A recap of the news articles I wrote for InfoQ in October 2020.
IBM Introduces IBM Cloud Code Engine
IBM has recently announced the beta availability of a new serverless compute service called IBM Cloud Code Engine. The service is a managed serverless platform that runs containerized workloads, for example web apps, micro-services, event-driven functions and batch jobs.
Cloudflare Introduces API Shield
Cloudflare has recently introduced API Shield, a free security tool that protects API traffic against attacks designed to perform unauthorized actions or exfiltrate data. Strong client certificate-based identity is already generally available while schema validation is currently a closed beta.
Preview of AWS Cost Anomaly Detection Now Available
AWS has recently made available the preview of AWS Cost Anomaly Detection, a new service to detect unusual spending patterns across AWS accounts. The goal is to improve cost controls and minimize unintended spend.
HashiCorp Supports AWS Lambda Extensions for Serverless Security
HashiCorp has recently announced the public preview of the HashiCorp Vault AWS Lambda Extension. The new service is based on the recently launched AWS Lambda Extensions API and allows a serverless application to securely retrieve secrets from HashiCorp Vault without making the Lambda functions Vault-aware.
In the next two months I am going to attend as a speaker six virtual events, with three different talks and different audiences. Some events are free, some are not. Details and registration links or discount codes below, all talks are in English.
The conference will run for 28 hours on 20-21 October 2020 and will cover topics on Open Source Databases and Applications using MySQL, PostgreSQL, MongoDB, and MariaDB. You can find the full agenda online and register for free.
Is serverless the future of relational databases? Looking forward to be part of DeveloperWeek Global: Cloud Conference, one of the world’s largest virtual software developer event series, and discuss relational databases on the cloud. See you online at the end of September! More about my talk here.
In a series of three technical articles, AWS has recently introduced the new “Serverless LAMP stack”. But not everyone in the open-source community believes that the successor of the LAMP stack is proprietary technologies from a single vendor, and alternative approaches have been suggested.
Amazon RDS Proxy is a new fully managed, highly available database proxy for MySQL and PostgreSQL databases running on Amazon RDS and Aurora. The service is tailored to serverless architectures and other applications that open and close database connections at a high rate
At re:Invent in Las Vegas in December 2019, AWS announced the public preview of RDS Proxy, a fully managed database proxy that sits between your application and RDS. The new service offers to “share established database connections, improving database efficiency and application scalability”.
One of the key features was the ability to increase application availability, significantly reducing failover times on a Multi AZ RDS instance. Results were indeed impressive.
But a key limitation was that there was no opportunity to change the instance size or class once the proxy has been created. That means it could not be used to reduce downtime during a vertical scaling of the cluster and made the deployment less elastic.
Time for a second look?
Last week AWS announced finally the GA of RDS Proxy and I thought it was a good time to take a second look at the service. Any further improvements in the failover? Can you now change the instance size once the proxy has been created?
One of the first and few values you should choose when you set up an Amazon RDS Proxy is it the idle client connection timeout. It is already hard to figure out the optimal value in an ideal scenario. But having a user interface that suggests a default of 30 minutes with a label that states “Max: 5 minutes” makes it more difficult. Almost all if the drop down list let you set any value up to 1 hour.
Let us play!
I created again a test-rds and a test-proxy and I decided to perform the very same basic tests I did last December. I started two while loops in Bash, relying on the MySQL client, each one asking every 2 seconds the current date and time to the database:
$ while true; do mysql -s -N -h test-proxy.proxy-***.eu-central-1.rds.amazonaws.com -u testuser -e "select now()"; sleep 2; done
$ while true; do mysql -s -N -h test-rds.***.eu-central-1.rds.amazonaws.com -u testuser -e "select now()"; sleep 2; done
The difference between the test-proxy and the test-rds is significant: it takes 132 seconds for the RDS endpoint to recover versus only 20 seconds for the proxy. Amazing difference and even better than what AWS promises in a more reliable and significant test.
But what happens when I trigger a change of the instance type?
While the numbers for the test-rds do not change significantly, the proxy is simply gone. Once the database cluster behind changes, the proxy endpoint is still available but it does not connect to the database anymore. Changing time out does not help, with no simple way to recover.
ERROR 9501 (HY000) at line 1: Timed-out waiting to acquire database connection ERROR 9501 (HY000) at line 1: Timed-out waiting to acquire database connection ERROR 9501 (HY000) at line 1: Timed-out waiting to acquire database connection ERROR 9501 (HY000) at line 1: Timed-out waiting to acquire database connection ERROR 9501 (HY000) at line 1: Timed-out waiting to acquire database connection
Amazon RDS Proxy is a very interesting service. And it could be an essential component in many deployments where increase application availability is critical. But I would have expect a few more improvements since the first preview. The lack of support for changes of the instances makes it still hard to integrate it in many scenarios where RDS is currently used.