SAA
- Read Replicas can be within AZ, Cross AZ or Cross Region
- Replication is async, eventually consistent
- New connection endpoint for repliaca, need to update in application
- Transfer data within region, won't cost
- But cross region does
- Multi AZ for DR
- The read replicas can be setup as Multi AZ
- rds.force_ssl=1
- Grant Usage ON *.* To 'mysqluser'@'%' REQUIRE SSL
- TDE: for Oracle and MS SQL Server
- RDS is launched in a private VPC, if you want to access it by using Lambda, you also need to launch the Lambda in the same VPC
- CloudTrail cannot be used to track queries made with RDS
- health check for failover to promote read replica as main DB
- Cross region read replica and multi AZ on main database
For RDS, if whole region failed, read replica promoted to stand-alone (Single-AZ) - manul step
Then Single-AZ reconfigured to Multi-AZ - manul step