Whether you are building a new application, refactoring an existing one or working on the next big startup, you want to focus on your application and your business and not on time consuming database administration tasks. In this session we will cover how a managed relational database service offloads the undifferentiated heavy lifting around High Availability, DR, Security, Backup/Recovery and Patching while improving your ability to innovate using the capabilities of the PostgreSQL database. We will also dive into the recent changes to the service including support for logical replication and 9.6 as well as lessons learned running a large fleet of PostgreSQL instances.

1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Grant McAlister – Senior Principal Engineer - RDS
March 2017
Amazon RDS for PostgreSQL
Enabling Innovation with Cloud Managed Databases

2. Development to Production
DB1
Test1
DB2
Test2
Big Test
DB1 DB2 DB3
DB4 DB5 DB6
Production
DB1
DB2
QA
DB1
DB2

3. Amazon Relational Database Service
RDS is a managed Relational database service that is simple to deploy,
easy to scale, reliable and cost-effective
Managed Service
Easy to Scale and Operate
Choice of Database Engines
High Availability
High Performance
Amazon Relational Database Service (RDS)

4. RDS Version Updates
Now Supporting 9.6
Minor Releases
• 9.6.1
• 9.5.4
• 9.4.9
• 9.3.14

5. Extension Support Additions
9.6 bloom & pg_visibility
rds-postgres-extensions-request@amazon.com
9.3 Original - 32
9.3 Current - 35
9.4 Current - 39
9.5 Current - 44
Future - ???
9.6 Current - 46

6. Availability

7. Backups and Disaster Recovery

8. Availability – Read and Write – Multi-AZ
Physical
Synchronous
Replication
AZ1 AZ2

9. Availability – Read and Write – Multi-AZ
Physical
Synchronous
Replication
AZ1 AZ2

10. Availability – Read and Write – Multi-AZ
Physical
Synchronous
Replication
AZ1 AZ2
DNS
cname update
Primary Update

11. Availability – Read and Write – Multi-AZ
Physical
Synchronous
Replication
AZ1 AZ2
DNS
cname update

12. Read Replicas = Availability
Sync
Replication
Multi-AZ
Async Replication

13. Read Replicas = Availability
Sync
Replication
Multi-AZ
Async Replication

14. Read Replicas = Availability
Async Replication

15. Read Replicas = Availability
Async Replication

16. Read Replicas = Availability
Async Replication

17. Read Replicas = Availability
Async Replication

18. Cross Region Replicas – DR & Moves
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

19. Cross Region Replicas – DR & Moves
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

20. Cross Region Replicas – DR & Moves
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

21. Cross Region Replicas – DR & Moves
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

22. Cross Region Replicas – DR & Moves
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1
AZ2

23. Cross Region Replicas – DR & Moves
AZ1
US-EAST-1 EU-WEST-1
AZ2

24. Cross Region Replicas – Reduce Latency
AZ1 AZ2
US-EAST-1

25. Cross Region Replicas – Reduce Latency
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

26. Aurora
R/W
Aurora
R
Sync
Replication
AZ-1 AZ-2 AZ-3
Storage Storage Storage Storage Storage Storage
Aurora Storage
4/6 sync
writes
Aurora PostgreSQL – In Preview

27. Aurora
R/W
Aurora
R
Sync
Replication
AZ-1 AZ-2 AZ-3
Storage Storage Storage Storage Storage Storage
Aurora Storage
4/6 sync
writes
Aurora PostgreSQL – In Preview
Async
Invalidation

28. Aurora
R/W
Aurora
R
Sync
Replication
AZ-1 AZ-2 AZ-3
Storage Storage Storage Storage Storage Storage
Aurora Storage
4/6 sync
writes
Aurora
R/W
Aurora
R
Aurora PostgreSQL – In Preview
Async
Invalidation
FAILOVER

29. Amazon Aurora with PostgreSQL Compatibility
Performance By The Numbers
Measurement Result
PgBench >= 2x faster
SysBench 2x-3x faster
Data Loading 3x faster
Response Time >2x faster
Throughput Jitter >3x more consistent
Throughput at Scale 3x faster
Recovery Speed Up to 85x faster

30. Patching

31. Minor Version Patching
• Customer Control Patching
• Execute immediately or in Weekly Maintenance Window
• Auto Patching can be enabled
• Allows for hands off upgrade in next Maintenance Window

32. Major version upgrade
Prod
9.5

33. Major version upgrade
Prod
9.5
Prod
9.6
pg_upgrade
Backup Backup
No PITR

34. Major version upgrade
Prod
9.5
Test
9.5
Restore to a test instance

35. Major version upgrade
Prod
9.5
Test
9.5
pg_upgrade
Restore to a test instance

36. Major version upgrade
Prod
9.5
Test
9.5
Test
9.6
pg_upgrade
Restore to a test instance

37. Major version upgrade
Prod
9.5
Test
9.5
Test
9.6
pg_upgrade
Restore to a test instance
Application
Testing

38. Major version upgrade
Prod
9.5
Test
9.5
Test
9.6
pg_upgrade
Restore to a test instance
Application
Testing

39. Major version upgrade
Prod
9.5
Prod
9.6
pg_upgrade
Backup Backup
No PITR
Test
9.5
Test
9.6
pg_upgrade
Restore to a test instance
Application
Testing

40. Security

41. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
Log Backups

42. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
Log Backups
Security Group

43. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group

44. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC

45. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC
Encryption at Rest

46. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC
Encryption at Rest
ssl_mode=disable

47. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC
Encryption at Rest
ssl_mode=disable

48. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC
Encryption at Rest
ssl_mode=disable
rds.force_ssl=1 (default 0)

49. Forcing SSL on all connections
DB
Instance
Snapshot
Application
Host
SSL
Log Backups
Security Group
VPC
Encryption at Rest
ssl_mode=disable
rds.force_ssl=1 (default 0)

50. Unencrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account

51. Unencrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Snapshot
Share with account

52. Unencrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
SnapshotDB
Instance
Snapshot
Share with account

53. Unencrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
SnapshotDB
Instance
Snapshot
Share with account
Share to Public

54. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Encryption at Rest
Default

55. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account
Encryption at Rest
Default

56. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account
Encryption at Rest
Default

57. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account
Encryption at Rest

58. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account
Encryption at Rest
Custom
Key

59. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
Snapshot
Share with account
Encryption at Rest
Custom
Key
Add external
account

60. Encrypted Snapshot Sharing
DB
Instance
Snapshot
Prod Account
Test Account
SnapshotDB
Instance
Snapshot
Share with account
Encryption at Rest
Custom
Key
Add external
account

61. Cross Region Replicas – Encrypted
AZ1 AZ2
US-EAST-1

62. Cross Region Replicas – Encrypted
AZ1 AZ2 AZ1
Async Replication
US-EAST-1 EU-WEST-1

63. 0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
2 Threads 4 Threads 8 Threads 16 Threads 32 Threads 64 Threads
TransactionsPerSecond(TPS)
PG Bench - Read & Write
Regular
Encrypted
Encryption at rest overhead
5 to 10% Overhead on heavy write

64. HIPAA-eligible service & FedRAMP
• RDS PostgreSQL is now a HIPAA-eligible service
• https://aws.amazon.com/compliance/hipaa-compliance/
• FedRAMP in AWS GovCloud (US) region
• https://aws.amazon.com/compliance/fedramp/

65. Data movement

66. Move data to the same or different database engine
Keep your apps running during the migration
Start your first migration in 10 minutes or less
Replicate within, to, or from AWS EC2 or RDS
AWS
Database Migration
Service
(DMS)

67. Customer
Premises
Application Users
EC2
or
RDS
Internet
VPN
Start a replication instance
Keep your apps running during the migration
AWS Database
Migration Service

68. Customer
Premises
Application Users
EC2
or
RDS
Internet
VPN
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
Keep your apps running during the migration
AWS Database
Migration Service

69. Customer
Premises
Application Users
EC2
or
RDS
Internet
VPN
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
Let the AWS Database Migration
Service create tables and load data
Keep your apps running during the migration
AWS Database
Migration Service

70. Customer
Premises
Application Users
EC2
or
RDS
Internet
VPN
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
Let the AWS Database Migration
Service create tables and load data
Uses change data capture to keep
them in sync
Keep your apps running during the migration
AWS Database
Migration Service

71. Customer
Premises
Application Users
EC2
or
RDS
Internet
VPN
Start a replication instance
Connect to source and target databases
Select tables, schemas, or databases
Let the AWS Database Migration
Service create tables and load data
Uses change data capture to keep
them in sync
Switch applications over to the target
at your convenience
Keep your apps running during the migration
AWS Database
Migration Service

72. AWS Database Migration Service - PostgreSQL
• Source - on premise or EC2 PostgreSQL (9.4+)
RDS (9.4.9+ or 9.5.4+ or 9.6.1)
• Destination can be EC2 or RDS
• Initial bulk copy via consistent select
• Uses PostgreSQL logical replication support to provide
change data capture
https://aws.amazon.com/dms/

73. Logical Replication Support
• Supported with 9.6.1+, 9.5.4+ and 9.4.9+
• Set rds.logical_replication parameter to 1
• As user who has rds_replication & rds_superuser role
SELECT * FROM pg_create_logical_replication_slot('test_slot', 'test_decoding');
pg_recvlogical -d postgres --slot test_slot -U master --host $rds_hostname -f - --start
• Added support for Event Triggers

74. Logical Decoding Space Usage

75. CloudWatch – Replication Lag

76. CloudWatch – Slot usage for WAL

77. Logical Replication Support - Example
RDS
Postgres
RDS
Postgres
Logical Replica
Redshift
DMS

78. Logical Replication Support - Example
RDS
Postgres
RDS
Postgres
Logical Replica
Redshift
On Premise
Postgres
DMS

79. Logical Replication Support - Example
RDS
Postgres
RDS
Postgres
Logical Replica
Redshift
EC2
Postgres
On Premise
Postgres
DMS

80. Logical Replication Support - Example
RDS
Postgres
RDS
Postgres
Logical Replica
Redshift
EC2
Postgres
On Premise
Postgres
DMS
EC2
Oracle

81. Logical Replication Support - Example
RDS
Postgres
RDS
Postgres
Logical Replica
Redshift
EC2
Postgres
On Premise
Postgres
DMS
EC2
Oracle
Custom
Logical
Handler
NoSQL DB

82. Schema Conversion Tool - SCT
Downloadable tool (Windows, Mac, Linux Desktop)
Source Database Target Database on Amazon RDS
Microsoft SQL Server Amazon Aurora, MySQL, PostgreSQL
MySQL PostgreSQL
Oracle Amazon Aurora, MySQL, PostgreSQL
PostgreSQL Amazon Aurora, MySQL

83. SCT - Analysis

84. SCT - Detailed

85. Scale & Performance

86. Push Button Scaling

87. M4 Instance Class – pgbench read only
0
2000
4000
6000
8000
10000
12000
14000
1 2 4 8 16
TransactionsperSecond(TPS)
Threads
db.m3.large db.m4.large
46% Better Price/Performance
37% TPS Increase
$0.195 $0.182

88. Enhanced Operating System (OS) metrics
1-60 second granularity
cpuUtilization
• guest
• irq
• system
• wait
• idl:
• user
• total
• steal
• nice
diskIO
• writeKbPS
• readIOsPS
• await
• readKbPS
• rrqmPS
• util
• avgQueueLen
• tps
• readKb
• writeKb
• avgReqSz
• wrqmPS
• writeIOsPS
memory
• writeback
• cached
• free
• inactive
• dirty
• mapped
• active
• total
• slab
• buffers
• pageTable
• Hugepages
swap
• cached
• total
• free
tasks
• sleeping
• zombie
• running
• stopped
• total
• blocked
fileSys
• used
• usedFiles
• usedFilePercent
• maxFiles
• total
• usedPercent
loadAverageMinute
• fifteen
• five
• one
uptime
processList
• name
• cpuTime
• parentID
• memoryUsedPct
• cpuUsedPct
• id
• rss
• vss

89. Process List

90. OS metrics

91. Performance Insights – In Preview

92. Performance Insights – In Preview

93. Stats on RAMDISK
• Set rds.pg_stat_ramdisk_size in MB’s
• Creates a RAM disk and sets stats_temp_directory to
use it.
• Reduces IOPS
• Good for instances with many tables/indexes and
databases.

94. Burst mode: GP2 and T2
T2 – Amazon EC2 instance with burst capability
• Base performance + burst
• Earn credits per hour when below base performance
• Can store up to 24 hours worth of credits
• Amazon CloudWatch metrics to see credits and usage
GP2 – SSD-based Amazon EBS storage
• 3 IOPS per GB base performance
• Earn credits when usage below base
• Burst to 3000+ IOPS

95. T2 – CPU credits

96. Burst mode: what’s new
db.t2.large
• 60 CPU Initial Credit
• 36 CPU Credit earned per hour
• Base Performance – 60%
• 8 GB RAM
• Increased IO bandwidth
• Encryption at rest support
Future – t2.xlarge & t2.2xlarge

97. 0
2000
4000
6000
8000
10000
12000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
TransactionsperSecond(TPS)
Hours
100% Read - 20GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
db.t2.medium + 200GB gp2
Burst mode vs. Classic vs. Provisioned IOPS
$0.10 per hour
$0.58 per hour
$0.40 per hour
$0.50 per hour

98. 0
2000
4000
6000
8000
10000
12000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
TransactionsperSecond(TPS)
Hours
100% Read - 20GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
db.t2.medium + 200GB gp2
db.t2.medium + 1TB gp2
Burst mode vs. Classic vs. Provisioned IOPS
$0.10 per hour
$0.58 per hour
$0.23 per hour
$0.40 per hour
$0.50 per hour

99. 0
2000
4000
6000
8000
10000
12000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
TransactionsperSecond(TPS)
Hours
100% Read - 20GB data
db.m1.medium + 200GB standard
db.m3.medium + 200G + 2000 IOPS
db.m3.large + 200G + 2000 IOPS
db.t2.medium + 200GB gp2
db.t2.medium + 1TB gp2
db.t2.large + 1TB gp2
Burst mode vs. Classic vs. Provisioned IOPS
$0.10 per hour
$0.58 per hour
$0.23 per hour
$0.40 per hour
$0.50 per hour
$0.30 per hour

100. Lessons

101. Vacuum parameters
Will auto vacuum when
• autovacuum_vacuum_threshold +
autovacuum_vacuum_scale_factor * pgclass.reltuples
How hard auto vacuum works
• autovacuum_max_workers
• autovacuum_nap_time
• autovacuum_cost_limit
• autovacuum_cost_delay

102. RDS autovacuum logging (9.4.5+)
log_autovacuum_min_duration = 5000 (i.e. 5 secs)
rds.force_autovacuum_logging_level = LOG
…[14638]:ERROR: canceling autovacuum task
…[14638]:CONTEXT: automatic vacuum of table "postgres.public.pgbench_tellers"
…[14638]:LOG: skipping vacuum of "pgbench_branches" --- lock not available
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.Comm
onDBATasks.html#Appendix.PostgreSQL.CommonDBATasks.Autovacuum

103. RDS autovacuum visibility(9.3.12, 9.4.7, 9.5.2, 9.6.1)
pg_stat_activity
BEFORE
usename | query
----------+-------------------------------------------------------------
rdsadmin | <insufficient privilege>
rdsadmin | <insufficient privilege>
gtest | SELECT c FROM sbtest27 WHERE id BETWEEN 392582 AND 392582+4
gtest | select usename, query from pg_stat_activity
NOW
usename | query
----------+----------------------------------------------
rdsadmin | <insufficient privilege>
gtest | select usename, query from pg_stat_activity
gtest | COMMIT
rdsadmin | autovacuum: ANALYZE public.sbtest16

104. CloudWatch Metric

105. AWS Database BLOG
https://aws.amazon.com/blogs/database/

106. Thank you!
Questions?