Skip to content

RDS for Solutions ArchitectΒΆ

  • Read replicas are used for SELECT (=read) only kind of statements (not INSERT, UPDATE, DELETE).
  • Amazon RDS supports [[Transparent Data Encryption]] for DB encryption:
    • Oracle or SQL Server DB instance only
    • TDE can be used on top of KMS - may affect performance

  • [[IAM Authentication]] (versus traditional username / password):

    • Works for [[MySQL]], [[PostgreSQL]]
    • Lifespan of an authentication token is 15 minutes (short-lived)
    • Tokens are generated by AWS credentials
    • [[SSL]] must be used when connecting to the database
    • Easy to use [[EC2 Instance Roles]] to connect to the RDS database

  • Operations: small [[downtime]] when [[failover]] happens, when maintenance happens, scaling in [[Read Replica]]s / AWS EC2 instance / restore EBS implies manual intervention, application changes

  • Security: AWS responsible for [[OS security]], we are responsible for setting up AWS KMS (Key Management Service), Security Groups, IAM Policy, authorising users in DB, using [[SSL]]
  • Reliability: [[Multi AZ]] feature, [[failover]] in case of failures
  • Performance: depends on [[EC2 instance type]], EBS Volume, ability to add [[Read Replica]]s. Doesn't auto-scale
  • Cost: Pay per hour based on provisioned AWS EC2 and EBS Volume