RDS DB Clusters
RDS DB Clusters Should Be Configured to Copy Tags to Snapshots
What is the Purpose of Copying Amazon RDS Aurora Cluster Tags?
Copying your Amazon RDS Aurora cluster tags to any automated or manual snapshots taken from your database clusters allows you to easily set metadata (including access policies) on your snapshots in order to match the parent clusters. This relationship is demonstrated clearly in the diagram below using cluster volume, a primary instance of the RDS DB clusters, aurora replicas, data copies, and availability zones. To aid in your understanding of this topic you can refer to the Amazon Aurora User Guide. This guide states that “ an Aurora configuration with only a single DB instance is still a cluster because the underlying storage volume involves multiple storage nodes distributed across multiple Availability Zones”.
This diagram shows the cluster volume, the primary DB instance, and Aurora Replicas in an Aurora DB cluster. This helps demonstrate how RDS DB metadata is matched in a visual way.
Importance of Enhanced Monitoring for RDS DB Clusters
Enhanced monitoring is the delivery of Amazon RDS system metrics and processed information as it happens. You must always ensure enhanced monitoring is on for your RDS DB clusters, it is a crucial aspect of this process. This is because it gives you real-time system metrics and processed information. The reason this is so important to set metadata on your snapshots is that it allows you to configure the information to your specific needs. It helps specifically when you need to track how a variety of processes on a DB instance utilize the CPU. Below is a step-by-step guide to assist you in applying this case.
This guide gives you step-by-step instructions on how to use Enhanced Monitoring.
Attaching IAM Policies Only to Groups/Roles
An IAM policy is a set of instructions given to an IAM user, which is a structure you institute in AWS to act for a person who works with AWS through the structure. Since the number of users continues to increase, the access control can become much more simple by allocating the rights at the group level. Below is a list showing how to apply this use case with specific instructions.