Compatibility & Performance

RDB Engine on RDS - use RDS console, API etc. for management

Compatible with MySQL and PostgreSQL

5 times throughput than MySQL & 3 times throughput than PostgreSQL. They are MySQL/PostgreSql engines take advantage of fast distributed storage.

Main Choices

MySQL Compatible

• Regional (in single region)
  • one writer multiple reader (single master)
  • one writer multiple reader - parallel query
    • push processing down to storage layer
    • a good option for hybrid transactional/analytic workload
  • multiple writer
  • serverless - specify by capability
• Global

PostgreSQL

• One writer multiple readers
• Serverless

Storage

Grow automatically as needed up to 64T.

Virtual volume, spans multiple AZ, each has a copy of data, connected by all instances in cluster (shared).

Charged by "Highest Water Mark" - when data removed, space reserved. Space ONLY reduce when dump data and restore to a new cluster. So:

• Avoid large amount of temporary data
• Avoid first upload large amount of new data then delete old

Auto-repair:

• Multiple copies in 3 AZs, very reliable
• Cache "warm up" after starting - preload most common used data in cache to accelerate query. Also cache is separate from DB instance
• Instantaneous crash recovery

Cluster & Instances

Automated & standardized. Even a single instance Aurora is still a cluster because of the separation of computation & storage (storage spans over AZ)

Instance class

Determines CPU, memory

Single Master Replication Cluster

• 1..n instances
  • 1 primary
    • read-write
    • perform all modifications to all copies in different AZs in cluster volume
  • (up to 15) replica:
    • connects to same storage volume
    • read only (from own AZ)
    • in multiple AZs
    • fail over to; can specify fail over priority
• 1 cluster volume (virtual volume spans multiple AZ, each AZ has a copy of data

Multi-Master Replication

All DB instances in a multi-master cluster can perform write operations. There isn't a single DB instance that performs all the write operations, and there aren't any read-only DB instances. There is no "primary"/"replica", there is "writer" and "reader" instances in replication.

Endpoints

Cluster Endpoint

How many: 1

Connect to: The only primary instance

Operation: Read Write

Fail over: Yes (clear DNS cache required)

Load balancing: No

Example

mydbcluster.cluster-123456789012.us-east-1.rds.amazonaws.com:3306

Reader Endpoint

How many: 1

Connect to: A replica or primary (if contains only one primary)

Operation: Read

Fail over: Yes?

Load balancing: Yes

Example

mydbcluster.cluster-ro-123456789012.us-east-1.rds.amazonaws.com:3306

Custom Endpoint

How many: up to 5

Type:

• READER - applies to Single Master only
• WRITER - applies to Multi-Master only
• ANY - should be used as read only

Connect to: A set of chosen instances (limited by type)

• choose by INCLUSION / EXCLUSION
• option "Attach future instances added to this cluster" (uses exclusive list)
• membership does not change when fail over promote replica to primary
• connection limit by type - incompatible instance won't be connected
• one instance can be attached to several custom endpoint

Operation: Depends on type

Fail over: Yes

Load balancing: Yes

Example: myendpoint.cluster-custom-123456789012.us-east-1.rds.amazonaws.com:3306

Comment: When using custom endpoint, usually NOT use reader endpoint

Instance Endpoint

How many: 1 for each instance (instances & endpoints can be discovered)

Connect to: the instance

Operation: Depend on the instance

Fail over: No (needs manual change)

Load balancing: No

Example: mydbinstance.123456789012.us-east-1.rds.amazonaws.com:3306

Usage

Where high availability is important, use cluster-endpoint for read-write operations & read-endpoint for read-only operations for better fail over.

Use instance instance endpoint scenario:

• Diagnose specific instance
• May configure a special instance (different than others) as last fail over choice, and use the specific endpoint when fail over. This improves connection speed in fail over. (also, recommend to use custom end point in this case)

Replication

Automated & standardized. Entire cluster synchronized.

Standard single muster replication.

Other options:

• Two MySQL clusters in different regions and one (read cluster) replicate the other
• Two MySQL in same region, using MySQL binary log (binlog) replication
• One MySQL DB instance as master & Aurora cluster as replica (mostly used as migration)
• PostgreSQL instance -> Aurora PostgreSQL cluster

Security

IAM

Cluster management - IAM

IAM Database Authentication

Works with MySQL & PostgreSQL

Use authentication token, not username/password:

• A string, used as (instead of) password
• Generated using AWS signature
• lifetime 15 minutes
• Uses SSL
• For EC2, use profile credentials (role assigned to EC2 instance) to access DB without password

VPC

Instance Connection Authentication

Traditional, or IAM with token (MySQL)

SSL

Supported

Encryption

• Set upon creation - cannot turn on/off
  • Can use snapshot to restore to a different cluster with/without
• Replica - encrypted / unencrypted same as primary
• Transparent - no need to modify client applications
• key managed by KMS
  • CloudTrail support for key audit
  • type of key cannot change after creation of cluster
• What is encrypted:
  • data storage, log, backup, replica, snapshot, data in transit to replica

Global DB

MySQL compatible only. One primary region, up to 5 read-only secondary region. Up to 16 replicas for any secondary region.

Cross region synchronization typically < 1s.

Promotion: possible to promote secondary region in less than 1 minute.

Secondary regions can be added / removed to global DB.

Limitations

• instance type: no t2 class, r4 r5
• not available in certain regions
• only one in a region
• no read-only replica in same region with a secondary
• some features not supported
  • cloning, back track, parallel query, serverless, stopping / starting

Creation

• Create global DB
• Take snapshot of existing Aurora DB, restore to a global instance
• Add a cluster (later version) to a global DB

Data Import

• Snapshot - restore a snapshot into
• Point-in-time restore of a primary cluster
• Physical import (Percona xtrabackup tool)
• Logical import (mysqldump)

Fail-over

Manually promote a secondary (when the primary region fails)

Aurora Serverless

Aurora Serverless provides a relatively simple, cost-effective option for infrequent, intermittent, or unpredictable workloads. It can provide this because it automatically starts up, scales compute capacity to match your application's usage, and shuts down when it's not in use.

Limitations:

• Require certain engine version
• Fixed port number
• No public IP
• 1 cluster requires 2 VPC PrivateLink endpoints
• DB subnet group cannot have more than one subnet in same AZ
• change to subnet group not applied to cluster
• Many features not supported

How it works:

• don't specify instances
• set minimum maximum ACU (Aurora Capacity Unit)
• Endpoint connects to a proxy fleet, that routes workload to a fleet of resources that are automatically scaled
  • Connections are continuous when scales resources automatically
  • Resources are already "warmed" so scale up is quick
• Scaling
  • Scale up, then cool down period = 15 minutes; down, then down again period 310 seconds
  • Pause: down to 0 when no connection in configurable time period: default 5 minutes
  • Capacity change - if 'forced', possible drop connections; otherwise scale at scale point
• Advantage & usage
  • Simpler (simple setup, automatic scale)
  • Scalable
  • Cost effective - pay for resource by seconds
  • HA
  • Good for: unpredictable, infrequent used, new application, development and test...

VPC

Similar to RDS

Migration

RDS for MySQL and Amazon RDS for PostgreSQL to Aurora by:

• Create snapshots & restore to Aurora
• One way replication
• Use push-button migration tools to convert existing applications

Integration

MySQL Aurora (native/stored procedure) calls Lambda

Needs to set role to assume when calling lambda. Allow outbound traffic.

Load data from S3

Role aurora_load_from_s3_role or aws_default_s3_role, outbound traffic.

Save Query Data to S3

Role aurora_select_into_s3_role or aws_default_s3_role

Auto Scaling

To scale up and down

Machine Learning

Aurora machine learning enables you to add machine learning-based predictions to database applications using the SQL language. Aurora machine learning makes use of a highly optimized integration between the Aurora database and the AWS machine learning (ML) services Amazon SageMaker and Amazon Comprehend.

Billing

• Instance hours
• I/O requests (storage)
• Backup storage (per Gb per month)
• Data transfer

On-demand & reserved instances

Logging & Monitoring

Logging and Monitoring in Amazon Aurora

CloudWatch Alarms

Watch a metric over time, trigger notification to SNS or Auto Scaling on condition

CloudTrail Logs

Record of user & role actions (API).

Enhanced Monitoring

Metrics in real time for the operating system (OS) that your DB cluster runs on.

Amazon RDS Performance Insights

Expands on existing Amazon Aurora monitoring features to illustrate your database's performance and help you analyze any issues that affect it. With the Performance Insights dashboard, you can visualize the database load and filter the load by waits, SQL statements, hosts, or users.

Database Logs

Using the AWS Management Console, AWS CLI, or RDS API

Amazon Aurora Recommendations

Automated recommendations

Amazon Aurora Event Notification

SNS notification of Aurora events.

AWS Trusted Advisor

Inspect AWS environment and make recommendations based on best practices.

Database Activity Streams

For Aurora PostgreSQL. Beyond access of DBA (prevent internal threat)

Resilience

Backup / Restore

By retention period. Snapshot is preserved until deleted.

Replication

Up to 15 replicas in single region.

Storage always span over multiple AZ no matter instances.

Failover

Storage always span over multiple AZ. Cluster is HA.

Miscellaneous Setting & Features

Auto minor version upgrade

Backtrack (MySQL) - able to rewind cluster to a moment within a specified target backtrack window

Copy tags to snapshots

DB authentication (password, or password and IAM)

DB port

Cluster ID

Engine version

Cluster & DB Parameter group

Instance class & Instance ID

Deletion protection

Encryption (master key)

Enhanced monitoring (and granularity setting)

Performance insights

Failover priority

initial DB name

Log exports

Maintenance window

Options group

Master username / password

Monitoring role

Public access

Retention period

Subnet group

Select log types to public to CloudWatch

VPC

VPC Security Group