RDS Flashcards
What are the 6 Databases that AWS manages?
- Postgres
- MySQL
- MariaDB
- Oracle
- Microsoft SQL Server
- Aurora (AWS Proprietary DB)
Can Read Replicas be set up as Multi AZ for Disaster Recovery (DR)
Yes
Do Read Replicas cost money for ASYNC replication across Multi AZs
- Yes - it is expensive for read replicas to work across multi AZs.
- It is FREE if read replicas are in the same AZ
T/F - Read Replicas, Reads as eventually consistent
TRUE
What are the type of RDS Encryption
- At rest encryption - encryption must be defined at launch time
- In-flight encryption - SSL certificates to encrypt data to RDS in flight
RDS - what management aspects are you responsible for?
- Check the ports / IP / security group inbound rules in SG DB
- In-database user creation and permissions or manage through IAM
- Creating a DB with or without public access
- Ensure parameter groups or DB is configured to only allow SSL connections
RDS - what management aspects is AWS responsible for?
- Not allow SSH access into DB Instance
- DB Patching
- OS Patching
What are the advantages of using RDS verses deploying on EC2?
- RDS is a managed service
- Automated provisioning
- OS Patching
- Monitoring dashboards
- Read replicas available for improved performance
- Multi AZ setup for disaster recovery
- Scaling capabilities
- Storage backed by EBS
Can you SSH into an AWS RDS instance?
NO
How many Read replicas can you have for RDS?
Up to 5
Describe at rest encryption for RDS instantances
- Can be encrypted with AWS KMS AES-256
- Encryption must be defined at launch time
- If master is not encrypted read replicas can not be encrypted
Describe in-flight encryption for RDS instances
SSL certs are required to encrypt data to RDS in flight
How would you encrypt an un-encrypted RDS database?
- Create a snapshot of the un-encrypted db
- Copy the snapshot and enable encryption for the snapshot
- Restore the DB from the newly encrypted snapshot
- Migrate application to the new db, and delete the old db
Describe main features of Aurora DB
- Automatic fail-over
- Backup and recovery
- Isolation and security
- Industry compliance
- Push button scaling
- Automated patching with zero downtime
- Advanced monitoring
- Routine maintenance
- Backtrack: restore data at any point of time w/o using backups
Describe Aurora DBS secuirty
- Similar to RDS - uses same engines
- Encryption at rest using KMS
- Automated backups, snapshots and replicas are also encrypted
- Encryption in flight using SSL
- Possibility to authenticate using IAM token (same in RDS)
- You are responsible for protecting the instance with security groups
- You can NOT SSH
What is a good use case for Aurora Serverless?
Infrequent, intermittent or unpredictable workloads
What is Elasticache?
- In-memory databases with really high performance, low latency
- Helps reduce load off of databases for read intensive workloads
- Helps make your application stateless
- Redis or Memcached = options
- Involves heavy application code changes
Redis vs Memcached?
Redis:
- Multi AZ with auto-failover
- Read replicas to scale reads and have high availability
- Data durability using AOF persistance
- Backup and restore features
Memcached
- Using something called Sharding (multi node partitioning)
- NON persistent
- No backup and restore
- Multi- threaded architecture
What is lazy loading as it relates to Elasticache?
- AKA Cache-Aside or Lazy Population
- Application first makes a call to the cache. If its a cache hit, data is returned.
- If its a cache miss, another call is made to the DB, data is return to the application, then data is written to cache
What are the pros and cons of data caching / lazy loading ?
Pros:
- Only requested data is cached
- Node failures are not fatal to the application health
Cons:
- Cache miss = 3 round trips = delay for user
- Possible statle data
Which RDS Class (not Aurora) feature does not require us to change our connection string?
- Multi AZ
- Read Replicas add new endpoints for databases to read from and therefore we must change our application to have the list of these endpoints in order to balance the read load and connect to the databases
You want to ensure your Redis cluster will always be available, which do you enable: read replicas or multi-az
Multi - AZ
Which database does NOT support Transparent Data Encrytion (TDE) on RDS?
PostgresSQL
Which RDS database technology does NOT support IAM authentication?
Oracle
Remeber that both MySQL and PG are Aurora compatible and that Aurora DOES allow for IAM authentication.
