or run

tessl search

rds

tessl install github:itsmostafa/aws-agent-skills --skill rds

github.com/itsmostafa/aws-agent-skills

AWS RDS relational database service for managed databases. Use when provisioning databases, configuring backups, managing replicas, troubleshooting connectivity, or optimizing performance.

Review Score

76%

Validation Score

12/16

Implementation Score

65%

Activation Score

85%

AWS RDS

Amazon Relational Database Service (RDS) provides managed relational databases including MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. RDS handles provisioning, patching, backups, and failover.

Core Concepts
Common Patterns
CLI Reference
Best Practices
Troubleshooting
References

Core Concepts

DB Instance Classes

Category	Example	Use Case
Standard	db.m6g.large	General purpose
Memory Optimized	db.r6g.large	High memory workloads
Burstable	db.t3.medium	Variable workloads, dev/test

Storage Types

Type	IOPS	Use Case
gp3	3,000-16,000	Most workloads
io1/io2	Up to 256,000	High-performance OLTP
magnetic	N/A	Legacy, avoid

Multi-AZ Deployments

Multi-AZ Instance: Synchronous standby in different AZ
Multi-AZ Cluster: One writer, two reader instances (Aurora-like)

Read Replicas

Asynchronous copies for read scaling. Can be cross-region.

Common Patterns

Create a PostgreSQL Instance

AWS CLI:

# Create DB subnet group
aws rds create-db-subnet-group \
  --db-subnet-group-name my-db-subnet-group \
  --db-subnet-group-description "Private subnets for RDS" \
  --subnet-ids subnet-12345678 subnet-87654321

# Create security group (allow PostgreSQL from app)
aws ec2 create-security-group \
  --group-name rds-postgres-sg \
  --description "RDS PostgreSQL access" \
  --vpc-id vpc-12345678

aws ec2 authorize-security-group-ingress \
  --group-id sg-rds12345 \
  --protocol tcp \
  --port 5432 \
  --source-group sg-app12345

# Create RDS instance
aws rds create-db-instance \
  --db-instance-identifier my-postgres \
  --db-instance-class db.t3.medium \
  --engine postgres \
  --engine-version 16.1 \
  --master-username admin \
  --master-user-password 'SecurePassword123!' \
  --allocated-storage 100 \
  --storage-type gp3 \
  --db-subnet-group-name my-db-subnet-group \
  --vpc-security-group-ids sg-rds12345 \
  --multi-az \
  --backup-retention-period 7 \
  --storage-encrypted \
  --no-publicly-accessible

boto3:

import boto3

rds = boto3.client('rds')

response = rds.create_db_instance(
    DBInstanceIdentifier='my-postgres',
    DBInstanceClass='db.t3.medium',
    Engine='postgres',
    EngineVersion='16.1',
    MasterUsername='admin',
    MasterUserPassword='SecurePassword123!',
    AllocatedStorage=100,
    StorageType='gp3',
    DBSubnetGroupName='my-db-subnet-group',
    VpcSecurityGroupIds=['sg-rds12345'],
    MultiAZ=True,
    BackupRetentionPeriod=7,
    StorageEncrypted=True,
    PubliclyAccessible=False
)

Create Read Replica

aws rds create-db-instance-read-replica \
  --db-instance-identifier my-postgres-replica \
  --source-db-instance-identifier my-postgres \
  --db-instance-class db.t3.medium \
  --availability-zone us-east-1b

Take a Snapshot

aws rds create-db-snapshot \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-identifier my-postgres

Restore from Snapshot

aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier my-postgres-restored \
  --db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
  --db-instance-class db.t3.medium \
  --db-subnet-group-name my-db-subnet-group \
  --vpc-security-group-ids sg-rds12345

Point-in-Time Recovery

aws rds restore-db-instance-to-point-in-time \
  --source-db-instance-identifier my-postgres \
  --target-db-instance-identifier my-postgres-pitr \
  --restore-time 2024-01-15T10:30:00Z \
  --db-instance-class db.t3.medium

Modify Instance

# Change instance class (with downtime)
aws rds modify-db-instance \
  --db-instance-identifier my-postgres \
  --db-instance-class db.m6g.large \
  --apply-immediately

# Scale storage (no downtime)
aws rds modify-db-instance \
  --db-instance-identifier my-postgres \
  --allocated-storage 200 \
  --apply-immediately

Connect with IAM Authentication

import boto3
import psycopg2

rds = boto3.client('rds')

# Generate auth token
token = rds.generate_db_auth_token(
    DBHostname='my-postgres.abc123.us-east-1.rds.amazonaws.com',
    Port=5432,
    DBUsername='iam_user',
    Region='us-east-1'
)

# Connect
conn = psycopg2.connect(
    host='my-postgres.abc123.us-east-1.rds.amazonaws.com',
    port=5432,
    database='mydb',
    user='iam_user',
    password=token,
    sslmode='require'
)

CLI Reference

Instance Management

Command	Description
`aws rds create-db-instance`	Create instance
`aws rds describe-db-instances`	List instances
`aws rds modify-db-instance`	Modify settings
`aws rds delete-db-instance`	Delete instance
`aws rds reboot-db-instance`	Reboot instance
`aws rds start-db-instance`	Start stopped instance
`aws rds stop-db-instance`	Stop instance

Backups

Command	Description
`aws rds create-db-snapshot`	Manual snapshot
`aws rds describe-db-snapshots`	List snapshots
`aws rds restore-db-instance-from-db-snapshot`	Restore from snapshot
`aws rds restore-db-instance-to-point-in-time`	Point-in-time restore
`aws rds copy-db-snapshot`	Copy snapshot

Replicas

Command	Description
`aws rds create-db-instance-read-replica`	Create read replica
`aws rds promote-read-replica`	Promote to standalone

Best Practices

Security

Never make publicly accessible — use VPC and security groups
Enable encryption at rest (KMS) and in transit (SSL)
Use IAM authentication for application access
Store credentials in Secrets Manager with rotation
Use parameter groups to enforce SSL

# Enforce SSL in PostgreSQL
aws rds modify-db-parameter-group \
  --db-parameter-group-name my-pg-params \
  --parameters "ParameterName=rds.force_ssl,ParameterValue=1,ApplyMethod=pending-reboot"

Performance

Right-size instances — monitor CPU, memory, IOPS
Use gp3 for cost-effective performance
Enable Performance Insights for query analysis
Use read replicas for read scaling
Optimize queries — check slow query log

High Availability

Enable Multi-AZ for production
Use Aurora for mission-critical workloads
Configure appropriate backup retention
Test failover periodically
Monitor replication lag for replicas

Cost Optimization

Use Reserved Instances for steady-state workloads
Stop dev/test instances when not in use
Delete old snapshots regularly
Right-size instance classes

Troubleshooting

Cannot Connect

Causes:

Security group not allowing access
Instance not in VPC subnet
SSL required but not used
Wrong endpoint/port

Debug:

# Check security group
aws ec2 describe-security-groups --group-ids sg-rds12345

# Check instance status
aws rds describe-db-instances \
  --db-instance-identifier my-postgres \
  --query "DBInstances[0].{Status:DBInstanceStatus,Endpoint:Endpoint}"

# Test connectivity from EC2
nc -zv my-postgres.abc123.us-east-1.rds.amazonaws.com 5432

High CPU/Memory