cloud engineer
Here’s how to enable performance insights on a RDS instance.
Enable
aws rds modify-db-instance \ --db-instance-identifier sample-db-instance \ --enable-performance-insights \ --region us-east-1 \ --profile default |
Disable
aws rds modify-db-instance \ --db-instance-identifier sample-db-instance \ --no-enable-performance-insights \ --region us-east-1 \ --profile default |
Here’s a simple way to search for a RDS instance in AWS via CLI.
aws rds describe-db-instances \ --db-instance-identifier rds-instance-name \ --region us-east-1 \ --profile my-account |
You may have to cycle through accounts and regions to find it.
Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "rds:RestoreDBClusterFromSnapshot", "rds:DescribeDBSnapshots", "rds:CopyDBSnapshot", "rds:CopyDBClusterSnapshot", "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot", "rds:CreateDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot", "rds:CreateDBInstance", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DeleteDBInstance", "rds:CreateDBClusterSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBClusterSnapshotAttribute", "rds:ListTagsForResource", "rds:DeleteDBCluster", "ec2:DescribeSecurityGroups", "ec2:DescribeRegions", "ec2:DescribeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "iam:GetUser", "iam:GetAccountAuthorizationDetails", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:CreateGrant", "kms:DescribeKey*", "kms:ListKeys", "kms:ListAliases", "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKeyWithoutPlaintext", "kms:ListKeys", "kms:ListAliases", "kms:ListResourceTags" ], "Resource": "*" } ] } |
Here’s a IAM policy that you can add to an IAM user or an IAM role so they are able to start and stop a specific RDS instance.
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringEqualsIgnoreCase": {
"rds:db-tag/Application": "application-name"
}
},
"Action": [
"rds:DescribeDBInstances",
"rds:StartDBInstance",
"rds:StopDBInstance"
],
"Resource": "arn:aws:rds:us-east-1:xxxxxxxxxxxx:db:db-instance-name",
"Effect": "Allow"
}
]
} |
AWS just introduced Backup, a new managed service for backing up AWS resources. You can now create backup policies of EC2, RDS, DynamoDB, and EFS systems. The default backup uses S3 buckets, but storage can be moved to Glacier or it can be expired. The backup service is initially available in Virginia, Ohio, Oregon and Ireland.
There are several cases where there will be a need to stop a RDS instance. It could be due to testing, development activity, or simply to save money. Whatever the reasons may be, you’ll need to be aware of the limitations when stopping RDS instances. Here are several cases where it may become an issue.
RDS is a managed service by AWS. Patching is performed infrequently. Sometimes, it takes a few months. AWS performs these updates during the maintenance period. If no maintenance period was specified during DB creation, it will be assigned a default period. When patching is performed, AWS may need to stop and reboot your RDS instance right after patches are applied. To avoid potential downtime, make sure your RDS instances are configured in a Multi-AZ environment. Patching will be applied on each RDS instance separately, therefore avoiding downtime for your application.