Professional Documents
Culture Documents
Overview of AWS
Additional Topics
Session Goals
Develop an understanding of how to set up an Have a better understanding of how to
AWS environment transition DBA knowledge to AWS
Availability Zones - Inside each region, you will find two or more availability zones
with each zone hosted in separate data centers from another zone. These exist on
totally separate internal infrastructure.
VPC – Virtual Private Cloud is the network isolated area where the AWS services
are located. S3 buckets and Dynamo DB are examples of AWS services that exist
outside of a VPC.
Common AWS Options
All services live an operate within the AWS cloud. Management and
administration is accomplished within the cloud by using workspaces.
All services are in the cloud but are managed outside of the VPC. This would
include database management, server management etc. The connections are
established through a AWS direct connect or a VPN.
Hybrid architecture mixes both on premises and cloud services. AWS direct
connect or VPN are options, but direct connect is preferred.
Networking in AWS
Networking Basics in AWS
• The networks between availability zones have to be in a different subnet.
• VPC peering can be used to establish connectivity between VPC’s Note:
peering can only be used one to one between two VPC’s
• Transit gateways are used to simplify connection to multiple VPC’s
• NAT is used to translate from a private IP to a public IP
• Security Groups and NACL’s are used to secure network traffic
• As a best practice, private addressing and unique ip ranges are
recommended.
• Setting up network routes in AWS. Routes can be set up for both private
and public routing.
IP Addressing in AWS
• RFC 1918 defines the private addressing range. The addresses in this
range are not available for public use and are not found publicly on
the internet. https://tools.ietf.org/html/rfc1918
• 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
• 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
• 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
• AWS recommends using these ranges in a VPC
Subnets in AWS
• AWS uses Classless Inter-Domain Routing or CIDR notation when
defining subnets.
• An example to CIDR notation 192.168.56.0/24 In this example, there
would be 255 address available assuming one address is used for the
network router.
• 192.168.56.0 with a subnet mask of 255.255.255.0 would translate to
192.168.56.0/24
• To determine the available addresses use the following formula using
the above example: 2 ^ (32 – 24)
• /28 is the highest number you can go to in AWS.
AWS Routing
• Routing to an Internet gateway. Public subnets are created by adding a
route to the subnet route table to an internet gateway.
• Routing to a NAT device. This enables instances in a private subnet to
connect to the internet.
• Routing to a Private Gateway. An AWS Site-to-Site VPN connection enables
instances in your VPC to communicate with your own network using a
virtual private gateway.
• VPC Peering. A network connection between two VPCs that allows routing
traffic between them using private IPv4 addresses. Instances in either VPC
can communicate with each other as if they are part of the same network.
• Transit Gateway. A alternative to VPC Peering that simplifies networking to
multiple VPCs.
Security Groups and NACLs
set serveroutput on
exec rdsadmin.manage_tracefiles.refresh_tracefile_listing;
select * from rdsadmin.tracefile_listing;
SELECT text FROM
table(rdsadmin.rds_file_util.read_text_file('BDUMP','alert_ORCL.log'));
RDS Trace File Listing
select * from rdsadmin.tracefile_listing order by filename;
Viewing the Alert Log File
• SELECT text FROM
table(rdsadmin.rds_file_util.read_text_file('BDUMP','alert_ORCL.log'));
Redo Logs in RDS
• Redo logs: adding, sizing, dropping
• Adding a redo log
select GROUP#, BYTES, STATUS from V$LOG;
exec rdsadmin.rdsadmin_util.add_logfile(bytes => 536870912);
• Switching a log file
exec rdsadmin.rdsadmin_util.switch_logfile;
• Dropping a log file
exec rdsadmin.rdsadmin_util.drop_logfile(grp => 1);
Tablespaces in RDS
• Tablespaces in RDS create big file data files by default.
• Data files use Oracle Managed files by default.
create tablespace tbstest datafile size 50M;
create temporary tablespace temptbstest tempfile size 50M;
create tablespace tbstest datafile size 50M autoextend on next 1m max
size 32G;
Database Auditing
• select * from dba_obj_audit_opts where owner='SYS' and object_name='AUD$';
• exec rdsadmin.rdsadmin_master_util.audit_all_sys_aud_table;
• exec rdsadmin.rdsadmin_master_util.noaudit_all_sys_aud_table;
Using RMAN in RDS
• Only RMAN backups are currently supported. Database restores cannot be done in RDS using
RMAN.
BEGIN
rdsadmin.rdsadmin_rman_util.backup_database_full(
p_owner => 'SYS',
p_directory_name => 'RMAN_BACKUPS',
p_parallel => 4,
p_section_size_mb => 10,
p_rman_to_dbms_output => FALSE);
END;
/
• Show all the RMAN options
describe RDSADMIN.rdsadmin_rman_util
Getting Started with EC2
What is EC2?
• Amazon Elastic Compute Cloud (Amazon
EC2) is a web service that provides
secure, resizable compute capacity in
the cloud, designed to make web-scale
cloud computing easier for developers.
• Amazon EC2's simple web service
interface allows you to obtain and
configure capacity with minimal friction.
• Also known as Infrastructure as a
Service (IAAS)
• Allows the deployment and
configuration of an Amazon Machine
Image (AMI)
On the EC2 Dashboard, Choose “Launch Instance” to create an AMI (Amazon Machine Instance)
Choose an AMI with the “Select” button next to the selection
Select an instance type and continue with “Next: Configure Instance Details”. Don’t go to “Review and Launch”
In Step 3, “Number of instances” is set to “1”. The “Network”, “Subnet,” “Auto-assign
Public IP” will be set to the specifics of the VPC. Proceed to “Next: Add Storage”
In Step 4, add the desired storage. Note: additional storage can be added after the instance has been created. Choose
“Next:Add Tags”
Step 5: Add Tags. Tags are added to identify the instance using a Key / Value
Choose the appropriate security group. The default security group has been selected. Security groups can be changed after
the instance has been created. Continue with “Review and Launch”
If all looks correct, continue with “Launch”
Either select and existing Key Pair or create a new key pair. It is important to keep the keys in a
safe place. If the keys are lost, there is no way to get back into the AMI. If creating a new key pair,
“Download Key Pair”. Once complete, “Launch Instances”
Import the *.pem key from the key generated from AWS into putty. After the import, save the public and private keys.
Import the private key under Connection -> SSH -> Auth. Save the session.
Logon to the AMI using the “ec2-user” account. If the keys are set up
correctly, the login id will succeed without at password. Using sudo –i
will enable root level access.
AWS Command Line Interface
AWS CLI
• The AWS Command Line Interface (AWS CLI) is an open source tool that enables
you to interact with AWS services using commands in your command-line shell.
• Requires the CLI tool be installed. Supported clients include Windows, Mac, and
Linux
• CLI Keys are created under the IAM section in AWS console
• Configuration example:
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS
Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: ENTER
AWS CLI Examples
Create security group example:
$ aws ec2 create-security-group --group-name my-sg --
description "My security group" { "GroupId": "sg-
903004f8" }
Create RDS instance example:
$aws rds create-db-instance \ --allocated-storage 20 --
db-instance-class db.m1.small \ --db-instance-identifier
test-instance \ --engine mysql \ --enable-cloudwatch-
logs-exports '["audit","error","general","slowquery"]' \
--master-username master \ --master-user-password
secret99
Additional Topics
Additional AWS services
S3
Route 53
EBS / EFS
IAM
Snapshots
AWS Workspace
Lambda
Session Summary
Understand the
Introduction to
high level
RDS and how to
aspects of the
transition DBA Introduction to
VPC, EC2 creation Using the AWS
activities for AWS services
networking, and CLI to automate
creation, related to DBA
subnets, configuration AWS operations
maintenance, functions
peering,
and
security groups,
troubleshooting
and NACLs
AWS References
• https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html
• https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-aws-
resources.html
• https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html
• https://aws.amazon.com/rds/
• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Co
mmonDBATasks.html
• https://aws.amazon.com/premiumsupport/knowledge-center/rds-common-dba-
tasks/
• https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html
• https://docs.aws.amazon.com/cli/latest/reference/rds/
Questions ?
Thank You!
Timothy Mishek
timothymishek@yahoo.com
RMOUG Training Days 2020