Skip to content
Gallery
11. Database and Analytics
Database Kinds
Operational DBs
Analytical DBs
Other Databases and Analytics Services
More
Share
Explore
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. It is optimized for Online Transaction Processing (OLTP) workloads and supports various database engines. It runs on Amazon EC2 Instances.
image.png

Key Features

Managed Service:
Automates administrative tasks such as backups, patching, and scaling.
Provides automated backups and software updates within a customer-defined maintenance window.
Security and patching of the database instances are managed by AWS.
Supported Database Engines: A DB engine is the specific relational database software that runs on your DB instance.
Amazon Aurora
Db2
MariaDB
Microsoft SQL Server
MySQL
Oracle
PostgreSQL
image.png
Access and Control:
No root access to the underlying EC2 instance (except for Amazon RDS Custom).
Managed service includes security, automated backups, and software updates for the DB engine.
Easy scaling for storage and compute resources.
High Availability and Durability:
Multi-AZ deployments with synchronous replication.
Automatic failover in case of an instance failure.
Read replicas for read-heavy workloads.
Scalability:
Push-button scaling to adjust compute and storage capacity.
Supports both vertical and horizontal scaling.
Security:
Data encryption at rest and in transit.
Integration with AWS Identity and Access Management (IAM) for control over user access.
Support for VPC-based database instances for network isolation.
Integration:
Integration with AWS Directory Service for Windows integrated authentication.
Events and notifications via AWS Simple Notification Service (SNS).

Accessing Database Instances

Endpoints:
Database instances are accessed through endpoints, which can be retrieved via the AWS Management Console, DescribeDBInstances API, or describe-db-instances command in the AWS CLI.

Quotas and Limits

By default, customers are allowed up to 40 RDS DB instances, with a maximum of 10 Oracle or MS SQL Server instances unless using their own licenses.

Maintenance Windows

Maintenance windows are configurable to allow database instance modifications such as scaling and software patching.
You can define your maintenance window, or AWS will schedule a default 30-minute window.
image.png

Events and Notifications

Amazon RDS uses AWS SNS to send RDS events via notifications.
You can list RDS events from the last 14 days using the DescribeEvents API or the AWS CLI.
The AWS Console allows viewing events from the last 1 day.

Use Cases

Best suited for applications requiring structured, relational data storage.
Ideal for transactional databases, web and mobile applications, e-commerce systems, and content management systems.
Provides a drop-in replacement for existing on-premises instances of the supported databases, easing migration to the cloud.

Special Considerations

Amazon RDS Custom: Allows access to the underlying operating system for certain database engines, providing more control and customization options.
Windows Integrated Authentication: Available for SQL Server databases, requires integration with AWS Directory Service and trust establishment with on-premises Active Directory.
Exam tips:
Amazon RDS creates an SSL certificate and installs the certificate on the DB instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The SSL certificate includes the DB instance endpoint as the Common Name (CN) for the SSL certificate to guard against spoofing attacks. You can download a root certificate from AWS that works for all Regions or you can download Region-specific intermediate certificates.
Anti-Patterns:
Anti-patterns are certain patterns in architecture or development that are considered bad, or sub-optimal practices – i.e. there may be a better service of method to produce the best result.
The following table describes requirements that are not a good fit for RDS:
anti-patterns
Requirement
More Suitable Service
1
Lots of large binary objects (BLOBs)
S3
2
Automated Scalability
DynamoDB
3
Name/Value Data Structure
DynamoDB
4
Data is not well structured or unpredictable
DynamoDB
5
Other database platforms like IBM DB2 or SAP HANA
EC2
6
Complete control over the database
EC2
There are no rows in this table

Authorization and Access Control

Amazon RDS supports
 identity-based policies
.
RDS does not support resource-based policies.
The following AWS managed policies, which you can attach to users in your account, are specific to Amazon RDS:
AmazonRDSReadOnlyAccess – Grants read-only access to all Amazon RDS resources for the AWS account specified.
AmazonRDSFullAccess – Grants full access to all Amazon RDS resources for the AWS account specified.
You can authenticate to your DB instance using AWS Identity and Access Management (IAM) database authentication. IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don’t need to use a password when you connect to a DB instance. Instead, you use an authentication token.
IAM database authentication provides the following benefits:
Network traffic to and from the database is encrypted using Secure Sockets Layer (SSL).
You can use IAM to centrally manage access to your database resources, instead of managing access individually on each DB instance.
For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security.

Supported features in Amazon RDS by AWS Region and DB engine

Amazon RDS features are different from engine-native features and options. For more information on engine-native features and options, see
Engine-native features.

Supported Regions and DB engines

Blue/Green Deployments
: A blue/green deployment copies a production database environment in a separate, synchronized staging environment. By using Amazon RDS Blue/Green Deployments, you can make changes to the database in the staging environment without affecting the production environment. (Only supported for PostgreSQL, MySQL and MariaDB)
Cross-Region automated backups
: By using backup replication in Amazon RDS, you can configure your RDS DB instance to replicate snapshots and transaction logs to a destination Region.
Cross-Region read replicas
: By using cross-Region read replicas in Amazon RDS, you can create a MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server read replica in a different Region from the source DB instance.
Database activity streams
: By using database activity streams in Amazon RDS, you can monitor and set alarms for auditing activity in your Oracle database and SQL Server database.
Dual-stack mode
: By using dual-stack mode in RDS, resources can communicate with a DB instance over Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), or both.
Export snapshots to S3
: You can export RDS DB snapshot data to an Amazon S3 bucket. You can export all types of DB snapshots—including manual snapshots, automated system snapshots, and snapshots created by AWS Backup. After the data is exported, you can analyze the exported data directly through tools like Amazon Athena or Amazon Redshift Spectrum.
IAM database authentication
: By using IAM database authentication in Amazon RDS, you can authenticate without a password when you connect to a DB instance. Instead, you use an authentication token.
Kerberos authentication
: By using Kerberos authentication in Amazon RDS, you can support external authentication of database users using Kerberos and Microsoft Active Directory. Using Kerberos and Active Directory provides the benefits of single sign-on and centralized authentication of database users.
Multi-AZ DB clusters
: A Multi-AZ DB cluster deployment in Amazon RDS provides a high availability deployment mode of Amazon RDS with two readable standby DB instances. A Multi-AZ DB cluster has a writer DB instance and two reader DB instances in three separate Availability Zones in the same Region. Multi-AZ DB clusters provide high availability, increased capacity for read workloads, and lower write latency when compared to Multi-AZ DB instance deployments. (Only supports PostgreSQL & MySQL)
Performance Insights
: Performance Insights in Amazon RDS expands on existing Amazon RDS monitoring features to illustrate and help you analyze your database performance. With the Performance Insights dashboard, you can visualize the database load on your Amazon RDS DB instance. You can also filter the load by waits, SQL statements, hosts, or users.
RDS Custom
: Amazon RDS Custom automates database administration tasks and operations. By using RDS Custom, as a database administrator you can access and customize your database environment and operating system. With RDS Custom, you can customize to meet the requirements of legacy, custom, and packaged applications.
Amazon RDS Proxy
: Amazon RDS Proxy is a fully managed, highly available database proxy that makes applications more scalable by pooling and sharing established database connections.
Secrets Manager integration
: With AWS Secrets Manager, you can replace hard-coded credentials in your code, including database passwords, with an API call to Secrets Manager to retrieve the secret programmatically. You can specify that Amazon RDS manages the master user password in Secrets Manager for an Amazon RDS DB instance or Multi-AZ DB cluster. RDS generates the password, stores it in Secrets Manager, and rotates it regularly.
Zero-ETL integrations
: RDS zero-ETL integrations with Amazon Redshift is a fully managed solution for making transactional data available in Amazon Redshift after it's written to an Amazon RDS DB instance.
Engine-native features
: Amazon RDS database engines also support many of the most common engine-native features and functionality. These features are different than the Amazon RDS-native features listed on this page. Some engine-native features might have limited support or restricted privileges.

DB instance billing for Amazon RDS

Amazon RDS instances are billed based on the following components:
DB instance hours (per hour) – Based on the DB instance class of the DB instance (for example, db.t2.small or db.m4.large). Pricing is listed on a per-hour basis, but bills are calculated down to the second and show times in decimal form. RDS usage is billed in 1-second increments, with a minimum of 10 minutes. For more information, see
DB instance classes
.
Storage (per GiB per month) – Storage capacity that you have provisioned to your DB instance. If you scale your provisioned storage capacity within the month, your bill is prorated. For more information, see
Amazon RDS DB instance storage
.
Input/output (I/O) requests (per 1 million requests) – Total number of storage I/O requests that you have made in a billing cycle, for Amazon RDS magnetic storage only.
Provisioned IOPS (per IOPS per month) – Provisioned IOPS rate, regardless of IOPS consumed, for Amazon RDS Provisioned IOPS (SSD) and General Purpose (SSD) gp3 storage. Provisioned storage for EBS volumes are billed in 1-second increments, with a minimum of 10 minutes.
Backup storage (per GiB per month) – Backup storage is the storage that is associated with automated database backups and any active database snapshots that you have taken. Increasing your backup retention period or taking additional database snapshots increases the backup storage consumed by your database. Per second billing doesn't apply to backup storage (metered in GB-month).
For more information, see
Backing up, restoring, and exporting data
.
Data transfer (per GB) – Data transfer in and out of your DB instance from or to the internet and other AWS Regions.
Amazon RDS provides the following purchasing options to enable you to optimize your costs based on your needs:
On-Demand instances – Pay by the hour for the DB instance hours that you use. Pricing is listed on a per-hour basis, but bills are calculated down to the second and show times in decimal form. RDS usage is now billed in 1-second increments, with a minimum of 10 minutes.
Reserved instances – Reserve a DB instance for a one-year or three-year term and get a significant discount compared to the on-demand DB instance pricing. With Reserved Instance usage, you can launch, delete, start, or stop multiple instances within an hour and get the Reserved Instance benefit for all of the instances.
For Amazon RDS pricing information, see the
Amazon RDS pricing page
.
What is Amazon Relational Database Service (Amazon RDS)? - Amazon Relational Database Service

Key Features
Accessing Database Instances
Quotas and Limits
Maintenance Windows
Events and Notifications
Use Cases
Special Considerations
anti-patterns
Authorization and Access Control
Supported features in Amazon RDS by AWS Region and DB engine
Supported Regions and DB engines
DB instance billing for Amazon RDS
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.