Creating, Deploying, Securing, and Monitoring AWS RDS Databases.
What is AWS's Relational Database Service (RDS)
Amazon Relational Database Service (Amazon RDS) is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud. Choose from seven popular engines — Amazon Aurora with MySQL compatibility, Amazon Aurora with PostgreSQL compatibility, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server — and deploy on-premises with Amazon RDS on AWS Outposts.
With RDS people can set up, operate, and scale a relational database in the cloud with just a few clicks. And it provides the following benefits and features:
RDS also provides a feature called Multi-Availabilty Zone deployment, where it automatically creates a primary database instance and synchronously replicates the data to an instance in a different AZ. When it detects a failure, Amazon RDS automatically fails over to a standby instance without manual intervention. This alone makes RDS one of the most secure and highly available databases deployable in the market.
So how much does RDS cost?
With AWS's popular pay as you go pricing, you only pay for the amount of time and infrastructure you actually use. With that in mind, RDS charges clients based on a few different factors:
Depending on what your systems hardware needs are, you may need to upgrade each of these features independently to best fit your needs, which RDS is designed to help you de seemlessly as well. AWS provides detailed pricing for RDS services based on database engine selected at the following link:
That covers about all of the important background information regarding AWS RDS. So lets go ahead and see how simple it is to create a database with it!
Initial RDS Database Creation Page
Upon arriving at AWS RDS within the management console, you can simply click the create database button to be greated by the following screen. Here you can select a database creating method and engine options. Easy creation allows for simple setup for people who need a database deployed with best practice configuration (in case they know little about configuration options or need something simple in a short amount of time). Standard create allows you to set all the configuration options manually. Selecting an engine is pretty straightforward, except that AWS Aurora is listed among other standard engines. Aurora is an extremely high availability engine using PostgreSQL or MySQL only, but we will not be covering any of its other features and perks in this demonstration. For now I am simply going to use MySQL for my engine with the latest version for me.
Setting Admin Credentials and Instance ID
The most important settings for security are the admin credentials for the database. While the instance ID is simply a name used to identify the database in AWS, the admin credentials are how you sign in and manage everything related to the database. Here you create a master or root username, and then you either auto generate or create your own password. Since mishandling data can come with hefty lawsuits and loss of business, securing the root user credentials is one of the simplest ways to protect the database well.
Setting Instance Class and Storage (Using Free-Tier)
This is where we decide how large the database is going o be in terms of resources, as well as how much money needs to be spent on the system. The database instance class refers to how many virtual CPU's, RAM, and other processing hardware is dedicated for our system. The storage type refers to the performance capabilities of the SSD or HDD that we choose to hold our data. We also select the amount of allocated storage, whether it will autoscale in response to the database reaching its storage limits, and if so what the maximum threshold for scaling is.
Configuring Connectivity Settings and VPC.
Next we set some connectivity configurations for how the database will be accessed in various ways. We are prompted to select a virtual private cloud (VPC) for its private networking environment, then a subnet group within that VPC, and then select whether or not it has public access from services like EC2 and other devices outside the VPC (saying no simply does not assign a public IP address to the database). After that we need to either create a new security group that defines access controls to the database (IP filtering for access, I will demonstrate this briefly) or choose an existing one if available. Once we have made sure that access is as secure as possible we can go ahead and launch the database!
Activating and Verifying Database Availability
Now that we have the database up and running, we can view it by selecting it in the RDS databases tab. The summary tab tells us some simple identifying information about the database and a little about its current usage. One of the most important things that it displays for us is whether the database is currently deployed and in an available state to be accessed and used. There are also a few other tabs that can provide detailed information for the database for security and configuration under the summary section. In the next section we will scroll a little further down the connectivity and security section we have selected to view our current access controls for the database.
Configuring Database Security Groups and Access Control Lists
Here we can see that there are currently 2 active rules for the access list to our database. One is an inbound rule allowing traffic from an IP address 173.18.47.15/32 (likely my own workstation at the time of making this). The other is an outbound rule that currently allows traffic to any possible IP address (0.0.0.0/0). That is not good security for the record! I set it up this way to simplify the creation process for this example, but all inbound and outbound traffic should of course only be routed to trused IP addresses (never open like this to anyone!). There are also sections where you can configure replication and proxying settings for the database too if you so desire.
Monitoring Resource Usage Reports
Next to the connectivity and security tab is another key tab for monitoring resource usage for the database. Here we can see some of the important vital information about how our database is performing. If we notice any spikes in hardware usage we can investigate what might be cause them and react accordingly. This is also where we can set up CloudWatch alerts for certain events and changes to the database.
Wrapping up the demonstration
There are many perks to using AWS RDS to deploy and manage databases in the cloud. While we were not able to showcase all of the features and configurations that RDS has to allow people to fully customize their environment, I'm sure that you now at least have seen how simple and convenient RDS makes database deployment. I encourage people interested in deploying databases to try out the free tier settings for their database needs and see how easy it is to setup, manage, and utilize this fantastic service.