43. RDS Backups, Multi-AZ & Read Replicas

Two different types of backups for RDS:

Automated Backups Database Snapshots
Allows to recover DB to any point in time within a retention period. DB Snapshots are done manually (i.e they are user initiated).
Retention period can be between 1 to 35 days. They are stored even after we delete the original RDS instance, unlike automated backups.
Automated backups will take a full daily snapshot and will also store transaction logs throughout the day.
When we do a recovery, AWS will first choose the most recent daily backup and then apply transaction logs relevant to that day.
This allows to do a point in time recovery down to a second, within the retention period.
Automated backups are enabled by default
The backup data is stored in S3 and we get free storage space equal to the size of DB. So if we have an RDS instance of 10 GB, we will get 10 GB worth of storage
Backups are taken within a defined window. During the backup window, storage I/O may be suspended and may experience elevated latency.
Restoring Backups:
Whenever we restore either an automatic backup or DB Snapshot, the restored version of the DB will be a new RDS instance with a new DNS endpoint.

Encryption at Rest:
Encryption at Rest is supported for MySQL, Oracle, SQL Server, PostgreSQL, Maria DB & Aurora. Encryption is done using the AWS KMS. Once the RDS is encrypted , the data stored at rest in the underlying storage is also encrypted, as are its automated backups, read replicas and snapshots. So soon as you turn encryption on basically anything that you are doing such as backups, read replicas and snapshots are also going to be encrypted as well.

Multi-AZ:
Allows to have an exact copy of production database in another AZ and its done synchronously through synchronous replication. AWS handles the replication, so when DB is written, this write will automatically be synchronized to the standby DB.
In the event of planned DB maintenance, DB instance failure or AZ failure RDS will automatically failover to the standby so that DB operations can resume quickly w/o administrative intervention.
Multi AZ is for disaster recovery only. Its not primarily used for improving performance. For performance improvement, we need ‘Read Replicas’.
Multi AZ is available for following DBs:
i) Microsoft SQL Server
ii) Oracle
iii) My SQL Server
iv) PostgreSQL
v) Maria DB
Multi AZs are used for DR. We can force a failover from one AZ to another by rebooting the RDS instance.

Read Replicas:

Question 1:
What are the first two conditions used by Amazon AWS default
termination policy for Multi-AZ architecture?
A. unprotected instance with oldest launch configuration
B. Availability Zone (AZ) with the most instances
C. at least one instance that is not protected from scale in
D. unprotected instance closest to the next billing hour
E. random selection of any unprotected instance
Answer (B,C)

Question 2:
What storage type is recommended for an online transaction processing (OLTP) application deployed to Multi-AZ RDS with significant workloads?
A. General Purpose SSD
B. Magnetic
C. EBS volumes
D. Provisioned IOPS
Answer (D)

Question 3:
Your company has an application that consists of ELB, EC2 instances, and an RDS database. Recently, the number of read requests to the RDS database has been increasing, resulting in poor performance.
Select the changes you should make to your architecture to improve RDS performance.
Options:
A. Install CloudFront before accessing the DB
B. Improve processing by making RDS a multi-AZ configuration
C. Increase read replicas of RDS
D. Place DynamoDB as a cache layer in front of the RDS DB
Answer: C
Explanation
Adding a Read Replica to Amazon RDS improves the performance and durability of the database (DB) instance read process. This feature allows you to stretch and scale the capacity of a single DB instance to ease the overall workload of frequently read databases. You can create up to 5 Read Replicas for your RDS DB instance. It can support high volume read traffic for your application and improve overall read throughput. Therefore, option 3 is the correct answer.
Option 1 is incorrect because CloudFront is used to speed up global content delivery processing, not to improve database reading processing.
Option 2 is incorrect. You can improve the availability of your DB instance by configuring RDS in a multi-AZ configuration, but yit will not improve read performance.
Option 4 is incorrect. By installing ElastiCache in front of RDS instead of DynamoDB, it is possible to improve read performance by cache processing. However DynamoDB is not a suitable solution.

Question 4:
An Amazon RDS Read Replica is being deployed in a separate region. The master database is not encrypted but all data in the new region must be encrypted. How can this be achieved?
Options:
A. Encrypt a snapshot from the master DB instance, create a new encrypted master DB instance, and then create an encrypted cross-region Read Replica
B. Enable encryption using Key Management Service (KMS) when creating the cross-region Read Replica
C. Encrypt a snapshot from the master DB instance, create an encrypted cross-region Read Replica from the snapshot
D. Enabled encryption on the master DB instance, then create an encrypted cross-region Read Replica
Answer: A
Explanation
You cannot create an encrypted Read Replica from an unencrypted master DB instance. You also cannot enable encryption after launch time for the master DB instance. Therefore, you must create a new master DB by taking a snapshot of the existing DB, encrypting it, and then creating the new DB from the snapshot. You can then create the encrypted cross-region Read Replica of the master DB.
CORRECT: “Encrypt a snapshot from the master DB instance, create a new encrypted master DB instance, and then create an encrypted cross-region Read Replica” is the correct answer.
INCORRECT: “Enable encryption using Key Management Service (KMS) when creating the cross-region Read Replica” is incorrect. All other options will not work due to the limitations explained above.
INCORRECT: “Encrypt a snapshot from the master DB instance, create an encrypted cross-region Read Replica from the snapshot” is incorrect. All other options will not work due to the limitations explained above.
INCORRECT: “Enabled encryption on the master DB instance, then create an encrypted cross-region Read Replica” is incorrect. All other options will not work due to the limitations explained above.

Question 5:
A new DevOps engineer has just joined a development team and wants to understand the replication capabilities for RDS Multi-AZ as well as RDS Read-replicas.
Which of the following correctly summarizes these capabilities for the given database?
Options:
A. Multi-AZ follows asynchronous replication and spans one Availability Zone within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
B. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
C. Multi-AZ follows synchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
D. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
Answer: C
Explanation
Correct option:
Multi-AZ follows synchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Multi-AZ spans at least two Availability Zones within a single region.
Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. For the MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines, Amazon RDS creates a second DB instance using a snapshot of the source DB instance. It then uses the engines’ native asynchronous replication to update the read replica whenever there is a change to the source DB instance.
Amazon RDS replicates all databases in the source DB instance. Read replicas can be within an Availability Zone, Cross-AZ, or Cross-Region.
Incorrect Options:
Multi-AZ follows asynchronous replication and spans one Availability Zone within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region
These three options contradict the earlier details provided in the explanation. To summarize, Multi-AZ follows synchronous replication for RDS. Hence these options are incorrect.

Question 6:
The engineering manager for a content management application wants to set up RDS read replicas to provide enhanced performance and read scalability. The manager wants to understand the data transfer charges while setting up RDS read replicas.
Which of the following would you identify as correct regarding the data transfer charges for RDS read replicas?
• There are data transfer charges for replicating data across AWS Regions (Correct)
• There are data transfer charges for replicating data within the same AWS Region
• There are no data transfer charges for replicating data across AWS Regions
• There are data transfer charges for replicating data within the same Availability Zone
Explanation
Correct option:
There are data transfer charges for replicating data across AWS Regions
RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.
A read replica is billed as a standard DB Instance and at the same rates. You are not charged for the data transfer incurred in replicating data between your source DB instance and read replica within the same AWS Region.
Incorrect options:
There are data transfer charges for replicating data within the same Availability Zone
There are data transfer charges for replicating data within the same AWS Region
There are no data transfer charges for replicating data across AWS Regions
These three options contradict the explanation provided above, so these options are incorrect.

Question 7:
What is true about RDS Read Replicas encryption?
A• If the master database is encrypted, the read replicas can be either encrypted or unencrypted
B• If the master database is unencrypted, the read replicas are encrypted
C• If the master database is unencrypted, the read replicas can be either encrypted or unencrypted
D• If the master database is encrypted, the read replicas are encrypted
Answer: D
Explanation
Correct option:
If the master database is encrypted, the read replicas are encrypted
Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. For the MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines, Amazon RDS creates a second DB instance using a snapshot of the source DB instance. It then uses the engines’ native asynchronous replication to update the read replica whenever there is a change to the source DB instance. read replicas can be within an Availability Zone, Cross-AZ, or Cross-Region.
On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. Therefore, this option is correct.
Incorrect options:
If the master database is encrypted, the read replicas can be either encrypted or unencrypted – If the master database is encrypted, the read replicas are necessarily encrypted, so this option is incorrect.
If the master database is unencrypted, the read replicas can be either encrypted or unencrypted
If the master database is unencrypted, the read replicas are encrypted
If the master database is not encrypted, the read replicas cannot be encrypted, so both these options are incorrect.

Question 8:
The application maintenance team at a company has noticed that the production application is very slow when the business reports are run on the RDS database. These reports fetch a large amount of data and have complex queries with multiple joins, spanning across multiple business-critical core tables. CPU, memory, and storage metrics are around 50% of the total capacity.
Can you recommend an improved and cost-effective way of generating the business reports while keeping the production application unaffected?
• Migrate from General Purpose SSD to magnetic storage to enhance IOPS
• Create a read replica and connect the report generation tool/application to it
• Increase the size of RDS instance
• Configure the RDS instance to be Multi-AZ DB instance, and connect the report generation tool to the DB instance in a different AZ
Answer: B
Explanation
Correct option:
Create a read replica and connect the report generation tool/application to it – Amazon RDS Read Replicas provide enhanced performance and durability for RDS database (DB) instances. They make it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances.
There are a variety of scenarios where deploying one or more read replicas for a given source DB instance may make sense. Common reasons for deploying a read replica include:
1. Scaling beyond the compute or I/O capacity of a single DB instance for read-heavy database workloads. This excess read traffic can be directed to one or more read replicas.
2. Serving read traffic while the source DB instance is unavailable. If your source DB Instance cannot take I/O requests (e.g. due to I/O suspension for backups or scheduled maintenance), you can direct read traffic to your read replica(s). For this use case, keep in mind that the data on the read replica may be “stale” since the source DB Instance is unavailable.
3. Business reporting or data warehousing scenarios; you may want business reporting queries to run against a read replica, rather than your primary, production DB Instance.
4. You may use a read replica for disaster recovery of the source DB instance, either in the same AWS Region or in another Region.
Comparing Read Replicas with Multi-AZ and Multi-Region RDS deployments: via – https://aws.amazon.com/rds/features/read-replicas/
Incorrect options:
Increase the size of RDS instance – This will not help as it’s mentioned that the CPU, memory, and storage are running at only 50% of the total capacity.
Migrate from General Purpose SSD to magnetic storage to enhance IOPS – This is. Amazon RDS supports magnetic storage for backward compatibility only. AWS recommends that you use General Purpose SSD or Provisioned IOPS for any storage needs.
Configure the RDS instance to be Multi-AZ DB instance, and connect the report generation tool to the DB instance in a different AZ – Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. However, you cannot read from the standby database, making multi-AZ, an option for the given scenario.