RDS Backup
- RDS Supports automatic backups
- Capture transaction logs in real time
- Enabled by default with a 7-days retention period (0-35 days retention, 0=disable automatic backups)
- You can provide backup window (daily time range) and backup retention period (no. of days)
- The first backup is a full backup. Subsequent backups are incremental
- Data is stored in a S3 bucket (owned and managed by RDS service, you won't see them in your S3 console)
- Recommended to use Multi-AZ option to avoid performance issue when backups are running
- Integrates with AWS Backup service for centralized management
Backups vs Snapshots
| Backups | Snapshots |
| Are automated | Are manually triggered |
| Are incremental | Are full backups |
| Retention period up to 35 days | Retained as long as you want |
| Support PITR within retention period | Does not support PITR |
| Greate for unexpected failures | Great for known events like DB upgrades etc. |
| A non-zero backup retention period in RDS also enables a snapshot before and after DB engine upgrades | Can use Lambda functions to take periodic backups and move them to S3 (say for compliance purposes) |
Copying and sharing RDS snapshots
- You can copy automated backups or manual snapshots
- The copy becomes a manual snapshot
- You can copy snapshots within region, across regions or across accounts
- For copying snapshot across account, you must share the snapshot first, and then copy it in the target account
- Automated backups cannot be shared directly. Must snapshot first.
- Copying across regions/accounts = data transfer costs
Copying and sharing RDS encrypted snapshots
- Snapshots encrypted w/ default RDS encryption key cannot be shared directly
- Copy the snashot using a custom encryption key and then share [Key + Snapshot]
- Snapshots with certain custom option groups cannot be shared (e.g. TDE)
How to encrypt an unencrypted RDS DB
- Can't encrypt an existing uncncrypted RDS DB instance
- Can't create an encrypted read replica from an unencrypted instance
- Copy an unencrypted snapshot with encryption enabled
- Restore the encrypted snapshot to a new RDS DB instance
- Can use MySQL replication to synchronize change (binlog replication)
- Sidenote - if it's an Aurora unencrypted snapshot, then you can directly restore it to an encyrpted aurora DB by specifying the KMS key. No need to copy the snapshot.
Restoring from a snapshot
- Can only restore to a new instance
- An instance can have one or more DBs and all these DBs will be restored
- To retain the same name, delete or rename the existing instance first
- Can't restore from a shared and encrypted snapshot directly (Copy first and them restore from copy)
- Can restore from a snapshot of DB instance outside VPC to inside VPC (but not other way round)
Restoring from a snapshot
- By default, restored cluster gets applied with
- New security group
- Default parameter group
- Option group that was associated with the snapshot
- While restore from a snapshot, be sure to
- Choose the correct security group to ensure connectivity for the restored DB
- Choose correct parameter group for the restored DB
- Recommended to retain parameter group of the snapshot to help restore with the correct parameter group
PITR(Point In Time Recovery) with RDS
- Point-In-Time Recovery
- Can only restore to a new instance
- The backup retention period controls the PITR window
- Can restore to any point in time during your backup retention period
- RDS uploads DB transaction logs to S3 every 5 minutes (affects latest restorable time)
- You can move/restore a DB instance from outside VPC to inside VPC with PITR (but not other way round)
Exporting DB Snapshot Data to S3
- All types of backups can be exported (automatic/manual or those created with AWS Backup service)
- How to export?
- Setup an S3 bucket with appropriate IAM permissions and create a KMS key for SSE
- Export the snapshot using console (Actions --> Export to Amazon S3) or using start-export-task CLI command
- Export runs in the background
- Doesn't affect the DB performance
- Data exported in Apache Parquet format (=compressed and consistent)
- Allow you to analyze the DB data using Athena or Redshift Spectrum
Demo
'AWS Database > AWS RDS & Aurora' 카테고리의 다른 글
| [AWS Certificate]-Amazon Aurora (0) | 2022.01.06 |
|---|---|
| [AWS Certificate]-Amazon RDS Good thing to know (0) | 2022.01.06 |
| [AWS Certificate]-Amazon RDS Monitoring and Logs (0) | 2022.01.06 |
| [AWS Certificate]-Amazon RDS Replication & DR (0) | 2022.01.06 |
| AWS RDS Aurora 스토리지 및 IO 비용 계산 (0) | 2021.12.20 |
