Take your pick from a variety of AWS databases

Choose Carefully

Launching a DB Instance

In the AWS Management Console, RDS is found under RDS in the Database section. A new DB instance (Figure 2) is handled by a wizard, which prompts you for the following information:

  • Database manufacturer and product (e.g., Oracle Database Standard Edition Two)
  • Provisioning in one or more availability zones
  • Licensing model: Bring your own license (BYOL) or a license included with the product
  • Desired database version
  • Storage size and type
  • DB instance name
  • Master access data
Figure 2: A wizard guides you through the settings when you create a new DB instance.

The RDS API provides an overview of the possible constellations of these values by region. For example, you can query options for Oracle SE2 (for the Frankfurt, Germany, region) using the AWS command-line interface (CLI) [2] as follows:

$ aws rds describe-orderable-db-instance-options --output table --region eu-central-1 --engine oracle-se

Launching the DB instance with the AWS CLI looks something like this:

aws rds create-db-instance --engine oracle-se2 --multi-az --db-instance-class db.m4.large --engine-version 12.1.0.2.v5 --license-model license-included --allocated-storage 100 --master-username myawsuser --master-user-password myawspassword --db-instance-identifier mydbinstance --region eu-central-1

Securely Managing Access Data

In AWS Identity and Access Management (IAM), you can define which roles and users will have access to the RDS API (e.g., to create a DB instance or initiate actions such as backups) in a highly granular way. API calls are authenticated using IAM credentials (optionally with multifactor authentication). Scripts running on EC2 (or AWS Lambda) automatically have the permissions of the IAM assigned to the EC2 instance. The IAM permissions have complementary access to the permissions that are assigned within a database, which are defined in the traditional way by the master user.

The master access data, which is created when setting up the DB instance, can subsequently be changed. What other resources and users are set up is the responsibility of the administrator. In the interest of a "least privileged" approach, more database users should be created with restricted permissions, according to their roles in administration, deployment, and use of the application.

Additionally, the credentials should be secured and not stored in the clear in the source code of the application. One possible approach is to store encrypted data in the Amazon Simple Storage Service (S3). The key is created and managed with the AWS Key Management Service (KMS). Only the required EC2 instances gain access to the key and the S3 bucket via EC2 IAM roles. The procedure is described in detail online [3].

Performance with Amazon Aurora

Amazon Aurora is one of the six RDS engines. Because of its specific performance characteristics, I will look at it separately. Aurora combines the speed and reliability of a high-quality commercial database with the efficiency of an open source database. It offers up to five times the throughput of MySQL running on the same hardware, according to AWS benchmarks. Aurora is compatible with MySQL 5.6, so existing MySQL applications and tools can be executed without modification.

In Aurora, two components are operated redundantly to improve availability: storage and the DB instance. Storage is automatically distributed across three availability zones and replicated six times. Redundant data storage automatically detects a disk error and fixes it without affecting availability. Also, the database can be operated redundantly. Unlike other RDS engines, there is no dedicated standby instance. Aurora can be used as a cluster with up to 15 Read Replicas. If the primary instance fails, one of the replicas is automatically appointed the new primary instance. If no Read Replica is configured, a new instance of the DB is created. To improve availability, users should create at least one Read Replica. In contrast to the other RDS engines, the Read Replicas are also available via a shared cluster connection endpoint.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=