RDS/Aurora/ElastiCache

Question 1

What is AWS RDS? What does it support?

Answer 1

Relational Database Service that uses SQL.
Runs on EC2 instances so you must choose instance type
Usually for OLTP (Online Transaction Processing)

Supports: "MO' SPAM"
MySQL
PostgreSQL
Maria
Oracle
SQL Server
Aurora

Question 2

Why would I use RDS instead of EBS?

Answer 2

RDS is managed:
     • provisions/patches
     • backups, restore
     • monitoring dashboards
     • read replicas
     • Multi-AZ for DR
     • maintenance windows for upgrades
     • scaling vertical & horizontal
     • storage backed by EBS (gp or io)

Can NOT SSH into instances.

Question 3

Describe an RDS backup

Answer 3

• Automatically enabled.
• Daily full backup during maintenance window (you choose when)
• Transaction logs backed up every 5 minutes
• you can restore to any point in time from oldest to 5 min ago.
• 7 days retention (up to 35 days)

Question 4

Describe an RDS snapshot

Answer 4

• manually triggered by user
• retention as long as you want
• backs up the entire instance
• will interrupt I/O if only 1 instance or if SQL-Server

Question 5

What is RDS Auto Scaling?

Answer 5

RDS will automatically increase storage when you are running out of space. Limitations:
• free storage < 10% allocated storage (90% full)
• low-storage for at least 5 mins
• 6 hours since last modification

You have to set a Maximum Storage Threshold.

Great for unpredictable workloads

Question 6

What is an RDS Read Replica? What are the characteristics?

Answer 6

A copy of your database for read-only.

• Up to 5 replicas
• within AZ, across AZ, cross-region
• Async (eventually consistent)
• applications have to update the connection string to use read replicas.

Question 7

What is the cost to move RDS data from one AZ to another?

Answer 7

Usually, there is a cost to move data across AZs, often waived for MANAGED services.

For RDS if it’s in the same region, then it’s free.

Cross-REGION has cost.

Question 8

What is RDS Multi-AZ?

Answer 8

• RDS in AZ1 is replicated SYNChronously to a standby DB in AZ2 (any change happens in both to be accepted).
• Only 1 DNS name so if #1 fails there is automatic failover to #2. No need to change the connection string in your app.

For Disaster Recovery (DR).

Question 9

Can you set up an RDS Read Replica as Multi-AZ for DR?

Answer 9

Yes.

Question 10

How do you go from single AZ to Multi-AZ RDS?

Answer 10

Click “modify” on the db.
There is NO downtime.

Behind the scenes, it creates a snapshot of #1, copies to #2, then synchronizes between them.

Question 11

My RDS database is not encrypted. How do I encrypt its replicas?

Answer 11

You cannot. Encryption has to be defined at launch. If the master is not encrypted, the replicas cannot be either. The read replica will always have the same encryption as the primary.

You can’t disable encryption for your db either.

Question 12

How is at-rest encryption handled in RDS?

Answer 12

AWS KMS (AES-256). No performance impact.

For Oracle, SQLServer you can use Transparent Data Encryption (TDE) - may have performance impact.

Question 13

How is in-flight encryption handled in RDS?

Answer 13

SSL

To enforce SSL:
• PostgreSQL: rds.force_ssl=1 in the RDS Console parameter group.
• MySQL use command: GRANT USAGE ON . TO……REQUIRE SSL.

Question 14

I have an unencrypted RDS database. How do I encrypt it?

Answer 14

Create a snapshot.
Copy the snapshot and enable encryption.
Restore the db from the copy.
Migrate applications to the new db
Delete the old db.

The new one will have a NEW ENDPOINT.

Question 15

Describe RDS network security. Where do DBs live? How do you control access?

Answer 15

DBs are deployed in a PRIVATE subnet.

Security is controlled by security groups, i.e. security groups control which IP or security group can communicate with RDS.

Question 16

How do you handle Access Management in RDS?

Answer 16

• IAM policies control who can MANAGE the DB (through RDS API, i.e. RDS Service)
• To log in to the DB, traditional username/password that is managed in the DB.
• For MySQL/PostgreSQL you can use IAM-based Databse Authentication to log in. (no password, just auth token that you get from RDS Service - lasts 15 mins)
  
  • this is good for managing users centrally instead of in the db
  • network in/out encrypted using SSL
  • you can leverage IAM roles and EC2 instance profiles

Question 17

When you create a read replica for RDS, what KMS key will it use?

Answer 17

If in the same region as the primary then SAME key.

If not, then new key.

Question 18

Can you restore an unencrypted backup/snapshot to an encrypted DB instance?

Answer 18

No

Question 19

What flavors does Amazon Aurora support?

Answer 19

PostgreSQL and MySQL

Question 20

Why would you choose Aurora over RDS?

Answer 20

• Cloud-optimized, 3-5x performance improvement
• Storage grows automatically up to 125TB per db instance
• up to 15 replicas (except MySQL), faster replication (only 1 master)
• Instantaneous failover, super high availability
• costs 20% more but is more efficient
• Support cross-region replication
• “Backtrack” without using backups

Question 21

How does Aurora maintain high availability?

Answer 21

• 6 replicas across 3 AZs
• self-healing with peer-to-peer replication
• storage striped across 100s of volumes
• continuous backup to S3

• you can have cross-REGION cluster with scaling and failover with MySQL

Question 22

How does Aurora work?

Answer 22

• master and replicas have shared storage volume that auto-expands

• Has write endpoint always pointing to master.
• endpoint auto directs to new master in DR.

• reader endpoint connects to all replicas. With autoscaling no need to update endpoints in applications. Handles load balancing.

Question 23

How does Aurora security compare to RDS security?

Answer 23

It’s the same. Same engines.

Question 24

What is an Aurora custom endpoint?

Answer 24

You can assign a custom endpoint to run on specific replicas (e.g. ones that are larger and more powerful).

If you do this then you would not use the reader endpoint anymore. You’d set up a bunch of custom endpoints.

Question 25

What is Aurora Serverless?

Answer 25

On demand Automated scaling, instantiation based on actual usage. It’s not running all the time, it’s waiting for traffic and then gets instantiated.

Router fleet controls connections coming in, connects to a warm pool of capacity.

Pay per second (can be cheaper that way).
Does NOT support read REPLICAS or public IPs
Access only through VPC or DirectConnect, not VPN

Good for infrequent, intermittent, unpredictable workloads.

Question 26

What if you want immediate failover on the master node in Aurora?

Answer 26

Use Multi-Master for MySQL. Every node does read/write instead of promoting a replica to master.

Up to 4 nodes. NOT cross-region.

Question 27

How does Global Aurora work?

Answer 27

You can have cross-region read replicas
OR
Global Database:
• 1 primary region with up to 5 read-only regions
• up to 16 replicas per secondary region
• DR promotion to another region < 1 minute

Question 28

How can I add Machine Learning predictions to my applications via SQL?

Answer 28

Use Aurora integrated with SageMaker(ML) or Comprehend(sentient analysis.)

Good for fraud detection, ad targeting, sentiment analysis, product recommendations

Question 29

What are some things you can NOT do with RDS?

Answer 29

• Any flavor of SQL that is not on the list

* Anything where you need root access to the OS (patching, installing tools, etc.)

Question 30

What is ElastiCache?

Answer 30

RDS is to Relational Databases as
ElastiCache is to Redis/Memcached

• in memory db
• key/value store
• ElastiCache nodes run on EC2 (need to choose instance type)

• can be used in front of dbs like RDS or DynamoDB

Question 31

Why would you want to use a cache for your DB? What is the downside to ElastiCache?

Answer 31

• High performance, low latency
• Helps make your application stateless by keeping session data
• Reduces workload on DB

Downside: heavy code changes are required in your app

Question 32

What is the difference between Redis and Memcached?

Answer 32

Redis works a lot like RDS, high availability: 
     • multi-AZ with Auto-failover
     • read replicas, data durability 
     • backup/restore
     • for complex data types

Memcached:
     • multi-node for partitioning of data (sharding)
     • no high availability, encryption
     • Non-persistent, no backup/restore
     • multi-threaded architecture !!!
     • for simple data types

Question 33

How do you handle authentication in ElastiCache (Redis and Memcached)?

Answer 33

NO IAM authentication.
IAM policies only for API level (create, delete cache, etc.)

Redis:
• create Redis cluster and set password/token.
• supports SSL for in-flight encryption

Memcached:
• SASL-based authentication

Question 34

A company is designing a banking portal that uses Amazon ElastiCache for Redis as its distributed session management component. Since the other Cloud Engineers in your department have access to your ElastiCache cluster, you have to secure the session data in the portal by requiring them to enter a password before they are granted permission to execute Redis commands.

As the Solutions Architect, which of the following should you do to meet the above requirement?

Answer 34

Use Redis AUTH by creating a new cluster with transit encryption enabled, and auth-token enabled.

Question 35

What are 3 patterns for loading data into ElastiCache?

Answer 35

LazyLoading (data can become stale)

Write through: no stale data, updated on every write

Session store: store session data using TTL(time to live) features

Question 36

I have a game that requires a real-time leaderboard. How can I achieve it?

Answer 36

Use Redis Sorted Sets.

Question 37

You have migrated the MySQL database from on-premises to RDS. You have a lot of applications and developers interacting with your database. Each developer has an IAM user in the company’s AWS account. What is a suitable approach to give access to developers to the MySQL RDS DB instance instead of creating a DB user for each one?

Answer 37

Enable IAM Database Authentication

Question 38

What are some common use cases for ElastiCache?

Answer 38

Web session store
Database caching (for popular queries)
Leaderboards (Redis)
Streaming data dashboards (e.g. sensor data)

Question 39

How do you scale in Memcached vs. Redis?

Answer 39

Memcached:
• add nodes to a cluster
• scale the node vertically (make EC2 bigger), but you have to create a new cluster manually

Redis - cluster mode DISABLED:
• add replica or change node type (creates new cluster)

Redis - cluster mode ENABLED:

 1) Online resharding - add/remove shards, vertical scaling to change node type
 2) Offline resharding - add/remove shards, change node type or upgrade engine

Question 40

An online shopping platform is hosted on an Auto Scaling group of Spot EC2 instances and uses Amazon Aurora PostgreSQL as its database. There is a requirement to optimize your database workloads in your cluster where you have to direct the write operations of the production traffic to your high-capacity instances and point the reporting queries sent by your internal staff to the low-capacity instances.

What is the most suitable configuration for your application as well as your Aurora database cluster to achieve this requirement?

Answer 40

Create a custom endpoint for each requirement.

Question 41

There are a lot of outages in the Availability Zone of your RDS database instance to the point that you have lost access to the database. What could you do to prevent losing access to your database in case that this event happens again?

Answer 41

Enable Multi-AZ failover.

Question 42

A retail website has intermittent, sporadic, and unpredictable transactional workloads throughout the day that are hard to predict. The website is currently hosted on-premises and is slated to be migrated to AWS. A new relational database is needed that autoscales capacity to meet the needs of the application’s peak load and scales back down when the surge of activity is over.

What is the MOST cost-effective and suitable database setup in this scenario?

Answer 42

Aurora Serverless cluster, then set min/max for the cluster.

Question 43

A Forex trading platform, which frequently processes and stores global financial data every minute, is hosted in your on-premises data center and uses an Oracle database. Due to a recent cooling problem in their data center, the company urgently needs to migrate their infrastructure to AWS to improve the performance of their applications. As the Solutions Architect, you are responsible in ensuring that the database is properly migrated and should remain available in case of database server failure in the future.

What is the most suitable solution to meet the requirement?

Answer 43

Oracle db in RDS with Multi-AZ deployments.

Question 44

A Solutions Architect needs to set up a relational database and come up with a disaster recovery plan to mitigate multi-region failure. The solution requires a Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of less than 1 minute.

What can fulfill this requirement?

Answer 44

Aurora Global Database

Question 45

A financial application is composed of an Auto Scaling group of EC2 instances, an Application Load Balancer, and a MySQL RDS instance in a Multi-AZ Deployments configuration. To protect the confidential data of your customers, you have to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances via an authentication token.

As the Solutions Architect of the company, what should you do to meet the above requirement?

Answer 45

Enable IAM DB Authentication

Question 46

An accounting application uses an RDS database configured with Multi-AZ deployments to improve availability. What would happen to RDS if the primary database instance fails?

Answer 46

When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary