In this blog we use the terms:
- RDS Regular : normal RDS where we can’t access the database host or SYS Account, but provides the most automation coverage
- RDS Custom : newer flavour of RDS where we can access the database host and SYS user and make customisations.
First we will have a review of RDS Regular:
Oracle RDS Regular should be considered as first choice by most RDS Oracle users due to its administration and automation. It’s a proven managed solution. This has has been available from AWS for many years so is a tried and tested model for many organisations. There is still a need for DBA/Developer guidance for Performance, which is not covered by RDS as ‘Application Optimisation’ is always the customer’s responsibility.
Oracle RDS Regular provides features that allow the provisioning and managing of a Database without the normal of level of database administrator skills normally required.
One limitation of Oracle RDS Regular is the database and host is locked down, this means we can’t access the database host or log on to the database as the SYS user.
Oracle RDS Regular Key Features:
- Supports multiple Oracle editions (e.g., Standard Edition, Enterprise Edition) under oth Bring Your Own License (BYOL) or License Included models for Standard Edition
- Automates provisioning, patching, backup and recovery
- Provides auto scaling functionality
- Enable Multi-AZ ‘disk’ replication for high availability
- Read replicas for improved read performance with Active Dataguard License on Enterprise Edition
- Wide choice of Instance types for various workloads such as memory OR compute intensive
- Backups Automation
- Performance Monitoring using Performance Insights
AWS manages:
- Operating System
- Database software binaries
- EC2 Infrastructure
Uses Cases:
- Standard Oracle workloads
- Use of Standard Database features with default or best practice setup
Limitations:
- No access to the underlying OS hosting the database
- No SYS user access
- No direct access or control over the Oracle binaries
Next we take a look at Oracle RDS Custom:
Oracle RDS Custom is an AWS offering of Oracle RDS that provides access to the database host and SYS user to facilitate a lower level of customisations and capabilities. This includes one off patching, Dataguard in SYNC mode and use of Oracle Flashback.
Oracle RDS Custom offers greater customisation at the cost of automation and administration. It is a magnitude more complicated to setup and support and needs a Database Administrator and AWS Engineer to setup.
Oracle RDS Custom allows organisations to access the EC2 host and operating system where the database is running. Being able to access the Database host opens up the flexibility to tailoring Oracle RDS Custom as needed. It also removes some desirable limitations from the RDS Regular offering such as:
- Database software version custom patching
- Setting up Oracle Dataguard in maximum availability mode
- Use of Oracle Flashback Database
- Customisations needed by 3rd party Applications
Key Features:
- End user access to host where Database is running
- Access to sys account on the Oracle database
- Supports both Standard Edition and Enterprise Edition
- Install one off patches
- Support Dataguard replicas in both ASYNC and SYNC modes of operation
AWS manages:
- hardware Infrastructure
- Users are responsible for database and OS customizations, patching
Use Cases:
- Legacy or packaged applications that need specific Oracle configurations or OS access.
- Workloads needing features unsupported by standard RDS
Limitations:
- No support for License Included
- No Multi-AZ deployment ‘Disk’ replication
- No stopping of instance to reduce costs
- only basic automation provided by AWS tooling
Comparing Oracle RDS Regular to Oracle RDS Custom at a high level
Comparing a database running on Non RDS EC2 vs RDS Regular vs RDS Custom
High-level overview of RDS Oracle Custom architecture for quick reference
Responsibility Model
| Technical Area | Regular RDS | RDS Custom |
|---|---|---|
| Application optimization | Customer | Customer |
| Scaling | AWS | Shared |
| High availability | AWS | Customer |
| Database backups | AWS | Shared |
| Database software patching | AWS | Shared |
| Database software install | AWS | Shared |
| OS patching | AWS | Customer |
| OS installation | AWS | Shared |
| Server maintenance | AWS | AWS |
| Hardware lifecycle | AWS | AWS |
| Power, network, and cooling | AWS | AWS |
Unix Environment
Filesystem Layout
TNS and Listener setup
Dataguard Setup
Oracle RDS Custom AWS Resources
1. KMS key
Customer managed symmetric encryption KMS key to encrypt RDS OracleDatabase
2. CloudFormation Templates IAM
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/samples/custom-oracle-iam.zip
instance profile:
AWSRDSCustomInstanceProfile-region
service role:
AWSRDSCustomInstanceRole-region
access policy attached to service role:
AWSRDSCustomIamRolePolicy
3. CloudFormation Templates VPC
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/samples/custom-vpc.zip
private VPC
subnet group named rds-custom-private
VPC endpoints, which your DB instance uses to communicate with dependent AWS services:
com.amazonaws.region.ec2messages
com.amazonaws.region.events
com.amazonaws.region.logs
com.amazonaws.region.monitoring
com.amazonaws.region.s3
com.amazonaws.region.secretsmanager
com.amazonaws.region.ssm
com.amazonaws.region.ssmmessages
4. IAM roles for RDS and CEV
AdministratorAccess policy
AmazonRDSFullAccess policy
5. s3 Bucket
Create s3 Bucket to hold:
CEV Manifest
Oracle software
Oracle Patches
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/samples/custom-oracle-manifest.zip
https://edelivery.oracle.com/
6. IAM s3 Privileges
“s3:CreateBucket”,
“s3:PutBucketPolicy”,
“s3:PutBucketObjectLockConfiguration”,
“s3:PutBucketVersioning”
“s3:GetObjectAcl”,
“s3:GetObject”,
“s3:GetObjectTagging”,
“s3:ListBucket”
7. IAM KMS privileges
“kms:CreateGrant”,
“kms:DescribeKey”
8. IAM other
iam:SimulatePrincipalPolicy
cloudtrail:CreateTrail
cloudtrail:StartLogging
9. AWS cli download
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html