Amazon RDS

Amazon RDS (Relational Database Service)

Amazon RDS is a managed relational database service that provisions, patches, backs up, and replicates databases across multiple engines: PostgreSQL, MySQL, MariaDB, Oracle, Microsoft SQL Server, IBM Db2, and Amazon Aurora (covered separately). RDS removes the operational toil of running a database server while keeping the engine itself standard, so existing applications and tooling work unchanged.

Key Features:

Managed Lifecycle: Automated provisioning, minor-version patching with maintenance windows, and parameter groups for engine tuning.
Multi-AZ Deployments: Synchronous standby in a second Availability Zone with automatic failover (typically 60-120 seconds). Multi-AZ Cluster (PostgreSQL/MySQL) adds two readable standbys with semi-sync replication.
Read Replicas: Up to 15 async replicas per primary; cross-region replicas for DR and global read scale.
Storage Auto-Scaling: gp3 / io2 Block Express volumes; storage auto-scales when free space drops below threshold.
Backups & Snapshots: Daily automated backups (1-35 day retention) with point-in-time recovery to any second within the window; on-demand snapshots retained indefinitely.
Security: VPC isolation, security groups, IAM database authentication (PostgreSQL/MySQL), KMS encryption at rest, TLS in transit, AWS Secrets Manager-managed master passwords.
Performance Insights: Database load visualization with SQL-level wait analysis; up to 24 months retention.
RDS Proxy: Connection pooling and IAM-authenticated access — essential for Lambda workloads that would otherwise exhaust connections.
Blue/Green Deployments: Stand up a parallel green environment, validate, and switch over with minimal downtime for major upgrades.

Common Use Cases:

OLTP Backends: Web and mobile applications needing transactional consistency.
Enterprise Workloads: Lift-and-shift Oracle and SQL Server workloads with BYOL or License Included.
Reporting Replicas: Offload analytical queries from the primary to read replicas.
SaaS Multi-Tenant Backends: Per-tenant schemas/databases on shared instances; large tenants on dedicated instances.
Hybrid Migrations: Target for AWS Database Migration Service (DMS) from on-prem databases.

Service Limits & Quotas:

DB instances per region: default soft limit 40 (raisable).
Read replicas per source: 15.
Storage: up to 64 TiB on most engines; up to 256 TiB with io2 Block Express on supported engines.
Max IOPS: 256,000 on io2 Block Express.
Backup retention: 0-35 days for automated backups.
Manual snapshots: default soft limit 100 per region.
Connections: engine-dependent; PostgreSQL max_connections defaults scale with instance memory and can be tuned via parameter groups.

Pricing Model:

Instance hours: per-second billing by instance class and engine; License Included tiers (SQL Server, Oracle) cost more.
Storage: per GB-month; gp3 starts at lower IOPS and supports independent provisioned IOPS/throughput.
Backup storage: free up to the size of the database; charged per GB-month beyond.
Multi-AZ: roughly doubles instance and storage cost.
Data transfer: egress to internet and cross-region replicas billed per GB.
Reserved Instances / Savings Plans: 1- or 3-year terms for ~30-60% off on-demand.
Common cost surprise: idle dev instances running 24/7, snapshot retention growing unbounded, and cross-region replica data transfer. Use RDS auto-stop for non-prod (max 7 days at a time) and snapshot lifecycle policies.

Code Example — Create a Multi-AZ PostgreSQL Instance:


aws rds create-db-instance \
  --db-instance-identifier prod-orders \
  --db-instance-class db.r6g.xlarge \
  --engine postgres \
  --engine-version 16.3 \
  --allocated-storage 200 \
  --storage-type gp3 \
  --multi-az \
  --master-username dbadmin \
  --manage-master-user-password \
  --master-user-secret-kms-key-id alias/rds-secrets \
  --vpc-security-group-ids sg-0abc123 \
  --db-subnet-group-name prod-private \
  --backup-retention-period 14 \
  --storage-encrypted \
  --kms-key-id alias/rds \
  --enable-performance-insights \
  --performance-insights-retention-period 731 \
  --deletion-protection

Connect via boto3 + IAM Auth:


import boto3, psycopg2

rds = boto3.client("rds", region_name="us-west-2")
token = rds.generate_db_auth_token(
    DBHostname="prod-orders.abc123.us-west-2.rds.amazonaws.com",
    Port=5432,
    DBUsername="app_role",
)

conn = psycopg2.connect(
    host="prod-orders.abc123.us-west-2.rds.amazonaws.com",
    port=5432,
    user="app_role",
    password=token,
    dbname="orders",
    sslmode="require",
)

Common Interview Questions:

Multi-AZ vs. read replica — what's the difference?

Multi-AZ is for HA: the standby is synchronous, not readable, and exists only to fail over on AZ outage or instance failure (60-120s RTO). A read replica is async, readable, and used for read scaling or DR — promoting one to standalone is a manual recovery action, not automatic failover.

When use RDS Proxy?

For Lambda or other ephemeral compute that opens connections per invocation, for failover-aware connection pooling that survives instance failover with sub-second reconnect, and for IAM-only authentication without distributing passwords. Adds ~$0.015/hr per vCPU.

How does point-in-time recovery work?

Daily automated full backup plus continuous transaction log archive to S3 enables restoring to any second within the retention window. Restore creates a new instance — you can't restore in place.

What's a Blue/Green Deployment?

RDS provisions a green copy of the database (with replicas), keeps it in sync via logical replication, lets you upgrade the engine or modify parameters there, then performs a coordinated switchover by renaming endpoints. Downtime is typically under a minute and the blue (old) environment is preserved for rollback.

How do you encrypt an unencrypted RDS instance?

You can't encrypt in place. Snapshot the unencrypted instance, copy the snapshot with encryption enabled and a KMS key, then restore the encrypted snapshot to a new instance. Switch the application to the new endpoint.

RDS vs. Aurora — when pick which?

RDS for vanilla MySQL/Postgres/Oracle/SQL Server workloads or when you need a specific engine version Aurora doesn't yet support. Aurora when you need higher throughput, more replicas, faster failover, Serverless v2 elasticity, or Aurora-specific features like Global Database and Backtrack.

RDS is the default managed relational database for AWS — pick the right engine, enable Multi-AZ for production, encrypt with KMS, manage credentials in Secrets Manager, and reserve instances for predictable workloads.