RDS

Question 1

What’s the difference between an options group and a parameter group in RDS?

Answer 1

Options group specifies the use of specific features within the RDMS - such as TDE for oracle.

A parameter group defines the configuration of the DB itself, such as min and max resource settings

Question 2

There are 6 databases supported by RDS. What are they?

Answer 2

MSSQL, Oracle, PostGRESQL, MySQL, Aurora, MariaDb

Question 3

What storage type backs RDS?

Answer 3

EBS Storage - either GP2 or IO1

Question 4

Over what time period do full backups of RDS occur? Over what time period are transaction logs taken?

Answer 4

Full backup occurs daily - 24hrs. Transaction logs are persisted every 5 minutes.

Question 5

How long are RDS automatic backups retained for?

Answer 5

7 Days by default up to 35 days.

Question 6

Can you ssh onto an RDS instance?

Answer 6

No., its a managed instance you won’t get access to the underlying OS or vm

Question 7

Are read replicas AZ or Region locked? How many replicas can you have for RDS (not Auroa)

Answer 7

No. Read Replicas can be within the same AZ, across AZ’s or across regions. You can have 5 read replicas within an AZ, spread across AZ’s or regions .

Question 8

For a read replica, is the replication synchronous or asynchronous? What is the consistency implication of this?

Answer 8

Asynchronous. Read replicas will be eventually consistent

Question 9

What is the use case for a read replica?

Answer 9

Read heavy workloads which you don’t want to impact your master database - such as data analytics or reporting

Question 10

Is there a network cost for a multi AZ read replica?

Answer 10

Yes. Data for read replicas crossing AZ’s will incur a cost

Question 11

What is the key use case difference between using read replicas and Multi-AZ RDS?

Answer 11

Read Replicas are for increasing performance for read related workloads. Multi-AZ is for DR.

Question 12

What form of replication is used for a multi AZ RDS deployment? What must occur for a write to the master to be deemed successful?

Answer 12

Synchronous. For a write to the master to be successful, it MUST be replicated to the standby

Question 13

In event of a failure in the master for a multi-az RDS deployment, what happens?

Answer 13

Failover occurs automatically as the DNS CNAME record is updated to point to the standby

Question 14

For a multi AZ RDS deployment, how many DNS entries need to be exposed to your application to allow it to communicate with RDS?

Answer 14

Just one. In event of failure of the master, this DNS record is updated automatically to point to the secondary

Question 15

Do you need to specify an instance class for an RDS instance

Answer 15

Yes.

Question 16

How many read replicas does MySQL RDS Support?

Answer 16

up to 5.

Question 17

What do you need to do to enable fail over in Aurora?

Answer 17

Nothing, fail over is automatic

Question 18

What is the typical recovery point objective (RPO) for RDS?

Answer 18

RPO for recovery with an RDS Single-AZ instance failure is typically 5 minutes

Question 19

If you take a manual snapshot of an RDS database, how long is the snap shot retained?

Answer 19

Indefinitely - until you delete it.

Question 20

When using read replicas do you need to update your application?

Answer 20

Yes, the connection string to the database will need to be changed

Question 21

When do you need to enable encryption at rest for RDS

Answer 21

Encryption must be defined at launch time/creation

Question 22

What service is responsible for RDS encryption and what is the scheme

Answer 22

AWS KMS - aes256

Question 23

If the master database in an RDS setup is not encrypted - can you encrypt the read replicas?

Answer 23

No. Read replicas CANNOT be encrypted if the master is not encrypted

Question 24

Which RDS database type requires rds.forceSSL=1 via an options group to enable SSL encryption in flight?

Answer 24

Postgres

Question 25

Which RDS database requires you to enable ssl via ALTER USER ‘encrypted_user’@’%’ REQUIRE SSL; or GRANT USAGE ON . TO ‘encrypted_user’@’%’ REQUIRE SSL;

Answer 25

MySQL

Question 26

How do you encrypt an unencrypted RDS database?

Answer 26

You need to take a snapshot of the RDS instance and then create an encrypted copy of that snapshot. You can then use that snapshot to to restore the database and update your applications to use the encrypted DB.

Question 27

Would you deploy an RDS instance in a private or public subnet?

Answer 27

Private

Question 28

How would you limit access to you RDS database to only a specific set of EC2 instances?

Answer 28

With security groups.

Question 29

How do you define who can MANAGE and RDS database? How do you limit access to the database to certain EC2 instances and how do you define access to who can LOGIN or query the database? What is the exception?

Answer 29

IAM roles define who can manage the database. Security groups define which instances can access the RDS instance, and traditional user names and passwords defined in the DBMS define who can login and execute queries.

The exception is that IAM can also be used to authenticate to MySQL and Potgres which also allows ssl encryption in transit.

Question 30

When you snapshot an RDS database, is there any downtime or performance impact on either single or multi-az RDS deploys?

Answer 30

There is no downtime. But Creating this DB snapshot on a Single-AZ DB instance results in a brief I/O suspension that can last from a few seconds to a few minutes. On multi-AZ IO is not suspended on the primary as the snapshot is taken from the secondary.

Question 31

For AWS Aurora, what sort of storage architecture is used (NOT storage type) and what is the advantage of this?

Answer 31

Aurora uses a storage cluster volume to store data and this is accessible to all the db engines. The advantage is that replication is very quick as each replica doesn’t need to pull the data down and store it on its own volume.

Question 32

For an aurora , how many copies of data are maintained across how many AZ’s?

Answer 32

Aurora replicates 6 copies of your data across 3 Availability Zones

Question 33

In an aurora global database, do reads and writes occur across all regions and how many regions are there

Answer 33

There is 1 primary region and up to 5 secondary regions. Reads only occur over the secondaries, and writes only occur on the primary.

Question 34

What does RDS enhanced monitoring allow?

Answer 34

RDS enhanced monitoring allows you to monitor OS stats for the RDS instances in real time.

Question 35

I have an on premise SQL server database that I am looking to migrate to an RDS MySQL implementation. What two tools in AWS allow me to achieve this and what do they do?

Answer 35

The database migration service will allow a heterogeneous migration of databases. Because they are different schemas, the AWS schema conversion tool will be needed to migrate functions, stored procs and views between the two. If something can’t be automatically transformed AWS SCT will flag it for intervention