Amazon RDS allows us to quickly create a relational database instance and flexibly scale the associated compute resources and storage capacity to meet our application demand. Amazon RDS manages the database instance on our behalf by performing backups, handling failover, and maintaining the database software. By using Amazon RDS we offload DB management tasks(resizing, replication, patch management) to Amazon who maintain network infrastructure and datacenters, leveraging the same industry-leading practices and procedures that keep web properties running optimally.
By default all the ports to Amazon RDS are blocked and we can provide authorized access from certain specific list of IP addresses to the RDS port. It also support SSL connection to encrypt the traffic between the Database server and client. Moreover RDS can be hosted inside the VPC. Slightly annoying feature for RDS that, at the time of creation it ask for master username and password, but that account is really not a root account for database and still has slightly stricter permission that default root on locally install RDS.
Reliability and Backup:
Amazon's Multi-AZ deployment model that enhances database availability while protecting our latest database updates against unplanned outages. When we create or modify our DB Instance to run as a Multi-AZ deployment, Amazon RDS automatically provision and manage a “standby” replica in a different Availability Zone (independent infrastructure in a physically separate location, but in the same region). Database updates are made concurrently on the primary and standby resources to prevent replication lag. In the event of planned database maintenance, DB Instance failure, or an Availability Zone failure, Amazon RDS automatically failover to the up-to-date standby so that database operations can resume quickly without administrative intervention.
What makes it tempting:
- Automatic backup : You can configure the backup retention policy in terms of days.
- Choice of backup/maintenance window: You can choose, to select the backup and maintain windows for your DB instance, such that those operations will be performed in that window to ensure the uptime of your service.
At the time of deletion, the DB Instance is marked for deletion and once the instance no longer indicates ‘deleting’ status, it has been removed. At this point the instance is no longer accessible and unless a final snapshot copy was asked for, it cannot be restored and will not be listed by any of the tools or APIs.
Amazon RDS hosted on cloud will always serve traffic originating from Amazon VPC (Virtual private cloud). Amazon VPC allows us to provision a private, isolated section of the Amazon Web Services (AWS) Cloud where we will launch AWS resources in a virtual defined network. With Amazon VPC, we can define a virtual network topology that closely resembles a traditional network which anyone can operate in their own datacenter. By doing this, we gain complete control over our virtual networking environment, including selection of our own IP address range, creation of subnets, and configuration of route tables and network gateways.
For example, we have a public-facing subnet for Expressway Service Gateway (ESG) which serve legitimate traffic with mutual authentication mechanism from the Internet, and place our backend systems such as tenant-manager and tenants hosted on boot strap agents on a private-facing subnet with no Internet access. We leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Any traffic originating from this point (either via tenant-manager or tenants) will be redirected to RDS via Amazon VPC internet gateway over https channel.
Using Amazon Cloud Watch we can monitor activities on Amazon RDS. Amazon Cloud Watch provides monitoring for AWS cloud resources and the applications we run on AWS. System administrator can use it to collect and track metrics, gain insight, and react immediately to keep our applications and businesses running smoothly. Administrator can also monitor custom metrics generated by RDS. With Amazon Cloud Watch, we gain system-wide visibility into resource utilization, application performance, and operational health status of RDS.
Links for reference: