The document provides training materials for 9 modules on Amazon Web Services (AWS). It covers database services like Relational Database Service (RDS), Aurora and ElastiCache. Specific topics include RDS backups, read replicas, security and encryption, Aurora features and replication. The author is Bui Quang Lam and includes their contact information.
From HashiCorp Korea User Group Meetup
발표자: 김민규(데브시스터즈, 인프라 관리, https://github.com/synthdnb)
발표자: 김도윤(데브시스터즈, 플랫폼 API 서버 개발, https://github.com/solmonk)
발표내용: 팀의 규모가 커지면서 Secret 관리 문제가 조금씩 부각되었습니다. 예를 들면 코드에 커밋되거나, 구전으로 전해지는 Secret들, SSH Key Rotation 등의 문제를 처리하기 위해 많은 노력과 삽질이 필요했습니다. 저희 팀에서 Vault를 통해 이런 문제들을 어떻게 해결했는지 소개하려 합니다.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
(AWS Certification Training: https://www.edureka.co/cloudcomputing)
This “Amazon Redshift" tutorial by Edureka will help you understand what Amazon Redshift is & how to set up a data warehouse on cloud using Amazon Redshift. Below are the topics covered in the ppt:
1. Traditional Data Warehouse
2. Amazon Redshift – A to Z
3. Demo on Amazon Redshift
Check out our complete AWS Playlist here: https://goo.gl/8qrfKU
An overview of the Amazon ElastiCache managed service, with examples of how it can be used to increase performance, lower costs and augment other database services and databases to make things faster, easier and less expensive.
From HashiCorp Korea User Group Meetup
발표자: 김민규(데브시스터즈, 인프라 관리, https://github.com/synthdnb)
발표자: 김도윤(데브시스터즈, 플랫폼 API 서버 개발, https://github.com/solmonk)
발표내용: 팀의 규모가 커지면서 Secret 관리 문제가 조금씩 부각되었습니다. 예를 들면 코드에 커밋되거나, 구전으로 전해지는 Secret들, SSH Key Rotation 등의 문제를 처리하기 위해 많은 노력과 삽질이 필요했습니다. 저희 팀에서 Vault를 통해 이런 문제들을 어떻게 해결했는지 소개하려 합니다.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
(AWS Certification Training: https://www.edureka.co/cloudcomputing)
This “Amazon Redshift" tutorial by Edureka will help you understand what Amazon Redshift is & how to set up a data warehouse on cloud using Amazon Redshift. Below are the topics covered in the ppt:
1. Traditional Data Warehouse
2. Amazon Redshift – A to Z
3. Demo on Amazon Redshift
Check out our complete AWS Playlist here: https://goo.gl/8qrfKU
An overview of the Amazon ElastiCache managed service, with examples of how it can be used to increase performance, lower costs and augment other database services and databases to make things faster, easier and less expensive.
Amazon Elasticache - Fully managed, Redis & Memcached Compatible Service (Lev...Amazon Web Services Korea
Amazon ElastiCache는 Redis 및 MemCached와 호환되는 완전관리형 서비스로서 현대적 애플리케이션의 성능을 최적의 비용으로 실시간으로 개선해 줍니다. ElastiCache의 Best Practice를 통해 최적의 성능과 서비스 최적화 방법에 대해 알아봅니다.
What’s New in the Upcoming Apache Spark 3.0Databricks
Learn about the latest developments in the open-source community with Apache Spark 3.0 and DBR 7.0The upcoming Apache Spark™ 3.0 release brings new capabilities and features to the Spark ecosystem. In this online tech talk from Databricks, we will walk through updates in the Apache Spark 3.0.0-preview2 release as part of our new Databricks Runtime 7.0 Beta, which is now available.
OSMC 2022 | Ignite: Observability with Grafana & Prometheus for Kafka on Kube...NETWAYS
Self-managing a highly scalable distributed system with Apache Kafka® at its core is not an easy feat. That’s why operators prefer tooling such as Confluent Control Center for administering and monitoring their deployments. However, sometimes, you might also like to import monitoring data into a third-party metrics aggregation platform for service correlations, consolidated dashboards, root cause analysis, or more fine-grained alerts. If you’ve ever asked a question along these lines: Can I export JMX data from Confluent clusters to my monitoring system with minimal configuration? What if I could correlate this service’s data spike with metrics from Confluent clusters in a single UI pane? Can I configure some Grafana dashboards for Confluent clusters?
This talk will enable you on achieving the below:
Monitoring Your Event Streams: Integrating Confluent with Prometheus and Grafana (this article)
Monitoring Your Event Streams: Tutorial for Observability Into Apache Kafka Clients
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Disaster Recovery using AWS -Architecture blueprintsHarish Ganesan
This presentation explores various ways of architecting Disaster Recovery using Amazon Web services (AWS) Cloud The sample architecture element contains Managed DNS servers , Load Balancers and Data replicators , Amazon EC2 , MySQL M-M , AWS EBS ,AWS Elastic Load Balancing, AWS Auto Scaling , AWS CloudWatch and AWS S3
With cloud, you have the flexibility to acquire and use IT resources and services on-demand, which represents a major shift from traditional approaches managing cost. A key first step on your organization’s cloud journey is to establish best practices for cost management in the cloud. AWS' cost optimization techniques help our customers understand cost drivers and effectively manage the cost of running existing application workloads or new ones in the cloud.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
Amazon Elasticache - Fully managed, Redis & Memcached Compatible Service (Lev...Amazon Web Services Korea
Amazon ElastiCache는 Redis 및 MemCached와 호환되는 완전관리형 서비스로서 현대적 애플리케이션의 성능을 최적의 비용으로 실시간으로 개선해 줍니다. ElastiCache의 Best Practice를 통해 최적의 성능과 서비스 최적화 방법에 대해 알아봅니다.
What’s New in the Upcoming Apache Spark 3.0Databricks
Learn about the latest developments in the open-source community with Apache Spark 3.0 and DBR 7.0The upcoming Apache Spark™ 3.0 release brings new capabilities and features to the Spark ecosystem. In this online tech talk from Databricks, we will walk through updates in the Apache Spark 3.0.0-preview2 release as part of our new Databricks Runtime 7.0 Beta, which is now available.
OSMC 2022 | Ignite: Observability with Grafana & Prometheus for Kafka on Kube...NETWAYS
Self-managing a highly scalable distributed system with Apache Kafka® at its core is not an easy feat. That’s why operators prefer tooling such as Confluent Control Center for administering and monitoring their deployments. However, sometimes, you might also like to import monitoring data into a third-party metrics aggregation platform for service correlations, consolidated dashboards, root cause analysis, or more fine-grained alerts. If you’ve ever asked a question along these lines: Can I export JMX data from Confluent clusters to my monitoring system with minimal configuration? What if I could correlate this service’s data spike with metrics from Confluent clusters in a single UI pane? Can I configure some Grafana dashboards for Confluent clusters?
This talk will enable you on achieving the below:
Monitoring Your Event Streams: Integrating Confluent with Prometheus and Grafana (this article)
Monitoring Your Event Streams: Tutorial for Observability Into Apache Kafka Clients
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Disaster Recovery using AWS -Architecture blueprintsHarish Ganesan
This presentation explores various ways of architecting Disaster Recovery using Amazon Web services (AWS) Cloud The sample architecture element contains Managed DNS servers , Load Balancers and Data replicators , Amazon EC2 , MySQL M-M , AWS EBS ,AWS Elastic Load Balancing, AWS Auto Scaling , AWS CloudWatch and AWS S3
With cloud, you have the flexibility to acquire and use IT resources and services on-demand, which represents a major shift from traditional approaches managing cost. A key first step on your organization’s cloud journey is to establish best practices for cost management in the cloud. AWS' cost optimization techniques help our customers understand cost drivers and effectively manage the cost of running existing application workloads or new ones in the cloud.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
An overview of running Oracle Database, Fusion Middleware and Oracle Applications on AWS. Covers licensing, pricing, support, security, networking, Amazon VPC, Amazon EC2, Amazon EBS, use cases, and customer successes.
AWS Webcast - Backup & Restore for ElastiCache/Redis: Getting Started & Best ...Amazon Web Services
ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. With the introduction of Redis Backup and Restore, you can now create a snapshot of your entire ElastiCache for Redis cluster as it exists at a specific point in time. Schedule automatic, recurring daily snapshots, as well as initiate a manual snapshot at any time.
In this webinar, we'll discuss what you can do with this new capability, explain how it works, and describe how to get the most out of it. Key reasons to attend:
- Get a brief overview of Amazon ElastiCache for Redis
- Learn about use cases for the new backup/restore functionality
- Discover important best practices
- Get answers about the service
AWS re:Invent 2016: Deep Dive on Amazon Relational Database Service (DAT305)Amazon Web Services
Amazon RDS allows customers to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS provides you six database engines to choose from, including Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB. In this session, we take a closer look at the capabilities of RDS and all the different options available. We do a deep dive into how RDS works and the best practises to achive the optimal perfomance, flexibility, and cost saving for your databases.
Understand how to architect an infrastructure to handle going from zero to millions of users. From leveraging highly scalable AWS services to making smart decisions on building out your application, you'll learn a number of best practices for scaling your infrastructure in the cloud.
AWS Certified Cloud Practitioner Course S11-S17Neal Davis
This deck contains the slides from our AWS Certified Cloud Practitioner video course. It covers:
Section 11 Databases and Analytics
Section 12 Management and Governance
Section 13 AWS Cloud Security and Identity
Section 14 Architecting for the Cloud
Section 15 Accounts, Billing and Support
Section 16 Migration, Machine Learning and More
Section 17 Exam Preparation and Tips
Full course can be found here: https://digitalcloud.training/courses/aws-certified-cloud-practitioner-video-course/
AWS Webcast - Introduction to Amazon RDS: Low Admin, High Performance Databas...Amazon Web Services
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you up to focus on your applications and business.
In this webinar we review how to move your existing databases to RDS with minimum disruption. We will also cover how to deploy very high performance databases on the cloud. And finally, we will provide examples of how customers have successfully deployed high performance databases using RDS.
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...Amazon Web Services
This webinar will emphasize how easy it is to deploy AWS resources with access to various publicly available AMIs, SaaS solutions, and CloudFormation templates to get started quickly with AWS. This session will dig deeper into how to launch critical business applications on AWS such as deploy an emergency website, launch SharePoint server and more. The gist of the webinar will be on ease of use and ability to clone environments that largest customers are running while trivializing undifferentiated heavy lifting to emphasize AWS’ ease in deploying in enterprises settings.
For people who start to create a cloud service, it’s really important to know how to create a scalable cloud service to fit the growth of the future workloads. In this session, we will introduce how to design a scalable cloud service including AWS services introduction and best practices.
Amazon Web Services (AWS) can make hosting scalable, highly-available websites and web applications easier and less expensive for the Enterprise Education customers. Join us for an informative webinar on tools AWS provides to elastically scale your architecture to avoid underutilized resources while reducing complexity with templates, partners, and tools to do much of the heavy lifting of creating and running a website for you.
by Joyjeet Banerjee, Enterprise Solution Architect, AWS
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business. We’ll discuss Amazon RDS fundamentals, learn about the seven available database engines, and examine customer success stories. Level 100
Join AWS at this session to understand how to architect an infrastructure to handle going from zero to millions of users. From leveraging highly scalable AWS services to making smart decisions on building out your application, you'll learn a number of best practices for scaling your infrastructure in the cloud.
Speakers:
Andreas Chatzakis, AWS Solutions Architect
Pete Mounce, Senior Developer, JustEat
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
1. AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 1
Training Course
Amazon Web Service
Day Content Lab
Day 1 System Operations on AWS
Day 2 Computing on AWS X
Day 3 Networking on AWS X
Day 4 Storage in AWS (EBS, EFS, Instance Store) X
Day 5 Elastic Load Balancing & Auto Scaling Group X
Day 6 Storage S3 in AWS X
Day 7 Route 53 X
Day 8 RDS, Aurora, ElastiCache X
Day 9 CloudWatch X
Author: Bui Quang Lam
Phone/Zalo: +84.0365.635.598
Mail: buiquanglam185@gmail.com
3. AWS RDS Overview
• RDS stands for Relational Database Service
• It’s a managed DB service for DB use SQL as a query language
• It allows you to create databases in the cloud that are managed by AWS
• Postgre
• MySQL
• MariaDB
• Oracle
• Microsoft SQL Server
• Aurora (AWS Proprietary database)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 3
Module 8: RDS, Aurora, ElastiCache
4. Advantage over using RDS versus deploying DB on EC2
• RDS is a managed service:
• Automated provisioning, OS patching
• Coninuous backups and restore to specific timestamp (Point in Time Restore)!
• Monitoring dashboards
• Read replicas for improved read performance
• Multi AZ setup for DR (Disaster Recovery)
• Maintenance windows for upgrades
• Scaling capability (Vertical and horizontal)
• Storage backed by EBS (gp2 or io1)
• BUT you can’t SSH into your instances
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 4
Module 8: RDS, Aurora, ElastiCache
5. RDS Backups
• Backups are automatically enabled in RDS
• Automated backups:
• Daily full backup of the database (during the maintenance window)
• Transaction logs are backed-up by RDS every 5 minutes -> ability to restore to any
point in time (from oldest backup to 5 minutes ago)
• 7 days retention (can be increased to 35 days)
• DB Snapshots:
• Manually triggerd by the user
• Retention of backup for as long as you want
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 5
Module 8: RDS, Aurora, ElastiCache
6. RDS – Storage Auto Scaling
• Helps you increase storage on your RDS DB
instance dynamically
• When RDS detects you are running out of free
database storage, it scales automatically
• Avoid manual scaling your database storage
• You have to set Maximum Storage Threhold
(maximum limit for DB storage)
• Useful for applications with unpredictable
workloads
• Supports all RDS database engines (MariaDB,
MySQL, PostgreSQL, SQL Server, Oracle)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 6
Module 8: RDS, Aurora, ElastiCache
7. RDS Read Replicas for read
scalability
• Up to 5 Read Replicas
• Within AZ, Cross AZ or Cross
Region
• Replication is ASYNC, so reads are
eventually consistent
• Replicas can be promoted to their
own DB
• Applications must update the
connection string to leverage read
replicas
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 7
Module 8: RDS, Aurora, ElastiCache
8. RDS Read Replicas – Use Cases
• You have a production database that is
taking on normal load
• You want to run a reporting application
to run some analytics
• You create a Read Replica to run the
new workload there
• The production application is
unaffected
• Read replicas are used for SELECT
(=read) only kind of statements (not
INSERT, UPDATE, DELETE)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 8
Module 8: RDS, Aurora, ElastiCache
9. RDS Read Replicas – Network Cost
• In AWS there’s a network cost when data goes from one AZ to another
• For RDS Read Replicas within the same region, you don’t pay that fee
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 9
Module 8: RDS, Aurora, ElastiCache
10. RDS Multi AZ (Disaster Recovery)
• SYNC replication
• One DNS name – automatic app failover to
standby
• Increase availability
• Failover in case of loss of AZ, loss of
network, instance or storage failure
• No manual intervention in apps
• Multi-AZ replication is free
• Note: The Read Replicas be setup as Multi
AZ for Disaster Recovery (DR)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 10
Module 8: RDS, Aurora, ElastiCache
11. RDS – From Single AZ to Multi AZ
• Zero downtime operation (no need to
stop the DB)
• Just click on “modify” for the database
• The following happens internally
• A snapshot is taken
• A new DB is restored from the snapshot in a
new AZ
• Synchronization is established between the two
databases
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 11
Module 8: RDS, Aurora, ElastiCache
12. RDS Security - Encryption
• At rest encryption
• Possibility to encrypt the master & read replicas with AWS KMS – AES-256
encryption
• Encryption has to be defined at launch time
• If the master is not encrypted, the read replicas cannot be encrypted
• Transparent Data Encryption (TDE) available for Oracle and SQL Server
• In-flight encryption
• SSL certificates to encrypt data to RDS in flight
• Provide SSL options with trust certificate when connecting to database
• To enforce SSL:
• PostgreSQL: rds.force_ssl= 1 in the AWS RDS Console (Parameter Groups_
• MySQL: Within the DB: GRANT USAGE ON *.* TO ‘mysqluser’@’%’ REQUIRE SSL
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 12
Module 8: RDS, Aurora, ElastiCache
13. RDS Encryption Operation
• Encrypting RDS backups
• Snapshots of un-encrypted RDS databases are un-encrypted
• Snapshot of encrypted RDS databases are encypted
• Can copy a snapshot into an encrypted one
• To encrypt an un-encrypted RDS database
• Create a snapshot of the un-encrypted database
• Copy the snapshot and enable encryption for the snapshot
• Restore the database from the encrypted snapshot
• Migrate applications to the new database, and delete the old database
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 13
Module 8: RDS, Aurora, ElastiCache
14. RDS Security – Network & IAM
• Network Security
• RDS databases are usually deployed within a private subnet, not in a public one
• RDS security works by leveraging security groups (the same concept as for EC2
instances) – it controls which IP / security group can communicate with RDS
• Access Management
• IAM policies help control who can manage AWS RDS (through the RDS API)
• Traditional Username and Password can be used to login into the database
• IAM-based authentication can be used to login into RDS MySQL & PostgreSQL
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 14
Module 8: RDS, Aurora, ElastiCache
15. RDS – IAM Authentication
• IAM database authentication works with
MySQL and PostgreSQL
• You don’t need a password, just an
authentication token obtained through IAM &
RDS API calls
• Authe token has a lifetime of 15 minutes
• Benefits:
• Network in/out must be encrypted using SSL
• IAM to centrally manage users instead of DB
• Can leverage IAM Roles and EC2 Instance profiles
for easy integration
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 15
Module 8: RDS, Aurora, ElastiCache
16. RDS Security - Summary
• Encryption at rest
• Is done only when you first create the DB instance
• Or: unencrypted DB -> snapshot -> copy snapshot as encrypted -> create DB from snapshot
• Your responsibility
• Check the ports/ IP/ security group inbound rules in DB’s SG
• In-database user creation and permissions or manage through IAM
• Creating a database with or without public access
• Ensure parameter groups or DB is configured to only allow SSL connections
• AWS responsibility
• No SSH access
• No manual DB patching
• No manual OS patching
• No way to audit the underlying instance
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 16
Module 8: RDS, Aurora, ElastiCache
17. Amazon Aurora
• Aurora is a proprietary technology from AWS (not open source)
• Postgres and MySQL are both supported as Aurora DB (that means your
drivers will work as if Aurora was a Postgres or MySQL database)
• Aurora is “AWS cloud optimized” and claims 5x performance
improvement over MySQL on RDS, over 3x the performance of Postgres
on RDS
• Aurora storage automatically grows in increments of 10GB, up to 64 TB
• Aurora can have 15 replicas while MySQL has 5, and the replication
process is faster
• Failover in Aurora is instantaneous. It’s HA native
• Aurora costs more than RDS (20% more) – but it more efficient
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 17
Module 8: RDS, Aurora, ElastiCache
19. Features of Aurora
• Automatic fail-over
• Backup and Recovery
• Isolation and security
• Industry compliance
• Push-button scaling
• Automated Patching with Zero Downtime
• Advaced Monitoring
• Routine Maintenance
• Backtrack: restore data at any point of time without using backups
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 19
Module 8: RDS, Aurora, ElastiCache
20. Aurora Security
• Similar to RDS because uses the same engines
• Encryption at rest using KMS
• Automated backups, snapshots and replicas are also encrypted
• Encryption in flight using SSL (same process as MySQL or Postgres)
• Possibility to authenticate using IAM token (same method as RDS)
• You are responsible for protecting the instance with security groups
• You can’t SSH
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 20
Module 8: RDS, Aurora, ElastiCache
21. Aurora Replicas – Auto Scaling
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 21
Module 8: RDS, Aurora, ElastiCache
22. Aurora – Custom Endpoints
• Define a subset of Aurora Instances as a Custom Endpoint
• Example: Run analytical queries on specific replicas
• The reader: Endpoint is generally not used defining Custom Endpoint
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 22
Module 8: RDS, Aurora, ElastiCache
23. Aurora Multi-Master
• In case you want immediate failover for write node (HA)
• Every node does R/W – vs promoting a RR as the new master
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 23
Module 8: RDS, Aurora, ElastiCache
24. Global Aurora
• Aurora Cross Region Read Replicas
• Useful for disaster recovery
• Simple to put in place
• Aurora Global Database (recommend)
• I Primary Region (read/write)
• Up to 5 secondary (Read-only) regions, replication lag is less
than 1 second
• Up to 16 Read Replicas per secondary region
• Helps for decreasing latency
• Promoting another region (for disaster recovery) has an RTO of
< 1 minute
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 24
Module 8: RDS, Aurora, ElastiCache
25. Amazon ElastiCache Overview
• The same way RDS is to get managed Relational Databases
• ElastiCache is to get managed Redis or Memcached
• Caches are in-memory databases with really high performance, low latency
• Helps reduce load off of databases for read intensive workloads
• Helps make your application stateless
• AWS takes care of OS maintenance / patching, optimizations, setup
configuration, monitoring, failure recovery and backups
• Using ElastiCache involves heavy application code changes
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 25
Module 8: RDS, Aurora, ElastiCache
26. ElastiCache Solution Architecture
– DB Cache
• Applications queries ElastiCache, if not
available, get froup RDS and store in
ElastiCache
• Helps relieve load in RDS
• Cache must have an invalidation strategy to
make sure only the most current data is used
in there
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 26
Module 8: RDS, Aurora, ElastiCache
27. ElastiCache Solution Architecture
– User Session Store
• User logs into any of the application
• The application writes the session data into
ElastiCache
• The user hits another instance of our
application
• The instance retrieves the data and the user
is already logged in
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 27
Module 8: RDS, Aurora, ElastiCache
28. ElastiCache – Redis vs Memcached
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 28
Module 8: RDS, Aurora, ElastiCache
29. ElastiCache – Cache Security
• All cached in ElastiCache
• Do not support IAM authentication
• IAM policies on ElastiCache are only used for AWS API-
level security
• Redis AUTH
• You can set a “password/token” when you create a Redis
cluster
• This is an extra level of security for your cache (on top of
security groups)
• Support SSL in flight encryption
• Memcached
• Supports SASL-based authentication (advanced)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 29
Module 8: RDS, Aurora, ElastiCache
30. Patterns for ElastiCache
• Lazy Loading: all the read data is
cached, data can become stale in
cache
• Write Through: Adds or update data in
the cache when written to a DB (no
stale data)
• Session Store: store temporary
session data in a cache (using TTL
features)
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 30
Module 8: RDS, Aurora, ElastiCache
31. ElastiCache – Redis Use Case
• Gaming Leaderboards are computationally complex
• Redis Sorted set guarantee both uniqueness and element ordering
• Each time a new element added, it’s ranked in real time, then added in
correct order
AWS COURSE DOCUMENT- BUI QUANG LAM - TRAINING 31
Module 8: RDS, Aurora, ElastiCache