AWS CSA
  • Introduction
  • 1. AWS Overview
    • 1.1 AWS global Infrastructure
    • 1.2 Networking and Content Delivery
    • 1.3 Computing
    • 1.4 Storage
    • 1.5 Databases
    • 1.6 Migration Services
    • 1.7 Analytics
    • 1.8 Security and Identity
    • 1.9 Management Tools
    • 1.10 Application Services
    • 1.11 Developer Tools
    • 1.12 Mobile Services
    • 1.13 Desktop and App Streaming
    • 1.14 Artificial Intelligence
    • 1.15 Messaging
  • 2. IAM - Identity Access Management
    • 2.1 IAM Introduction
    • 2.2 IAM Labs
    • 2.3 Create a billing alart
    • 2.4 IAM Conclusion
  • 3. S3 - Simple Storage Service
    • 3.1 S3 Introduction
    • 3.2 S3 Labs
    • 3.3 Version Control Labs
    • 3.4 Cross Region Replication
    • 3.5 Life Cycle Management
    • 3.6 CloudFront
    • 3.7 CloudFront Labs
    • 3.8 S3 Security and Encryption
    • 3.9 Storage Gateway
    • 3.10 Snowball
    • 3.11 Snowball Labs
    • 3.12 S3 Transfer Acceleration
    • 3.13 Create a static web page using S3
    • 3.14 Storage Summary
  • 4. EC2 - Elastic Compute Cloud
    • 4.1 EC2 Introduction I
    • 4.2 EC2 Introduction II
    • 4.3 EC2 Lab 1
    • 4.4 EC2 Lab 2
    • 4.5 Security Groups Lab
    • 4.6 Upgrade EBS Volume Types - Lab1
    • 4.7 Upgrade EBS Volume Types - Lab2
    • 4.8 RAID, Volumes & Snapshots
    • 4.9 Create An AMI - Lab
    • 4.10 AMI's EBS Root Volumes vs. Instance Store
    • 4.11 Elastic Load Balancer & Health Check - Lab
    • 4.12 CloudWatch EC2 - Lab
    • 4.13 The AWS Command Line & EC2
    • 4.14 Using IAM Roles with EC2
    • 4.15 S3 CLI & Regions
    • 4.16 Using Bootstrap Scripts
    • 4.17 EC2 Instance Metadata
    • 4.18 Launch Configurations & Auto Scaling Groups
    • 4.19 EC2 Placement Groups - Exam Must Know
    • 4.20 Elastic File System (EFS) Lab
    • 4.21 Lambda Concepts
    • 4.22 Build A Serverless Webpage Using API Gateway & Lambda
    • 4.23 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.24 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.25 EC2 - Summary & Exam Tips
  • 5. Route53
    • 5.1 DNS 101
    • 5.2 Route53 - Register A Domain Name - Lab
    • 5.3 Setup Our EC2 Instances - Lab
    • 5.4 Routing Policies - Lab
  • 6. Databases on AWS
    • 6.1 Databases 101
    • 6.2 Launching an RDS Instance - Lab
    • 6.3 RDS - Backups, Multi-AZ & Read Replicas
    • 6.4 DynamoDB
    • 6.5 Redshift
    • 6.6 ElastiCache
    • 6.7 Aurora
    • 6.8 Database Summary
  • 7. VPC
    • 7.1 VPC Overview
    • 7.2 VPC Lab - Part 1
    • 7.3 VPC Lab - Part 2
    • 7.4 NAT Instances & NAT Gateways
    • 7.5 Network Access Control Lists vs. Security Groups
    • 7.6 Load Balancers & Custom VPCs
    • 7.7 VPC Flow Logs
    • 7.8 NATs vs. Bastions
    • 7.9 VPC End Points
    • 7.10 VPC Clean Up
    • 7.11 VPC Summary
  • 8. Application Services
    • 8.1 SQS - Simple Queue Service
    • 8.2 SWF - Simple Workflow Service
    • 8.3 SNS - Simple Notification Service
    • 8.4 Elastic Transcoder
    • 8.5 API Gateway
    • 8.6 Kinesis 101
    • 8.7 Kinesis Streams Lab
    • 8.8 Application Services Summary
  • 9. White Paper Reviews
    • 9.1 Overview of AWS
    • 9.2 Overview of Security Processes - Part 1
    • 9.3 Overview of Security Processes - Part 2
    • 9.4 Risk & Compliance Whitepaper
    • 9.5 Storage Options in the Cloud Whitepaper
    • 9.6 Architecting For The Cloud Best Practices Whitepaper
  • 10. Well Architected Framework
    • 10.1 Introduction of Well Architected Framework
    • 10.2 Pillar One - Security
    • 10.3 Pillar Two - Reliability
    • 10.4 Pillar Three - Performance
    • 10.5 Pillar Four - Cost Optimization
    • 10.6 Pillar Five - Operational Excellence
    • 10.7 Well Architected Framework - Summary
  • 11. Additional Exam Tips
    • 11.1 Exam Tips Based On Student Feedback
    • 11.2 Consolidated Billing
    • 11.3 AWS Organizations - Lab
    • 11.4 Cross Accounts Access
    • 11.5 Resource Groups & Tagging
    • 11.6 VPC Peering & ClassicLink
    • 11.7 Direct Connect
    • 11.8 Security Token Service
    • 11.9 Active Directory Integration
    • 11.10 Workspaces
    • 11.11 ECS - Part 1 - What is Docker
    • 11.12 ECS - Part 2 - What is ECS
    • 11.13 CloudFormation - A Brief Introduction
    • 11.14 Step Functions - A Brief Introduction
  • 12. Practice Tests Questions Summary
    • 12.1 Whizlabs - Free Test
    • 12.2 Whizlabs - Diagnosis Test
    • 12.3 Whizlabs - Practice Test I
    • 12.4 Whizlabs - Practice Test II
    • 12.5 Whizlabs - Practice Test III
    • 12.6 Whizlabs - Practice Test IV
    • 12.7 Whizlabs - Practice Test V
    • 12.8 Whizlabs - Practice Test VI
    • 12.9 Whizlabs - Practice Test VII
    • 12.10 Whizlabs - Section Tests - Part 1
    • 12.11 Whizlabs - Section Tests - Part 2
    • 12.12 Udemy - Final Quiz
  • 13. The Real World - Creating a fault tolerant Word Press Site
    • 13.1 Getting Setup
Powered by GitBook
On this page
  • Steps:
  • Monitoring for RDS

Was this helpful?

  1. 6. Databases on AWS

6.2 Launching an RDS Instance - Lab

Go to RDS. Click get started now.

Steps:

  • Select MySQL, and select Dev/Test one. Click Next.

  • In the Instance Specification, you can choose a DB Instance Class to be t2-micro, and don't choose Multi-AZ deployment. Leave everything else as default.

  • In the Settings, give the DB instance a identifier, username and password.

  • Use default VPC and subnet group, and make it not publicly accessible. For VPC security group, select Create new Security Group.

  • Leave everything else as default, and Launch DB instance.

  • Select the created DB instance, and go to find the security group of it, and then click it, you will get to the security group console, so that you can configure the security group of this DB instance.

  • You should allow the traffic in (source) from MyWebDMZ, on port 3306. You may get a scenario question where you create an instance that is not publicly accessible, but for some reason you can access it. In this case, the very first thing you should do is opening up your security group to the security group that your web service exists in. That is what we do here, we are opening up the security group to port 3306 which is MySQL port, and we are allowing any web server that sits in the web server security group (MyWebDMZ) to be able to communicate to MySQL instances in this security group.

  • Go to launch an EC2 instance. Copy the script (on Udemy) and paste it to the Advanced Details -> User data (as text), which will install Apache httpd server and PHP and PHP MySQL, and create a index.php webpage, and finally wget a connect.php file from a S3 bucket location. And then leave everything else as default. In the security group configuration step, you need to add this instance into the MyWebDMZ security group, so that this instance can communicate with DB instance (because the source of the security group of your DB instance is MyWebDMZ). Launch the instance.

  • When your EC2 instance and DB instance are alive, you can use IP address of EC2 instance to visit the web server, and then SSH into this EC2 instance.

  • In MAC laptop, you can use "ssh ec2-user@[ip-address] -i [ec2-key-pair-name].pem" to SSH into the EC2 instance.

  • Then switch to root user. Go to /var/www/html directory. Type ls. You can see there are two files, connect.php and index.php.

  • Use "nano connect.php" to go into this file, and change the $hostname to be the End Point of your DB instance (you can find it in the DB instance console). Hit ctrl+x to save it and exit.

  • Now, you can visit "[IP-address-of-EC2-instance]/connect.php" in the browser, it will tell you the MySQL DB instance is connected. Although we set the DB instance is not publicly accessible when we launched it, we connected it through the security group.

  • Go to VPC Dashboard and go to Security Group, select the rds-launch-wizard security group, and select its inbound rules. You can delete this inbound rule and click save and then see what happens. You will find that we cannot visit "[IP-address-of-EC2-instance]/connect.php" anymore, because we are untrusted the MyWebDMZ security group.

  • This is a common exam question. When you cannot connect to your RDS instance, what could be the cause. They should always check that you are allowing in port 3306 in your RDS security group and you actually trusting the MyWebDMZ security group.

  • The key thing to take away from this lecture is that you have two separate security groups, one for EC2 instance, one for RDS instance, and then allowing the RDS port 3306 through your RDS instance from your web service (e.g. EC2 instance) security groups.

  • When you finish this lab, you can delete the RDS instance and the EC2 instance.

Monitoring for RDS

In the basic monitoring package for RDS, CloudWatch provides (mainly below, but have more):

  • Database visible metrics such as number of connections

  • CPU Utilization

  • Disk IOPS metrics

  • Database memory usage

  • Storage space availability

  • Replica lagging time

  • Read/Write latency

  • Read/Write throughput

  • Network IO throughput

Previous6.1 Databases 101Next6.3 RDS - Backups, Multi-AZ & Read Replicas

Last updated 5 years ago

Was this helpful?