RDS — Bancos Relacionais Gerenciados
Aula 6 de 8
Amazon RDS
RDS gerencia bancos relacionais: MySQL, PostgreSQL, MariaDB, SQL Server, Oracle e Aurora.
Por que RDS em vez de instalar na EC2?
| Recurso | RDS | EC2 + DB |
|---|---|---|
| Backup automático | Nativo | Configurar manualmente |
| Multi-AZ failover | Nativo | Configurar manualmente |
| Read replicas | Gerenciado | Configurar manualmente |
| Patching | Automático | Manual |
| Storage auto-scaling | Sim | Não |
Lab: Criar RDS PostgreSQL
# 1. Criar subnet group (subnets privadas)
aws rds create-db-subnet-group \
--db-subnet-group-name meu-db-group \
--subnet-ids subnet-priv-a subnet-priv-b \
--db-subnet-group-description "Subnets privadas RDS"
# 2. Criar security group RDS
RDS_SG=$(aws ec2 create-security-group \
--group-name rds-sg \
--description "Acesso ao RDS" \
--vpc-id $VPC_ID --query 'GroupId' --output text)
aws ec2 authorize-security-group-ingress \
--group-id $RDS_SG \
--protocol tcp --port 5432 \
--source-group sg-app # só app pode conectar
# 3. Criar instância RDS
aws rds create-db-instance \
--db-instance-identifier meu-postgres \
--db-instance-class db.t3.medium \
--engine postgres \
--engine-version 16 \
--master-username admin \
--master-user-password SenhaSegura123! \
--allocated-storage 100 \
--storage-type gp3 \
--db-subnet-group-name meu-db-group \
--vpc-security-group-ids $RDS_SG \
--backup-retention-period 7 \
--preferred-backup-window "03:00-04:00" \
--multi-az \
--storage-encrypted \
--deletion-protection
Multi-AZ e Read Replicas
# Multi-AZ (failover automático entre AZs)
aws rds modify-db-instance \
--db-instance-identifier meu-postgres \
--multi-az \
--apply-immediately
# Read Replica (escala leitura)
aws rds create-db-instance-read-replica \
--db-instance-identifier meu-postgres-replica \
--source-db-instance-identifier meu-postgres \
--db-instance-class db.t3.large \
--region us-west-2 # cross-region replica
Aurora — AWS-native DB
# Aurora é mais rápido e escalável que RDS padrão
aws rds create-db-cluster \
--db-cluster-identifier meu-aurora \
--engine aurora-postgresql \
--engine-version 16 \
--master-username admin \
--master-user-password SenhaSegura123!
Backup e Restore
# Snapshot manual
aws rds create-db-snapshot \
--db-instance-identifier meu-postgres \
--db-snapshot-identifier meu-postgres-bkp-2024
# Restaurar snapshot para nova instância
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier meu-postgres-restaurado \
--db-snapshot-identifier meu-postgres-bkp-2024
# Point-in-Time Recovery (PITR)
aws rds restore-db-instance-to-point-in-time \
--source-db-instance-identifier meu-postgres \
--target-db-instance-identifier meu-postgres-pitr \
--restore-time "2024-06-01T02:00:00Z"
Performance Insights
# Habilitar Performance Insights
aws rds modify-db-instance \
--db-instance-identifier meu-postgres \
--enable-performance-insights \
--performance-insights-retention-period 7
# CloudWatch Metrics
aws cloudwatch get-metric-statistics \
--namespace AWS/RDS \
--metric-name DatabaseConnections \
--dimensions Name=DBInstanceIdentifier,Value=meu-postgres \
--start-time 2024-06-01T00:00:00Z \
--end-time 2024-06-02T00:00:00Z \
--period 300 --statistics Average
Connection Pooling (RDS Proxy)
# RDS Proxy — gerencia pool de conexões (serverless)
aws rds create-db-proxy \
--db-proxy-name meu-proxy \
--engine-family POSTGRESQL \
--auth '[{ "AuthScheme": "SECRETS", "SecretArn": "arn:aws:secretsmanager:xxx:secret:xxx" }]' \
--role-arn arn:aws:iam::xxx:role/rds-proxy-role \
--vpc-subnet-ids subnet-priv-a subnet-priv-b
RDS Proxy é essencial para Lambda + RDS (evita esgotamento de conexões). Multi-AZ é obrigatório em produção. Sempre use Deletion Protection.