[AWS Certified Solutions Architect] Database, Storage

RDS : managed RDBMS

- Automated provisioning, OS patching

- Continuous backups and restore to specific timestamp : transaction logs are backed-up by every 5mins,ability to restore to any point in time, 7 days retentions- Monitoring dashboards

- Read replicas for improved read performance : up to 5 read replicas, replication is ASYNC, must update connection string, free for same-region, pay fee for cross-region

- Multi AZ setup for DR : SYNC replication, Increase availability, Multi-AZ replication is free, by clicking modify

- Scaling capability : must set Maximum storgae Threshold

- Storge backed by EBS(gp2 or io1)

​

RDS Encryption

-At rest AWS KMS, if the master is not encrypted the read replicas cannot be encrypted

-In-flight : SSL certificates, Provide SSL options

-Access Management : IAM policies, IAM authentication with MySQL and PostgreSQL(no needs of password, just obtaining authentication token)

​

Amazon Aurora​ : AWS cloud optimized RDB with PostgresSQL and MySQL

- 15 replicas, H/A native

- Support Cross region replication

- Security : similrar to RDS

​

Aurora Custom Endpoints : Endpoints are pointing DB, reader endpoint is generally not used after defining custom endpoints

Aurora Serverless : No capacity planning needed, pay per second,

Aurora Multi-Master : High Availability

Aurora CRRR : Cross Region Read Replicas, useful for disaster recovery

Aurora Global DB : 1 primary region(read/write), up to 5 secondory regions(read-only), up to 16 read replicas per region, decreasing latency

​

*** RDS / Aurora : managed RDB 서비스로 공통적으로 OS patching / Provisioning / Monitoring / Read Replicas / Multi-AZ / Auto Scaling 등을 지원한다. Aurora는 AWS 네이티브로 RDS보다 나은 성능을 보장한다.

Encryption 관련해서는 At-rest : AWS KMS, In-transit : SSL, Access : IAM based 로 비슷하다.

​

ElastiCache : Redis, Memcached - needs heavy application code changes, can make your app stateless

- user session store : user logs into any of the apps(instance), app(instance) writes the session data into ElastiCache

- REDIS : Multi AZ, Read Replicas(H/A), Backup and restore features

- MEMCACHED : No H/A(replication), non persistent, no backup and restore

- Security : Do not upport IAM authentication, REDIS(password/token, support SSL), MEMCACHED(SASL based)

​

Patterns for ElastiCache :

- Lazy loading : all the read data is cached, data can become stale in cache

- Write Through : Adds or update data in the cache when written to a DB

- Session Store : store temporary session data in a cache

​

DynamoDB : serverless, NoSQL DB, HA/Multi-AZ by default,​​ IAM authorization/KMSSSL

Athena : used to query data in S3, pay per query, output results back to S3, IAM+S3 security

Redshift : OLAP(Analytics/BI/DWH), NO MULTI-AZ​​(need to snapshot and restore a snapshot into a new cluster, can be automated)

- Kinesis Data Firehose, S3 using COPY command, EC2 instance JDBC driver

Glue : ETL, serverless

Neptune : graph db, suits for SNS systems or Wikipedia

ElasticSearch : search any field of NoSQL, searching and indexing

​

Snow Family

- Data migration : Snowcone, Snowball Edge, Snowmobile

- Edge computing(limited connectivity/bandwidth,high network cost,,) : Snowcone, Snowball Edge

Snowcone : smallest, 8TBs

Snowball edges : storage optimized(80TB), Compute Optimized(42TB), cannot import to Glacier directly (Snoball->S3-> lifecyle policy)

Snowmobile : 100PB, Better than Snowball if you transfer more than 10 PB

OpsHub : software to manage Snow Family Device

​

Amazon FSx for Window : Window File system share drive, Multi-AZ, backed up daily to S3

Amazon FSx for Lustre : linux cluster, High performance computing

FSx option : Scratch FS(temporary storage, no replication), Persistent FS(long term storage, replicated within same AZ)

​

Hybrid Cloud for Storage: Block (EBS,EC2) / FILE (EFS, FXs) / Object(S3, Glacier)

Storage gateway : Bridge between on-premises data and cloud data in S3, File/Volume/Tape

- HW appliance : no on-premises virtualization

File Gateway : NFS and SMB protocol, supports S3 standard/S3 IA/S3 One Zone IA, most recently used data is cached in the file gateway, Integrated with AD for user authentication

Volume Gateway : backed by EBS snapshots, Cached volumes / Stored volumes

Tape Gateway : backup to Virtual Tape Library(VTL)

​

출처 : Udemy Ultimate AWS Certified Solution Architecture Associate 2022