Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Deep Dive: Amazon RDS

5,056 views

Published on

For more training on AWS, visit: https://www.qa.com/amazon
AWS Loft | London - Deep Dive: Amazon RDS by Toby Knight, Manager Solutions Architecture, 18 April 2016

Published in: Technology

Deep Dive: Amazon RDS

  1. 1. ©  2016,  Amazon  Web  Services,  Inc.  or  its  Affiliates.  All  rights  reserved. Toby  Knight  – Manager,   Solutions  Architecture April  2016 Deep  Dive:    Amazon  RDS
  2. 2. Agenda RDS  overview Security High  availability Performance Data  migration Aurora Pricing Questions
  3. 3. RDS  Overview
  4. 4. Amazon  RDS Cost-­efficient  and   scalable Managed  service Six  database  engines
  5. 5. Amazon  RDS Easy  to  set  up,  operate,  and  scale  a   relational  database   Automatically  patches  the  database   software  and  backs  up  your  database Ability  to  scale  the  compute  resources   or  storage  capacity  associated  with   your  relational  database  instance  via  a   single  API  call
  6. 6. Choice  of  database  engines MariaDB AMAZON AURORA Microsoft   SQL  Server Oracle DB
  7. 7. Use  cases Transactional  systems Systems  of  record eCommerce,  CRM,  Finance,  HR,  Assets,  etc,   Existing  SQL-­based  workloads Almost  any  relational  datasets
  8. 8. Airbnb chose  Amazon  RDS AWS  is  the  easy  answer  for   any  Internet  business  that   wants  to  scale  to  the  next   level.” Nathan  Blecharczyk Co-­founder  &  CTO  of  Airbnb ” “ Airbnb is  a  community  marketplace  that  allows   property  owners  and  travelers  to  connect  with   each  other  for  the  purpose  of  renting  unique   vacation  spaces  around  the  world Airbnb chose  Amazon  RDS  because  it   simplifies  much  of  the  time-­consuming   administrative  tasks  typically  associated  with   databases.
  9. 9. Create  MySQL  DB  instance  via  CLI aws rds create-db-instance --db-name demo --db-instance-identifier tobyRDSdemo1 --db-instance-class db.t2.micro --engine MySQL --master-username admin --master-user-password myPassword123 --no-multi-az --storage-type gp2 --allocated-storage 10
  10. 10. Demo: Create  DB  Instance  via   Management  Console
  11. 11. Flipboard relies  on  Amazon  RDS We  were  able  to  go  from   concept  to  delivered  product   in  about  six  months  with  just   a  handful  of  engineers. Greg  Scallan Chief  Architect,  Flipboard ” “ Flipboard is  an  online  magazine  with  millions  of   users  and  billions  of  “flips”  per  month Uses  Amazon  RDS  and  its  Multi-­AZ  capabilities   to  store  mission  critical  user  data  
  12. 12. Security
  13. 13. RDS  Security VPC Security  groups Encryption  of  data  at  rest SSL  encrypted  client  connection Identity  and  Access  Management CloudTrail for  audit
  14. 14. RDS  and  VPC Select  your  own  IP  address  range Create  subnets  and  configure  routing  and  access   control  lists Essential  functionality  of  Amazon  RDS  the  same  in  a   VPC:    Amazon  RDS  manages  backups,  software   patching,  automatic  failure  detection  and  recovery No  additional  cost  to  run  your  DB  instance  in  a  VPC
  15. 15. RDS,  VPC  and  Security  Groups Availability  Zone  1 Availability  Zone  2 security  groupsecurity  group web app server RDS  Multi-­AZ   DB  Instance web app server Route 53 hosted zone: www.example.com Auto   Scaling  group VPC  subnet VPC  subnet Elastic Load Balancer
  16. 16. Data  encryption RDS  encrypted  instances  are  available  for  all  DB   engines AES-­256  encryption No  need  to  modify  client  application Achieve  compliance  with  data  at  rest  encryption Manage  keys  using  Key  Management  System  (KMS) All  logs,  backups  and  snapshots  are  encrypted
  17. 17. Create  RDS  encrypted  instance  via  console
  18. 18. Create  RDS  encrypted  instance  via  CLI aws rds create-db-instance --db-name demo --db-instance-identifier tobykrdsdemo5 --db-instance-class db.m4.large --engine MySQL --master-username admin --master-user-password myPassword123 --multi-az --storage-type gp2 --allocated-storage 10 --storage-encrypted --kms-key-id e43f6d83-6497-47fd-9edc-ceeb89af0ac3
  19. 19. SSL  encryption  for  client  connections All  RDS  DB  engines  support  SSL  encryption RDS  creates  and  installs  SSL  certificate  when  instance  is   provisioned SSL  cert  uses  DB  instance  endpoint  as  Common  Name  to   prevent  spoof  attacks You  can  use  the  GRANT  statement  to  require  SSL   connections  for  specific  user  accounts
  20. 20. SSL  encryption  for  client  connections Public  key  is  available  at: http://s3.amazonaws.com/rds-­downloads/rds-­combined-­ca-­ bundle.pem To  encrypt  connection  using  mysql client: mysql -h instance.cxyz123.rds-eu-west-1.amazonaws.com --ssl-ca=[full path]rds-combined-ca-bundle.pem --ssl-verify-server-cert
  21. 21. Identity  and  Access  Management RDS  resources  include: DB  instance DB  cluster DB  snapshot DB  cluster  snapshot […] Types  of  policies: Identity-­based  policies  (IAM   Policies) Resource-­based  policies
  22. 22. Identity  and  Access  Management Use  IAM  to  create  role  based   access  control  (RBAC) Separation  of  duties Principle  of  least  privilege Consider  security  within  RDBMS
  23. 23. CloudTrail for  audit Turn  on  CloudTrail on  your  AWS  Account Configure  delivery  to  CloudWatch Logs Configure  SNS  notifications  for  specific  API  activities
  24. 24. High  availability
  25. 25. High  availability Backup  and  restore Multi-­AZ  deployment Read  replicas Cross  region  snapshot  copy Monitoring
  26. 26. Scheduled  backup  via  console
  27. 27. Scheduled  backup  via  CLI aws rds modify-db-instance --db-instance-identifier mysqldemo1 --backup-retention-period 30 --preferred-backup-window 02:00-03:00 --apply-immediately
  28. 28. Scheduled  backup  via  CLI aws rds modify-db-instance --db-instance-identifier mysqldemo1 --backup-retention-period 0 --apply-immediately
  29. 29. Manual  backup  via  console
  30. 30. Manual  RDS  instance  snapshot  via  CLI aws rds create-db-snapshot --db-snapshot-identifier myDbSnap --db-instance-identifier mysqldemo1
  31. 31. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet Synchronous   physical  replication
  32. 32. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet Synchronous   physical  replication
  33. 33. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  34. 34. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  35. 35. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  36. 36. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  37. 37. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  38. 38. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet
  39. 39. Multi-­AZ  deployment Availability  Zone  1 Availability  Zone  2 security  group mydb1.abc45345.eu-­west-­1.rds.amazonaws.com:3306 VPC  subnetVPC  subnet Synchronous   physical  replication
  40. 40. RDS  Read  replicas Provide  enhanced  performance  and  durability Scale  out  beyond  single  DB  instance Ideal  for  read-­heavy  DB  workloads Create  up  to  5  replicas  per  master Increase  aggregate  read  throughput Read  replicas  can  be  promoted Available  in  MySQL,  PostgresSQL,  MariaDB and  Aurora
  41. 41. Second-­Tier  Replicas Availability  Zone
  42. 42. Second-­Tier  Replicas Availability  Zone
  43. 43. Cross  region  snapshot  copy
  44. 44. Monitoring RDS Use  CloudWatch to  monitor  health  of  DB  instance Subscribe  to  RDS  events,  e.g.  change  to  DB  instance  or   DB  snapshot View,  download,  watch  DB  log  files  using  the  RDS  console Use  CloudTrail to  monitor  RDS  actions  on  your  AWS   account
  45. 45. CloudWatch for  RDS RDS  metrics  are  available  with  all  DB  engines RDS  sends  metrics  for  each  DB  instance  every   minute Detailed  monitoring  enabled  by  default For  DB  specific  metrics  (e.g.  MySQL  – insert   queries/second)  you  need  to  monitor  the  DB   engine  itself
  46. 46. CloudWatch for  RDS
  47. 47. Monitoring RDS  – Datadog
  48. 48. Performance
  49. 49. Performance Use  the  right  AWS  service  for  the  workload! DB  fundamental  resources:    CPU,  memory,  disk,  network Instance  type  and  size Disk  type:    P-­IOPS,  GP  SSD,  Magnetic SQL  Data  types  – VARCHAR(8000)  anyone?   Indexes  and  performance  tuning Read  replicas
  50. 50. Data  migration
  51. 51. AWS  Database  Migration  Service Includes  schema  conversion  tool Convert  Oracle  PL/SQL,  SQL  Server  T-­SQL   to  Amazon  Aurora  /  MySQL Setup  data  replication  task  <  10  minutes One-­off  or  continuous  replication Target  RDS  or  EC2  based  database Supported  source/target  include:  Oracle,   SQL  Server,  MySQL,  Amazon  Aurora  and   PostgreSQL
  52. 52. Database  Migration  Service
  53. 53. Aurora
  54. 54. Amazon  Aurora Fast  and  cost  effective Enterprise  performance  and  features 5x  throughput  of  MySQL Compatible  with  MySQL  5.6 Multi-­AZ  deployments Storage  Auto-­scaling Fault  tolerant,  self  healing  storage No  need  to  replay  DB  redo  logs  for  crash  recovery Isolates  DB  cache  from  DB  process
  55. 55. Create  Aurora  DB  cluster aws rds create-db-cluster --db-cluster-identifier tobykrdsdemo2 --engine aurora --master-username admin --master-user-password loft2016demo1 --vpc-security-group-ids sg-13bf4974
  56. 56. Pricing
  57. 57. RDS  Pricing  Example Item Description Price ($/month) 1  x  Production DB   instance  (on  Demand) MySQL,  db.m4.xlarge,   Multi-­AZ 565.11 Provisioned IOPS   storage 200GB, 1000   Provisioned  IOPS 275.20 Backups 200GB additional 19.00 Data  transfer out 2GB 0.09 Free  tier  discount -­1.99 Total $857.41 Pricing  example  uses  eu-­west-­1  region.    For  latest  pricing  go  to  http://aws.amazon.com/rds/pricing/  
  58. 58. Thank  you! Toby  Knight Manager,  Solutions  Architecture Amazon  Web  Services

×