Amazon AWS Certified SysOps Administrator Associate – Databases for SysOps Part 4

7. RDS Parameter Groups

A very short lecture on parameter groups, so I talked about them. But basically you can configure your entire DB engine as we’ll see using parameter groups. And if it’s a dynamic parameter, it can be applied immediately. But if it’s a static parameter, then it will only be applied after you reboot your instance. So that when the instance reboots, basically it just picks up these parameters.

We can also modify the parameter group associated with the DB, so we can replace the default one by our custom one. But for this we also must reboot our database. And to know all the parameters available for a specific DB technology, you can look at the documentation or as well use the AWS console, as we’ll see in a second. Now there is one must know parameter you need to know for the exam, and that’s the one called for Postgres and SQL Server RDS force underscore SSL equals one.

And that’s the way to enforce SSL connection to a Postgres or SQL Server database. You must know this parameter going into the exam, but as a reminder, it doesn’t work for MySQL, for MySQL or Mariodb, you must run a SQL statement called Grant select on database star two and then you just at the end say require SSL. So it’s pretty funky that there’s two different ways of doing it, but that’s the way it is. So for postgres you can use a parameter group, but for MySQL it’s a SQL statement. Remember this going into the exam. Now let’s just have a quick look at parameter groups in the console.

So, parameter groups are accessible from the left hand side panel. And as you can see, when we create a database, it creates a default parameter groups for us and we could click on it and see anything, but we won’t be able to change this group. In this parameters filter you can just type any parameters and see how it is we’ll create our own parameter group. So I’ll call it a parameter group and I need to select my database instance. So for me it’s going to be postgres ten because we use ten four. The group name is? I’ll call it Group Demo Postgres. And I’ll just call it Demo Group.

For postgres you have to put a description in click on Create, and here I’m basically able in this group to change any of my parameters to whatever I want. So as you can see, we can change the authentication timeout to whatever value we wanted. If we click on it and click on Edit parameters, then you’re literally able to change the value you want for anything. The one parameter that I want you to look at is going to be called Force underscore SSL. And as you can see, RDS that force SSL is here. It’s a dynamic type of parameters, so we won’t need to reboot our instance and it’s a boolean. And this is to force SSL connections. So I can just click on it, edit the parameters and say one. And this will force my database to have SSL connections only. So this is our force encryption for postgres. Okay, I saved it. So now my parameter group has been saved and let’s see if that works.

So I’ll just refresh my page and then after refreshing my page, I’m going to tap force underscore SSL again. Again. Now the value is one, so it means it’s enabled. So now what I can do is assign this parameter group to my postgres database. So what I want to do is take this parameter group, which by the way, I can edit, copy, compare, reset, or delete. I want to assign it to my database. So I’ll go to my database and I’ll click on it and I’ll modify it. And within it I can now assign my parameter group. So let’s scroll down, and in there I will have here the DB parameter group and I will say it’s group demo postgres. Because I changed the parameter group, I will have to reboot my instance. So I’m fine.

Everything else I’ll leave the same, I’ll click on continue and then modify DB instance. But I will apply immediately instead of applying during the next scheduled maintenance window. So I’ll do this right now, modify DB instance. And now my instance is going to be restarting and rebooting using this new parameter group. But this time it will basically have forced SSL connections, which is what I wanted. So after a few reboots, it turns out that if you scroll down, you see that the parameter group is group demo postgres and now it’s in sync and that’s using all the parameters that have specified. So that’s it for this lecture. I hope you enjoyed it and I will see you in the next lecture.

8. RDS Backups and Snapshots

Of backups and snapshots in RDS. So backups are going to be continuous, and they allow point in time recovery. So the backups will happen during the maintenance windows. And when you delete a database instance, you can retain all the automatic backups that have been done. So the backups will have a retention period, and you set it between zero and 35 days. So that means that if you wanted to backtrack to any point of time within the last, say, 35 days, you could use backups for that. And to disable backups, you would set the retention period of the backups to zero. Snapshots are different. Snapshots will take IO operations, and they will stop the database from seconds to minutes while the snapshot is being taken. And if you have a multiaz enabled and you do a snapshot, then the snapshot will not be done on the master. It will be done on the standby database. The snapshots are going to be incremental after this first snapshot, and the first snapshot is going to be taken in full.

And the idea with snapshots, you can copy them and share them across accounts. Now, manual snapshots do not expire. So you can take a manual snapshot, okay? And you can take a final snapshot when you delete your database, no matter what. If you have a backup or a snapshot and you do a restore from them, restoring from an automated backup or database snapshots will create a new database instance. You cannot do an in place restore. Okay? Now let’s talk about snapshots sharing, because you cannot share backups.

So a snapshot can be shared. And this is a very similar way to how you share EBS snapshots. So if you remember how you can share EBS snapshots and you’re good to go with RDS snapshots, but you can share them with other accounts, and if you allow them to be shared, then the account other accounts can create an RDS database directly from your snapshots. So manual snapshots can be shared with other illus accounts. It has to be manual, okay? And an automated snapshot cannot be shared. You have to copy it first. So when you share an unencrypted snapshot, it works. Or if you have a snapshot that is encrypted with a customer master key, it has to be yours. And then if you do it, you can share it as well.

But if you wanted to share an encrypted snapshot, you first need to also share the CMK associated with a snapshot. So this is the same diagram as EBS that we’ve seen from before. So we have a snapshot that’s encrypted, and it’s shared with another account. The other account can only read that snapshot if it has the im permissions to get access to the underlying CMK of the snapshot. And if that is the case, then the database instance can be launched and you’re good to go. So if we ever look at this database right here so here’s our database. And we have maintenance and backups. And as you can see, backups are going to be automatically enabled for seven days, and then the tags are going to be copied to the snapshots as well. So there’s a backup window which is defined right here, which is 30 minutes at night.

Okay. And you can edit the backup settings if you wanted to replicate to a different region or to replicate the automated backups. And then some snapshots also are being taken, and they could be automated or manual. And this one has been automated. So if you go on the left hand side into automated backups, as you can see, my database right here is being currently backed up, okay? And so the backups will appear right here, and we can get some information, but you can see if their current region, if they’re replicated and they’re retained. And if you go into snapshots, you will see the manual snapshots or the system snapshots.

So you can take one of your database, for example. You can take this one, and you could create a snapshot from it. So you do action and then take snapshots. And this snapshot will live forever because you’re taking it manually, whereas an automated backup or automated snapshots will go away at some point. So this is really the idea behind it. And then once you have your snapshots, what you can do is you can share them. So you can take one, and then you can copy this one. And then once it’s copied, it’s yours. And then you can share the snapshots to another account. And then you can see the snapshots that have been shared with you right here as well. Okay, so that’s it for this lecture. I hope you liked it, and I will see you in the next lecture.

• Category: Uncategorized