<h2 id="content"><a href="#content" aria-hidden="true" tabindex="-1"></a>Content</h2>
<ul>
<li><a href="#take-aways">Take aways</a></li>
<li><a href="#introduction">Introduction</a></li>
<li><a href="#aurora-architecture">Aurora Architecture</a></li>
<li><a href="#security">Security</a>
<ul>
<li><a href="#infrastructure">Infrastructure</a></li>
<li><a href="#data-protection">Data protection</a></li>
</ul>
</li>
<li><a href="#features">Features</a>
<ul>
<li><a href="#multi-master">Multi-master</a></li>
<li><a href="#backups">Backups</a></li>
<li><a href="#backtrack">Backtrack</a></li>
<li><a href="#rds-proxy">RDS Proxy</a></li>
<li><a href="#aws-service-integration">AWS Service Integration</a></li>
</ul>
</li>
<li><a href="#technical-series">Technical Series</a>
<ol>
<li><a href="#1-aws-aurora---setting-up-vpc-with-aws-aurora">Setting up VPC with AWS Aurora</a></li>
<li><a href="#2-aws-aurora---setting-up-bastion-hosts-and-testing-via-cli">Setting up Bastion host and testing via CLI</a></li>
<li><a href="#3-aws-aurora---postgresql-data-modelling">PostgreSQL Data Modelling</a></li>
<li><a href="#4-aws-aurora---postgresql-integration-with-nextjs">PostgreSQL integration with Next.js</a></li>
<li><a href="#5-aws-aurora---integration-with-aws-ecs">Integration with AWS ECS</a></li>
</ol>
</li>
</ul>
<h2 id="take-aways"><a href="#take-aways" aria-hidden="true" tabindex="-1"></a>Take aways</h2>
AWS Aurora optimizes the database for performance and durability.
It maintains forks of the commercial version of MySQL and PostgreSQL, and provides compatibility with each. However, only thing to be aware of is that it sometimes may not have the latest versions in new releases as it is a separate fork.
Some key features:
<ul>
<li>Performance Improvements (5x faster than MySQL, 3x faster than PostgreSQL)</li>
<li>Read scale out (up to 15 read replicas)</li>
<li>Fault tolerance and self healing storage
<ul>
<li>minimum of 2 copies of the data stored across 3 Avaibility zones (AZ)</li>
<li>Global Tables available for Regional replication (across multiple regions and data in a total 6+ AZ)</li>
</ul>
</li>
<li>Continuous backups synced to S3</li>
<li>Fully managed by AWS including continuous backup &#x26; point-in-time recovery synced to S3, software patching etc</li>
<li>Performance monitoring (CloudWatch Logs, Cloudwatch, granular SQL statement optimization)</li>
<li>Automatic Storage growth up to 128 TiB (pay what you use AWS Aurora storage volume)</li>
</ul>
Security:
<ul>
<li>Encryption
<ul>
<li>In Transit - SSL/TLS support</li>
<li>At Rest - snapshot and backups encrypted via AWS KMS (when enabled)</li>
</ul>
</li>
<li>IAM authentication</li>
<li>Security groups and Network ACL
<ul>
<li>Restrict network connection access</li>
</ul>
</li>
<li>Auditing and monitoring via Cloudwatch and Cloudtrail</li>
<li>DB event notifications</li>
</ul>
All that being said, AWS Aurora is likely not something you’d use for a hobby project. It is a service engineered for durability and scalability. If you have serious data compliance requirements then it is worth the consideration.
<h2 id="introduction"><a href="#introduction" aria-hidden="true" tabindex="-1"></a>Introduction</h2>
AWS Aurora is AWS’s solution for a fully managed relational database.
It is designed for performance, durability and security with MySQL and PostgreSQL compatibility.
AWS maintains a separate forks of the databases, and offers 5x and 3x performance for MySQL and PostrgreSQL, respectively.
In addition, the AWS Aurora architecture, is core to its availability, performance, durability.
AWS Aurora also offers additional functionality with integration to AWS services natively in the database using SQL (S3, Lambda, Machine learning services, etc).
Beyond just the native function integration, the service is fully managed by AWS from continuous backups, snapshots (which are synced to AWS S3) and software updates.
Conveniently, AWS Aurora integrates with all the other services like IAM, Cloudwatch, Cloudwatch logs.
<h2 id="aurora-architecture"><a href="#aurora-architecture" aria-hidden="true" tabindex="-1"></a>Aurora Architecture</h2>
<div style="display:flex;justify-content:center; margin: 2rem auto;">
 <img src="/images/aws-aurora-architecture.svg" />
</div>
<div style="margin-bottom:4rem;">
 <blockquote style="text-align:center;">
 Example Architecture with AWS Aurora illustrating a write operation into the Aurora’s shared storage volume distributed across 3 AZ.
 </blockquote>
</div>
The Aurora Architecture is how it is able to achieve its durability, performance, continuous backups and quick point-in-time recovery.
AWS Aurora took a different approach to traditional databases where they took the storage layer, and uses a distributed storage volume instead.
These consists of machines which have blocks of 10GB storage blocks that the database servers write the changes to. The storage volume is replicated at a minimum of 2 copies across 3 availibility zones (AZ).
The storage volume grows automatically up to 128 Tib, and you are only charged for the space you use. These backups are automatically synced to S3.
A database cluster consists of a writer node and reader node. When a fail over event occurs, you can specify the node to fail over to reader node based on the priority in the configuration.
Under the hood, when a writer node writes a change, it is asynchronously applied to the storage volume, AWS Aurora ensures 4/6 writes (in blocks across AZ) are confirmed before it is considered to be done.
<h2 id="security"><a href="#security" aria-hidden="true" tabindex="-1"></a>Security</h2>
<h3 id="infrastructure"><a href="#infrastructure" aria-hidden="true" tabindex="-1"></a>Infrastructure</h3>
Running AWS Aurora (much like AWS RDS) within the AWS ecosystem, you get the benefit of running these storage services within AWS VPC which keeps the services private.
In addition to the VPC, AWS also offer Security groups and IAM to limit the access to the database.
In terms of monitoring and logging, all the metrics and logging are available through Cloudwatch, Cloudwatch logs, Cloudtrail logs, event notifications and more.
<h3 id="data-protection"><a href="#data-protection" aria-hidden="true" tabindex="-1"></a>Data Protection</h3>
When configured to do so, the data at rest is encrypted via AWS KMS. So, this means the underlying storage, backups and snapshots are encrypted.
In addition, AWS Aurora also offers encryption in-transit (TLS/SSL), and you can take it a step further by forcing all connection to use SSL in your cluster using a database parameter group.
Example of cluster parameter group:
<div class="remark-highlight"><pre class="language-hcl line-numbers"><code>resource "aws_rds_cluster_parameter_group" "default" {
 name = "${var.project_id}-cluster-parameter-group"
 family = "aurora-postgresql12"
 description = "Postgresql RDS default cluster parameter group"

 parameter {
 name = "rds.force_ssl"
 value = "1"
 apply_method = "immediate"
 }
}
</code></pre></div>
<h4 id="-helpful-reference"><a href="#-helpful-reference" aria-hidden="true" tabindex="-1"></a>📝 Helpful reference:</h4>
<ul>
<li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.html" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora - Security</a></li>
</ul>
<h2 id="features"><a href="#features" aria-hidden="true" tabindex="-1"></a>Features</h2>
<h3 id="multi-master"><a href="#multi-master" aria-hidden="true" tabindex="-1"></a>Multi-master</h3>
AWS Aurora supports multi-master (writer nodes) for scaling writes.
The nodes will asynchonously sync with each other.
<blockquote class="common">
 Note: This is only supported on MySQL version 5.6 at this time. It could change in the future.
</blockquote>
Consistency models within Aurora:
<ul>
<li>Instance Read-After-Write (INSTANCE_RAW): a transaction can observe all transactions previously committed on the instance, and transactions executed on other nodes (subjected to lag)</li>
<li>Regional Read-After-Write (REGIONAL_RAW): cluster wide consistency, a transaction can observe all transactions previously committed in all instances in the cluster</li>
</ul>
Just keep in mind of these configuration depending on your use case.
<h4 id="-helpful-reference-1"><a href="#-helpful-reference-1" aria-hidden="true" tabindex="-1"></a>📝 Helpful reference:</h4>
<ul>
<li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora - Multi Master</a></li>
</ul>
<h3 id="backups"><a href="#backups" aria-hidden="true" tabindex="-1"></a>Backups</h3>
As mentioned, AWS Aurora backs up your cluster volume automatically. However, you can also configure to take daily backups with a specific rentetion period.
There are two important configurations to keep in mind of:
<ul>
<li>backup retention period - How long you want to keep the back up around for ? (range: 1 - 35 days)</li>
<li>backup window - When to take the backup (ie between 8:00 - 9:00 pm) ?</li>
</ul>
Backups in AWS Aurora are always taken continuously and automatically. So, this will an additional backup.
<h3 id="backtrack"><a href="#backtrack" aria-hidden="true" tabindex="-1"></a>Backtrack</h3>
You can “rewind” the state of your database to a time you specify.
Few use cases:
<ul>
<li>Undo mistakes (bad database migration)</li>
<li>Exploring earlier data - You can backtrack to a DB cluster back and forth in time</li>
</ul>
<h3 id="rds-proxy"><a href="#rds-proxy" aria-hidden="true" tabindex="-1"></a>RDS Proxy</h3>
Not strictly an Aurora feature, but it is also supported by AWS Aurora.
Using the proxy gives you the ability to better manage your database connections security and scalability.
It will load balance traffic between your read replicas, and prevent connection count exhaustion.
When the RDS proxy reaches its connection limit, it will throttle the traffic, even though latency will inrease, it will not create a fail over event on your database.
<h3 id="aws-service-integration"><a href="#aws-service-integration" aria-hidden="true" tabindex="-1"></a>AWS service integration</h3>
with AWS Aurora, you can use the standard SQL to call other AWS services like S3, Lambda, and even Machine Learning services.
These can be used to create manual backups or exports, aggregrations, fraud detection and product recommendation on your data depending on your use case.
<h2 id="technical-series"><a href="#technical-series" aria-hidden="true" tabindex="-1"></a>Technical Series</h2>
<h3 id="1-aws-aurora---setting-up-vpc-with-aws-aurora"><a href="#1-aws-aurora---setting-up-vpc-with-aws-aurora" aria-hidden="true" tabindex="-1"></a>1. AWS Aurora - Setting up VPC with AWS Aurora</h3>
<a href="https://www.jerrychang.ca/writing/aws-aurora-technical-series-vpc-and-db-resources" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora Technical Series Part I - AWS Aurora &#x26; VPC</a>
In this module we will be setting up a VPC which will host our AWS Aurora database cluster and instances. These will be within our private subnets.
<img src="/images/aws-aurora-architecture-just-db.svg" alt="aws aurora architecture just db" style="width:100%" />
In addition, we will have a Bastion Host which admins (us) we can ssh into in order to do some management of the database (migration, etc). This will be publicly accessible, however, its access is restricted.
<h3 id="2-aws-aurora---setting-up-bastion-hosts-and-testing-via-cli"><a href="#2-aws-aurora---setting-up-bastion-hosts-and-testing-via-cli" aria-hidden="true" tabindex="-1"></a>2. AWS Aurora - Setting up bastion hosts and testing via CLI</h3>
<a href="https://www.jerrychang.ca/writing/aws-aurora-technical-series-bastion-host" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora Technical Series Part II - Bastion host</a>
In this module, we will be securing our bastion host, which we will be using for the database adminstration (user management, migrations etc).
This includes both, network access from the internet and access to specific resoruces required to perform management tasks (AWS SSM Parameter store, S3 etc).
<h4 id="network-access-management"><a href="#network-access-management" aria-hidden="true" tabindex="-1"></a>Network Access Management:</h4>
<img src="/images/aws-aurora-bastion-host-network-access.svg" alt="bastion host network access" style="width:100%" />
<h4 id="resources-iam-management"><a href="#resources-iam-management" aria-hidden="true" tabindex="-1"></a>Resources IAM Management:</h4>
<img src="/images/aws-aurora-bastion-host-aws-role-access.svg" alt="bastion host aws access" style="width:100%" />
<h3 id="3-aws-aurora---postgresql-data-modelling"><a href="#3-aws-aurora---postgresql-data-modelling" aria-hidden="true" tabindex="-1"></a>3. AWS Aurora - PostgreSQL Data Modelling</h3>
<a href="https://www.jerrychang.ca/writing/aws-aurora-technical-series-postgresql-data-modelling" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora Technical Series Part III - PostgreSQL data modelling</a>
In this module, we will model out our data for our blog site using next.js.
Rather than a static blog, we will make the content dynamic so authors can update it any time they want.
The focus of this series is not on PostgreSQL, but nonetheless, we will dig into some basic SQL like creating database, tables and database triggers.
<img src="/images/aws-aurora-blog-data-model.svg" alt="blog data modelling" style="width:100%" />
The entities include:
<ul>
<li>Blogs</li>
<li>Comments</li>
<li>Users (Authors / Guests)</li>
<li>Social Accounts (User’s social media handles)</li>
</ul>
<h3 id="4-aws-aurora---postgresql-integration-with-nextjs"><a href="#4-aws-aurora---postgresql-integration-with-nextjs" aria-hidden="true" tabindex="-1"></a>4. AWS Aurora - PostgreSQL integration with Next.js</h3>
<a href="https://www.jerrychang.ca/writing/aws-aurora-technical-series-postgresql-integration-nextjs" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora Technical Series Part IV - PostgreSQL integration with Next.js</a>
In this module, we will look at setting up the local PostgreSQL for development.
The features will already implemented but we will take a tour through it to go through some parts of it.
In addition, we will walk through how to setup <code class="language-">node-pg
</code> package to interface with PostgreSQL from Next.js locally, and also considerations for a production environment (in AWS).
Most of this section will be a walk through but I will go through the different parts that are relevant to AWS Aurora and PostgreSQL.
<img src="/images/aws-aurora-local-dev.svg" alt="nextjs and postgresql local development" style="width:100%" />
<h3 id="5-aws-aurora---integration-with-aws-ecs"><a href="#5-aws-aurora---integration-with-aws-ecs" aria-hidden="true" tabindex="-1"></a>5. AWS Aurora - Integration with AWS ECS</h3>
<a href="https://www.jerrychang.ca/writing/aws-aurora-technical-series-integrate-with-aws-ecs" target="_blank" rel="nofollow noopener noreferrer">AWS Aurora Technical Series Part V - Integrate with AWS ECS</a>
In this module, we will integrate AWS Aurora into our AWS ECS setup (in the other series).
These include things like:
<ul>
<li>Updating task definitions</li>
<li>Injecting the password into AWS ECS environments from AWS Paramter store (SSM)</li>
<li>Providing correct access between resources (Network and IAM)</li>
<li>and other miscellaneous tasks</li>
</ul>
<img src="/images/aws-aurora-architecture-with-ecs.svg" alt="aws aurora with ecs" style="width:100%" />

Jerry Chang

Go Back

AWS Aurora Technical Series

Enjoy the content ?