In the Monitoring tab, review key performance metrics, including Read IOPS, Write IOPS, Disk queue depth, and Free storage space. These metrics help monitor database health and performance.
Check if Enhanced Monitoring and Performance Insights are enabled for detailed operational insights.
Backup and Retention:
Go to the Configuration tab and review the Backup section to see the Backup retention period and Automatic backups status. Regular backups are crucial for operational excellence, ensuring you can restore data if necessary.
Database Parameters:
In the Parameter Groups section under the selected Aurora cluster, examine the database's parameter group for settings related to operational performance, such as query cache size and connection limits.
In the Connectivity & security section, review the VPC and Subnet group details. Ensure that the Aurora instances are deployed within a secure VPC with private subnets for enhanced security.
Check the Security groups associated with the Aurora instances to verify that they restrict access to only necessary IP addresses or other AWS resources.
Encryption:
In the Configuration tab, look for Encryption settings to confirm that Storage encryption is enabled for the Aurora cluster. Encryption helps protect data at rest.
IAM Authentication:
Under Database options in the Configuration tab, check if IAM DB authentication is enabled. This allows for granular access control using IAM roles.
Audit Logs:
In the Logs & events section, check if logging (e.g., General, Slow query, Error logs) is enabled for auditing and monitoring access to the database.
In the Configuration tab, confirm that Multi-AZ deployment is enabled. Multi-AZ provides automatic failover support, enhancing database availability and reliability.
Read Replicas:
Under the Instances section, review if there are Reader instances configured for the cluster. Reader instances offload read traffic from the primary instance, improving reliability and performance.
Automatic Backups and Snapshots:
Check the Backups section to verify the backup retention policy and the availability of Automated snapshots. Automatic backups ensure you can recover from data loss or corruption, contributing to database reliability.
In the Configuration tab, review the DB instance class and Storage type. Ensure that the selected instance class and storage meet your application needs without over-provisioning, which can help optimize costs.
Monitoring Free Storage:
Under the Monitoring tab, keep an eye on Free storage space. Allocating too much storage can lead to unnecessary costs; using Aurora’s auto-scaling storage can help optimize expenses.
Read Replicas and Load Balancing:
Review the use of Read replicas under the Instances section. Using read replicas to offload read traffic can reduce the load on the primary instance, potentially allowing you to use a smaller (and cheaper) instance class.
In the Configuration tab, review the DB instance class (e.g., db.r5.large). Ensure that the instance class is optimized for your workload in terms of CPU, memory, and network performance.
Monitoring Metrics:
Under the Monitoring tab, inspect key metrics such as CPU utilization, DB connections, and Read/Write IOPS to identify performance bottlenecks and optimize the database's configuration.
Database Parameters:
Review the Parameter Group to ensure settings like cache size, connection pool, and I/O optimizations are configured correctly for performance.
Scaling:
Amazon Aurora provides automatic storage scaling. In the Configuration tab, verify that the Storage auto-scaling feature is enabled to handle growth without manual intervention.
Log in to the AWS Management Console of securitytooling account.
AWS Config:
If AWS Config is enabled, use it to review compliance with your organization’s best practices related to RDS instances, such as enforcing encryption and enabling multi-AZ deployments.
Security Hub:
If AWS Security Hub is available, use it to identify security-related findings for your Aurora instances, such as public access or weak password policies.