© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Gowri Balasubramanian, Principal SA, AWSKathy Gibbs, Sr. Database SA, AWS
6/29/2020
Amazon RDSRunning production PostgreSQL databases on Amazon RDS for PostgreSQL
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning Objectives
By the end of this session you will be able to:
• Understand Amazon RDS Offerings
• Learn how to provision and configure RDS PostgreSQL
• Leverage RDS in-built features for high-availability, backup, security
and monitoring
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Virtual Workshop Instructions
1. Use your personal or test AWS Account
2. Sign-in using your IAM User credentials
3. Walkthrough will be based on us-west-2 (Oregon) Region
4. Download the Workshop Guide https://bit.ly/38bMSQW
5. Ask for help using the chat function of the tool
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDSManaged relational database service with a choice of six popular database engines
Available & durable
Automatic Multi-AZ data replication;
automated backup, snapshots, failover
Easy to administer
Easily deploy and maintain hardware, OS and DB software; built-
in monitoring
Performant & scalable
Scale compute and storage with a few
clicks; minimal downtime for your application
Secure & compliant
Data encryption at rest and in transit; industry
compliance and assurance programs
Amazon Aurora
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Schema design Query construction Query optimization
Automatic fail-overBackup & recoveryIsolation & securityIndustry compliancePush-button scalingAutomated patching & upgradesAdvanced monitoringRoutine maintenance
You AWS
Amazon RDS - fully managed
Spend time innovating & building new apps, not managing infrastructure
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Move to managed relational databases
Amazon AuroraMySQL, PostgreSQL
Reduce DB administrative burdenNo need to rearchitect existing applicationsGet better performance, availability, scalability, and security
Migrate on-premises or cloud-hosted relational databases to managed services
Amazon RDSMySQL, PostgreSQL, MariaDB, Oracle, SQL Server
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hundreds of thousands of customers use Amazon RDS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open-source database In active development for 20+ years Owned by a foundation, not a single company Permissive, innovation-friendly open source license High performance out of the box Object-oriented and ANSI-SQL:2008 compatible Most geospatial features of any open source database Supports stored procedures in 12 languages (Java, Perl,
Python, Ruby, Tcl, C/C++, its own Oracle-like PL/pgSQL, etc.)
Most Oracle-compatible open-source database
PostgreSQL fast facts
Open Source Initiative
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Credentials
Infor provides ERP application software. Infor has introduced a SaaS model based entirely in the cloud. By utilizing Amazon Web Services and Amazon RDS for PostgreSQL, Infor's customers are able to quickly deploy their applications in the cloud.
Instacart offers its customers a new method to order same-day groceries online. The company turned to AWS to run its database on Amazon RDS for PostgreSQL. As a result, the company can now add millions of new items to its database every month.
"RDS for PostgreSQL solves one of the biggest operational overheads we have dealt with since the inception of our company. We have spent countless hours setting up, backing up, replicating, restoring, replacing, scaling, swapping, and tuning our PostgreSQL databases”. - Mark Corner, CTO
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Running PostgreSQL on AWS
Self-managed on Amazon Elastic Compute Cloud
(Amazon EC2)
Fully-managed services
Aurora with PostgreSQL compatibility
Amazon RDS for PostgreSQL
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Regions and Availability ZonesAWS Cloud
Availability Zone A Availability Zone B
Availability Zone C
Region
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
StandbyPrimary
Amazon RDS for PostgreSQL• PostgreSQL community version
with easy configuration and management
• Supports 9.4, 9.5, 9.6, 10, 11,12• High availability across two
availability zones• In-region and Cross-region
Replicas• Close lockstep with community
releases• Available in more instance
classes and smaller sizes
Availability Zone 1 Availability Zone 2
Applications
VPC
Region
Bastion
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure network accessControlled through Amazon Virtual Private Cloud (VPC) security groups
Protocol Port range Source
TCP 5432 172.31.0.0/16
TCP 5432 “Applicationsecurity group”
Corporate admins
Application tier
Amazon RDS
VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS for PostgreSQL: Instance types
R family
• Memory-optimized instances• 2 vCPU/16 GiB RAM > 64 vCPU
488 GiB RAM• High-performance networking• Good for query-intensive
workloads or high connection counts
• R5 offers up to 96 vCPU 768 GiB RAM
T family
• Burstable instances• 1 vCPU/1 GB RAM > 8 vCPU
32 GB RAM• Moderate networking
performance• Good for smaller or variable
workloads• T2.micro is eligible for the
AWS Free Tier• T3 will enable unlimited
mode—can burst above baseline for extra charge
M family
• General purpose instances• 2 vCPU/8 GiB RAM > 64
vCPU 256 GiB RAM• High-performance
networking• Good for running CPU-
intensive workloads • M5 offers up to 96 vCPU /
384 GiB RAM
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
High-performance database storage
General purpose (GP2)
• SSD storage• Auto scale up to 64 TiB• Latency in milliseconds• IOPS determined by volume
size• Affordable performance
Provisioned IOPS (IO1)• SSD storage• Auto scale up to 64 TiB• Single digit millisecond
latencies• Maximum of 80 K IOPS• Delivers within 10% of
the IOPS performance, 99.9% of the time
• High performance and consistency
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
High Availability
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Multi-AZ
• Fully managed secondary in-region
• Distinct EC2 and EBS resources
• Synchronous storage replication
• Failover in 1-2 minutes• Crash recovery• CNAME propagation
• 99.95% monthly uptime SLA
Availability zone A Availability zone B
MDB Instance
SDB instance
standby
Volume Volume
RDS monitoring and automation
SDB instance
standby
MDB Instance
Region
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
UP Identify failure
Crash recovery UP
DNS propagation
Typical failover time: 1–2 minutest0 tN
Multi-AZ deployment: Failover
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Performance Factors
ComputeCapabilities
vCPUs
MemoryCapabilitiesGB of RAM
NetworkPerformance
MB/s (Throughput)
StoragePerformance
I/O Performance
RDS DB Instance Class
RDS Storage Type
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale compute and storage with ease
Scale compute to handle increased load• Up to 96 vCPU and 768
GiB of RAM (db.r5.24xlarge)
Scale storage for larger data sets• Quickly scale EBS storage
up to 64TiB
• No downtime for storage scaling
Scale down to control costs• As little as 2vCPU / 1
GiB of RAM (db.t3.micro)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale for read workloads
• Up to five replicas in a region or cross-region
• Relieve pressure on your master node with additional read capacity
• Bring data close to your applicationsin different regions
• Promote a read replica to a master for faster recovery in the event of disaster
Application servers Database server
Asynchronous Streamingreplication
BI/reporting application server
Read only
Read/write Primary
Read replica
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Backup
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS backups
Automated backups• Daily snapshot during backup
window• Transaction logs to S3 every 5
minutes• Retained 1-35 days
Manual backups• Take a snapshot any time• Kept until you delete
Availability zone A Availability zone B
DB Instance DB instance standby
EBS snapshotTransaction logs (5
minutes) (daily)
Region
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Snapshots
bucket
volume
Snapshot 2Snapshot 1 Snapshot 3
Amazon S3
Amazon EBS
BA C C1 D B1 EBA A C1 D
• Always incremental
• Amazon S3 99.999999999% durability
• Supports encryption
• Copy across accounts, across regions
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Restore from snapshot
• Restore from any snapshot• Copy snapshots to other
regions or accounts
Refresh test environmentsTest upgradesInstantiate logical replicas Snapshot New instance
RestoreDBInstanceFromDBSnapshot
Original instance
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Restore to a point in time
• Restore to any second in backup retention
• Available in-region/account• Latest restorable time
typically <5 minutes
Oops… I dropped a tableRecover from application
errors or logical corruptionSnapshot New instance
RestoreDBInstanceToPointInTime
Original instance
Transaction logs
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Private subnet
RDS Access Control at a Glance
DBA and Ops
Controlled with IAM
Network Connectivity from other services
Users and DBAApplications
Access control at DB level
Amazon RDS
Users, roles and privileges
Schema/object level privileges
Network Security
Amazon RDS
Security group and ACLs
RDS Management permissions (launch,
delete,snapshot)
VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Prevent unauthorized access
Amazon Virtual Private Cloud• Define VPC security group
ingress/egress rules• Keep databases in private
subnets• Control egress when using
outbound network access (dblinks, postgres_fdw)
Public subnet Private subnet
DB InstanceEC2 instances
VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Encryption
• Storage encryption with Amazon KMS integration
• Manage/bring your own keys• Enable when creating instance• Encrypt existing snapshots and
restore as encrypted instances
Encryption at Rest
AWS Key Management Service
An SSL certificate is available on RDS instances
• Used to encrypt network traffic• Also used to verify the endpoint
to guard against spoofing attacks
By default, SSL is optional • Set rds.force_ssl to 1 to force
SSL
The client requests the type of SSL connection
Encryption in Transit
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Secrets Manager
Lifecycle management for secrets such as database passwords
Safely rotates passwords
Built-in integration with RDS and Aurora PostgreSQL
With restricted password management, all passwords can be controlled by Secrets Manager
AWS Secrets Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring
Enhanced monitoring for Amazon RDS• Access to over 50 CPU, memory, file
system, and disk I/O metrics
Amazon CloudWatch Metrics• Displayed in the RDS console or in
personalized CloudWatch dashboards
Amazon CloudWatch alarms• Alarms triggered based on metric
values crossing configurable thresholds
Enhanced Monitoring
Performance Insights
CloudWatch Logs
CloudWatch Alarms
CloudWatch Metrics
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Performance insightsDatabase performance tuning and monitoring feature
Dashboard shows database load over time
Performance Counter metrics
Identifies source of bottlenecksSort by top SQLSlice by host, user, wait events
Store up to 2 years of metrics
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Features
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transportable databases
Fast method of data export and import between RDS instances with minimal downtime
Supported on RDS PostgreSQL versions 11.5 and 10.10 onwards
Available through the pg_transport extension
Source database is made read-only during transport
Availability zone A Availability zone B
Source RDS PostgreSQL
instance
Target RDS PostgreSQL
instance
DB1
DB2
VPC
Region
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 integration• Loads a file from Amazon S3 directly
into a PostgreSQL table using the COPY syntax
• Available using the aws_s3 extension
• Files containing JSON documents need to be regularly loaded from an Amazon Simple Storage Service (S3) bucket
• Users need to run queries on the documents, along with other transactional data
AWS Lambda
Availability zone A Availability zone B
Primary Standby
VPC
Region
Amazon S3 Bucket
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Relational Database Service: Moving to Managed Services in the Cloud
Join us for the Next session!!