DAT30

AWS re:INVENT
Deep Dive on Amazon Relational
Database Service (RDS)
Br i an We l cke r
Principal Pro duct M anag er, A m azo n RD S
November 28, 2017

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 What i s Amazon R D S ?
• Managed relational database service in the
AWS cloud
• Multi-engine support: Amazon Aurora,
MySQL, MariaDB, PostgreSQL, Oracle, SQL
Server
• Automated provisioning, patching, scaling,
replicas, backup/restore Amazon RDS
• Easily scales to handle growth
• High availability with Multi-AZ and Amazon
Aurora

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Why use Amazon R D S ?

• Lower TCO because we manage “the muck”

• Get more leverage from your teams
• Focus on the things that differentiate you
• Built-in high availability and cross-region
replication across multiple data centers
• Even a small startup can leverage multiple data
centers to design highly available apps with
over 99.95% availability

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Configuring your database instance in
Amazon R D S

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Which R D S engine should I use?
Commercial Open Source Cloud Native

MySQL Compatible
PostgreSQL Compatible

Amazon EBS-based Storage Aurora Storage System

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Which instance type should I choose?
T2 Family M3/M4 Family R3/R4 Family
• Burstable instances • General-purpose instances • Memory-optimized instances
• 1 vCPU/1 GB RAM > 8 • 2 vCPU/8 GiB RAM > 64 • 2 vCPU/16 GiB RAM > 64
vCPU 32 GB RAM vCPU 256 GiB RAM vCPU 488 GiB RAM
• Moderate networking • High-performance • High-performance
performance networking networking
• Good for smaller or • Good for running CPU • Good for query-intensive
variable workloads intensive workloads (e.g., workloads or high
• Monitor CPU credit WordPress) connection counts
metrics
in Amazon
CloudWatch
• T2.micro is eligible for free
tier

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Which storage type should I choose?
General purpose (GP2) Provisioned IOPS (IO1) Magnetic
• S SD storage • SS D storage • Magnetic storage
• Maximum of 16 TB! • Maximum of 16 TB! • Maximum of 1 TB
• Leverages Amazon EBS • Leverages Amazon EBS • Supported for legacy
Elastic Volumes Elastic Volumes databases
• IOPS determined by • Maximum of 40 K IOPS
volume size (20 K on SQL Server)
• Minimum of 100 IOPS • Delivers within 1 0 % of
(below 33.33GiB) the IOPS performance
• Bursts to 3,000 IOPS 9 9 . 9 % of the time
(applicable below 1.3 • High performance and
TB) consistency
• Baseline of 10,000 IOPS
(at 3.3 TB and above)
• Affordable performance

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I decide between GP 2 and IO
1?
Why am I notseeing 3 0K I O P S ?

• GP2 is a great choice, but be aware of burst credits on volumes < 1 TB

• Hitting credit-depletion results in IOPS drop— latency and queue depth
metrics will spike until credits are replenished
• Monitor BurstBalance to see percent of burst-bucket I/O credits
available
• Monitor read/write IOPS to see if average IOPS is greater than the
baseline
• Think of GP2 burst rate and PIOPS
stated rate as maximum I/O rates

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I scale my database instance?
W i l lt h e r e bedowntime?

• Scale compute/memory vertically up or down

• Handle higher load to grow over time
• Lower usage to control costs
• New host is attached to existing storage with minimal
downtime
• Scale up Amazon EBS storage (now up to 16 TB!)
• Amazon EBS engines now support Elastic Volumes for
fast scaling (now including SQL Server)
• No downtime for storage scaling
• Initial scaling operation may take longer, because
storage is reconfigured on older instances
• Can re-provision IOPS on the fly

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 M an a g i ng high availability, read
replicas, and backups in Amazon R D S

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I ensure database high availability?
Multi-AZ provides enterprise-grade fault-tolerance
solution for production
databases

Automatic failover
Synchronous replication
Inexpensive and
enabled with one click
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 What happens during a Multi- AZ failover?
How long doesit tak
e?

• Each
AmazonhostEBS
manages setwith
volumes of a full S eP cr oi mn da ra yr y
copy of the data PStriamndarbyy
• Instances are monitored by an EBS EBS
#1 DNS #2
external observer to maintain
consensus over quorum
EC2 EC2
• Failover initiated by automation #1 #2
or through the Amazon RDS API
• Redirection to the new primary
instance is provided through Availability Zone #1 Availability Zone #2

DNS
APP

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Why would I use Read Replicas?
• Relieve pressure on your source
database with additional read capacity
• Bring data close to your applications in
different regions
• Promote a Read Replica to a master
for faster recovery in the event of
disaster
• Upgrade a Read Replica to a new
engine version
• Supported for MySQL, MariaDB, and
PostgreSQL

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 When should I use Multi - AZ as opposed to
Read Replicas?
M u l t i - AZ Read Replic
• Synchronous replication—highly as
durable • Asynchronous replication—highly
• Only primary instance is active scalable
at any • All replicas are active and can be
point in time used
• Backups can be taken from for read scaling
secondary • No backups configured by default
• Always in two Availability Zones • Can be within an Availability
within a Region Zone,
• Database engine version upgrades cross-AZ, or cross-region
happen on primary • Database engine version upgrades
• Automatic failover when a independently from source instance
problem is
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Can be manually promoted to a
 How does Amazon R D S manage backups?
• Two options – automated backups
and manual snapshots Transaction Logs
• Amazon RDS backups leverage
Amazon EBS snapshots stored in EBS EBS Snapshot
RDS
Amazon S3 Host Vol
• Transaction logs are stored every
5 minutes in Amazon S3 to Availability Zone #1
Amazon
support point-in-time recovery S3
(PITR)
• No performance penalty for DB RDS EBS
backups App Host Vol
• Snapshots can be copied across
Availability Zone #2
regions or shared with other
accounts
Region #1 Region #2

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 When should I use automated backups as
opposed to snapshots?
Automated backu M anual snapsho
ps ts
• Specify backup retention window per • Manually created through AWS
instance (7-day default) console, AWS CLI, or Amazon RDS API
• Kept until outside of window (35-day • Kept until you delete them
maximum) or instance is deleted
• Supports PITR • Restores to saved snapshot
• Good for disaster recovery • Use for checkpoint before making
large changes, non-production/test
environments, final copy before
deleting a database

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I restore a backup?
W h y d o e s i t t a k es o l o n g ?
• Restoring creates an entirely new database instance
• Define the instance configuration just like a
new instance
• Will get the default parameter, security, and
option groups
• New volumes are hydrated from Amazon S3
• While the volume is usable immediately, full
performance requires the volume to warm up
until fully instantiated
• Migrate to a DB instance class with high I/O
capacity
• Maximize I/O during restore process

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Securing your Amazon R D S database
instance

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I secure my Amazon R D S database?
• Amazon RDS is designed to be secure by
default
• Network isolation with Amazon Virtual
Private Cloud (Amazon VPC)
• AWS Identity and Access Management (IAM)-
based resource-level permission controls
• Encryption at rest using AWS KM S (all
engines) or Oracle/Microsoft TDE
• Use SSL protection for data in transit

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 What does Amazon VPC provide?
• Places your instance in a private subnet,
making it secure from public routes on the 10.1.0.0/16
Internet
• Database instance IP firewall protection 10.1.1.0/24
lets
you securely control network configuration
• Turn off Public Accessibility in DB instance
settings to restrict access outside Amazon VPC
• Use ClassicLink to network with non-VPC
resources Availability Zone

AWS Region

Routing AWS Direct VPN VPC Internet

rules Connect connection peering gateway

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I grant access to my database?
• Use IAM to control who can perform actions on RDS resources
• Do not use AWS root credentials to manage Amazon RDS resources—you should
create an IAM user for everyone, including yourself
• Can use AWS Multi-Factor Authentication (MFA) to provide extra level of
protection
Controlled with IAM Controlled with database

grants

DBA and Ops Users and DBA

Applications

Amazon RDS Your database

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I encrypt my database?
• Use AWS KMS-based encryption in the AWS Customer master key(s)

console
• No performance penalty for encrypting data
• Centralized access and audit of key activity
• Best practices Data keys
• Encryption cannot be removed from
DB
instances
• If source is encrypted, Read Replicas must
be encrypted
• Add encryption to an unencrypted DB
instance by encrypting a snapshot copy Amazon Amazon Amazon
RDS RDS RDS
instance 1 instance 2 instance
3

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Monitoring your Amazon R D S
database instance

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I monitor my Amazon R D S database?
Amazon CloudWatch metrics
• CPU/Storage/Memory
• Swap usage
• I/O (read and write)
• Latency (read and write)
• Throughput (read and write)
• Replica lag
Amazon CloudWatch Alarms
•Similar to on-premises monitoring tools
Enhanced monitoring for Amazon RDS
• Access to over 50 CPU, memory, file
system, and disk I/O metrics
•Low as 1-second intervals Integration
with third-party monitoring tools

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I improve database performance?
• Introducing Amazon RDS
Performance Insights
• Measures DB Load: Average Active
Sessions (AAS)
• Identifies database bottlenecks
(Top SQL)
• Easy
• Powerful
• Identifies source of bottlenecks
• Enables problem discovery
• Adjustable time frame
• Hour, day, week, and longer
• Coming soon for Amazon EBS-based
Amazon RDS engines
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Can I know when service events happen?
• Amazon RDS uses Amazon SNS to
receive notification when an event
occurs
• Notifications can be in any form
supported by Amazon SNS (email, a
text message, or a call to an HTTP
endpoint)
• Six different source types (DB instance,
DB parameter group, DB security
group, DB snapshot, DB cluster, DB
cluster snapshot)
• 17 different event categories
(availability, backup, deletion,
configuration change, etc.)

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Maintenance and billing for Amazon
RDS

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do you maintain my database?
H o w c a n I p l a nf o r i t ?
• Any maintenance that causes downtime (typically only a few times per year) will
be scheduled in your maintenance window
• Operating system or Amazon RDS software patches are usually performed
without restarting databases
• Database engine upgrades require downtime
• Minor version upgrades—automatic or manually applied
• Major version upgrades—manually applied
• Version deprecations—three- to six-month notification before
scheduled
upgrades
• View upcoming maintenance
events in your AWS Personal
Health Dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How am I charged for Amazon R D S ?
• Database instance (instance hours)
• Combination of Region + instance type + database Amazon RDS Free Tier
engine + license (optional)
• Database storage (GB-mo)
• Can be either provisioned (Amazon EBS) or consumed
(Amazon Aurora)
• Provisioned IOPS (IOPS-Mo) for IO1 storage type
• Database I/O requests (IOs) for Amazon Aurora and
Amazon EBS magnetic-storage types
• Backup storage (GB-mo)
• Size of backups and snapshots stored in Amazon S3
• No charge for backup storage up to 1 0 0 % of total
database storage
• Data transfer (GB-mo)
• Uses AWS regional data-transfer pricing

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How do I understand my bill?
• Amazon RDS charges are grouped by
Region
• Instances are grouped by engine
• Storage and backup charges are cross-
engine
• Use AWS Cost Explorer for graphical
comparison
• Use the AWS Cost & Usage Report
for
billing details
• Must be enabled for account
• Stored in your Amazon S3
bucket

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 How can I save money on my database?
• Amazon RDS Reserved Instances (RIs) provide a discount over on-demand prices
• Region, instance family, and engine of on-demand usage must match to apply
benefit
• Amazon RDS RIs offer size flexibility for open-source and Oracle BYOL engines
• By default, RIs are shared between all
accounts in consolidated billing
• Use the RI utilization report to
determine
how your RIs are being used
• Support for RI coverage report
coming soon

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Can I stop my database when i t ’ s not
in use?
• Stop and start a running database instance from
the console or AWS CLI
• Available for single-AZ DB instances
• While instance is stopped, you only pay for storage
• Backup retention window is maintained while
stopped
• Instances are restarted after 7 days
• Pending maintenance operations are
applied
• Instances can be stopped again if
desired

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Related S e s s i o n s at re:
Invent Technology Trends in Data
DAT311 Wednesday, Nov 29, 11:30 AM
Processing Venetian, Level 5, Palazzo N
DAT312 Migrating Your SQL Server Wednesday, Nov 29, 4:00 PM
Databases to Amazon RDS Venetian, Level 3, Lido 3006
DAT203 Running MySQL Databases on Thursday, Nov 30, 11:30
AWS Venetian, Level 1, Casanova 502
DAT201 AWS Database and Analytics State Thursday, Nov 30, 12:15 PM
of the Union - 2017 Venetian, Level 2, Venetian Theatre
DAT313 Running Oracle Databases on Thursday, Nov 30, 4:45 PM
Amazon RDS Venetian, Level 4, Lando 4202
DAT314 Best Practices for Running Friday, Dec 1, 9:15 AM
PostgreSQL on AWS Venetian, Level 4, Lando 4202

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Thank you!

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.