brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(kb/aws): extend rds section

Browse Source
This commit is contained in:
Michele Cereda
2024-06-18 01:43:52 +02:00
parent a02cb1e4f5
commit 444d1f9c18
1 changed files with 72 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
knowledge base/cloud computing/aws/README.md
View File

@@ -3,6 +3,7 @@
1. [Networking](#networking) 1. [Networking](#networking)
1. [Elastic IP addresses](#elastic-ip-addresses) 1. [Elastic IP addresses](#elastic-ip-addresses)
1. [Services](#services) 1. [Services](#services)
1. [Billing and Cost Management](#billing-and-cost-management)
1. [CloudWatch](#cloudwatch) 1. [CloudWatch](#cloudwatch)
1. [Config](#config) 1. [Config](#config)
1. [Detective](#detective) 1. [Detective](#detective)
@@ -46,26 +47,33 @@ One can can rapidly remapping addresses to other instances in one's account and
## Services ## Services
| Service | Description | | Service | Description |
| -------------- | --------------------------------------------- | | ----------------------------- | --------------------------------------------- |
| [CloudWatch] | Observability (logging, monitoring, alerting) | | [Billing and Cost Management] | FIXME |
| [Config] | Compliance | | [CloudWatch] | Observability (logging, monitoring, alerting) |
| [Detective] | FIXME | | [Config] | Compliance |
| [EC2] | Virtual machines | | [Detective] | FIXME |
| [ECR] | Container registry | | [EC2] | Virtual machines |
| [ECS] | Containers as a service | | [ECR] | Container registry |
| [EKS] | Kubernetes clusters | | [ECS] | Containers as a service |
| [EventBridge] | FIXME | | [EKS] | Kubernetes clusters |
| [GuardDuty] | Threat detection | | [EventBridge] | FIXME |
| [Inspector] | FIXME | | [GuardDuty] | Threat detection |
| [OpenSearch] | ELK, logging | | [Inspector] | FIXME |
| [RDS] | Databases | | [OpenSearch] | ELK, logging |
| [S3] | Storage | | [RDS] | Databases |
| [Sagemaker] | Machine learning | | [S3] | Storage |
| [Security Hub] | Aggregator for security findings | | [Sagemaker] | Machine learning |
| [Security Hub] | Aggregator for security findings |
[Service icons][aws icons] are publicly available for diagrams and such. [Service icons][aws icons] are publicly available for diagrams and such.
### Billing and Cost Management
Costs can be grouped by Tags applied on resources.<br/>
Tags to use for this kind of grouping need to be activated in the _Cost allocation tags_ section.<br/>
New tags might take 24 or 48 hours to appear there.
### CloudWatch ### CloudWatch
Observability service. with functions for logging, monitoring and alerting. Observability service. with functions for logging, monitoring and alerting.
@@ -142,6 +150,47 @@ FIXME
Read replicas **can** be promoted to standalone DB instances.<br/> Read replicas **can** be promoted to standalone DB instances.<br/>
See [Working with DB instance read replicas]. See [Working with DB instance read replicas].
Disk free metrics are available in CloudWatch.
Automatic backups are **enabled** by default.<br/>
RDS will automatically create storage volume snapshots of the **entire** DB instances.<br/>
Backups occur during a daily user-configurable 30 minute period backup window and are kept for a configurable number of
up to 35 days (_backup retention period_). One can recover DB instances to any point in time during the backup retention
period.
DB instances must be in the `available` state for automated backups to occur.<br/>
Automated backups don't occur while DB instances are in other states (i.e., `storage_full`).
Automated backups don't occur while a DB snapshot copy is running in the same AWS Region for the same database.
Back up DB instances manually by creating DB snapshots.<br/>
The first snapshot contains the data for the full database. Subsequent snapshots of the same database are incremental.
One can copy both automatic and manual DB snapshots, but only share manual DB snapshots.
RDS backup storage for each Region is composed of both the automated backups and manual DB snapshots for that
Region.<br/>
Moving snapshots to other Regions increases the backup storage in the destination Regions.
Backups are stored in [S3].
Should one choose to retain automated backups when deleting DB instances, its automated backups are saved for the full
retention period, otherwise all automated backups are deleted with the instance.<br/>
After they are deleted, automated backups can't be recovered.
Should one choose to have RDS create a final DB snapshot before deleting a DB instance, one can use that or previously
created manual snapshots to recover it.
Manual snapshots are **not** deleted.
One can store up to 100 manual snapshots per Region.
One can choose any of the following retention periods for instances' Performance Insights data:
- 7 days (default, free tier).
- _n_ months, where n is a number from 1 to 24.<br/>
In CLI and IaC, this number must be _n*31_.
### Security Hub ### Security Hub
FIXME FIXME
@@ -297,6 +346,9 @@ Examples:
- [Use an IAM role in the AWS CLI] - [Use an IAM role in the AWS CLI]
- [Creating a role to delegate permissions to an IAM user] - [Creating a role to delegate permissions to an IAM user]
- [How to use the PassRole permission with IAM roles] - [How to use the PassRole permission with IAM roles]
- [Introduction to backups][rds introduction to backups] for RDS
- [Pricing and data retention for Performance Insights][rds pricing and data retention for performance insights] for
RDS
<!-- <!--
Reference Reference
@@ -304,6 +356,7 @@ Examples:
--> -->
<!-- In-article sections --> <!-- In-article sections -->
[billing and cost management]: #billing-and-cost-management
[cloudwatch]: #cloudwatch [cloudwatch]: #cloudwatch
[config]: #config [config]: #config
[detective]: #detective [detective]: #detective
@@ -336,6 +389,8 @@ Examples:
[how to use the passrole permission with iam roles]: https://aws.amazon.com/blogs/security/how-to-use-the-passrole-permission-with-iam-roles/ [how to use the passrole permission with iam roles]: https://aws.amazon.com/blogs/security/how-to-use-the-passrole-permission-with-iam-roles/
[iam json policy elements: sid]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html [iam json policy elements: sid]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
[nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html [nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
[rds introduction to backups]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
[rds pricing and data retention for performance insights]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Overview.cost.html
[services that publish cloudwatch metrics]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html [services that publish cloudwatch metrics]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html
[subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html [subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
[test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/ [test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/