Learning AWS - DVA - Day 11: Amazon Aurora - RDS Security - RDS Proxy
Le Huy Ho
Posted on October 21, 2024
Overview
Aurora is a proprietary technology from AWS (not open sourced)
Postgres and MySQL are both supported as Aurora DB (that mean your drives will work as if Aurora was a Postgres or MySQL database)
Aurora is "AWS cloud optimized" and claims 5x performance improvement over MySQL on RDS, over 3x performance of Postgres on RDS
Aurora storage automatically grows in increments of 10GB, up to 128TB
Aurora can have up to 15 read replicas and replication process is faster than MySQL (sub 10ms replica lag)
Failover in Aurora is instantaneous. It is HA native
Aurora costs more than RDS (20%) - but more efficient
Feature of Aurora
Automatic fail-over
Backup and Recovery
Automatic patching with Zero Downtime
Advanced Monitoring
Routine maintenance
Backtrack: restore data any point time without using backups
RDS & Aurora Security
-
At-rest encryption:
- Database master and replicas encryption using AWS KMS - much be define at launch time.
- If the master NOT encrypted, the replicas CAN NOT be encrypted
- To encrypt an un-encrypted database, go through DB snapshot & restore as encrypted
In-flight encryption: TLS-ready by default, use AWS TLS root certificates client-side
IAM Authentication: IAM role to connection to your database (instead of username/password)
Security Group: Control network access to your RDS/Aurora DB
No SSH available except RDS custom
Audit Logs can be enabled and sent to CloudWatch Logs for long retention
Amazon RDS Proxy
Fully managed database proxy for RDS
Allow apps to pool and share DB connections established with the database
Improving database efficiency by reduce the stress on database resource (eg. CPU, RAM) and minimize open connections (and timeouts)
Serverless, auto scaling, highly availability (multi-AZ)
Reduce RDS and Aurora failover time by up 66%
Support RDS and Aurora
No code changes required for most apps
Enforce IAM Authentication for DB, and securely store credentials in AWS Secrets Manager
RDS Proxy never publicly accessible (must be access from VPC)
Posted on October 21, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 17, 2024