(DAT304) Amazon RDS for MySQL: Best Practices

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Abdul Sathar Sait, Principal Product Manager, RDS

October 2015 | Las Vegas, NV

DAT 304

Amazon RDS for MySQL

Best Practices

Kevin Rice, Director of Engineering, Airbnb

What’s new in Amazon RDS MySQL

AWS Key Management

Service (AWS KMS)

Selected RDS MySQL customers

Tens of thousands of customers. Hundreds of thousands of DB instances.

What we will cover in this session

Quick introduction to Amazon Relation Database Service (Amazon RDS)

Making the most out of RDS MySQL

Securing your data—encryption at rest

Database migration with minimal downtime

Improving performance by cache warming

Burst mode resources to reduce cost

Learn it from the experts—Airbnb

Why choose Amazon RDS?

Schema design

Query construction

Query optimization

High availability

Backup and recovery

Isolation and security

Industry compliance

Push-button scaling

Automated patching

Advanced monitoring

Routine maintenance

Amazon RDS takes care of your time-consuming database

management tasks, freeing you to focus on your applications and

business

You

RDS

We made it highly available, secure, easier, and cheaper

Push-button provisioning; automated scaling, patching, security, backups,

restores, and general care and feeding

Lower TCO because we manage the muck

► Get more leverage from your teams

► Focus on the things that differentiate you

Built-in high availability and cross-region replication across multiple data

centers

Now even a small startup can leverage multiple data centers to design highly

available apps with over 99.95% availability

High availability with Multi-AZ deploymentsEnterprise-grade fault tolerance solution for production databases

An Availability Zone is a physically distinct, independent infrastructure

Your database is synchronously replicated to another AZ in the same AWS region

Failover occurs automatically in response to the most important failure scenarios

Customers love Multi-AZ

26%

40%

25%

30%

35%

40%

45%

Multi-AZ instances as a share of all RDS instances

Choose cross-region read replicas for faster disaster

recovery and enhanced data locality

Promote a read replica to a

master for faster recovery in the

event of disaster

Bring data close to your

customer’s applications in

different regions

Promote to a master for easy

migration

Choose cross-region snapshot copy for even

greater durability, ease of migration

Copy a database snapshot to a different AWS

region

Warm standby for disaster recovery

Or use it as a base for migration to a different

region

Amazon RDS provides levels of security

difficult to achieve on-premisesAmazon RDS gives each database instance IP firewall protection

RDS offers transparent encryption at rest and SSL protection for data in transit

Amazon VPC lets you isolate and control network configuration and connect securely to your IT infrastructure

AWS Identity and Access Management (IAM) provides resource-level permission controls

AWS has achieved major compliances

Securing your data at rest

Do you encrypt your database?

Protect your data at rest

Premium feature for most commercial databases included at no

additional cost to RDS customers

Data stored at rest in the underlying storage is encrypted, as are

its automated backups, read replicas, and snapshots

May be needed for compliance (HIPAA and FedRamp)

AWS Key Management ServiceIntegrated with IAM console

Services integration with AWS KMS

Two-tiered key hierarchy using envelope encryption

• Unique data key encrypts customer data

• AWS KMS master keys encrypt data keys

Benefits:

• Limits risk of compromised data key

• Better performance for encrypting large data

• Easier to manage small number of master keys

than millions of data keys

• Centralized access and audit of key activity

Data Key 1

Amazon

S3 ObjectAmazon

EBS

Volume

Amazon

Redshift

Cluster

Data Key 2 Data Key 3 Data Key 4

Custom

Application

Customer Master

Key(s)

Your Application or

AWS Service

+

Data Key Encrypted Data Key

Encrypted

Data

Master Key(s) in

Customer’s Account

AWS KMS

1. Application requests encryption key to use to encrypt data, passes reference to master key in account

2. Client request authenticated based on master key permissions

3. New data encryption key created—copy encrypted under master key

4. Plaintext and encrypted data key returned to the client

5. Plaintext data key used to encrypt data and then deleted

6. Encrypted data key stored for later use and sent back to AWS KMS for when decryption occurs

How keys are used to protect your data

Encryption using AWS KMS demo

Database migration to AWS with

minimal downtime

Move data to the same or different database engine

Keep your apps running during the migration

Start your first migration in 10 minutes or less

Replicate within, to, or from Amazon EC2 or RDS

AWS Database

Migration Service

Migrate from Oracle and SQL Server

Move your tables, views, stored procedures,

and data manipulation language (DML) to

MySQL, MariaDB, and Amazon Aurora

Highlight where manual edits are neededAWS Schema

Conversion Tool

Architecting for lower cost

Burst mode—GP2 and T2

GP2—SSD based Amazon EBS storage

• 3 IOPS per GB base performance

• Earn credits when usage below base

• Burst to 3000+ IOPS

T2—Amazon EC2 instance with burst capability

• Base performance + burst

• Earn credits per hour when below base performance

• Can store up to 24 hours’ worth of credits

• Amazon CloudWatch metrics to see credits and usage

Burst mode—GP2 and T2

T2—CPU credits

Burst mode vs. standard vs. Provisioned IOPS

0

1000

2000

3000

4000

5000

6000

7000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Tra

ns

ac

tio

ns

pe

r S

ec

on

d (

TP

S)

Hours

100% read—20 GB data

db.m1.medium + 200GB standard

$0.575 per hour


0

1000

2000

3000

4000

5000

6000

7000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Tra

ns

ac

tio

ns

pe

r S

ec

on

d (

TP

S)

Hours



db.m3.medium + 200G + 2000 IOPS

$0.575 per hour

$0.408 per hour


0

1000

2000

3000

4000

5000

6000

7000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Tra

ns

ac

tio

ns

pe

r S

ec

on

d (

TP

S)

Hours




db.m3.large + 200G + 2000 IOPS

$0.575 per hour

$0.408 per hour

$0.508 per hour

Burst mode vs. Standard vs. Provisioned IOPS

0

1000

2000

3000

4000

5000

6000

7000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Tra

ns

ac

tio

ns

pe

r S

ec

on

d (

TP

S)

Hours





db.t2.medium + 200GB gp2

$0.105 per hour

$0.575 per hour

$0.408 per hour

$0.508 per hour


0

1000

2000

3000

4000

5000

6000

7000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Tra

ns

ac

tio

ns

pe

r S

ec

on

d (

TP

S)

Hours





db.t2.medium + 200GB gp2

db.t2.medium + 1TB gp2

$0.105 per hour

$0.575 per hour

$0.233 per hour

$0.408 per hour

$0.508 per hour

Selected Amazon RDS customers

AirbnbUsing technology to provide unique global

travel experiences.

Exponential growth in: traffic, users, bookings,

data, number of engineers.

Engineers deploy their own code at any time of

day. Rapid experimentation.

Search. Discovery. Global payments. Trust and

safety. Customer experience.

The basics

Master

Replica Replica

Application

Server

Application

Server

Multi-AZ

Binlog settings

Master

Replica Replica

Application

Server

Application

Server

Multi-AZ

Snapshots for data analytics

Master

Replica Replica

Multi-AZ

Batch

ReplicaSnapshot

Temp

Instance

Daily

Application

Server

HDFS

Binlog streaming: “SpinalTap”

Master

Replica Replica

Multi-AZ

Batch

Replica

SpinalTap

Replica

Application

Server

Disaster recovery

Master

Replica Replica

Multi-AZ

Batch

Replica

Application

Server

S3

Application

Server

To separate

account and

region

Summary and future work

http://bit.ly/awsevalsDAT304

http://bit.ly/awsevals

Thank you!

Remember to complete

your evaluations!

(DAT304) Amazon RDS for MySQL: Best Practices

Technology

Transcript of (DAT304) Amazon RDS for MySQL: Best Practices