ReddRadar
Agent skill
rds
AWS RDS relational database service for managed databases. Use when provisioning databases, configuring backups, managing replicas, troubleshooting connectivity, or optimizing performance.
Install this agent skill to your Project
npx add-skill https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/rds
SKILL.md
AWS RDS
Amazon Relational Database Service (RDS) provides managed relational databases including MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. RDS handles provisioning, patching, backups, and failover.
Table of Contents
- Core Concepts
- Common Patterns
- CLI Reference
- Best Practices
- Troubleshooting
- References
Core Concepts
DB Instance Classes
| Category | Example | Use Case |
|---|---|---|
| Standard | db.m6g.large | General purpose |
| Memory Optimized | db.r6g.large | High memory workloads |
| Burstable | db.t3.medium | Variable workloads, dev/test |
Storage Types
| Type | IOPS | Use Case |
|---|---|---|
| gp3 | 3,000-16,000 | Most workloads |
| io1/io2 | Up to 256,000 | High-performance OLTP |
| magnetic | N/A | Legacy, avoid |
Multi-AZ Deployments
- Multi-AZ Instance: Synchronous standby in different AZ
- Multi-AZ Cluster: One writer, two reader instances (Aurora-like)
Read Replicas
Asynchronous copies for read scaling. Can be cross-region.
Common Patterns
Create a PostgreSQL Instance
AWS CLI:
# Create DB subnet group
aws rds create-db-subnet-group \
--db-subnet-group-name my-db-subnet-group \
--db-subnet-group-description "Private subnets for RDS" \
--subnet-ids subnet-12345678 subnet-87654321
# Create security group (allow PostgreSQL from app)
aws ec2 create-security-group \
--group-name rds-postgres-sg \
--description "RDS PostgreSQL access" \
--vpc-id vpc-12345678
aws ec2 authorize-security-group-ingress \
--group-id sg-rds12345 \
--protocol tcp \
--port 5432 \
--source-group sg-app12345
# Create RDS instance
aws rds create-db-instance \
--db-instance-identifier my-postgres \
--db-instance-class db.t3.medium \
--engine postgres \
--engine-version 16.1 \
--master-username admin \
--master-user-password 'SecurePassword123!' \
--allocated-storage 100 \
--storage-type gp3 \
--db-subnet-group-name my-db-subnet-group \
--vpc-security-group-ids sg-rds12345 \
--multi-az \
--backup-retention-period 7 \
--storage-encrypted \
--no-publicly-accessible
boto3:
import boto3
rds = boto3.client('rds')
response = rds.create_db_instance(
DBInstanceIdentifier='my-postgres',
DBInstanceClass='db.t3.medium',
Engine='postgres',
EngineVersion='16.1',
MasterUsername='admin',
MasterUserPassword='SecurePassword123!',
AllocatedStorage=100,
StorageType='gp3',
DBSubnetGroupName='my-db-subnet-group',
VpcSecurityGroupIds=['sg-rds12345'],
MultiAZ=True,
BackupRetentionPeriod=7,
StorageEncrypted=True,
PubliclyAccessible=False
)
Create Read Replica
aws rds create-db-instance-read-replica \
--db-instance-identifier my-postgres-replica \
--source-db-instance-identifier my-postgres \
--db-instance-class db.t3.medium \
--availability-zone us-east-1b
Take a Snapshot
aws rds create-db-snapshot \
--db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
--db-instance-identifier my-postgres
Restore from Snapshot
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier my-postgres-restored \
--db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
--db-instance-class db.t3.medium \
--db-subnet-group-name my-db-subnet-group \
--vpc-security-group-ids sg-rds12345
Point-in-Time Recovery
aws rds restore-db-instance-to-point-in-time \
--source-db-instance-identifier my-postgres \
--target-db-instance-identifier my-postgres-pitr \
--restore-time 2024-01-15T10:30:00Z \
--db-instance-class db.t3.medium
Modify Instance
# Change instance class (with downtime)
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--db-instance-class db.m6g.large \
--apply-immediately
# Scale storage (no downtime)
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--allocated-storage 200 \
--apply-immediately
Connect with IAM Authentication
import boto3
import psycopg2
rds = boto3.client('rds')
# Generate auth token
token = rds.generate_db_auth_token(
DBHostname='my-postgres.abc123.us-east-1.rds.amazonaws.com',
Port=5432,
DBUsername='iam_user',
Region='us-east-1'
)
# Connect
conn = psycopg2.connect(
host='my-postgres.abc123.us-east-1.rds.amazonaws.com',
port=5432,
database='mydb',
user='iam_user',
password=token,
sslmode='require'
)
CLI Reference
Instance Management
| Command | Description |
|---|---|
aws rds create-db-instance |
Create instance |
aws rds describe-db-instances |
List instances |
aws rds modify-db-instance |
Modify settings |
aws rds delete-db-instance |
Delete instance |
aws rds reboot-db-instance |
Reboot instance |
aws rds start-db-instance |
Start stopped instance |
aws rds stop-db-instance |
Stop instance |
Backups
| Command | Description |
|---|---|
aws rds create-db-snapshot |
Manual snapshot |
aws rds describe-db-snapshots |
List snapshots |
aws rds restore-db-instance-from-db-snapshot |
Restore from snapshot |
aws rds restore-db-instance-to-point-in-time |
Point-in-time restore |
aws rds copy-db-snapshot |
Copy snapshot |
Replicas
| Command | Description |
|---|---|
aws rds create-db-instance-read-replica |
Create read replica |
aws rds promote-read-replica |
Promote to standalone |
Best Practices
Security
- Never make publicly accessible — use VPC and security groups
- Enable encryption at rest (KMS) and in transit (SSL)
- Use IAM authentication for application access
- Store credentials in Secrets Manager with rotation
- Use parameter groups to enforce SSL
# Enforce SSL in PostgreSQL
aws rds modify-db-parameter-group \
--db-parameter-group-name my-pg-params \
--parameters "ParameterName=rds.force_ssl,ParameterValue=1,ApplyMethod=pending-reboot"
Performance
- Right-size instances — monitor CPU, memory, IOPS
- Use gp3 for cost-effective performance
- Enable Performance Insights for query analysis
- Use read replicas for read scaling
- Optimize queries — check slow query log
High Availability
- Enable Multi-AZ for production
- Use Aurora for mission-critical workloads
- Configure appropriate backup retention
- Test failover periodically
- Monitor replication lag for replicas
Cost Optimization
- Use Reserved Instances for steady-state workloads
- Stop dev/test instances when not in use
- Delete old snapshots regularly
- Right-size instance classes
Troubleshooting
Cannot Connect
Causes:
- Security group not allowing access
- Instance not in VPC subnet
- SSL required but not used
- Wrong endpoint/port
Debug:
# Check security group
aws ec2 describe-security-groups --group-ids sg-rds12345
# Check instance status
aws rds describe-db-instances \
--db-instance-identifier my-postgres \
--query "DBInstances[0].{Status:DBInstanceStatus,Endpoint:Endpoint}"
# Test connectivity from EC2
nc -zv my-postgres.abc123.us-east-1.rds.amazonaws.com 5432
High CPU/Memory
Debug:
# Enable Enhanced Monitoring
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--monitoring-interval 60 \
--monitoring-role-arn arn:aws:iam::123456789012:role/rds-monitoring-role
# Enable Performance Insights
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--enable-performance-insights \
--performance-insights-retention-period 7
Solutions:
- Scale up instance class
- Optimize slow queries
- Add read replicas
- Check for locking/blocking
Storage Full
Symptom: Instance becomes unavailable
Prevention:
# Enable storage autoscaling
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--max-allocated-storage 500
# Set CloudWatch alarm
aws cloudwatch put-metric-alarm \
--alarm-name "RDS-Storage-Low" \
--metric-name FreeStorageSpace \
--namespace AWS/RDS \
--dimensions Name=DBInstanceIdentifier,Value=my-postgres \
--statistic Average \
--period 300 \
--threshold 10000000000 \
--comparison-operator LessThanThreshold \
--evaluation-periods 2 \
--alarm-actions arn:aws:sns:us-east-1:123456789012:alerts
Replication Lag
Monitor:
aws cloudwatch get-metric-statistics \
--namespace AWS/RDS \
--metric-name ReplicaLag \
--dimensions Name=DBInstanceIdentifier,Value=my-postgres-replica \
--start-time $(date -d '1 hour ago' -u +%Y-%m-%dT%H:%M:%SZ) \
--end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
--period 60 \
--statistics Average
Causes:
- Replica instance too small
- Heavy write load
- Network issues
- Long-running queries on replica
References
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
itsmostafa/aws-agent-skills
sqs
AWS SQS message queue service for decoupled architectures. Use when creating queues, configuring dead-letter queues, managing visibility timeouts, implementing FIFO ordering, or integrating with Lambda.
itsmostafa/aws-agent-skills
eks
AWS EKS Kubernetes management for clusters, node groups, and workloads. Use when creating clusters, configuring IRSA, managing node groups, deploying applications, or integrating with AWS services.
itsmostafa/aws-agent-skills
cloudwatch
AWS CloudWatch monitoring for logs, metrics, alarms, and dashboards. Use when setting up monitoring, creating alarms, querying logs with Insights, configuring metric filters, building dashboards, or troubleshooting application issues.
itsmostafa/aws-agent-skills
ec2
AWS EC2 virtual machine management for instances, AMIs, and networking. Use when launching instances, configuring security groups, managing key pairs, troubleshooting connectivity, or automating instance lifecycle.
itsmostafa/aws-agent-skills
cloudformation
AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks.
itsmostafa/aws-agent-skills
sns
AWS SNS notification service for pub/sub messaging. Use when creating topics, managing subscriptions, configuring message filtering, sending notifications, or setting up mobile push.
Didn't find tool you were looking for?