Hands-On Lab: Implementing High-Performing Database Solutions
Determine high-performing database solutions
Hands-On Lab: Implementing High-Performing Database Solutions
This lab is designed to align with Task 3.3: Determine high-performing database solutions from the AWS Certified Solutions Architect - Associate (SAA-C03) exam guide. In this 30-minute guided lab, you will deploy a managed Amazon Relational Database Service (RDS) instance and configure a Read Replica to horizontally scale your read operations.
We will also conceptually explore how this compares to caching strategies like Amazon ElastiCache, fulfilling the requirement to understand high-performing, decoupled data access patterns.
Prerequisites
Before starting this lab, ensure you have the following:
- AWS Account: An active AWS account (Free Tier eligible is sufficient).
- AWS CLI Installed: The
awscommand-line interface installed and configured with your credentials. - IAM Permissions: AdministratorAccess or sufficient permissions to create and manage RDS databases and EC2 Security Groups.
- Prior Knowledge: Basic understanding of relational databases and the difference between managed RDS vs. self-managed EC2 databases.
[!WARNING] Cost Estimation: This lab uses
db.t3.microinstances. If your account is outside the AWS Free Tier, running these instances will incur a small hourly charge (approx. $0.017/hr per instance). Remember to run the teardown commands to avoid ongoing charges.
Learning Objectives
By the end of this lab, you will be able to:
- Provision a Managed Database: Deploy a primary Amazon RDS MySQL instance, offloading infrastructure management from EC2.
- Scale Read Performance: Create a Read Replica to offload read-intensive queries from the primary database.
- Understand Endpoints: Differentiate between primary (writer) and replica (reader) endpoints for application integration.
- Visualize Caching: Understand where an ElastiCache layer would fit to further reduce latency.
Architecture Overview
Below are two diagrams illustrating the high-performing architecture we are building, as well as an advanced caching pattern you should know for the SAA-C03 exam.
1. Read Replica Architecture (Active Lab)
We are building a primary DB for writes and a replica for reads. This mitigates performance bottlenecks for read-heavy workloads.
2. Caching Strategy Integration (Concept)
For extreme performance (sub-millisecond latency), a caching service like ElastiCache is placed in front of the database. This is a "Look-aside" caching pattern.
Step-by-Step Instructions
Step 1: Create a Security Group for the Database
First, we need a security group that allows our application to communicate with the database over the standard MySQL port (3306).
# Retrieve your default VPC ID
VPC_ID=$(aws ec2 describe-vpcs --filters Name=isDefault,Values=true --query "Vpcs[0].VpcId" --output text)
# Create the Security Group
aws ec2 create-security-group \
--group-name brainybee-rds-sg \
--description "Security group for RDS lab" \
--vpc-id $VPC_ID
# Note the output SecurityGroupId. Replace <SG_ID> below with the actual ID.
aws ec2 authorize-security-group-ingress \
--group-id <SG_ID> \
--protocol tcp \
--port 3306 \
--cidr 0.0.0.0/0[!TIP] We are using
0.0.0.0/0for lab simplicity. In a production environment, you should restrict the CIDR block to your application's specific Security Group or IP range.
▶Console alternative
- Navigate to EC2 > Security Groups in the AWS Console.
- Click Create security group.
- Enter
brainybee-rds-sgas the name. - Under Inbound rules, click Add rule.
- Set Type to MySQL/Aurora (3306) and Source to Anywhere-IPv4.
- Click Create security group.
📸 Screenshot: The Security Group inbound rules configuration showing port 3306 open to 0.0.0.0/0.
Step 2: Provision the Primary RDS Instance
Now, we leave the heavy infrastructure lifting to AWS by opting for Amazon RDS instead of building our own platform on an EC2 instance.
aws rds create-db-instance \
--db-instance-identifier brainybee-primary-db \
--db-instance-class db.t3.micro \
--engine mysql \
--master-username admin \
--master-user-password LabPassword123! \
--allocated-storage 20 \
--vpc-security-group-ids <SG_ID> \
--backup-retention-period 1 \
--no-multi-az[!NOTE] We enabled
--backup-retention-period 1. Automatic backups must be enabled on the primary instance to create a Read Replica.
▶Console alternative
- Navigate to RDS > Databases.
- Click Create database.
- Choose Standard create and MySQL.
- Select the Free tier template.
- DB instance identifier:
brainybee-primary-db. - Master username:
admin/ Password:LabPassword123!. - Under Connectivity, select the
brainybee-rds-sgsecurity group. - Expand Additional configuration and ensure Backup retention period is set to at least 1 day.
- Click Create database.
📸 Screenshot: The RDS configuration screen highlighting the automated backups setting required for replicas.
Step 3: Create a Read Replica
To meet high-performance read demands, we will configure a Read Replica. This decouples our workloads so that read requests do not compete with write requests for CPU and IOPS.
# Note: Wait until the primary DB status is 'available' before running this.
aws rds create-db-instance-read-replica \
--db-instance-identifier brainybee-replica-db \
--source-db-instance-identifier brainybee-primary-db \
--db-instance-class db.t3.micro▶Console alternative
- In the RDS Console, select your
brainybee-primary-dbinstance. - Click the Actions dropdown menu in the top right.
- Select Create read replica.
- Enter
brainybee-replica-dbas the Replica DB instance identifier. - Leave other settings as default and click Create read replica.
📸 Screenshot: The Actions menu dropdown showing "Create read replica" for the primary database.
Step 4: Retrieve Database Endpoints
Your application requires specific endpoints to route writes to the primary DB and reads to the replica.
aws rds describe-db-instances \
--query "DBInstances[*].[DBInstanceIdentifier,Endpoint.Address]" \
--output table[!IMPORTANT] Notice that you receive two distinct URLs. Your application code must be configured to split SQL traffic (e.g.,
INSERT/UPDATEto the primary URL,SELECTto the replica URL).
Checkpoints
Verify your progress by checking the status of your databases. Provisioning can take 5-10 minutes.
Run the following verification command:
aws rds describe-db-instances \
--query "DBInstances[*].[DBInstanceIdentifier,DBInstanceStatus,ReadReplicaDBInstanceIdentifiers]" \
--output tableExpected Output:
| DBInstanceIdentifier | DBInstanceStatus | ReadReplicaDBInstanceIdentifiers |
|---|---|---|
| brainybee-primary-db | available | ["brainybee-replica-db"] |
| brainybee-replica-db | available | [] |
If the status says creating, wait a few minutes and run the command again.
Clean-Up / Teardown
[!WARNING] Cost Warning: You MUST delete these resources to avoid ongoing AWS charges. RDS instances are billed per hour.
Execute the following commands in order to destroy the resources. We use --skip-final-snapshot to delete them quickly without backing up the empty lab data.
1. Delete the Read Replica:
aws rds delete-db-instance \
--db-instance-identifier brainybee-replica-db \
--skip-final-snapshot2. Delete the Primary Database:
# You must wait until the replica is fully deleted before the primary can be safely deleted.
aws rds delete-db-instance \
--db-instance-identifier brainybee-primary-db \
--skip-final-snapshot3. Delete the Security Group:
# Wait until both databases are completely terminated.
aws ec2 delete-security-group --group-name brainybee-rds-sgTroubleshooting
| Issue / Error | Cause | Solution |
|---|---|---|
| Error: InvalidParameterValue: Automated backups are not enabled | You attempted to create a Read Replica from a primary database that does not have backups turned on. | Ensure --backup-retention-period is set to 1 or higher on the primary instance. |
| Command hangs or times out connecting to DB | The Security Group does not allow traffic from your IP, or you selected a private VPC subnet. | Verify that the inbound rule for port 3306 is set to 0.0.0.0/0 and the RDS instance is PubliclyAccessible. |
| Status stuck in "Creating" for 15+ minutes | RDS provisioning can be slow depending on the region and instance type availability. | This is normal behavior. Continue to monitor the status using the checkpoint command. |
| Cannot delete Security Group (DependencyViolation) | The RDS instance is still terminating and holding the network interface. | Wait for the RDS instances to completely disappear from describe-db-instances before deleting the SG. |