryption in transit using SSL/TLS

Question 28

What is Amazon DMS?

Answer 28

A migration tool that converts data from Mongo, Oracle, MySQL, S3 etc into DynamoDB tables.