Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity for databases in the cloud. Hosting a database on Amazon EC2 allows for a high degree of customization and control over the database and its environment. It maintains the long standing tradition of manual database management including managing replication, failover, monitoring, notifications, and backups. AWS managed database solutions, such as Amazon Relational Database Service (Amazon RDS), provide fully automated solutions for all of these tasks.
Amazon RDS allows you to configure synchronous replication with just a few clicks. In the event of a failure, Amazon RDS automatically fails over to a secondary server in 60-120 seconds. Using a DNS endpoint prevents any complicated routing, IP reassignment, or DNS propagation delays. Understanding how an automatic failover affects your applications is vital to successful implementation of this service. In this lab, you are going to replicate a failover event and see how the application responds.
Managing user access is another key consideration when working with a database service. Changing passwords regularly is important to ensure the continued security of your databases. However, the complexity of updating a root-level password in every location that needs it is often cumbersome. You can use AWS Secrets Manager to safely manage and store these passwords known as secrets.
Secrets Manager allows you to configure database services and many other AWS services to fetch secrets at runtime, ensuring that the correct and latest secret is provided. This allows you to set high-complexity passwords for all systems. This lab shows you how to configure Secrets Manager and add an AWS Lambda function to automatically rotate the database user’s password on a set frequency.
Level
Intermediate
Duration
1 Hours 0 Minutes
Course Objectives
In this course, you will learn how to:
- Set up and configure an Amazon RDS instance with Multi-AZ failover and encryption
- Create and store secrets through Secrets Manager
- Enable automatic rotation of secrets through Secrets Manager
- Set up encryption in transit with SSL
- Test Multi-AZ failover and data synchronization
Intended Audience
This course is intended for:
- Solutions Architeects
- Database Architects
- Developers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- Familiarity with Amazon RDS
- Familiar with AWS services
- Understanding of database design
Course Outline
- Task 1: Configure and deploy an Amazon RDS database
- Task 2: Create and verify a secret using Secrets Manager
- Task 3: Secure the client to database connection in-transit
- Task 4: Test Multi-AZ failover
