AWS ElastiCache are in memory databases with very high performance and low latency. They designed to reduce the load on databases for high levels of reads. They allow your application to be stateless by placing the placing the current state of the data into ElastiCache. AWS takes care of OS maintenance, optimization, setup, configuration, monitoring, recovery and backup of the ElastiCache making it transparent to customer. Normally you have to perform a lot of code changes for existing application to use the ElastiCache option.

ElastiCache Security characteristics:

1. For Redis IAM Authentication is support
2. All other ElastiCache options require username and password
3. IAM policies are only used for AWS API level security
4. Redis AUTH
   • You can set password/token where creating a Redis cluster
   • Providing extra layer of security for you cache above you security group
   • Support SSL for network encryption.
5. Memcached
   • Supports SASL based authentication

ElastiCache – Redis Use Case:

• Establishing the leader in a game.
• Each time a new score is added, it is ranked against all other scores (sorted) and presented in correct order.
• This guarantees that the leader is always displayed at the top and in descending order.

AWS ElastiCache are in memory databases with very high performance and low latency.   They designed to reduce the load on databases for high levels of reads.  They allow your application to be stateless by placing the placing the current state of the data into ElastiCache. AWS takes care of OS maintenance, optimization, setup, configuration, monitoring, recovery and backup of the ElastiCache making it transparent to customer.   Normally you have to perform a lot of code changes for existing application to use the ElastiCache option.  Here we will build an ElastiCache service for use in your AWS environment.

1.  Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

2.  From the Home Console type elasticache in the search bar, select the star next to ElastiCache, and select ElastiCache

3.  Click the Get started button and select Redis OSS

4.  Next AWS will try to move you to the newer ElastiCache option of Valkey which will reduce cost with open source option.  Select create Valkey.

5.  Under Configuration select Valkey, Design your own cache, Easy create.

6.  Under Configuration select Demo and under cluster information enter a name for your cache.

7.  Under Connectivity select Create a new subnet group and name the group.

8.  Then click the Create button at the bottom of options.

 9.  This completes creating a ElastiCache in your AWS environment.

AWS Relational Database Service (RDS) Proxy are a way to access your RDS databases via a managed service rather than a direct connection to RDS.

This gives you the following benefits:

• Allow application pooling and sharing of database connections.
• Improves the database efficiency by reducing the burden of managing large number of open connections. Thus reducing the amount of CPU and RAM requirements.
• RDS proxy is serverless
• Autoscaling
• provides high availability through multi-AZ configuration
• Reduces the time of failover by up to 66%
• RDS Proxy is supported by:
  • MySQL
  • PostgreSQL
  • MariaDB
  • MS SQL Server
  • Aurora
• No code change is required on you applications.
• It enforces the use of IAM authentication for database access
• It requires the credentials to be stored in AWS Secrets Manager
• RDS Proxy is not publicly accessible and only good within your VPC

AWS Relational Database Service (RDS) normally contain very sensitive organizational data thus requiring the need for security.

AWS provides security of RDS data in the following ways:

• At-rest encryption:
  • RDS databases and read replicas can be encrypted using AWS KMS, but must be defined at build time
  • The main (read/write) RDS database needs to be encrypted inorder for the read replicas to be encrypted.
  • To encrypt after RDS creation, you need to take RDS snapshot and restore to new encrypted RDS.

• In-flight encryption:
  • TLS by default, using AWS TLS root certificates on the client side.
• IAM Authentication:
  • Creation of IAM roles for access to RDS database instead of username and password.
• Security Groups:
  • Controls the network access to your RDS or Aurora databases.
• No SSH available except on Custom RDS builds.
• Audit logs can be enabled and sending audit logs to CloudWatch for additional retention periods

AWS Relational Database Service (RDS) backups ensure that your data is recoverable and able to be replicated in a separate RDS datastore.

The characteristics of RDS Backups include:

• Automatic Backups:
  • Daily full backup of the database (taken during the backup window)
  • Transaction logs are backed-up by RDS every 5 minutes
  • Ability to resore to any point in time (from oldest backup to 5 minutes ago)
  • 1 to 35 days of retention, set retention to 0 disables automatic backups.
• Manual DB Snapshots
  • Manually triggered by the administer.
  • Retention of backup taken manually are as long as you want.
• Reduce cost of stopped RDS backups by taking snapshot of RDS, deleting the RDS, and restoring the the snapshot to new RDS when it is needed again.

Aurora backups have slightly different characteristics:

• Automatic backups
  • 1 to 35 days (cannot be disabled)
  • Point-in-time recovery at any point in backup timeframe.
• Manual DB Snapshots
  • Manually triggered by the administer.
  • Retention of backup taken manually are as long as you want.

Restore RDS and Aurora options:

• Restoring a RDS / Aurora backup or a snapshot creates a new database.
• Restoring MySQL RDS database from S3
  • Create a backup of your on-premises database
  • Store it on Amazon S3 (object storage)
  • Restore the backup file onto a new RDS instance running MySQL
• Restoring MySQL Aurora cluster from S3
  • Create a backup of your on-premises database using Percona XtraBackup
  • Store the backup file on Amazon S3
  • Restore the backup file onto a new Aurora cluster running MySQL

Aurora Database Cloning

• Create a new Aurora DB Cluster from an existing one.
• Faster than snapshot and restore
• Uses copy-on-write protocal
  • initially, the new DB cluster uses the same data volume as the original DB cluser (fast and efficient – no copying is needed)
  • When updates are made to the new DB cluster data, then additional storage is allocated and data is copied to be separated.
• Very fast and cost-effective
• Useful to create test or development database from production database without impacting production database.

AWS Aurora RDS is the proprietary Amazon RDBMS system fully compatible with MySQL and PostgreSQL.  This document will demonstrate the build of Aurora RDS servers in the AWS environment.

1.   Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

2.   From the Home Console type RDS in the search bar, select the star next to RDS, and select RDS.   NOTE:  The name of the Console has changed over time, but the key wording is RDS.

3.   On the left hand menu bar select Databases.

4.   Currently we have no RDS databases created and thus none are listed.   Click Create database on the right hand side of the screen.

5.   Select standard creation and for this example we will create a Aurora (postgreSQL) database.

6.   Select the Engine Version you desire and Dev/Test

7.   Enter the DB identifier, master user name, Self Managed and password

8.   Enter Aurora Standard for Cluster storage.

 9.   Instance configuration select the standard configuration.

10.   Under VPC select the standard and note the VPC selected. As well as the DB subnet.  Select Yes for public accessible.

11.  Accept the rest of the defaults and select Create Database

12.  This completes build of Aurora RDS database service on AWS.

AWS Relational Database Service (RDS) Custom gives you all the automation of RDS and access to the underlying database and OS.

RDS Custom you can perform the following tasks:

• Configure underlying OS settings.
• Install Patches.
• Enable native features.
• Access underlying EC2 Instance using SSH and SSM Session Manager.
• Only available for Oracle and Microsoft SQL Server.

NOTE: While using RDS Custom, it is important De-active Automation Mode to prevent overriding of you customized changes.

RDS vs RDS Custom

• RDS: manages entire database and OS by AWS.
• RDS Custom: full admin access to the underlying OS and database.