DEV Community

Le Huy Ho
Le Huy Ho

Posted on

Learning AWS - DVA - Day 11: Amazon Aurora - RDS Security - RDS Proxy

Overview

  • Aurora is a proprietary technology from AWS (not open sourced)

  • Postgres and MySQL are both supported as Aurora DB (that mean your drives will work as if Aurora was a Postgres or MySQL database)

  • Aurora is "AWS cloud optimized" and claims 5x performance improvement over MySQL on RDS, over 3x performance of Postgres on RDS

  • Aurora storage automatically grows in increments of 10GB, up to 128TB

  • Aurora can have up to 15 read replicas and replication process is faster than MySQL (sub 10ms replica lag)

  • Failover in Aurora is instantaneous. It is HA native

  • Aurora costs more than RDS (20%) - but more efficient


Feature of Aurora

  • Automatic fail-over

  • Backup and Recovery

  • Automatic patching with Zero Downtime

  • Advanced Monitoring

  • Routine maintenance

  • Backtrack: restore data any point time without using backups


RDS & Aurora Security

  • At-rest encryption:

    • Database master and replicas encryption using AWS KMS - much be define at launch time.
    • If the master NOT encrypted, the replicas CAN NOT be encrypted
    • To encrypt an un-encrypted database, go through DB snapshot & restore as encrypted
  • In-flight encryption: TLS-ready by default, use AWS TLS root certificates client-side

  • IAM Authentication: IAM role to connection to your database (instead of username/password)

  • Security Group: Control network access to your RDS/Aurora DB

  • No SSH available except RDS custom

  • Audit Logs can be enabled and sent to CloudWatch Logs for long retention


Amazon RDS Proxy

  • Fully managed database proxy for RDS

  • Allow apps to pool and share DB connections established with the database

  • Improving database efficiency by reduce the stress on database resource (eg. CPU, RAM) and minimize open connections (and timeouts)

  • Serverless, auto scaling, highly availability (multi-AZ)

  • Reduce RDS and Aurora failover time by up 66%

  • Support RDS and Aurora

  • No code changes required for most apps

  • Enforce IAM Authentication for DB, and securely store credentials in AWS Secrets Manager

  • RDS Proxy never publicly accessible (must be access from VPC)

AWS RDS Proxy

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more