1. What is Amazon RDS?

Amazon Relational Database Service (RDS) is a fully managed service that makes it easy to set up, operate, and scale relational databases in the cloud. AWS handles provisioning, patching, backup, recovery, failure detection, and repair.

Managed vs Unmanaged RDS is MANAGED: AWS handles OS patching, DB engine patching, backups, Multi-AZ failover, monitoring, and scaling storage. You handle: schema design, query optimization, DB parameter tuning, IAM access, and Security Group configuration. You CANNOT SSH into an RDS instance.

2. Supported Engines

3. RDS Multi-AZ Deployments

Multi-AZ provides high availability by maintaining a synchronous standby replica in a different AZ. Failover is automatic.


Multi-AZ Instance (Classic)

  1. One primary DB instance + one standby replica in a different AZ
  2. Synchronous replication (every write is copied to the standby before being acknowledged)
  3. Standby is NOT accessible for reads — it’s only for failover
  4. Automatic failover: DNS endpoint switches to standby (typically 60–120 seconds)
  5. No manual intervention needed. Applications use the same DNS endpoint.
  6. Use for: production databases requiring high availability


Multi-AZ Cluster (New)

  1. One primary (writer) + two readable standbys in different AZs
  2. Standbys are accessible for read queries (unlike classic Multi-AZ)
  3. Faster failover: ~35 seconds (vs 60–120 for classic)
  4. Uses semi-synchronous replication + transaction log-based replication
  5. Supported on MySQL and PostgreSQL
  6. Writer endpoint + reader endpoint + instance endpoints

4. RDS Read Replicas

Read Replicas provide read scaling by creating asynchronous copies of your primary database that handle read-only queries.

  1. Up to 15 Read Replicas per DB instance (Aurora) or 5 for other engines
  2. Asynchronous replication — slight replication lag (eventually consistent)
  3. Replicas are accessible for read queries (SELECT), reducing load on the primary
  4. Can be in the same AZ, cross-AZ (free data transfer), or cross-Region (data transfer charges)
  5. Can be promoted to a standalone DB instance (breaks replication permanently)
  6. Read Replicas can have their own Read Replicas (chaining) for some engines
Multi-AZ vs Read Replicas Multi-AZ = HIGH AVAILABILITY (automatic failover, standby not readable in classic). Read Replica = READ SCALING (offload reads, asynchronous, always readable). They solve different problems and can be used together: a Read Replica can have its own Multi-AZ standby.

5. RDS Automated Backups

  1. Automatic daily full snapshot + transaction log backups every 5 minutes
  2. Enables Point-in-Time Recovery (PITR) to any second within the retention window
  3. Retention period: 1–35 days (default 7 days). Set to 0 to disable.
  4. Backups taken during a configurable backup window (brief I/O suspension on single-AZ)
  5. Backups stored in S3 (managed by AWS, you don’t see the bucket)
  6. Deleted when you delete the DB instance (unless you keep a final snapshot)


Manual DB Snapshots

  1. User-initiated snapshots taken at any time
  2. Retained until you explicitly delete them (unlike automated backups)
  3. Can be copied across Regions (for DR)
  4. Can be shared with other AWS accounts
  5. Use for: long-term retention, migration, before major changes

6. RDS Storage

  1. Automatically increases storage when free space is low
  2. You set a Maximum Storage Threshold
  3. Triggered when: free storage < 10% AND low storage lasts 5+ minutes AND 6+ hours since last modification
  4. No downtime — scaling happens online
  5. Useful for unpredictable workloads

7. RDS Security

  1. Encryption at rest: AES-256 via KMS. Must be enabled at creation (cannot encrypt existing unencrypted DB)
  2. To encrypt an existing DB: create snapshot → copy with encryption → restore from encrypted snapshot
  3. Encryption in transit: SSL/TLS connections (enforce via parameter group)
  4. IAM Database Authentication: supported for MySQL and PostgreSQL (use IAM token instead of password)
  5. Security Groups: control network access at the instance level
  6. No SSH access to RDS instances

8. RDS Custom

  1. RDS Custom gives you access to the underlying OS and database for Oracle and SQL Server
  2. You can install custom patches, change OS settings, and install agents
  3. AWS still manages backups, HA, and scaling
  4. Deactivate RDS automation mode before making OS/DB changes, then reactivate
  5. Use when: you need features that standard RDS doesn’t support (custom patches, specific Oracle features)

9. When to use

Use RDS when you need a managed relational database without handling infrastructure, patching, backups, or replication yourself.

Common scenarios:

  1. Traditional relational workloads — Applications that need structured data with SQL queries.
  2. OLTP (Online Transaction Processing) — E-commerce, banking, user management, order systems.
  3. Lift-and-shift databases — Move on-premises MySQL, PostgreSQL, Oracle, or SQL Server to AWS.
  4. Automated backups and recovery — Need point-in-time restore without manual effort.
  5. High availability — Need automatic failover with Multi-AZ.


Exam Tip RDS questions: "Managed relational database" = RDS. "No SSH access" = RDS (use RDS Custom for OS access). Multi-AZ = HA (not for reads in classic). Read Replica = read scaling (not HA). "Encrypt existing DB" = snapshot → copy encrypted → restore. Storage Auto Scaling = set max threshold. "IAM auth for MySQL" = IAM Database Authentication. PITR = up to 35 days. "Oracle/SQL Server with OS access" = RDS Custom.