Amazon RDS

Running production PostgreSQL databases on

Amazon RDS for PostgreSQL

Gowri Balasubramanian, Principal SA, AWS

Kathy Gibbs, Sr. Database SA, AWS
6/29/2020

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning Objectives

By the end of this session you will be able to:

• Understand Amazon RDS Offerings

• Learn how to provision and configure RDS PostgreSQL

• Leverage RDS in-built features for high-availability, backup, security

and monitoring

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Virtual Workshop Instructions
1. Use your personal or test AWS Account

2. Sign-in using your IAM User credentials

3. Walkthrough will be based on us-west-2

(Oregon) Region

4. Download the Workshop Guide

https://bit.ly/38bMSQW

5. Ask for help using the chat function of the

tool

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS
Managed relational database service with a choice of six popular
database engines

Amazon Aurora
Easy to Secure & Available & Performant &
administer compliant durable scalable

Easily deploy and Data encryption at rest Automatic Multi-AZ Scale compute
maintain hardware, OS and in transit; industry data replication; and storage with a few
and DB software; built- compliance and automated backup, clicks; minimal downtime
in monitoring assurance programs snapshots, failover for your application

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS - fully managed

Spend time innovating & building new apps, not managing infrastructure
Automatic fail-over
Backup & recovery
Isolation & security
Schema design Industry compliance
You AWS Push-button scaling
Query construction
Query optimization Automated patching &
upgrades
Advanced monitoring
Routine maintenance

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Move to managed relational databases
Migrate on-premises or cloud-hosted relational databases to managed services

Reduce DB administrative burden

No need to rearchitect existing applications
Get better performance, availability, scalability, and security

Amazon Aurora
MySQL, PostgreSQL

Amazon RDS
MySQL, PostgreSQL, MariaDB,
Oracle, SQL Server

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hundreds of thousands of customers use Amazon RDS

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
PostgreSQL fast facts

 Open-source database
 In active development for 20+ years
 Owned by a foundation, not a single company
 Permissive, innovation-friendly open source license
 High performance out of the box
 Object-oriented and ANSI-SQL:2008 compatible
 Most geospatial features of any open source database
 Supports stored procedures in 12 languages (Java, Perl,
Open Source Initiative
Python, Ruby, Tcl, C/C++, its own Oracle-like PL/pgSQL,
etc.)
 Most Oracle-compatible open-source database

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Credentials
"RDS for PostgreSQL solves one of the biggest operational overheads
we have dealt with since the inception of our company. We have
spent countless hours setting up, backing up, replicating, restoring,
replacing, scaling, swapping, and tuning our PostgreSQL databases”.
- Mark Corner, CTO

Instacart offers its customers a new method to order same-day

groceries online. The company turned to AWS to run its database on
Amazon RDS for PostgreSQL. As a result, the company can now add
millions of new items to its database every month.

Infor provides ERP application software. Infor has introduced a SaaS

model based entirely in the cloud. By utilizing Amazon Web Services
and Amazon RDS for PostgreSQL, Infor's customers are able to quickly
deploy their applications in the cloud.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Running PostgreSQL on AWS

Self-managed on Amazon Fully-managed services

Elastic Compute Cloud
(Amazon EC2)

Amazon RDS for PostgreSQL

Aurora with PostgreSQL compatibility

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Regions and Availability Zones
AWS Cloud

Region

Availability Zone A Availability Zone B

Availability Zone C

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS for PostgreSQL
• PostgreSQL community version
with easy configuration and Region

management Applications

• Supports 9.4, 9.5, 9.6, 10, 11,12 Availability Zone 1 Availability Zone 2

• High availability across two VPC Primary Standby

availability zones
• In-region and Cross-region
Replicas
Bastion
• Close lockstep with community
releases
• Available in more instance
classes and smaller sizes
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure network access
Controlled through Amazon Virtual Private Cloud (VPC) security groups

Protocol Port range Source

Corporate admins

TCP 5432 172.31.0.0/16

“Application
TCP 5432
security group”
VPC

Application tier
Amazon RDS

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Amazon RDS for PostgreSQL: Instance types
T family R family M family

• Burstable instances • Memory-optimized instances • General purpose instances

• 1 vCPU/1 GB RAM > 8 vCPU • 2 vCPU/16 GiB RAM > 64 vCPU • 2 vCPU/8 GiB RAM > 64
32 GB RAM 488 GiB RAM vCPU 256 GiB RAM
• Moderate networking • High-performance networking • High-performance
performance networking
• Good for query-intensive
• Good for smaller or variable workloads or high connection • Good for running CPU-
workloads counts intensive workloads
• T2.micro is eligible for the • R5 offers up to 96 vCPU 768 • M5 offers up to 96 vCPU /
AWS Free Tier GiB RAM 384 GiB RAM
• T3 will enable unlimited
mode—can burst above
baseline for extra charge

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
High-performance database storage

General purpose (GP2) Provisioned IOPS (IO1)

• SSD storage
• SSD storage • Auto scale up to 64 TiB
• Auto scale up to 64 TiB • Single digit millisecond
latencies
• Latency in milliseconds
• Maximum of 80 K IOPS
• IOPS determined by volume
size • Delivers within 10% of
the IOPS performance,
• Affordable performance 99.9% of the time
• High performance and
consistency

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
High Availability

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 RDS Multi-AZ
Region
• Fully managed secondary
Availability zone A Availability zone B
in-region
• Distinct EC2 and EBS S
M S
M
resources DB instance
Instance DB Instance
instance
standby standby
• Synchronous storage
replication
• Failover in 1-2 minutes Volume Volume

• Crash recovery
• CNAME propagation
RDS monitoring and automation

• 99.95% monthly uptime

SLA
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-AZ deployment: Failover

t0 Typical failover time: 1–2 minutes tN

UP Identify Crash recovery UP

failure
DNS propagation

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Performance Factors

RDS DB Instance Class

Compute Memory Network Storage

Capabilities Capabilities Performance Performance
vCPUs GB of RAM MB/s I/O Performance
(Throughput)
RDS Storage Type

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale compute and storage with ease

Scale compute to Scale storage for larger Scale down to

handle increased load data sets control costs
• Up to 96 vCPU and 768 • Quickly scale EBS storage • As little as 2vCPU / 1
GiB of RAM up to 64TiB GiB of RAM
(db.r5.24xlarge) (db.t3.micro)
• No downtime for
storage scaling

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale for read workloads

• Up to five replicas in a region or cross- Application servers Database server

region Read/write Primary

• Relieve pressure on your master node

with additional read capacity
Asynchronous
• Bring data close to your applications Streaming
replication
in different regions
Read only
• Promote a read replica to a master for
faster recovery in the event of disaster BI/reporting
application server Read replica

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Backup

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 RDS backups
Region
Automated backups
Availability zone A Availability zone B
• Daily snapshot during backup
window
• Transaction logs to S3 every 5 DB Instance DB instance
minutes standby

• Retained 1-35 days

Manual backups
• Take a snapshot any time EBS
snapshot
Transaction logs (5
• Kept until you delete minutes) (daily)

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Snapshots • Always incremental
• Amazon S3  99.999999999%
durability
• Supports encryption
Amazon EBS • Copy across accounts, across
volume regions
Amazon S3

Snapshot 1 Snapshot 2 Snapshot 3

bucket

A B C C1 D B1 E
A B A C1 D

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Restore from snapshot
• Restore from any snapshot
• Copy snapshots to other
regions or accounts Original
instance

RestoreDBInstance
Refresh test environments FromDBSnapshot
Test upgrades
Instantiate logical replicas Snapshot New instance

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Restore to a point in time
• Restore to any second in
backup retention
• Available in-region/account Original
instance
• Latest restorable time
typically <5 minutes
RestoreDBInstance
ToPointInTime
Oops… I dropped a table
Recover from application Snapshot New instance
errors or logical corruption
Transaction logs

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Access Control at a Glance
Access control at DB level Controlled with IAM Network Security

DBA and Ops

Users, roles and privileges VPC

Private subnet

Security group
Applications Users and DBA and ACLs

Amazon RDS

Amazon RDS

Schema/object level privileges RDS Management Network Connectivity from

permissions (launch, other services
delete,snapshot)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Prevent unauthorized access
VPC

Public subnet Private subnet

Amazon Virtual Private Cloud

• Define VPC security group
ingress/egress rules
• Keep databases in private EC2 instances
DB Instance

subnets
• Control egress when using
outbound network access
(dblinks, postgres_fdw)

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Encryption
Encryption at Rest Encryption in Transit
An SSL certificate is available on RDS
AWS Key Management
instances
Service • Used to encrypt network traffic
• Also used to verify the endpoint
to guard against spoofing
• Storage encryption with attacks
Amazon KMS integration
• Manage/bring your own keys
By default, SSL is optional
• Enable when creating instance
• Set rds.force_ssl to 1 to force
• Encrypt existing snapshots and SSL
restore as encrypted instances

The client requests the type of SSL

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
connection
AWS Secrets Manager
Lifecycle management for secrets such as
database passwords

Safely rotates passwords

Built-in integration with RDS and Aurora AWS Secrets Manager

PostgreSQL

With restricted password management, all

passwords can be controlled by Secrets
Manager
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring
Enhanced monitoring for Amazon RDS
• Access to over 50 CPU, memory, file Enhanced
Monitoring
system, and disk I/O metrics

Amazon CloudWatch Metrics CloudWatch Performance

Metrics Insights
• Displayed in the RDS console or in
personalized CloudWatch dashboards

Amazon CloudWatch alarms

• Alarms triggered based on metric CloudWatch
Alarms
CloudWatch
Logs
values crossing configurable
thresholds
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Performance insights
Database performance tuning and
monitoring feature

Dashboard shows database load over time

Performance Counter metrics

Identifies source of bottlenecks

Sort by top SQL
Slice by host, user, wait events

Store up to 2 years of metrics

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS Features

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transportable databases
Region
Fast method of data export and import Availability zone A Availability zone B

between RDS instances with minimal

VPC
downtime
DB2

DB1
Supported on RDS PostgreSQL versions
11.5 and 10.10 onwards

Available through the pg_transport

Source RDS
extension PostgreSQL
Target RDS
PostgreSQL
instance instance

Source database is made read-only

during transport
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 integration
• Loads a file from Amazon S3 directly
into a PostgreSQL table using the Region
COPY syntax
VPC

• Available using the aws_s3 extension AWS Lambda

Amazon S3 Bucket

Availability zone A
Availability zone B
• Files containing JSON documents need
to be regularly loaded from an
Amazon Simple Storage Service (S3)
bucket

Primary Standby
• Users need to run queries on the
documents, along with other
transactional data

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Q&A
[email protected]

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 [email protected]

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Join us for the Next session!!

Amazon Relational Database

Service: Moving to Managed
Services in the Cloud

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.