rds

仓库: itsmostafa/aws-agent-skills
安装量: 41
排名: #17746

安装

npx skills add https://github.com/itsmostafa/aws-agent-skills --skill rds
AWS RDS
Amazon Relational Database Service (RDS) provides managed relational databases including MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. RDS handles provisioning, patching, backups, and failover.
Table of Contents
Core Concepts
Common Patterns
CLI Reference
Best Practices
Troubleshooting
References
Core Concepts
DB Instance Classes
Category
Example
Use Case
Standard
db.m6g.large
General purpose
Memory Optimized
db.r6g.large
High memory workloads
Burstable
db.t3.medium
Variable workloads, dev/test
Storage Types
Type
IOPS
Use Case
gp3
3,000-16,000
Most workloads
io1/io2
Up to 256,000
High-performance OLTP
magnetic
N/A
Legacy, avoid
Multi-AZ Deployments
Multi-AZ Instance
Synchronous standby in different AZ
Multi-AZ Cluster
One writer, two reader instances (Aurora-like) Read Replicas Asynchronous copies for read scaling. Can be cross-region. Common Patterns Create a PostgreSQL Instance AWS CLI:

Create DB subnet group

aws rds create-db-subnet-group \ --db-subnet-group-name my-db-subnet-group \ --db-subnet-group-description "Private subnets for RDS" \ --subnet-ids subnet-12345678 subnet-87654321

Create security group (allow PostgreSQL from app)

aws ec2 create-security-group \ --group-name rds-postgres-sg \ --description "RDS PostgreSQL access" \ --vpc-id vpc-12345678 aws ec2 authorize-security-group-ingress \ --group-id sg-rds12345 \ --protocol tcp \ --port 5432 \ --source-group sg-app12345

Create RDS instance

aws rds create-db-instance \ --db-instance-identifier my-postgres \ --db-instance-class db.t3.medium \ --engine postgres \ --engine-version 16.1 \ --master-username admin \ --master-user-password 'SecurePassword123!' \ --allocated-storage 100 \ --storage-type gp3 \ --db-subnet-group-name my-db-subnet-group \ --vpc-security-group-ids sg-rds12345 \ --multi-az \ --backup-retention-period 7 \ --storage-encrypted \ --no-publicly-accessible boto3: import boto3 rds = boto3 . client ( 'rds' ) response = rds . create_db_instance ( DBInstanceIdentifier = 'my-postgres' , DBInstanceClass = 'db.t3.medium' , Engine = 'postgres' , EngineVersion = '16.1' , MasterUsername = 'admin' , MasterUserPassword = 'SecurePassword123!' , AllocatedStorage = 100 , StorageType = 'gp3' , DBSubnetGroupName = 'my-db-subnet-group' , VpcSecurityGroupIds = [ 'sg-rds12345' ] , MultiAZ = True , BackupRetentionPeriod = 7 , StorageEncrypted = True , PubliclyAccessible = False ) Create Read Replica aws rds create-db-instance-read-replica \ --db-instance-identifier my-postgres-replica \ --source-db-instance-identifier my-postgres \ --db-instance-class db.t3.medium \ --availability-zone us-east-1b Take a Snapshot aws rds create-db-snapshot \ --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \ --db-instance-identifier my-postgres Restore from Snapshot aws rds restore-db-instance-from-db-snapshot \ --db-instance-identifier my-postgres-restored \ --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \ --db-instance-class db.t3.medium \ --db-subnet-group-name my-db-subnet-group \ --vpc-security-group-ids sg-rds12345 Point-in-Time Recovery aws rds restore-db-instance-to-point-in-time \ --source-db-instance-identifier my-postgres \ --target-db-instance-identifier my-postgres-pitr \ --restore-time 2024 -01-15T10:30:00Z \ --db-instance-class db.t3.medium Modify Instance

Change instance class (with downtime)

aws rds modify-db-instance \ --db-instance-identifier my-postgres \ --db-instance-class db.m6g.large \ --apply-immediately

Scale storage (no downtime)

aws rds modify-db-instance \ --db-instance-identifier my-postgres \ --allocated-storage 200 \ --apply-immediately Connect with IAM Authentication import boto3 import psycopg2 rds = boto3 . client ( 'rds' )

Generate auth token

token

rds . generate_db_auth_token ( DBHostname = 'my-postgres.abc123.us-east-1.rds.amazonaws.com' , Port = 5432 , DBUsername = 'iam_user' , Region = 'us-east-1' )

Connect

conn

psycopg2 . connect ( host = 'my-postgres.abc123.us-east-1.rds.amazonaws.com' , port = 5432 , database = 'mydb' , user = 'iam_user' , password = token , sslmode = 'require' ) CLI Reference Instance Management Command Description aws rds create-db-instance Create instance aws rds describe-db-instances List instances aws rds modify-db-instance Modify settings aws rds delete-db-instance Delete instance aws rds reboot-db-instance Reboot instance aws rds start-db-instance Start stopped instance aws rds stop-db-instance Stop instance Backups Command Description aws rds create-db-snapshot Manual snapshot aws rds describe-db-snapshots List snapshots aws rds restore-db-instance-from-db-snapshot Restore from snapshot aws rds restore-db-instance-to-point-in-time Point-in-time restore aws rds copy-db-snapshot Copy snapshot Replicas Command Description aws rds create-db-instance-read-replica Create read replica aws rds promote-read-replica Promote to standalone Best Practices Security Never make publicly accessible — use VPC and security groups Enable encryption at rest (KMS) and in transit (SSL) Use IAM authentication for application access Store credentials in Secrets Manager with rotation Use parameter groups to enforce SSL

Enforce SSL in PostgreSQL

aws rds modify-db-parameter-group \ --db-parameter-group-name my-pg-params \ --parameters "ParameterName=rds.force_ssl,ParameterValue=1,ApplyMethod=pending-reboot" Performance Right-size instances — monitor CPU, memory, IOPS Use gp3 for cost-effective performance Enable Performance Insights for query analysis Use read replicas for read scaling Optimize queries — check slow query log High Availability Enable Multi-AZ for production Use Aurora for mission-critical workloads Configure appropriate backup retention Test failover periodically Monitor replication lag for replicas Cost Optimization Use Reserved Instances for steady-state workloads Stop dev/test instances when not in use Delete old snapshots regularly Right-size instance classes Troubleshooting Cannot Connect Causes: Security group not allowing access Instance not in VPC subnet SSL required but not used Wrong endpoint/port Debug:

Check security group

aws ec2 describe-security-groups --group-ids sg-rds12345

Check instance status

aws rds describe-db-instances \ --db-instance-identifier my-postgres \ --query "DBInstances[0].{Status:DBInstanceStatus,Endpoint:Endpoint}"

Test connectivity from EC2

nc -zv my-postgres.abc123.us-east-1.rds.amazonaws.com 5432 High CPU/Memory Debug:

Enable Enhanced Monitoring

aws rds modify-db-instance \ --db-instance-identifier my-postgres \ --monitoring-interval 60 \ --monitoring-role-arn arn:aws:iam::123456789012:role/rds-monitoring-role

Enable Performance Insights

aws rds modify-db-instance \ --db-instance-identifier my-postgres \ --enable-performance-insights \ --performance-insights-retention-period 7 Solutions: Scale up instance class Optimize slow queries Add read replicas Check for locking/blocking Storage Full Symptom: Instance becomes unavailable Prevention:

Enable storage autoscaling

aws rds modify-db-instance \ --db-instance-identifier my-postgres \ --max-allocated-storage 500

Set CloudWatch alarm

aws cloudwatch put-metric-alarm \ --alarm-name "RDS-Storage-Low" \ --metric-name FreeStorageSpace \ --namespace AWS/RDS \ --dimensions Name = DBInstanceIdentifier,Value = my-postgres \ --statistic Average \ --period 300 \ --threshold 10000000000 \ --comparison-operator LessThanThreshold \ --evaluation-periods 2 \ --alarm-actions arn:aws:sns:us-east-1:123456789012:alerts Replication Lag Monitor: aws cloudwatch get-metric-statistics \ --namespace AWS/RDS \ --metric-name ReplicaLag \ --dimensions Name = DBInstanceIdentifier,Value = my-postgres-replica \ --start-time $( date -d '1 hour ago' -u +%Y-%m-%dT%H:%M:%SZ ) \ --end-time $( date -u +%Y-%m-%dT%H:%M:%SZ ) \ --period 60 \ --statistics Average Causes: Replica instance too small Heavy write load Network issues Long-running queries on replica References RDS User Guide RDS API Reference RDS CLI Reference boto3 RDS

返回排行榜