Database Flashcards

Question

A law firm has recently moved an on-premises multi-tier web application to AWS. Currently, the web application is based on a containerized solution and is running inside Linux based EC2 instances which connect to a PostgreSQLdatabase hosted on separate but dedicated EC2 instances. The company wishes to optimize operational efficiency and performance. **Which combination of actions should the solutions architect take?** (Select TWO.) 1. Migrate the PostgreSQL database to Amazon Aurora. 2. Migrate the web application to the same Amazon EC2 instances as the database. 3. Set up an Amazon CloudFront distribution for the web application content. 4. Set up Amazon ElastiCache between the web application and the PostgreSQL database. 5. Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Answer 1

**1.** Migrate the PostgreSQL database to Amazon Aurora. **5.** Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS). ## Footnote Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with MySQL and PostgreSQL. You already know how MySQL and PostgreSQL combine the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. The code, tools, and applications you use today with your existing MySQL and PostgreSQL databases can be used with Aurora. With some workloads, Aurora can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. Amazon ECS is a fully managed container orchestration service that makes it easy for you to deploy, manage, and scale containerized applications. This is a better hosting solution for a containerized solution rather than managing the underlying container platform yourself. In the case of Fargate, the solution is serverless, so it massively reduces operational overhead. * This might reduce cost but doesn’t offer any other advantages. * CloudFront helps with caching content globally for better performance but does not help reduce the operational overhead or performance of this solution. * Caching will only help when you have hot data segments and does not reduce the operational overhead of this solution. **References:** * [What is Amazon Aurora?](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) * [Checking Aurora MySQL version numbers](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.Versions.html#AuroraMySQL.Updates.UpgradePaths) Save time with our AWS cheat sheets: * [Amazon Aurora](https://digitalcloud.training/amazon-aurora/) * [Amazon ECS and EKS](https://digitalcloud.training/amazon-ecs-and-eks/)

Answer 2

**2.** Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate users and groups. ## Footnote Amazon QuickSight is the best fit for data visualization and reporting, especially when data resides in Amazon S3 and Amazon RDS for PostgreSQL. QuickSight supports connecting to both Amazon S3 (via Athena) and RDS for PostgreSQL as data sources, allowing integrated dashboards across both. QuickSight allows you to control access at the level of users and groups, which is more fine-grained than IAM roles for sharing dashboards. User/group sharing aligns with the need to give management full access and limited access to others, fulfilling the access control requirements effectively. * While Athena Federated Queries are useful for joining S3 and RDS data, it lacks visualization capabilities. Again, S3-based reports are not ideal for dashboards or restricted sharing by user role. * As with the previous answer, this option solves the problem of access sharing with resources but does not take care of delta in data. Also, you connect user and groups in your QuickSight account but not IAM Roles. * Amazon Athena should be used with AWS Glue to provide the required functionality as described in the explanation above and the article linked below. **Reference:** [Create a data source connection](https://docs.aws.amazon.com/athena/latest/ug/connect-to-a-data-source.html) Save time with our AWS cheat sheets: * [AWS Glue](https://digitalcloud.training/aws-glue/) * [AWS Athena](https://digitalcloud.training/amazon-athena/)

Answer 3

**3.** Create the MySQL user accounts to use the AWSAuthenticationPlugin with IAM ## Footnote With MySQL, authentication is handled by AWSAuthenticationPlugin—an AWS-provided plugin that works seamlessly with IAM to authenticate your IAM users. Connect to the DB instance and issue the CREATE USER statement, as shown in the following example. CREATE USER jane_doe IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS'; The IDENTIFIED WITH clause allows MySQL to use the AWSAuthenticationPlugin to authenticate the database account (jane_doe). The AS 'RDS' clause refers to the authentication method, and the specified database account should have the same name as the IAM user or role. In this example, both the database account and the IAM user or role are named jane_doe. * You cannot configure MySQL to directly use the AWS STS. * This is used with Redis databases, not with RDS databases. * Data encryption keys are used for data encryption not management of connections strings. **Reference:** [Creating a database account using IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-rds/).

Answer 4

**3.** Use Amazon Aurora with MySQL compatibility. Direct the reporting functions to use one of the Aurora Replicas. ## Footnote Amazon Aurora with MySQL compatibility is a good fit for achieving high availability and improved performance. Aurora automatically distributes the data across multiple AZs in a single region. Additionally, Aurora allows the creation of up to 15 Aurora Replicas that share the same underlying volume as the primary instance. Directing reporting functions to the Aurora Replica is an effective way to offload reporting workloads from the primary database. * Though you can use Amazon RDS with MySQL in a Single-AZ deployment and create a read replica, it is not the most operationally efficient option as it does not provide the high availability that Aurora's architecture offers. * Using AWS DMS to create Amazon Aurora DB clusters in multiple AWS Regions would be overkill for the requirements. It could also introduce additional complexity and doesn’t specifically address using a replica for reporting purposes. * Managing your own database on Amazon EC2 instances requires a significant operational overhead as you need to handle backups, patch management, and high availability yourself. This option is not the most operationally efficient compared to using a managed database service like Amazon Aurora. **Reference:** [Replication with Amazon Aurora](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Replication.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-aurora/).

Answer 5

**2.** Set up a warm standby Amazon RDS for PostgreSQL database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC). ## Footnote Configuring a warm standby Amazon RDS for PostgreSQL database on AWS and using AWS DMS with change data capture will meet the RTO and RPO requirements. DMS can handle the ongoing replication from the on-premises PostgreSQL to the standby RDS instance, providing a near real-time replica of the data. In a DR scenario, this standby instance can be promoted to become the new primary database, meeting the required RTO and RPO. * Setting up an active-active multi-site setup between the on-premises server and AWS using PostgreSQL with a third-party high availability solution might meet the RPO and RTO requirements, but it would likely be more expensive and complex than the correct answer. * AWS Elastic Disaster Recovery with continuous replication can provide a DR solution, but for a database, it is typically more efficient to use a service designed for that purpose, like RDS with DMS. * Using third-party backup software to perform daily backups and storing a secondary set of backups in Amazon S3 would not meet the RPO of less than a minute, as this approach could lead to a data loss up to 24 hours. Also, the process of restoring from a backup might not meet the RTO of within two hours. **Reference:** [Creating tasks for ongoing replication using AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Task.CDC.html) Save time with our AWS cheat sheets: * [Amazon RDS](https://digitalcloud.training/amazon-rds/) * [AWS Migration Services](https://digitalcloud.training/aws-migration-services/)

Answer 6

**1.** Migrate the PostgreSQL database to Amazon RDS for PostgreSQL with a Multi-AZ DB instance deployment. Use Amazon ElastiCache for Redis with a replication group to manage session data and cache reads. Migrate the application server to an Auto Scaling group across three Availability Zones. ## Footnote This solution fulfills all the requirements. Amazon RDS with Multi-AZ instances provides high availability and failover support for DB instances. ElastiCache for Redis supports storing session state data and can provide sub-millisecond response times, enabling applications to achieve instant, high-speed reads and writes. Auto Scaling ensures that the application has the correct number of Amazon EC2 instances to handle the load for your application. * Aurora is a high-performance database service, but using a single AZ deployment doesn't provide the high availability across multiple AZs the company wants. Also, while ElastiCache for Memcached can be used for caching, it doesn't offer the durability and atomicity that Redis offers, which is particularly useful for session data. * Although DynamoDB is a high-performance, scalable NoSQL database, it is not a drop-in replacement for a relational database like PostgreSQL. It has a different data model and supports a different set of query options. This change could require significant modifications to the application code and may not support the same transactional capabilities as PostgreSQL. * Although the EC2 instance can run the PostgreSQL database, it does not provide the same level of managed service benefits (like automatic patching, backups, and high availability with Multi-AZ deployments) as Amazon RDS. This option would likely result in higher operational overhead and doesn't fully utilize the benefits of managed AWS services. **References:** * [Amazon RDS Multi-AZ](https://aws.amazon.com/rds/features/multi-az/) * [Amazon ElastiCache for Valkey and for Redis OSS](https://aws.amazon.com/elasticache/redis/) * [Amazon EC2 Auto Scaling](https://aws.amazon.com/ec2/autoscaling/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-elasticache/).

Answer 7

**1.** Migrate the databases to Amazon Aurora Serverless (Aurora MySQL). ## Footnote Amazon Aurora provides automatic scaling for MySQL databases. Amazon Aurora provides built-in security, continuous backups, serverless compute, up to 15 read replicas, automated multi-Region replication, and integrations with other AWS services. Aurora Serverless reduces any effort from operations also to provision any servers to manage the database cluster. * Although PostgreSQL is an option for Aurora, the database schema would have to be changed to allow PostgreSQL compatibility. * Databases run on a larger EC2 instance would not provide improved performance, scaling, and durability. * This would improve the scalability of the solution but would still have to be heavily managed by the organization, something that would not be needed with Aurora Serverless. **Reference:** [Amazon Aurora Serverless](https://aws.amazon.com/rds/aurora/serverless/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-rds/).

Answer 8

**3.** Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot ## Footnote There are some limitations for encrypted Amazon RDS DB Instances: you can't modify an existing unencrypted Amazon RDS DB instance to make the instance encrypted, and you can't create an encrypted read replica from an unencrypted instance. However, you can use the Amazon RDS snapshot feature to encrypt an unencrypted snapshot that's taken from the RDS database that you want to encrypt. Restore a new RDS DB instance from the encrypted snapshot to deploy a new encrypted DB instance. Finally, switch your connections to the new DB instance. * You cannot encrypt an RDS database using an ElastiCache cache node. * You cannot enable encryption for an existing database. * You cannot create an encrypted read replica from an unencrypted database instance. **References:** * [Encrypting Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html) * [How can I encrypt an unencrypted Amazon RDS DB instance for MySQL or MariaDB with minimal downtime?](https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-rds/).

Answer 9

**1.** Update the application code to use an Amazon ElastiCache for Redis cluster ## Footnote Some applications, such as media catalog updates require high frequency reads, and consistent throughput. For such applications, customers often complement S3 with an in-memory cache, such as Amazon ElastiCache for Redis, to reduce the S3 retrieval cost and to improve performance. ElastiCache for Redis is a fully managed, in-memory data store that provides sub-millisecond latency performance with high throughput. ElastiCache for Redis complements S3 in the following ways: - Redis stores data in-memory, so it provides sub-millisecond latency and supports incredibly high requests per second. - It supports key/value based operations that map well to S3 operations (for example, GET/SET => GET/PUT), making it easy to write code for both S3 and ElastiCache. - It can be implemented as an application side cache. This allows you to use S3 as your persistent store and benefit from its durability, availability, and low cost. Your applications decide what objects to cache, when to cache them, and how to cache them. In this example the media catalog is pulling updates from S3 so the performance between these components is what needs to be improved. Therefore, using ElastiCache to cache the content will dramatically increase the performance. * CloudFront is good for getting media closer to users but in this case we’re trying to improve performance within the data center moving data from S3 to the media catalog server. * DynamoDB Accelerator (DAX) is used with DynamoDB but is unsuitable for use with Amazon S3. * This will improve local disk performance but will not improve reads from Amazon S3. **Reference:** [Turbocharge Amazon S3 with Amazon ElastiCache for Redis](https://aws.amazon.com/blogs/storage/turbocharge-amazon-s3-with-amazon-elasticache-for-redis/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-elasticache/).

Answer 10

**4.** Amazon DynamoDB ## Footnote Amazon DynamoDB is a no-SQL database that stores data using key-value pairs. It is ideal for storing large amounts of semi-structured data and is also highly scalable. This is the best solution for storing this data based on the requirements in the scenario. * The Amazon Elastic File System (EFS) is not suitable for storing key-value pairs. * Amazon Relational Database Service (RDS) is used for structured data as it is an SQL type of database. * Amazon Elastic Block Store (EBS) is a block-based storage system. You attach volumes to EC2 instances. It is not used for key-value pairs or to be used by Lambda functions. **Reference:** [Amazon DynamoDB features](https://aws.amazon.com/dynamodb/features/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-dynamodb/).

Answer 11

**2.** Migrate the data and applications to Amazon RDS instances. Enable encryption at rest using AWS Key Management Service (AWS KMS). ## Footnote Amazon RDS makes it easy to go from project conception to deployment by managing time-consuming database administration tasks including backups, software patching, monitoring, scaling, and replication. Amazon RDS supports encryption at rest, which ensures the security of sensitive data and meets regulatory compliance requirements. AWS Key Management Service (AWS KMS) is integrated with Amazon RDS to make it easier to create, control, and manage keys for encryption. * While this solution offers data encryption, it does not meet the requirement to reduce operational overhead. Managing databases on EC2 instances requires additional administrative tasks, such as managing backups and applying software patches, which Amazon RDS handles automatically. * Amazon S3 and Macie are suitable for data storage and security analysis, respectively. However, Amazon S3 is not designed to serve as a transactional database for applications, which is a key requirement in this scenario. * While Amazon RDS is a correct choice for database management and Amazon GuardDuty offers threat detection, GuardDuty is not specifically designed for data protection within databases. It's a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. **Reference:** [Encrypting Amazon RDS resources](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html) Save time with our AWS cheat sheets: * [Amazon RDS](https://digitalcloud.training/amazon-rds/) * [AWS KMS](https://digitalcloud.training/aws-kms/)

Answer 12

**4.** Configure an Amazon RDS Proxy for the database and modify the application to connect to the proxy endpoint. ## Footnote Amazon RDS Proxy is a fully managed, highly available database proxy for Amazon RDS that makes applications more scalable, more resilient to database failures, and more secure. During a failover, RDS Proxy automatically connects to a standby database instance while preserving connections from your application and reducing failover times for RDS and Aurora multi-AZ databases. So, there is minimal downtime for the application. * Adding more read replicas to the cluster does not decrease the downtime during a failover. It only improves the database's ability to handle read-heavy workloads. Read replicas do not contribute to a faster failover process. * This approach is operationally heavy as it involves managing two separate RDS clusters and manually updating the application's database endpoint during a failover. Moreover, it does not necessarily reduce the downtime during a failover as there might be data inconsistency issues between the primary and secondary clusters, depending on the replication latency. * ElastiCache is an in-memory cache and not a relational database service. It is typically used to cache frequently accessed data to reduce latency and improve application performance, not for managing failovers. **References:** * [Amazon RDS Proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html) * [Configuring and managing a Multi-AZ deployment for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-rds/).

Answer 13

**1.** Enable automatic storage scaling for the MySQL instance. ## Footnote Amazon RDS's automatic storage scaling allows the database to automatically increase its storage capacity when the available storage is low. This feature helps to prevent out-of-storage situations and requires no operational overhead. * While this would provide more storage, it does not address the issue of potential future storage shortages and requires significant operational effort for the migration. * While this might help free up some storage, it might not be suitable if all data is essential for business operations. Also, this does not provide a long-term solution if data growth continues. * While ElastiCache can help to improve the database's read efficiency, it doesn't directly address the disk space concern for the RDS instance. **Reference:** [Working with storage for Amazon RDS DB instances](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-rds/).

Database Flashcards

Analyze AWS database offerings to design high-performing, scalable, and cost-effective data solutions. (37 cards)