Learning Hub

A collection of tutorials, best practices, case studies and hands-on how-to guides, focused on Cloud Technologies, Artificial Intelligence, Game Development, and Robotics Engineering.

Tutorials •  Best Practices •  Case Studies •  How-To

AWS Core Services: RDS Fundamentals

By William Do October 22, 2025 Posted in Tutorials
Tags: Amazon RDS AWS database cloud architecture AWS Amazon Web Services RDS storage types relational database service
AWS Core Services: RDS Fundamentals

Amazon Relational Database Service (RDS) is a fully managed database service that simplifies the process of setting up, operating, and scaling relational databases in the cloud[1]. Rather than spending time on routine database administration tasks such as hardware provisioning, patching, and backups, RDS automates these processes, allowing teams to focus on application development and innovation.

Understanding Database Engines

RDS supports eight different database engines, giving you the flexibility to choose the technology that best fits your application requirements[2]. These include PostgreSQL, MySQL, MariaDB, Oracle Database, Microsoft SQL Server, and IBM Db2, alongside the AWS-optimised Aurora engines (Aurora MySQL and Aurora PostgreSQL). Each engine maintains compatibility with its standard version, meaning your existing applications and tools work seamlessly without modification. For instance, if you’re running a content management system built on MySQL, you can migrate to RDS for MySQL and connect using the same database drivers and query syntax you’ve always used.

When selecting an engine, consider your specific needs. PostgreSQL excels at handling complex queries and supports advanced features like JSON data types and custom extensions[3]. MySQL offers broad compatibility with frameworks and tools, making it ideal for web applications requiring straightforward transactional operations. For enterprise workloads demanding high-performance analytics or extensive transactional capabilities, Oracle and SQL Server provide robust solutions commonly used in finance and healthcare sectors.

Storage Options and Performance

RDS provides three primary storage types: General Purpose SSD (gp2 and gp3), Provisioned IOPS SSD (io1 and io2 Block Express), and magnetic storage (retained for backwards compatibility)[4]. Understanding these options helps optimise both performance and cost.

General Purpose gp3 storage represents the latest generation, offering baseline performance of 3,000 IOPS and 125 MB/s throughput at no additional charge[5]. Unlike its predecessor gp2, gp3 allows you to configure IOPS and throughput independently of storage size, providing greater flexibility. For example, a development database requiring 500 GB of storage but only moderate IOPS can use gp3 without overpaying for unnecessary performance.

For I/O-intensive workloads with strict latency requirements, Provisioned IOPS storage delivers consistent sub-millisecond performance. The io2 Block Express variant supports up to 256,000 IOPS per instance and offers 99.999% durability compared to 99.9% for gp3 volumes[6]. This makes io2 the preferred choice for mission-critical applications such as financial transaction systems or high-throughput e-commerce platforms where even brief performance degradation impacts revenue.

Database instances can scale storage from 20 GB up to 64 TB for most engines, with SQL Server supporting up to 16 TB[4]. Storage scaling occurs without downtime, allowing your database to grow alongside your application demands.

High Availability with Multi-AZ Deployments

Multi-AZ (Availability Zone) deployments provide automatic failover capability for production workloads. When you enable Multi-AZ, RDS synchronously replicates your data to a standby instance in a different availability zone[7]. Each availability zone operates on physically distinct infrastructure, engineered to remain isolated from failures in other zones.

In the event of hardware failure, network disruption, or planned maintenance, RDS automatically fails over to the standby instance, typically completing the process in under 35 seconds. Your application maintains the same database endpoint throughout failover, requiring no manual intervention or configuration changes. For instance, if your primary database in eu-west-1a experiences an issue, the standby in eu-west-1b becomes primary whilst RDS provisions a replacement standby, all whilst your application continues serving requests.

Multi-AZ deployments also offer a newer configuration with two readable standbys across three availability zones[8]. This topology enables read traffic routing to standby instances using dedicated reader endpoints, combining high availability with improved read performance. However, it’s crucial to understand that traditional Multi-AZ standbys cannot serve read traffic; they exist purely for failover purposes.

Scaling Read Performance with Read Replicas

Read replicas address read-heavy workloads by creating asynchronous copies of your database[9]. Unlike Multi-AZ standbys, read replicas actively serve read queries, allowing you to distribute load across multiple database instances. You can create up to five read replicas per primary instance, each with its own DNS endpoint[10].

Consider an analytics dashboard that queries historical sales data whilst your primary database handles current transactions. By directing dashboard queries to a read replica, you prevent analytical workloads from impacting transactional performance. RDS uses asynchronous replication to keep replicas updated, meaning there may be a brief lag between writes to the primary and their appearance in replicas.

Read replicas support cross-region deployment, enabling you to place databases closer to users for reduced latency[11]. For example, if your primary database resides in us-east-1 but you have significant European traffic, creating a read replica in eu-west-1 reduces query response times for those users. Additionally, read replicas can be manually promoted to standalone instances, making them valuable for disaster recovery scenarios or migration testing.

Backup and Recovery Strategies

RDS implements two backup mechanisms: automated backups and manual snapshots. Automated backups run daily during a configurable 30-minute window, capturing a full snapshot plus continuous transaction logs[12]. This enables point-in-time recovery, allowing you to restore your database to any second within the retention period, which ranges from 1 to 35 days[13].

Point-in-time recovery proves invaluable when handling accidental data modifications. Imagine a developer accidentally deletes critical records at 14:37. With automated backups, you can restore the database to 14:36, recovering the data whilst losing only one minute of transactions. The latest restorable time typically lags the current time by just five minutes[12].

Manual snapshots provide user-initiated backups retained indefinitely until explicitly deleted[14]. These prove essential before major schema changes or application updates. For instance, before migrating your database from version 13 to 14, creating a manual snapshot ensures you can revert if the upgrade introduces unexpected issues. Snapshots are incremental, meaning you pay only for changed data rather than full database size, and they can be copied across regions or shared between AWS accounts.

For Multi-AZ deployments, backups run from the standby instance, eliminating performance impact on your primary database. Single-AZ configurations may experience brief I/O suspension during snapshot initialisation, though this typically lasts only seconds.

Security and Access Control

RDS security operates at multiple layers. At the network level, security groups function as virtual firewalls, controlling which IP addresses or EC2 instances can connect to your database[15]. Best practice places RDS instances in private subnets within a Virtual Private Cloud (VPC), preventing direct internet access whilst allowing connectivity from application servers in the same VPC[16].

Data encryption uses AWS Key Management Service (KMS) to protect information at rest. When you enable encryption on a database instance, RDS encrypts the underlying storage, automated backups, read replicas, and snapshots using industry-standard AES-256 encryption[17]. Encryption must be enabled at creation; existing unencrypted instances require creating an encrypted snapshot and restoring to a new encrypted instance[18]. This encryption operates transparently with minimal performance impact, handling authentication and decryption automatically.

For data in transit, SSL/TLS connections encrypt communication between your application and database[15]. RDS automatically generates and installs SSL certificates during provisioning. Oracle databases additionally support native network encryption, whilst SQL Server can leverage Transparent Data Encryption for an additional security layer.

IAM (Identity and Access Management) controls who can manage RDS resources through AWS APIs[19]. You can create granular policies specifying which users can create, modify, or delete database instances. IAM database authentication allows applications to connect using temporary credentials instead of embedding passwords in configuration files, improving security by eliminating long-lived credentials[20]. Resource tagging enables policy enforcement based on environment, such as restricting developers to modifying ‘Development’ tagged instances whilst protecting ‘Production’ resources.

Modern Instance Types and Analytics Integration

RDS now defaults to AWS Graviton3-based instances for new deployments, offering substantial performance improvements[21]. Graviton3-powered M7g and R7g instances deliver up to 30% better performance and 27% improved price-performance compared to previous-generation Graviton2 instances[22]. These instances feature DDR5 memory providing 50% more memory bandwidth than DDR4, enhanced networking up to 30 Gbps, and support for Optimised Writes on MySQL and MariaDB engines that can double write throughput at no additional cost. For open-source database engines (PostgreSQL, MySQL, MariaDB), Graviton3 represents the optimal choice for balancing performance and cost efficiency.

Zero-ETL integration with Amazon Redshift removes the complexity of building data pipelines for analytics[23]. This feature replicates transactional data from RDS databases to Redshift in near real-time, typically within seconds of writes occurring. Data engineers can configure integrations to selectively replicate specific databases and tables, enabling analytics workloads without impacting production database performance. Zero-ETL supports RDS for MySQL, PostgreSQL, and Oracle, making it straightforward to combine data from multiple sources into a unified analytics platform. For organisations requiring both transactional and analytical capabilities, this eliminates the traditional ETL burden whilst maintaining data freshness for business intelligence and machine learning workloads.

Cost Optimisation and Operational Considerations

RDS pricing includes several components: database instance hours, storage capacity, I/O operations, backup storage, and data transfer. Instance classes range from small development instances to large memory-optimised classes with up to 32 vCPUs and 244 GB of RAM.

Reserved instances offer significant discounts over on-demand pricing when you commit to one or three-year terms. For predictable workloads running continuously, reserved instances can reduce costs by up to 60%[24]. Development databases that don’t require 24/7 availability can be stopped for up to seven days at a time, suspending instance charges whilst retaining storage costs[25].

Monitoring through CloudWatch Database Insights provides visibility into database performance metrics including CPU utilisation, IOPS, connections, and query latency[26]. Note that the standalone Performance Insights console experience will be discontinued after November 30, 2025, with functionality transitioning to CloudWatch Database Insights[27]. DevOps Guru for RDS uses machine learning to automatically detect performance issues and provide remediation recommendations.

RDS handles software patching automatically, applying minor version updates during maintenance windows you define. Major version upgrades require explicit approval, allowing you to test compatibility before deployment. The service continuously monitors database health, automatically replacing failed instances in Multi-AZ configurations and maintaining availability without manual intervention.

References

  1. What is Amazon RDS? - Amazon Relational Database Service.
  2. Managed SQL Database - Amazon RDS.
  3. Choosing your database engine for Amazon RDS.
  4. Amazon RDS DB instance storage.
  5. Amazon RDS now supports General Purpose gp3 storage volumes.
  6. Optimize Amazon RDS performance with io2 Block Express storage.
  7. Amazon RDS Multi-AZ Deployments.
  8. Readable standby instances in Amazon RDS Multi-AZ deployments.
  9. Amazon RDS Read Replicas.
  10. Amazon RDS Multi-AZ Deployments and Read Replicas.
  11. Working with DB instance read replicas.
  12. Amazon RDS Backup & Restore.
  13. Amazon RDS FAQs.
  14. Amazon RDS: Snapshot, restore, and recovery demystified.
  15. Amazon RDS Security.
  16. Amazon RDS Security & Compliance.
  17. Encrypting Amazon RDS resources.
  18. Encryption best practices for Amazon RDS.
  19. Securing Amazon RDS Databases: IAM and Encryption Strategies.
  20. IAM database authentication for RDS.
  21. AWS Graviton Processor - Amazon EC2.
  22. Amazon RDS now supports M7g and R7g database instances.
  23. Zero-ETL integrations - Amazon Redshift.
  24. Amazon RDS Reserved Instances.
  25. Amazon RDS Features.
  26. Monitoring Amazon RDS databases with CloudWatch Database Insights.
  27. Overview of Performance Insights on Amazon RDS.

You Might Also Like