RDS — Concept
What it is
Amazon Relational Database Service (RDS) = managed SQL database for MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Db2. AWS handles OS, patching, backups, failover.
Why it exists
You get a real relational DB without operating the OS, replication, backups, and failover yourself — while still keeping full SQL and (mostly) any client driver.
Architecture
- DB instance(s) run on EC2 hardware managed by AWS, attached to EBS (gp3 / io2).
- Each DB has a DNS endpoint that automatically points to the current primary on failover.
- DB parameter groups (settings) and option groups (engine features) are versioned.
High availability — Multi-AZ
- Standby replica in another AZ, synchronous replication.
- Failover ≈ 60–120 s, DNS endpoint updates.
- Not for read scaling; you can't read from the standby.
- For MySQL / PostgreSQL: Multi-AZ Cluster (2 readable standbys, faster failover ~35 s).
Read scaling — Read replicas
- Up to 15 read replicas per primary (varies by engine).
- Asynchronous replication.
- Can be in same AZ, cross-AZ, or cross-region.
- Can be promoted to standalone DB (manual DR).
- Need their own endpoints; app must direct reads to replicas.
Backups
- Automated backups (point-in-time recovery) — daily snapshot + transaction logs, retention 1–35 days.
- Manual snapshots — kept until you delete; cross-region / cross-account copy supported.
- During automated backup window I/O can be impacted on Single-AZ; Multi-AZ takes snapshot from standby.
Storage
- gp3 (default), io1/io2 (high IOPS), magnetic (legacy).
- Storage autoscaling for MySQL/Postgres/MariaDB/Oracle/SQL Server.
- Max size depends on engine (e.g. 64 TiB).
Security
- Network: VPC SG controlling port (3306, 5432, 1433, 1521 …).
- Encryption at rest (KMS) — enable at creation; snapshots inherit. Can't add to existing unencrypted DB; copy/restore via encrypted snapshot.
- TLS in transit supported.
- IAM database authentication (MySQL / Postgres) — auth via IAM tokens (15-min lifetime).
- Audit logs to CloudWatch.
RDS Proxy
- Managed connection pool in front of RDS / Aurora.
- Reduces connection overhead (great for Lambda + RDS).
- Allows failover faster (proxy keeps the client connection alive).
- Supports IAM auth, Secrets Manager.
RDS Custom
- For Oracle / SQL Server when you need OS shell access for legacy configs.
When to use vs alternatives
| Use ... | Instead of ... | When ... |
|---|---|---|
| Aurora | RDS engine | You want better perf, auto storage, 15 read replicas, Global DB |
| DynamoDB | RDS | NoSQL key-value with massive scale |
| RDS | Self-managed EC2 DB | You don't want to patch / back up yourself |
| RDS Proxy | direct RDS conn | Lambda or many short connections |
| Multi-AZ Cluster (MySQL/Postgres) | classic Multi-AZ | Need faster failover + readable standbys |
Common exam scenarios
- "DB must survive AZ failure" → enable Multi-AZ.
- "Heavy read traffic" → add read replicas.
- "DR in another region" → cross-region read replica or snapshot copy.
- "Lambda thousands of cold connections crash DB" → put RDS Proxy in front.
- "Encrypt an existing unencrypted RDS" → snapshot → copy snapshot encrypted → restore.
- "Need to give devs IAM-controlled DB access without long passwords" → IAM DB Auth.
- "Move on-prem MySQL to AWS with minimal downtime" → DMS + ongoing replication, cut over.
- "Faster failover and readable standbys" → Multi-AZ Cluster (MySQL/Postgres only).
Exam tip
Multi-AZ ≠ Read replica. Multi-AZ = HA (sync, not readable in classic). Read replicas = scale reads (async, queryable). For DR cross-region, use a cross-region read replica or copy snapshots.