brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(kb/aws): revise and update articles with new findings

Browse Source
This commit is contained in:
Michele Cereda
2025-03-26 18:36:27 +01:00
parent 4dd850545f
commit 7d3b421525
4 changed files with 232 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
knowledge base/cloud computing/aws/README.md
View File

@@ -5,13 +5,13 @@
1. [Elastic IP addresses](#elastic-ip-addresses)
1. [Services](#services)
1. [Billing and Cost Management](#billing-and-cost-management)
1. [CloudWatch](#cloudwatch)
1. [Config](#config)
1. [Detective](#detective)
1. [Global Accelerator](#global-accelerator)
1. [GuardDuty](#guardduty)
1. [EventBridge](#eventbridge)
1. [Inspector](#inspector)
1. [Kinesis](#kinesis)
1. [KMS](#kms)
1. [Security Hub](#security-hub)
1. [Resource constraints](#resource-constraints)
@@ -83,23 +83,24 @@ One can can rapidly remapping addresses to other instances in one's account and
## Services
| Service | Description |
| Service | Summary |
| ----------------------------- | --------------------------------------------- |
| [Billing and Cost Management] | FIXME |
| [CloudWatch] | Observability (logging, monitoring, alerting) |
| [Billing and Cost Management] | Cost management |
| [CloudFront] | Content delivery |
| [CloudWatch] | Observability (logging, monitoring, alerting) |
| [Config] | Compliance |
| [Detective] | FIXME |
| [Detective] | Behaviour anomalies |
| [EC2] | Managed virtual machines |
| [ECR] | Container registry |
| [ECS] | Run containers as a service |
| [EFS] | Serverless file storage |
| [EKS] | Managed Kubernetes clusters |
| [EventBridge] | FIXME |
| [EventBridge] | Stream real time data |
| [GuardDuty] | Threat detection |
| [IAM] | Access control |
| [Image Builder] | Build custom AMIs |
| [Inspector] | FIXME |
| [Inspector] | Security vulnerability assessment |
| [Kinesis] | Video or data streams |
| [KMS] | Key management |
| [OpenSearch] | ELK, logging |
| [RDS] | Databases |
@@ -120,78 +121,6 @@ Costs can be grouped by Tags applied on resources.<br/>
Tags to use for this kind of grouping need to be activated in the _Cost allocation tags_ section.<br/>
New tags might take 24 or 48 hours to appear there.
### CloudWatch
Observability service. with functions for logging, monitoring and alerting.
_Metrics_ are whatever needs to be monitored (e.g. CPU usage).<br/>
_Data points_ are the values of a metric over time.<br/>
_Namespaces_ are containers for metrics.
Metrics only exist in the region in which they are created.
[Many AWS services][services that publish cloudwatch metrics] offer basic monitoring by publishing a default set of
metrics to CloudWatch with no charge.<br/>
This feature is automatically enabled by default when one starts using one of these services.
API calls for CloudWatch are paid.
It's best practice to **distribute** the `ListMetrics` call to avoid throttling.<br/>
The default limit for `ListMetrics` is 25 transactions per second.
The [CloudWatch console] offers some default good queries.
<details>
<summary>Queries of interest</summary>
| What | Section | Tab | How to visualize |
| ------------------------------------ | ----------- | --------------- | ----------------------------------------------------- |
| [Top 10 log groups by written bytes] | All Metrics | Graphed metrics | Add Query > Logs > Top 10 log groups by written bytes |
<details style="padding-left: 1em;">
<summary>Get a dashboard of how much data a <b>small</b> set of log groups ingested in the last 30 days</summary>
> This graph works only with the _Absolute_ time period option.<br/>
> Should you choose _Relative_, the graph returns incorrect data.
1. [CloudWatch console] > _All metrics_ (navigation pane on the left).
1. Choose _Logs_, _Log group metrics_.
1. Select the individual `IncomingBytes` metrics of each log group of interest.
1. Choose the _Graphed metrics_ tab.
1. For each metric:
- Change `Statistic` to `Sum`.
- Change `Period` to `30 Days`.
1. Choose the _Graph options_ tab.
1. Choose the _Number_ option group.
1. At the top right of the graph, choose _Custom_ as the time range.
1. Choose _Absolute_.
1. Select the last 30 days as start and end date.
</details>
<details style="padding-left: 1em;">
<summary>Get a dashboard of how much data <b>all</b> log groups ingested in the last 30 days</summary>
> This graph works only with the _Absolute_ time period option.<br/>
> Should you choose _Relative_, the graph returns incorrect data.
1. [CloudWatch console] > _All metrics_ (navigation pane on the left).
1. Choose the _Graphed metrics_ tab.
1. From the _Add math_ dropdown list, choose _Start with an empty expression_.
1. Paste this as math expression:
```plaintext
SORT(REMOVE_EMPTY(SEARCH('{AWS/Logs,LogGroupName} MetricName="IncomingBytes"', 'Sum', 2592000)),SUM, DESC)
```
1. At the top right of the graph, choose _Custom_ as the time range.
1. Choose _Absolute_.
1. Select the last 30 days as start and end date.
</details>
</details>
### Config
Compliance service for assessing and auditing AWS resources.
@@ -308,6 +237,10 @@ TODO
TODO
### Kinesis
TODO
### KMS
_Key material_ is the cryptographic secret of Keys that is used in encryption operations.
@@ -398,9 +331,7 @@ One pays for data transfer between instances and services in the **same region**
zone**.<br/>
See [Understanding data transfer charges].
One pays for sending logs to [CloudWatch].<br/>
Refer [Which log group is causing a sudden increase in my CloudWatch Logs bill?] to get an idea of what changed in some
time frame.
One pays for sending logs and metrics to [CloudWatch].
## Savings plans
@@ -575,7 +506,6 @@ machine if not.
## Further readings
- [EC2]
- [Services that publish CloudWatch metrics]
- [Best Practices for Tagging AWS Resources]
- [Automating DNS-challenge based LetsEncrypt certificates with AWS Route 53]
- AWS' [CLI]
@@ -586,7 +516,6 @@ machine if not.
### Sources
- [Constraints for tags][constraints tag]
- [What is CloudWatch]
- [What is Amazon VPC?]
- [Subnets for your VPC]
- [What is AWS Config?]
@@ -611,11 +540,9 @@ machine if not.
- [Boto3 resources]
- [Boto3 sessions]
- [Boto3 paginators]
- [Which log group is causing a sudden increase in my CloudWatch Logs bill?]
- [What is AWS Global Accelerator?]
- [How AWS Global Accelerator works]
- [Using Amazon CloudWatch with AWS Global Accelerator]
- [What is AWS CloudWatch? Guide for beginners]
<!--
Reference
@@ -624,18 +551,19 @@ machine if not.
<!-- In-article sections -->
[billing and cost management]: #billing-and-cost-management
[cloudwatch]: #cloudwatch
[config]: #config
[detective]: #detective
[eventbridge]: #eventbridge
[guardduty]: #guardduty
[inspector]: #inspector
[kinesis]: #kinesis
[kms]: #kms
[security hub]: #security-hub
<!-- Knowledge base -->
[cli]: cli.md
[cloudfront]: cloudfront.md
[cloudwatch]: cloudwatch.md
[ec2]: ec2.md
[ecr]: ecr.md
[ecs]: ecs.md
@@ -661,7 +589,6 @@ machine if not.
[boto3 paginators]: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/paginators.html
[boto3 resources]: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/resources.html
[boto3 sessions]: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/session.html
[cloudwatch console]: https://console.aws.amazon.com/cloudwatch/home
[connect to the internet using an internet gateway]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
[constraints tag]: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html
[creating organization policies with aws organizations]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_policies_create.html
@@ -676,18 +603,14 @@ machine if not.
[nat gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
[rotating aws kms keys]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
[savings plans user guide]: https://docs.aws.amazon.com/savingsplans/latest/userguide/
[services that publish cloudwatch metrics]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html
[subnets for your vpc]: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
[test your roles' access policies using the aws identity and access management policy simulator]: https://aws.amazon.com/blogs/security/test-your-roles-access-policies-using-the-aws-identity-and-access-management-policy-simulator/
[tools to build on aws]: https://aws.amazon.com/developer/tools/
[top 10 log groups by written bytes]: https://console.aws.amazon.com/cloudwatch/home#metricsV2?graph=~(view~'timeSeries~stacked~false~metrics~(~(~(expression~'SELECT*20SUM*28IncomingBytes*29*0aFROM*20SCHEMA*28*22AWS*2fLogs*22*2c*20LogGroupName*29*20*0aGROUP*20BY*20LogGroupName*0aORDER*20BY*20SUM*28*29*20DESC*0aLIMIT*2010~label~'!*7bLABEL*7d*20*5bsum*3a*20!*7bSUM*7d*5d~id~'q1)))~region~'eu-west-1~title~'Top*2010*20log*20groups*20by*20written*20bytes~yAxis~(left~(label~'Bytes~showUnits~false))~stat~'Average~period~300)
[understanding data transfer charges]: https://docs.aws.amazon.com/cur/latest/userguide/cur-data-transfers-charges.html
[using amazon cloudwatch with aws global accelerator]: https://docs.aws.amazon.com/global-accelerator/latest/dg/cloudwatch-monitoring.html
[what is amazon vpc?]: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
[what is aws config?]: https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
[what is aws global accelerator?]: https://docs.aws.amazon.com/global-accelerator/latest/dg/what-is-global-accelerator.html
[what is cloudwatch]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
[which log group is causing a sudden increase in my cloudwatch logs bill?]: https://repost.aws/knowledge-center/cloudwatch-logs-bill-increase
<!-- Others -->
[a guide to tagging resources in aws]: https://medium.com/@staxmarketing/a-guide-to-tagging-resources-in-aws-8f4311afeb46
@@ -697,4 +620,3 @@ machine if not.
[date & time policy conditions at aws - 1-minute iam lesson]: https://www.youtube.com/watch?v=4wpKP1HLEXg
[difference in boto3 between resource, client, and session?]: https://stackoverflow.com/questions/42809096/difference-in-boto3-between-resource-client-and-session
[using aws kms via the cli with a symmetric key]: https://nsmith.net/aws-kms-cli
[what is aws cloudwatch? guide for beginners]: https://www.educative.io/blog/aws-cloudwatch

142
knowledge base/cloud computing/aws/cloudwatch.md Normal file
View File

@@ -0,0 +1,142 @@
# CloudWatch
Observability service. with functions for logging, monitoring and alerting.
1. [TL;DR](#tldr)
1. [Queries of interest](#queries-of-interest)
1. [Stream logs](#stream-logs)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
_Metrics_ are whatever needs to be monitored (e.g. CPU usage).<br/>
_Data points_ are the values of a metric over time.<br/>
_Namespaces_ are containers for metrics.
Metrics only exist in the region in which they are created.
[Many AWS services][services that publish cloudwatch metrics] offer basic monitoring by publishing a default set of
metrics to CloudWatch with no charge.<br/>
This feature is automatically enabled by default when one starts using one of these services.
API calls for CloudWatch are **paid**. This **includes** sending logs and metrics to it.<br/>
Refer [Which log group is causing a sudden increase in my CloudWatch Logs bill?] to get an idea of what changed in some
time frame.
It's best practice to **distribute** the `ListMetrics` call to avoid throttling.<br/>
The default limit for `ListMetrics` is 25 transactions per second.
The [CloudWatch console] offers some default good queries.
Logs in Log Groups can be [streamed][stream logs] elsewhere.
<details>
<summary>CLI commands</summary>
```sh
# List available metrics
aws cloudwatch list-metrics --namespace 'AWS/EC2'
aws cloudwatch list-metrics --namespace 'AWS/EC2' --metric-name 'CPUUtilization'
aws cloudwatch list-metrics --namespace 'AWS/EC2' --dimensions 'Name=InstanceId,Value=i-01234567890abcdef' --query 'Metrics[].MetricName'
# Show alarms information
aws cloudwatch describe-alarms-for-metric --metric-name 'CPUUtilization' --namespace 'AWS/EC2' --dimensions 'Name=InstanceId,Value=i-01234567890abcdef'
```
</details>
## Queries of interest
| What | Section | Tab | How to visualize |
| ------------------------------------ | ----------- | --------------- | ----------------------------------------------------- |
| [Top 10 log groups by written bytes] | All Metrics | Graphed metrics | Add Query > Logs > Top 10 log groups by written bytes |
<details style="padding-left: 1em;">
<summary>Get a dashboard of how much data a <b>small</b> set of log groups ingested in the last 30 days</summary>
> This graph works only with the _Absolute_ time period option.<br/>
> Should you choose _Relative_, the graph returns incorrect data.
1. [CloudWatch console] > _All metrics_ (navigation pane on the left).
1. Choose _Logs_, _Log group metrics_.
1. Select the individual `IncomingBytes` metrics of each log group of interest.
1. Choose the _Graphed metrics_ tab.
1. For each metric:
- Change `Statistic` to `Sum`.
- Change `Period` to `30 Days`.
1. Choose the _Graph options_ tab.
1. Choose the _Number_ option group.
1. At the top right of the graph, choose _Custom_ as the time range.
1. Choose _Absolute_.
1. Select the last 30 days as start and end date.
</details>
<details style="padding-left: 1em;">
<summary>Get a dashboard of how much data <b>all</b> log groups ingested in the last 30 days</summary>
> This graph works only with the _Absolute_ time period option.<br/>
> Should you choose _Relative_, the graph returns incorrect data.
1. [CloudWatch console] > _All metrics_ (navigation pane on the left).
1. Choose the _Graphed metrics_ tab.
1. From the _Add math_ dropdown list, choose _Start with an empty expression_.
1. Paste this as math expression:
```plaintext
SORT(REMOVE_EMPTY(SEARCH('{AWS/Logs,LogGroupName} MetricName="IncomingBytes"', 'Sum', 2592000)),SUM, DESC)
```
1. At the top right of the graph, choose _Custom_ as the time range.
1. Choose _Absolute_.
1. Select the last 30 days as start and end date.
</details>
## Stream logs
Refer [Real-time processing of log data with subscriptions].<br/>
Also refer [Streaming CloudWatch Logs data to Amazon OpenSearch Service] to stream to AWS-managed Opensearch domains.
Logs in CloudWatch Log Groups can be streamed [Kinesis], [Firehose] or [Lambda] by leveraging Logs subscriptions.
## Further readings
- [Website]
### Sources
- [Documentation]
- [What is Amazon CloudWatch?]
- [What is AWS CloudWatch? Guide for beginners]
- [Real-time processing of log data with subscriptions]
- [Streaming CloudWatch Logs data to Amazon OpenSearch Service]
- [Which log group is causing a sudden increase in my CloudWatch Logs bill?]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
[stream logs]: #stream-logs
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[cloudwatch console]: https://console.aws.amazon.com/cloudwatch/home
[documentation]: https://console.aws.amazon.com/cloudwatch/
[firehose]: https://docs.aws.amazon.com/firehose/latest/dev/what-is-this-service.html
[kinesis]: https://docs.aws.amazon.com/kinesis/
[lambda]: https://docs.aws.amazon.com/lambda/
[real-time processing of log data with subscriptions]: https://docs.aws.amazon.com/cloudwatch/latest/logs/Subscriptions.html
[services that publish cloudwatch metrics]: https://docs.aws.amazon.com/cloudwatch/latest/monitoring/aws-services-cloudwatch-metrics.html
[streaming cloudwatch logs data to amazon opensearch service]: https://docs.aws.amazon.com/cloudwatch/latest/logs/CWL_OpenSearch_Stream.html
[top 10 log groups by written bytes]: https://console.aws.amazon.com/cloudwatch/home#metricsV2?graph=~(view~'timeSeries~stacked~false~metrics~(~(~(expression~'SELECT*20SUM*28IncomingBytes*29*0aFROM*20SCHEMA*28*22AWS*2fLogs*22*2c*20LogGroupName*29*20*0aGROUP*20BY*20LogGroupName*0aORDER*20BY*20SUM*28*29*20DESC*0aLIMIT*2010~label~'!*7bLABEL*7d*20*5bsum*3a*20!*7bSUM*7d*5d~id~'q1)))~region~'eu-west-1~title~'Top*2010*20log*20groups*20by*20written*20bytes~yAxis~(left~(label~'Bytes~showUnits~false))~stat~'Average~period~300)
[website]: https://aws.amazon.com/cloudwatch/
[what is amazon cloudwatch?]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
[which log group is causing a sudden increase in my cloudwatch logs bill?]: https://repost.aws/knowledge-center/cloudwatch-logs-bill-increase
<!-- Others -->
[what is aws cloudwatch? guide for beginners]: https://www.educative.io/blog/aws-cloudwatch

6
knowledge base/cloud computing/aws/ebs.md
View File

@@ -55,7 +55,7 @@ Usage monitoring is available via instance-level metrics on CloudWatch per opera
and bytes transferred (`EBSReadBytes` and `EBSWriteBytes`).
[Instances built on the AWS Nitro system] (_EBS-Optimized_) are capable of bursting performance.<br/>
`large`, `xlarge`, and `2xlarge` instances provide burst balance metrics to give information about the percentage of I/O
Instances from `medium` to `4xlarge` provide burst balance metrics to give information about the percentage of I/O
and bytes credits remaining in the respective burst buckets:
- `EBSIOBalance%` monitors the instance's I/O burst bucket.
@@ -73,7 +73,9 @@ The refill rate for burst buckets is the difference between the baseline rate an
In addition, burst buckets are topped off every 24 hours, allowing instances to have burst performance available for at
least 30 minutes per day.
Refer [Amazon EBS-optimized instance types] for details
Refer [Amazon EBS-optimized instance types] for details about instances performances.<br/>
Refer [Improving application performance and reducing costs with Amazon EBS-Optimized Instance burst capability] for
details about EBS balances.
## Volume types

140
knowledge base/cloud computing/aws/rds.md
View File

@@ -25,17 +25,82 @@
## TL;DR
`T` instances are burstable for CPU, EBS, and network.<br/>
They are **always** configured for `Unlimited` mode in RDS.
RDS _Instances_ are managed database environments.<br/>
Instances _can_ be part of a _cluster_, or _standalone_ deployments.<br/>
RDS _Clusters_ are collections of RDS Instances built on the Aurora engine.<br/>
Cluster-specific resources (snapshots, etc) are prefixed by _Cluster_ in the APIs, e.g. `create-db-cluster-snapshot`,
`DBClusterIdentifier` and `DBClusterSnapshotIdentifier`.
`T` instances are burst for CPU, disk, and network.<br/>
They are **always** configured to burst in `Unlimited` mode in RDS.
Instances [**can** be renamed][renaming a db instance].<br/>
Renaming them has some effects and requirements. Check the reference.
> Try and keep the DBs identifiers under 22 characters when using PostgreSQL.<br/>
> The `pg_transport` extension will try and truncate any `host` argument to 63 characters.
RDS creates FQDNs for the Instances by suffixing the instance identifier with
`.{{12-char-internal-id}}.{{region}}.rds.amazonaws.com`.<br/>
That internal ID is generated by RDS and is based on the combination of the AWS Region and Account the instance is in.
Read replicas **can** be promoted to standalone DB instances.<br/>
See [Working with DB instance read replicas].
Disk free metrics are available in CloudWatch.
Turning Performance Insights on and off does **not** cause downtime, a reboot, or a failover.<br/>
One can choose any of the following retention periods for instances' Performance Insights data:
- 7 days (default, free tier).
- _n_ months, where _n_ is a number from 1 to 24.<br/>
This **must** be _n*31_ for API calls (including the CLI).
- 731 days.
Each and every DB instance has a 30-minutes weekly maintenance window defining when modifications and software patching
occur. Should it not be defined during creation, one will be assigned automatically at random from the default time
block for the region.<br/>
If any maintenance event is scheduled before the window, it's **initiated** in that time frame. Most maintenance events
complete during the 30-minute maintenance window, while larger events may take more.<br/>
Maintenance windows are paused when their DB instances are stopped.
> Watch out for changes application order and timing.
>
> <details style="padding-bottom: 1em;">
> <summary>Example: creating a DB instance from snapshot with defined Parameter Group</summary>
>
> 1. The request of creation from snapshot is received by the AWS APIs.<br/>
> The Parameter Group's name is defined here.
>
> 1. The DB instance is created with a **default** Parameter Group.
>
> The Parameter group **is** due for change, but this does **NOT** come up as a pending modified value.<br/>
> Checks for pending changes **will** miss it.
>
> 1. The DB instance's state goes from `creating` to `backing-up`.<br/>
> This backup usually takes very little for some unknown reason.
>
> 1. The change in Parameter Group is applied now, requiring the DB instance to be rebooted.<br/>
> The instance's state goes to `modifying`, then `rebooting`.
>
> 1. **NOW** the instance is ready for use.
>
> </details>
<details>
<summary>CLI usage</summary>
<summary>CLI commands</summary>
```sh
# Show RDS instances.
aws rds describe-db-instances
aws rds describe-db-instances --output 'json' --query "DBInstances[?(DBInstanceIdentifier=='master-prod')]"
# Enable Performance Insights.
aws rds modify-db-cluster --db-cluster-identifier 'staging-cluster' \
--enable-performance-insights --performance-insights-retention-period '93' \
--database-insights-mode 'standard'
# Show Parameter Groups.
aws rds describe-db-parameters --db-parameter-group-name 'default.postgres15'
@@ -78,65 +143,6 @@ aws rds cancel-export-task --export-task-identifier 'my_export'
```
</details>
<br/>
RDS _Instances_ are managed database environments.<br/>
Instances _can_ be part of a _cluster_, or _standalone_ deployments.<br/>
RDS _Clusters_ are collections of RDS Instances built on the Aurora engine.<br/>
Cluster-specific resources (snapshots, etc) are prefixed by _Cluster_ in the APIs, e.g. `create-db-cluster-snapshot`,
`DBClusterIdentifier` and `DBClusterSnapshotIdentifier`.
Instances [**can** be renamed][renaming a db instance].<br/>
Renaming them has some effects and requirements. Check the reference.
> Try and keep the DBs identifiers under 22 characters when using PostgreSQL.<br/>
> The `pg_transport` extension will try and truncate any `host` argument to 63 characters.
RDS creates FQDNs for the Instances by suffixing the instance identifier with
`.{{12-char-internal-id}}.{{region}}.rds.amazonaws.com`.<br/>
That internal ID is generated by RDS and is based on the combination of the AWS Region and Account the instance is in.
Read replicas **can** be promoted to standalone DB instances.<br/>
See [Working with DB instance read replicas].
Disk free metrics are available in CloudWatch.
One can choose any of the following retention periods for instances' Performance Insights data:
- 7 days (default, free tier).
- _n_ months, where n is a number from 1 to 24.<br/>
In CLI and IaC, this number must be _n*31_.
Each and every DB instance has a 30-minutes weekly maintenance window defining when modifications and software patching
occur. Should it not be defined during creation, one will be assigned automatically at random from the default time
block for the region.<br/>
If any maintenance event is scheduled before the window, it's **initiated** in that time frame. Most maintenance events
complete during the 30-minute maintenance window, while larger events may take more.<br/>
Maintenance windows are paused when their DB instances are stopped.
> Watch out for changes application order and timing.
>
> <details>
> <summary>Example: creating a DB instance from snapshot with defined Parameter Group</summary>
>
> 1. The request of creation from snapshot is received by the AWS APIs.<br/>
> The Parameter Group's name is defined here.
>
> 1. The DB instance is created with a **default** Parameter Group.
>
> The Parameter group **is** due for change, but this does **NOT** come up as a pending modified value.<br/>
> Checks for pending changes **will** miss it.
>
> 1. The DB instance's state goes from `creating` to `backing-up`.<br/>
> This backup usually takes very little for some unknown reason.
>
> 1. The change in Parameter Group is applied now, requiring the DB instance to be rebooted.<br/>
> The instance's state goes to `modifying`, then `rebooting`.
>
> 1. **NOW** the instance is ready for use.
>
> </details>
## Engine
@@ -148,12 +154,8 @@ Refer [Understanding PostgreSQL roles and permissions].
`T` instances are burstable.
Refer [the relative section in the EC2 article](ec2#burstable-instances), with the difference that, instances burst for
CPU, EBS, **and** network.<br/>
They are also **always** configured for `Unlimited` mode in RDS.
Burstable performance instances for RDS provide baseline levels of CPU, EBS and network utilization, with the ability to
burst all those utilization above the baseline levels.
Refer [the relative section in the EC2 article](ec2#burstable-instances), with the difference that RDS instances are
**always** configured for `Unlimited` mode.
## Storage
@@ -181,7 +183,7 @@ When increasing allocated storage, increases must be by at least of 10%. Trying
will result in an error.<br/>
The allocated storage **cannot** be increased when restoring RDS for SQL Server DB instances.
> The allocated storage size of any DB instance **cannot be lowered** after creation.
> The allocated storage size of any DB instance **cannot be reduced** after creation.
Decrease the storage size of DB instances by creating a new instance with lower provisioned storage size, then migrate
the data into the new instance.<br/>