AWS RDS Databases — Detailed Look at Relational Database Service
AWS RDS Databases — (Amazon Relational Database Service) is a web service that makes it easy to set up, administer, and scale a relational database in the Amazon Web Services Cloud. AWS RDS Databases performs basic database administration duties while providing cost-effective, resizable capacity for an industry-standard relational database.
RDS stands for Relational Database Service, which is a service that hosts and supports several databases.
The following databases are currently supported in AWS RDS Databases:
- PostgreSQL
- MYSQL
- MariaDB
- Oracle
- Microsoft SQL Server is a database management system.
- Aurora
These are launched inside a VPC to provide only access to resources within the VPC, and we should normally host these RDS in a Private VPC and connect them to public-facing EC2 instances using security groups.
These are launched inside a VPC to provide only access to resources within the VPC, and we should normally host these RDS in a Private VPC and connect them to public-facing EC2 instances using security groups.
These are launched inside a VPC to provide only access to resources within the VPC, and we should normally host these RDS in a Private VPC and connect them to public-facing EC2 instances using security groups.
EBS Volumes are used for storage, and auto-scaling can be enabled. We can also utilize RDS to make our databases highly accessible and get backups and restore them to multiple regions because it supports multi-region.
WHY RDS?
We can maintain and deploy the database server by launching on EC2, but by using RDS, we can save time on database server management because it is managed by AWS.
- Provisioning, patching, and automatic provisioning
- Backups are made on a regular basis, and they are restored to a certain timestamp.
- Dashboards for monitoring
- Read replicas to enhance your reading speed.
- High availability and catastrophe recovery are aided by the use of several AZs.
- Upgrading maintenance windows
- Horizontal and vertical scaling
- We can’t SSH into RDS to add a layer of data security.
PRICING
The pricing is normally based on use, although they are divided into two sorts of instances.
- On-the-go (good for proof of concepts and short-time load work)
- Reserving ( good for long term use)
Option groups and parameter groups are two types of groups.
Parameter groups are used to configure the databases we utilize, and they differ from one database to the next as separate sets of parameters. This is comparable to setting up “my.cnf file” We have a default parameter group that we cannot change when we create an instance, but if we want any custom parameters, we can create a new parameter group by inheriting from the default and applying it to the database instance.
Parameters can be divided into two categories:
- Static (modifications take effect after a manual reboot/maintenance window)
- Dynamic ( changes apply immediately)
OPTION GROUPS
Optional features that aren’t covered by the parameter groups can be configured here. In terms of creation and application, this is comparable to parameter groups. These are from the default option group as well.
SECURITY
These can be used in three parts:
- Network safety (Using VPC to restrict access and RDS in private subnet and EC2 in public subnets from where applications access Database)
- IAM Security is a company that specializes in security (By providing the roles on IAM and also by policies we can provide the security)
- The use of encryption ( Encrypting data at rest and transit using the AWS encryption techniques)
AWS and its customers share responsibility for security.
To retrieve IAM-based authentication tokens and connect from EC2 to RDS, we can use the RDS API. Tokens can be used to connect to databases without the need for passwords. The token has a 15-minute lifespan, and the benefit is that the connection is always encrypted using SSL.
IAM policies are also used to manage who has access to, creates, and deletes DB Resources.
The database credentials are being rotated.
Because these are delicate, it’s essential to rotate them on a regular basis. With Auditing, we can use Secret Manager to store credentials centrally and securely. We can connect using the secret ARN.
You may also be interested in:
NoSQL Database — Introduction to MongoDB
Want to Improve Your Company Security? Prioritize Personal Safety