1.1.1. Network Security
What security protection policies does RDS-PostgreSQL have?
Network
• The RDS-PostgreSQL database supports setting up VPC (Virtual Private Cloud), which can achieve secure isolation from other business networks.
• The RDS-PostgreSQL database also supports network security groups.
How can EIP security be ensured with RDS-PostgreSQL?
When you access RDS-PostgreSQL database services through an EIP (Elastic IP), there is a risk of data leakage since service data will be transmitted on the public network. As such, we recommend that you use SSL link encryption technology to transmit data to the public network.
In addition, you can also ensure data transmission security through Cloud Dedicated Access or a virtual private network.
How does RDS-PostgreSQL avoid malicious access to the database?
• When you enable RDS-PostgreSQL, we recommend that you set a strong password according to the password rules and modify it regularly to prevent password leakage.
• When accessing an instance through EIP, we recommend that you properly store database information such as EIP, database port, and data account password.
• You are advised to limit the source IP through the security group to ensure that the access IP is trusted.
• You can also set up an access trustlist for your instance to avoid illegal IP access to your database instance. For specific settings, see creating a trustlist.
What are the possible scenarios for RDS-PostgreSQL instance data corruption?
Host Damage or Exception
• When a data disk is corrupted, the instance database may be corrupted and data may be lost.
• The power outage of the database host server may cause data page corruption, which may further result in database exceptions.
Malicious Data Tampering
When security vulnerabilities are exploited, data may be maliciously tampered with. To avoid this scenario, it is recommended to strictly manage the permissions to prevent unauthorized users from manipulating the database.
How do I configure a security group to access an RDS-PostgreSQL instance?
The RDS-PostgreSQL security group configuration steps are as follows:
1. To connect to an RDS-PostgreSQL instance, you need to configure security group rules. By default, the instance is bound to the default security group and rule.
2. Add the ECS or local device IP address and the target instance port to the allowed access range of the security group.
3. For security group configuration, see Introduction to Security Groups.
4. For how to modify an instance security group, see Modifying the Instance Security Group.
1.1.2. Backup and Restoration
How long can an RDS-PostgreSQL instance backup be retained?
• Timed backups can be retained according to the retention time set by the backup policy. The maximum retention period is 180 days.
• The platform will not automatically clear manual backups. If you need to delete them, please select the corresponding backup information for manual deletion.
• The backup storage is stored in the backup EVS, which does not occupy data space.
How do I clear the backup space of the cloud database RDS-PostgreSQL?
• Clearing automatic backups: Automatic backup files cannot be deleted manually. You can reduce the backup retention days by setting the backup policy. Backup files that have expired will be automatically cleared.
• Clearing manual backups: After logging in to the Console, select the instance you want to operate. Enter the Instance Details - Backup Recovery interface and click the Delete button in the Operation column corresponding to the backup information you want to clear.
Can the database still be used during the backup period?
• Automatic backup is performed at the time point set in the backup policy for the instance. The instance cannot be restarted during the backup.
• We recommend that you perform the backup operation during off-peak periods because this operation will occupy a certain amount of database resources.
How is the RDS-PostgreSQL backup charged?
• RDS-PostgreSQL provides the EVS to store backup data, which can be purchased together with the storage space when ordering an instance. The initial size of the backup space is the same as the storage space. Later, you can expand the backup space according to the backup. The backup space expansion does not affect normal business use. For the payment method of the backup space, see Billing Instructions-Billing Mode-Billing Rules for Backup Space.
Will backups be retained after my RDS-PostgreSQL instance is deleted?
• After RDS-PostgreSQL expires and freezes, the backups will be retained for 15 days. After that period, the backups will be cleared.
How do I retrieve databases and data tables deleted by mistake?
• You can use the RDS-PostgreSQL backup recovery function to restore data deleted by mistake through existing backup files.
Why has my automatic backup failed?
• The network environment may be unstable due to network delays or interruptions. In this case, the system will automatically back up at the next backup time point. Alternatively, you can perform a manual backup immediately.
• If multiple tasks are being executed at the same time, there can be problems such as task waiting or interruptions. In this case, the system will automatically back up at the next backup time point. Alternatively, you can perform a manual backup immediately.
• If the instance status is abnormal, such as instance fault or status change, the system will identify and perform a backup again after the status returns to normal. Alternatively, you can perform a manual backup immediately.
• If the issue persists, please contact customer service personnel for handling.
Why is a data table missing or why is data deleted?
• RDS-PostgreSQL does not delete or perform any instance data ordered by you. If data loss or deletion occurs, please check whether there have been any misoperations. If necessary, you can restore your file through the existing backup data.
• If the database audit function is enabled, you can query and check the specific operation users and trace the execution process in the Console.
How do I delete the RDS-PostgreSQL backup policy?
• Sorry, you cannot delete the RDS-PostgreSQL backup policy currently. Once the backup policy is enabled, it can be disabled if you do not need automatic backups. Operation method:
a. Log in to the RDS-PostgreSQL Console.
b. Select the corresponding instance, click the Manage button, and enter the Backup Recovery page.
c. Click the Modify Backup Policy button, disable Automatic Backup, and save.
1.1.3. Database Monitoring
Which monitoring indicators do I need to pay attention to during daily operations?
You need to pay attention to the following monitoring indicators: CPU usage, memory usage, disk space usage, long transactions, and other indicators. For specific viewing methods, see Security Monitoring. You can also set alarms for your instance by referring to Alarm Rule Settings and monitor key indicators of your instance.
• If an alarm related to CPU usage or memory usage is reported, you can scale up the CPU or memory respectively by changing specifications.
• If an alarm related to disk space usage is reported, we recommend that you:
– Clear data, that is, deleting part of the instance data, or deleting the instance data after archiving the instance data to other systems.
– Scale up disk space. You can scale up the disk space of an instance through the Disk Expansion feature provided by RDS-PostgreSQL.
How can I calculate the memory usage of an RDS-PostgreSQL instance?
Memory usage = (Total memory - (available memory + buffer memory for files + cache memory))/total memory.