AWS RDS

Amazon Relational Database Service (RDS) provides managed relational databases including MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. RDS handles provisioning, patching, backups, and failover.

Amazon Relational Database Service（RDS）提供托管型关系数据库，包括MySQL、PostgreSQL、MariaDB、Oracle、SQL Server和Aurora。RDS负责数据库部署、补丁更新、备份以及故障转移等工作。

Core Concepts

核心概念

DB Instance Classes

DB实例类型

Category	Example	Use Case
Standard	db.m6g.large	General purpose
Memory Optimized	db.r6g.large	High memory workloads
Burstable	db.t3.medium	Variable workloads, dev/test

类别	示例	使用场景
标准型	db.m6g.large	通用场景
内存优化型	db.r6g.large	高内存负载场景
突发性能型	db.t3.medium	可变负载、开发/测试场景

Storage Types

存储类型

Type	IOPS	Use Case
gp3	3,000-16,000	Most workloads
io1/io2	Up to 256,000	High-performance OLTP
magnetic	N/A	Legacy, avoid

类型	IOPS	使用场景
gp3	3,000-16,000	大多数负载场景
io1/io2	最高256,000	高性能OLTP场景
磁存储	N/A	遗留场景，不推荐使用

Multi-AZ Deployments

多可用区部署

Multi-AZ Instance: Synchronous standby in different AZ
Multi-AZ Cluster: One writer, two reader instances (Aurora-like)

多可用区实例：在不同可用区部署同步备用实例
多可用区集群：一个主实例，两个只读实例（类似Aurora架构）

Read Replicas

只读副本

Asynchronous copies for read scaling. Can be cross-region.

异步复制的只读实例，用于读扩展，支持跨区域部署。

Common Patterns

常见模式

Create a PostgreSQL Instance

创建PostgreSQL实例

AWS CLI:

bash

undefined

AWS CLI：

bash

undefined

Create DB subnet group

创建DB子网组

aws rds create-db-subnet-group
--db-subnet-group-name my-db-subnet-group
--db-subnet-group-description "Private subnets for RDS"
--subnet-ids subnet-12345678 subnet-87654321

Create security group (allow PostgreSQL from app)

创建安全组（允许应用访问PostgreSQL）

aws ec2 create-security-group
--group-name rds-postgres-sg
--description "RDS PostgreSQL access"
--vpc-id vpc-12345678

aws ec2 authorize-security-group-ingress
--group-id sg-rds12345
--protocol tcp
--port 5432
--source-group sg-app12345

aws ec2 create-security-group
--group-name rds-postgres-sg
--description "RDS PostgreSQL access"
--vpc-id vpc-12345678

aws ec2 authorize-security-group-ingress
--group-id sg-rds12345
--protocol tcp
--port 5432
--source-group sg-app12345

Create RDS instance

创建RDS实例

aws rds create-db-instance
--db-instance-identifier my-postgres
--db-instance-class db.t3.medium
--engine postgres
--engine-version 16.1
--master-username admin
--master-user-password 'SecurePassword123!'
--allocated-storage 100
--storage-type gp3
--db-subnet-group-name my-db-subnet-group
--vpc-security-group-ids sg-rds12345
--multi-az
--backup-retention-period 7
--storage-encrypted
--no-publicly-accessible


**boto3:**

```python
import boto3

rds = boto3.client('rds')

response = rds.create_db_instance(
    DBInstanceIdentifier='my-postgres',
    DBInstanceClass='db.t3.medium',
    Engine='postgres',
    EngineVersion='16.1',
    MasterUsername='admin',
    MasterUserPassword='SecurePassword123!',
    AllocatedStorage=100,
    StorageType='gp3',
    DBSubnetGroupName='my-db-subnet-group',
    VpcSecurityGroupIds=['sg-rds12345'],
    MultiAZ=True,
    BackupRetentionPeriod=7,
    StorageEncrypted=True,
    PubliclyAccessible=False
)

aws rds create-db-instance
--db-instance-identifier my-postgres
--db-instance-class db.t3.medium
--engine postgres
--engine-version 16.1
--master-username admin
--master-user-password 'SecurePassword123!'
--allocated-storage 100
--storage-type gp3
--db-subnet-group-name my-db-subnet-group
--vpc-security-group-ids sg-rds12345
--multi-az
--backup-retention-period 7
--storage-encrypted
--no-publicly-accessible


**boto3：**

```python
import boto3

rds = boto3.client('rds')

response = rds.create_db_instance(
    DBInstanceIdentifier='my-postgres',
    DBInstanceClass='db.t3.medium',
    Engine='postgres',
    EngineVersion='16.1',
    MasterUsername='admin',
    MasterUserPassword='SecurePassword123!',
    AllocatedStorage=100,
    StorageType='gp3',
    DBSubnetGroupName='my-db-subnet-group',
    VpcSecurityGroupIds=['sg-rds12345'],
    MultiAZ=True,
    BackupRetentionPeriod=7,
    StorageEncrypted=True,
    PubliclyAccessible=False
)

Create Read Replica

创建只读副本

bash

aws rds create-db-instance-read-replica \
  --db-instance-identifier my-postgres-replica \
  --source-db-instance-identifier my-postgres \
  --db-instance-class db.t3.medium \
  --availability-zone us-east-1b

bash

aws rds create-db-instance-read-replica \
  --db-instance-identifier my-postgres-replica \
  --source-db-instance-identifier my-postgres \
  --db-instance-class db.t3.medium \
  --availability-zone us-east-1b

Take a Snapshot

创建快照

bash

aws rds create-db-snapshot \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-identifier my-postgres

bash

aws rds create-db-snapshot \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-identifier my-postgres

Restore from Snapshot

从快照恢复

bash

aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier my-postgres-restored \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-class db.t3.medium \
  --db-subnet-group-name my-db-subnet-group \
  --vpc-security-group-ids sg-rds12345

bash

aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier my-postgres-restored \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-class db.t3.medium \
  --db-subnet-group-name my-db-subnet-group \
  --vpc-security-group-ids sg-rds12345

Point-in-Time Recovery

时间点恢复

bash

aws rds restore-db-instance-to-point-in-time \
  --source-db-instance-identifier my-postgres \
  --target-db-instance-identifier my-postgres-pitr \
  --restore-time 2024-01-15T10:30:00Z \
  --db-instance-class db.t3.medium

bash

aws rds restore-db-instance-to-point-in-time \
  --source-db-instance-identifier my-postgres \
  --target-db-instance-identifier my-postgres-pitr \
  --restore-time 2024-01-15T10:30:00Z \
  --db-instance-class db.t3.medium

Modify Instance

修改实例配置

bash

undefined

bash

undefined

Change instance class (with downtime)

修改实例类型（会停机）

aws rds modify-db-instance
--db-instance-identifier my-postgres
--db-instance-class db.m6g.large
--apply-immediately

Scale storage (no downtime)

扩容存储（无停机）

aws rds modify-db-instance
--db-instance-identifier my-postgres
--allocated-storage 200
--apply-immediately

undefined

aws rds modify-db-instance
--db-instance-identifier my-postgres
--allocated-storage 200
--apply-immediately

undefined

Connect with IAM Authentication

使用IAM认证连接

python

import boto3
import psycopg2

rds = boto3.client('rds')

python

import boto3
import psycopg2

rds = boto3.client('rds')

Generate auth token

生成认证令牌

token = rds.generate_db_auth_token( DBHostname='my-postgres.abc123.us-east-1.rds.amazonaws.com', Port=5432, DBUsername='iam_user', Region='us-east-1' )

Connect

建立连接

conn = psycopg2.connect( host='my-postgres.abc123.us-east-1.rds.amazonaws.com', port=5432, database='mydb', user='iam_user', password=token, sslmode='require' )

undefined

conn = psycopg2.connect( host='my-postgres.abc123.us-east-1.rds.amazonaws.com', port=5432, database='mydb', user='iam_user', password=token, sslmode='require' )

undefined

CLI Reference

CLI参考

Instance Management

实例管理

Command	Description
`aws rds create-db-instance`	Create instance
`aws rds describe-db-instances`	List instances
`aws rds modify-db-instance`	Modify settings
`aws rds delete-db-instance`	Delete instance
`aws rds reboot-db-instance`	Reboot instance
`aws rds start-db-instance`	Start stopped instance
`aws rds stop-db-instance`	Stop instance

命令	描述
`aws rds create-db-instance`	创建实例
`aws rds describe-db-instances`	列出实例
`aws rds modify-db-instance`	修改配置
`aws rds delete-db-instance`	删除实例
`aws rds reboot-db-instance`	重启实例
`aws rds start-db-instance`	启动已停止的实例
`aws rds stop-db-instance`	停止实例

Backups

备份管理

Command	Description
`aws rds create-db-snapshot`	Manual snapshot
`aws rds describe-db-snapshots`	List snapshots
`aws rds restore-db-instance-from-db-snapshot`	Restore from snapshot
`aws rds restore-db-instance-to-point-in-time`	Point-in-time restore
`aws rds copy-db-snapshot`	Copy snapshot

命令	描述
`aws rds create-db-snapshot`	创建手动快照
`aws rds describe-db-snapshots`	列出快照
`aws rds restore-db-instance-from-db-snapshot`	从快照恢复
`aws rds restore-db-instance-to-point-in-time`	时间点恢复
`aws rds copy-db-snapshot`	复制快照

Replicas

副本管理

Command	Description
`aws rds create-db-instance-read-replica`	Create read replica
`aws rds promote-read-replica`	Promote to standalone

命令	描述
`aws rds create-db-instance-read-replica`	创建只读副本
`aws rds promote-read-replica`	将副本升级为独立实例

Best Practices

最佳实践

Security

安全

Never make publicly accessible — use VPC and security groups
Enable encryption at rest (KMS) and in transit (SSL)
Use IAM authentication for application access
Store credentials in Secrets Manager with rotation
Use parameter groups to enforce SSL

bash

undefined

切勿设置为公开可访问 — 使用VPC和安全组
启用加密：静态数据加密（KMS）和传输加密（SSL）
使用IAM认证进行应用访问
将凭据存储在Secrets Manager中并启用自动轮转
使用参数组强制启用SSL

bash

undefined

Enforce SSL in PostgreSQL

在PostgreSQL中强制启用SSL

aws rds modify-db-parameter-group
--db-parameter-group-name my-pg-params
--parameters "ParameterName=rds.force_ssl,ParameterValue=1,ApplyMethod=pending-reboot"

undefined

aws rds modify-db-parameter-group
--db-parameter-group-name my-pg-params
--parameters "ParameterName=rds.force_ssl,ParameterValue=1,ApplyMethod=pending-reboot"

undefined

Performance

性能

Right-size instances — monitor CPU, memory, IOPS
Use gp3 for cost-effective performance
Enable Performance Insights for query analysis
Use read replicas for read scaling
Optimize queries — check slow query log

合理选择实例规格 — 监控CPU、内存、IOPS
使用gp3存储以获得高性价比的性能
启用Performance Insights进行查询分析
使用只读副本实现读扩展
优化查询语句 — 检查慢查询日志

High Availability

高可用性

Enable Multi-AZ for production
Use Aurora for mission-critical workloads
Configure appropriate backup retention
Test failover periodically
Monitor replication lag for replicas

生产环境启用多可用区部署
关键业务负载使用Aurora
配置合适的备份保留周期
定期测试故障转移
监控副本的复制延迟

Cost Optimization

成本优化

Use Reserved Instances for steady-state workloads
Stop dev/test instances when not in use
Delete old snapshots regularly
Right-size instance classes

稳定负载使用预留实例
非工作时间停止开发/测试实例
定期删除旧快照
合理调整实例规格

Troubleshooting

故障排查

Cannot Connect

无法连接

Causes:

Security group not allowing access
Instance not in VPC subnet
SSL required but not used
Wrong endpoint/port

Debug:

bash

undefined

可能原因：

安全组未允许访问
实例不在VPC子网中
要求SSL但未使用
端点/端口错误

调试步骤：

bash

undefined

Check security group

检查安全组配置

aws ec2 describe-security-groups --group-ids sg-rds12345

Check instance status

检查实例状态

aws rds describe-db-instances
--db-instance-identifier my-postgres
--query "DBInstances[0].{Status:DBInstanceStatus,Endpoint:Endpoint}"

Test connectivity from EC2

从EC2测试连通性

nc -zv my-postgres.abc123.us-east-1.rds.amazonaws.com 5432

undefined

nc -zv my-postgres.abc123.us-east-1.rds.amazonaws.com 5432

undefined

High CPU/Memory

CPU/内存使用率过高

Debug:

bash

undefined

调试步骤：

bash

undefined

Enable Enhanced Monitoring

启用增强监控

aws rds modify-db-instance
--db-instance-identifier my-postgres
--monitoring-interval 60
--monitoring-role-arn arn:aws:iam::123456789012:role/rds-monitoring-role

Enable Performance Insights

启用Performance Insights

aws rds modify-db-instance
--db-instance-identifier my-postgres
--enable-performance-insights
--performance-insights-retention-period 7


**Solutions:**
- Scale up instance class
- Optimize slow queries
- Add read replicas
- Check for locking/blocking

aws rds modify-db-instance
--db-instance-identifier my-postgres
--enable-performance-insights
--performance-insights-retention-period 7


**解决方案：**
- 升级实例规格
- 优化慢查询
- 添加只读副本
- 检查锁/阻塞情况

Storage Full

存储已满

Symptom: Instance becomes unavailable

Prevention:

bash

undefined

**症状：**实例不可用

预防措施：

bash

undefined

Enable storage autoscaling

启用存储自动扩容

aws rds modify-db-instance
--db-instance-identifier my-postgres
--max-allocated-storage 500

Set CloudWatch alarm

设置CloudWatch告警

aws cloudwatch put-metric-alarm
--alarm-name "RDS-Storage-Low"
--metric-name FreeStorageSpace
--namespace AWS/RDS
--dimensions Name=DBInstanceIdentifier,Value=my-postgres
--statistic Average
--period 300
--threshold 10000000000
--comparison-operator LessThanThreshold
--evaluation-periods 2
--alarm-actions arn:aws:sns:us-east-1:123456789012:alerts

undefined

aws cloudwatch put-metric-alarm
--alarm-name "RDS-Storage-Low"
--metric-name FreeStorageSpace
--namespace AWS/RDS
--dimensions Name=DBInstanceIdentifier,Value=my-postgres
--statistic Average
--period 300
--threshold 10000000000
--comparison-operator LessThanThreshold
--evaluation-periods 2
--alarm-actions arn:aws:sns:us-east-1:123456789012:alerts

undefined

Replication Lag

复制延迟

Monitor:

bash

aws cloudwatch get-metric-statistics \
  --namespace AWS/RDS \
  --metric-name ReplicaLag \
  --dimensions Name=DBInstanceIdentifier,Value=my-postgres-replica \
  --start-time $(date -d '1 hour ago' -u +%Y-%m-%dT%H:%M:%SZ) \
  --end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
  --period 60 \
  --statistics Average

Causes:

Replica instance too small
Heavy write load
Network issues
Long-running queries on replica

监控命令：

bash

aws cloudwatch get-metric-statistics \
  --namespace AWS/RDS \
  --metric-name ReplicaLag \
  --dimensions Name=DBInstanceIdentifier,Value=my-postgres-replica \
  --start-time $(date -d '1 hour ago' -u +%Y-%m-%dT%H:%M:%SZ) \
  --end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
  --period 60 \
  --statistics Average

可能原因：

副本实例规格过小
主实例写入负载过高
网络问题
副本上存在长时运行的查询

rds

Original

Translation

AWS RDS

AWS RDS

Table of Contents

目录

Core Concepts

核心概念

DB Instance Classes

DB实例类型

Storage Types

存储类型

Multi-AZ Deployments

多可用区部署

Read Replicas

只读副本

Common Patterns

常见模式

Create a PostgreSQL Instance

创建PostgreSQL实例

Create DB subnet group

创建DB子网组

Create security group (allow PostgreSQL from app)

创建安全组（允许应用访问PostgreSQL）

Create RDS instance

创建RDS实例

Create Read Replica

创建只读副本

Take a Snapshot

创建快照

Restore from Snapshot

从快照恢复

Point-in-Time Recovery

时间点恢复

Modify Instance

修改实例配置

Change instance class (with downtime)

修改实例类型（会停机）

Scale storage (no downtime)

扩容存储（无停机）

Connect with IAM Authentication

使用IAM认证连接

Generate auth token

生成认证令牌

Connect

建立连接

CLI Reference

CLI参考

Instance Management

实例管理

Backups

备份管理

Replicas

副本管理

Best Practices

最佳实践

Security

安全

Enforce SSL in PostgreSQL

在PostgreSQL中强制启用SSL

Performance

性能

High Availability

高可用性

Cost Optimization

成本优化

Troubleshooting

故障排查

Cannot Connect

无法连接

Check security group

检查安全组配置

Check instance status

检查实例状态

Test connectivity from EC2

从EC2测试连通性

High CPU/Memory

CPU/内存使用率过高

Enable Enhanced Monitoring