Data-Driven Decisions
Define clear, data-driven approach for architectural choices to verify that right cloud services and configurations meet specific business needs
Well Architected Principles
Applying AWS Well-Architected Framework Principles to the Database Layer
Section titled “Applying AWS Well-Architected Framework Principles to the Database Layer”The AWS Well-Architected Framework provides best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud, including database layer considerations.
Overview
Section titled “Overview”The AWS Well-Architected Framework has six pillars, each including best practices and questions to consider when architecting cloud solutions. This section highlights best practices most relevant to database layer design.
As a cloud architect adding a database layer, you need to:
- Evaluate available database options before selecting data management solution to optimize performance
- Secure infrastructure effectively so data is durable and safe from threats
- Consider cost implications while meeting technical requirements
Performance Efficiency: Architecture Selection
Section titled “Performance Efficiency: Architecture Selection”Best Practice Approach
Section titled “Best Practice Approach”Use a data-driven approach for architectural choices and evaluate how trade-offs impact customers and architecture efficiency.
Trade-off Evaluation
Determine which choices impact customers and workload efficiency when evaluating performance-related improvements
Cost Considerations
Factor cost into architectural decisions to improve resource utilization and performance efficiency
Database Architecture Selection Process
Section titled “Database Architecture Selection Process”Understanding Data Characteristics:
- Access patterns of workload and requirements of applications
- Anticipated growth of data and traffic
- Data model requirements (relational, document, key-value, graph, timeseries)
- Latency and throughput requirements
Evaluating Available Options:
- Document workload data characteristics with enough detail to facilitate selection
- Run load tests to identify key performance metrics and bottlenecks
- Evaluate acceptable query times to ensure selected database options meet requirements
- Consider read replicas, global tables, data partitioning, and caching options
Decision Factors
Section titled “Decision Factors”AWS Database Selection Examples
Section titled “AWS Database Selection Examples”Relational Data: Use Amazon RDS for traditional relational database needs
Data Warehouse: Use Amazon Redshift for analytics and reporting workloads
Key-Value with Low Latency: Use DynamoDB for key-value data requiring very low latency at high scale
Purpose-Built Needs: Use specialized databases designed for specific workloads (graph, timeseries, document, etc.)
Performance Optimization Configuration
Section titled “Performance Optimization Configuration”Amazon RDS Optimizations:
- Configure instance type and size suited to workload
- Configure high availability and implement read replicas
- Use RDS Proxy to scale connection pools
DynamoDB Optimizations:
- Leverage automatic horizontal scaling
- Use secondary indexes for improved query patterns
- Implement global tables for multi-region performance
Security: Data Protection at Rest
Section titled “Security: Data Protection at Rest”Best Practice Approach
Section titled “Best Practice Approach”Implement secure key management and enforce encryption at rest to protect data residing in database storage.
Secure Key Management
Define encryption approach including storage, rotation, and access control of keys to protect against unauthorized access
Enforce Encryption at Rest
Ensure the only way to store data is by using encryption, integrating seamlessly with AWS services
Encryption maintains confidentiality of sensitive data in event of unauthorized access or accidental disclosure, reducing risk when encryption and appropriate access controls are implemented.
Section titled “Encryption maintains confidentiality of sensitive data in event of unauthorized access or accidental disclosure, reducing risk when encryption and appropriate access controls are implemented.”AWS Database Encryption Examples
Section titled “AWS Database Encryption Examples”AWS KMS Integration:
- AWS KMS helps manage encryption keys and integrates with many AWS services
- Provides durable, secure, and redundant storage for AWS KMS keys
- Amazon databases like RDS and DynamoDB use AWS KMS to secure data
Amazon RDS Encryption:
- Encrypts databases using keys managed with AWS KMS
- Data stored at rest in underlying storage is encrypted
- All logs, backups, and snapshots are encrypted
- Handles authentication of access and decryption transparently with minimal performance impact
DynamoDB Encryption:
- Encrypts all user data at rest stored in tables, indexes, streams, and backups
- Uses encryption keys stored in AWS KMS by default
- Provides additional layer of data protection by securing data from unauthorized access to underlying storage
Cost Optimization: Cost-Effective Resources
Section titled “Cost Optimization: Cost-Effective Resources”Best Practice Approach
Section titled “Best Practice Approach”Select the correct resource type, size, and number based on data to meet technical requirements with lowest cost resource.
Right-Sizing Process
Data-Based Selection: Select resource size or type based on data about workload and resource characteristics such as compute, memory, throughput, or write intensive
Iterative Process: Right-sizing can be iterative, initiated by changes in usage patterns and external factors like AWS price drops or new resource types
Workload Analysis: Use previous on-premises version, documentation, or other sources of information about workload characteristics
Cost Optimization Examples
Section titled “Cost Optimization Examples”Aurora Benefits:
- Provides better performance and lower cost than standard database engines
- Aurora Serverless provides on-demand scaling to avoid overprovisioning resources
- Automatic scaling based on actual workload needs
Resource Balancing:
- Find right balance of performance and costs to right-size resources
- Avoid underprovisioning that impacts application performance
- Avoid overprovisioning that increases unnecessary costs
Usage-Based Scaling:
- Choose database solutions that scale based on actual usage patterns
- Monitor and adjust resources based on real workload demands
- Consider reserved instances for predictable workloads
Cost Considerations by Database Type
Section titled “Cost Considerations by Database Type”- Choose appropriate instance types based on workload requirements
- Use read replicas instead of larger instances for read-heavy workloads
- Consider Aurora for cost savings with better performance
- Use Aurora Serverless for variable workloads
- Pay only for throughput and storage used
- Auto scaling adjusts capacity based on traffic
- Global tables provide multi-region access without over-provisioning
- Secondary indexes optimize query performance cost-effectively
- Select databases optimized for specific use cases
- Avoid forcing single database to handle all workload types
- Leverage managed services to reduce operational overhead costs
Integration of Well-Architected Principles
Section titled “Integration of Well-Architected Principles”Performance Efficiency + Security
Section titled “Performance Efficiency + Security”- Choose databases that provide both optimal performance for workload and built-in security features
- Use managed services that handle security updates and patches automatically
- Implement encryption without sacrificing performance through AWS KMS integration
Performance Efficiency + Cost Optimization
Section titled “Performance Efficiency + Cost Optimization”- Select databases that provide required performance at optimal cost point
- Use auto-scaling features to match capacity to actual demand
- Consider purpose-built databases for specialized workloads rather than over-provisioning general-purpose databases
Security + Cost Optimization
Section titled “Security + Cost Optimization”- Leverage managed services that provide security features without additional operational costs
- Use AWS native encryption and key management services
- Implement fine-grained access controls to prevent unauthorized usage and associated costs
Monitoring and Continuous Improvement
Section titled “Monitoring and Continuous Improvement”Performance Monitoring:
- Use CloudWatch metrics to monitor database performance and identify optimization opportunities
- Set up alerts for performance thresholds and cost anomalies
- Regularly review and adjust database configurations based on actual usage patterns
Security Monitoring:
- Use AWS CloudTrail to monitor database access and configuration changes
- Implement AWS Config rules to ensure compliance with security policies
- Regular security assessments and access reviews
Cost Monitoring:
- Use AWS Cost Explorer to analyze database spending patterns
- Set up billing alerts for unexpected cost increases
- Regular right-sizing reviews based on actual utilization
The AWS Well-Architected Framework principles provide comprehensive guidance for designing database layers that are performant, secure, and cost-effective while meeting business requirements and maintaining operational excellence.