In the RDS Dashboard, click on Databases in the left-hand menu to see a list of all RDS instances in your account.
Select a specific database instance to explore its configuration details, including Connectivity & security, Monitoring, Logs, Maintenance & backups, and Performance Insights.
Database Details:
The database details page provides information about Engine, DB instance class, Storage, VPC, Security groups, Backup, and Monitoring settings.
3. Exploring the AWS Well-Architected Framework Pillars
Under the Monitoring tab for a selected database, review key metrics such as CPU utilization, Freeable memory, Disk space, Read/Write IOPS, and Database connections. Regularly monitoring these metrics ensures that the database is operating efficiently.
Logs and Events:
In the Logs & events tab, check if logging is enabled for the database (e.g., error logs, slow query logs). Reviewing logs helps identify operational issues and supports ongoing performance tuning.
Maintenance:
In the Maintenance & backups tab, review the Maintenance window configuration. A properly scheduled maintenance window allows for routine updates, patches, and backups to be applied with minimal disruption to operations.
Automated Backups:
Still, in the Maintenance & backups tab, ensure that Automated backups are enabled. Automated backups provide a way to restore databases to a point in time, supporting operational resilience.
In the Configuration section, check whether Encryption is enabled for the database. Encryption at rest (using AWS KMS) protects stored data, and Encryption in transit (using SSL/TLS) ensures secure connections between applications and the database.
Access Control:
Navigate to the Connectivity & security tab to review the VPC, Subnet groups, and Security groups settings. Ensure that the database is placed in a private subnet and that security group rules restrict access to only necessary IP addresses and ports.
IAM Database Authentication:
In the Configuration section, check if IAM database authentication is enabled. This allows you to use IAM roles and policies to manage access to the database, providing centralized and auditable access control.
Parameter Groups:
In the left-hand menu, go to Parameter groups to review the parameter settings for the database. Ensure that security-related parameters, such as log_connections and log_disconnections, are configured to enhance database security.
Audit Logs:
Review the Logs & events section to ensure that Audit logs (e.g., database logs, query logs) are enabled. Capturing audit logs helps monitor access and changes to the database for security compliance.
In the Configuration section, check if the database is configured for Multi-AZ deployment. Multi-AZ deployments provide automatic failover to a standby instance in another Availability Zone, enhancing the database's availability and reliability.
Backups and Snapshots:
Under the Maintenance & backups tab, review the Automated backup and Snapshot settings. Regular backups ensure that data can be restored to a specific point in time, which is critical for maintaining data reliability.
Read Replicas:
In the Configuration section, check if Read replicas are configured for the database. Read replicas provide additional availability for read-heavy workloads and can be used to offload read traffic from the primary database.
Monitoring Alarms:
Verify if Amazon CloudWatch Alarms are set up for key metrics such as CPU Utilization, Free Storage Space, and Database Connections. Alarms provide real-time notifications, helping you take corrective action promptly to maintain reliability.
Under the Configuration section, review the DB instance class. Choose an instance type that matches your workload's performance requirements without over-provisioning resources, reducing unnecessary costs.
Storage Type:
Check the Storage section to identify the storage type (e.g., General Purpose SSD (gp2), Provisioned IOPS). Choose the storage option that aligns with your performance and cost needs. For example, use General Purpose SSD for standard workloads and Provisioned IOPS for high I/O-intensive applications.
Reserved Instances:
In the Database details, review if the database is running on a Reserved Instance. Using Reserved Instances can provide significant cost savings for long-term, predictable workloads compared to On-Demand pricing.
Storage Auto-Scaling:
Under Storage, verify if Storage auto-scaling is enabled. This feature allows the database to automatically scale storage in response to increased demands, optimizing storage costs by provisioning resources only when needed.
Go to the Performance insights tab to analyze the database's performance over time. Identify high-load SQL queries and optimize them to improve overall database performance.
Read Replicas:
In the Configuration section, check for Read replicas. Read replicas offload read-heavy traffic from the primary instance, improving performance efficiency by distributing the load.
Parameter Tuning:
Navigate to Parameter groups in the left-hand menu to review database parameters (e.g., max_connections, cache size). Properly tuning these parameters can enhance database performance based on your application's needs.
Enhanced Monitoring:
In the Monitoring section, review if Enhanced monitoring is enabled. Enhanced monitoring provides more granular metrics (e.g., RDS process list) at 1-second intervals, giving deeper insights into database performance.
Use CloudWatch to set up alarms and dashboards for critical metrics. Monitoring with CloudWatch helps ensure that you can quickly identify and address performance, security, or reliability issues.
Log in to the AWS Management Console of securitytooling account.
AWS Config and Security Hub:
If AWS Config and Security Hub are enabled, review compliance findings related to RDS to ensure that your database instances adhere to security best practices (e.g., encryption, restricted access).