AWS RDS Read Replicas are designed to improve the performance and robustness of RDS DB instances. They make the elastic scaling of a single DB instance simple and beyond their limitations when working with read-heavy database workloads. We can create multiple replicas of our DB instance and deliver applications with large read data using these replicas. Our main DB instance acts as a primary or master instance, and any updates here are asynchronously copied over to the read replicas. These replicas deliberately reduce the load on the main database and enhance the overall read throughput.
Another major benefit of reading replicas is that they can serve as a disaster recovery mechanism. In case our DB instance breaks down, the replica can act as a standalone instance performing on behalf of the main database.
What will we cover?
This guide will see how we can create a read replica of our RDS database instance using the IAM users’ management console. We will first create an IAM user using the root user account.
Creating an IAM User
Cloud service providers usually offer an IAM or Identity and Access Management feature to give a user root account extra security. In a work/production environment giving each user access to a root account or managing services directly from the root, the account is vulnerable to security threats. Instead, we can create users with specific permissions to avoid privilege escalation problems. This is similar to creating users in Linux with limited access to system files and other resources. So in this hands-on lab, we will create an IAM user with minimal access rights required for performing RDS database operations. The user will be able to perform the below operations:
1. List the IAM roles etc.
2. Create a Read Replica.
For creating the above IAM user, follow the instructions below:
Step 1. Go to the AWS IAM console and click the ‘Add Users’ button.
Step 2. Give a suitable name to your user and assign a password. We have checked the ‘ Access Key ‘ tick box since we are interacting with the user using AWS CLI. Additionally, we have also given management console access to this user.
Step 3. In the further steps, we can also add this user to a group, but we have skipped this for now. Now click ‘Next:Tags’ to continue:
Step 4. (Optional), we can add tags (Key-value pair) to organize our users.
Step 5. On the next screen, review the settings for your user:
Step 6. When you click the ‘Create user’ button, you will be asked to download your access keys. Keep these keys secret and put them in some safe place as they are available to download only once. Your user will now be available in the IAM users section:
Step 7. Now we will add an inline policy for this user through which it will perform the above-specified database operation. In the IAM users section, click on your user name. Click the ‘Add inline policy’ label under the ‘Permissions’ tab on the new screen.
A new wizard named as ‘Create policy’ will appear where you have to select the JSON tab and paste the below code there:
Note: You can modify this policy to allow the user to perform other RDS based operations.
Step 8. Now click the ‘Review policy’ button at the bottom:
Step 9. Give a suitable name to your policy and click the “Create policy’ button:
The above inline policy can now be seen on the IAM user console:
Important Points Regarding Read Replica
Now before continuing, you should look at some of the important points below:
1. The best practice is that the read replicas should be configured in the same manner as that of the master DB instance.
2. Read replicas are supported only for MariaDB, Microsoft SQL Server, MySQL, Oracle, and PostgreSQL database engines.
3. By default, when a read replica is created, it has the same storage type as that of the source DB instance, and it can also be changed at the time of creation.
4. While changing the storage space allocated to a read replica, be sure this increment should be at least 10%.
5. Circular replication, i.e., configuring a DB instance as a replica for an already existing DB instance, is not supported.
6. There are significant differences between the replicas of different DB engines.
7. While creating a read replica, AWS RDS creates a snapshot of the source DB instance and then starts replication. This may cause a slight I/O interruption for the source DB instance.
8. Automatic backups should be enabled for the source DB instance by configuring a backup retention period value other than ‘0’.
Creating and Working with Read Replicas
1. Using AWS Management Console
Before we start to create a read replica, make sure you do have a running DB instance to act as a source or master instance. If you do not already have any DB instance running, go ahead and create one.
As you can see in the below screenshot from the management console of our IAM user, we have a running MySQL DB instance:
We can create a read replica using AWS console, AWS CLI and RDS API. We are using the management console approach. Let’s begin now. First, it looks good to mention the source database configuration. We are using the free-tier of AWS, so most of the options are preselected. We have selected the MySQL community edition with version 8.0.27.
Now follow the below steps for creating a read replica:
Step 1. Select your DB instance and click the ‘Action’ drop-down menu and select the ‘Create read replica’ option from there:
Step 2. On the ‘Create read replica DB instance’ page, you will notice that some of the settings are pre-filled as per the best practices. We are following the best practices here; however, we can change these settings as per our requirements.
Note: It is recommended to use the same destination DB subnet group as that of the source DB instance.
Step 3. Select your read replica source and give a name to your DB instance for your replica (‘myreplica’ in our case) and select the region where you want to launch it. For this guide, we are sticking to the same region read replica.
Also, all the settings with respect to DB instance class and storage details are used from the pre-filled settings.
Similarly, inside the Storage section, we have just enabled the storage autoscaling.
Step 4. Using Multi-AZ deployment, we can create fallback support for our replica. Choose ‘yes’ if you need Multi-AZ support for your replica.
Step 5. We have changed the public accessibility of the replica from ‘yes’ to ‘no’. For database authentication, we have selected ‘Password authentication’
Step 6. We have not enabled the encryption for our replica in the advanced configuration section as we have not enabled it for the source DB instance. Also, to keep it simple, we have not checked monitoring, logging option, deletion protection, but you can keep them if you require.
Step 7. In database options, you can change the port value from other than the default one. Check the ‘Copy tags to snapshots’ if you want to copy the tags to snapshots. Similarly, enable the IAM DB authentication if you will manage the database user through the IAM users. Optionally you can select to upgrade your replica with the minor DB updates.
Step 8. Now finally, hit the ‘Create read replica’ button. The new read replica instance will appear in the IAM RDS database dashboard:
2. Using AWS CLI
The same results can also be obtained from AWS CLI using the command below:
--db-instance-identifier myreplica \
--source-db-instance-identifier db-linuxhint \
Final Note: Do not forget to clean up the resources not in use to avoid unexpected charges.
That’s all; our replica is now ready to serve our application. We have used an IAM user with limited permissions to access AWS resources in this guide. The same task can also be done using the AWS CLI option. Next, you create a scenario for a read replica in a different region from that of the source instance.