AWS DynamoDB and Disaster Recovery
February 29, 2016 #aws #database #disasterrecovery
AWS DynamoDB (managed NoSQL database) appears to lag behind AWS RDS (managed relational database) w.r.t. some disaster recovery features:
- Cross Region Replication
- Encryption at Rest
- AWS re:Invent 2014 | (SDD424) Simplifying Scalable Distributed Applications Using DynamoDB Streams - YouTube
- AWS re:Invent 2015 | (DAT401) Amazon DynamoDB Deep Dive - YouTube
There is no “checkbox” for backup/restore and seems to require either using Data Pipeline and/or DynamoDB Streams to orchestrate. See DynamoDB: Backup & Recovery Solution for a potential solution.
Cross Region Replication
There is no “checkbox” for replication. The official documentation has a “how to” article (Cross-Region Replication Using DynamoDB Streams - Amazon DynamoDB ) on using an awslabs open source solution: GitHub - awslabs/dynamodb-cross-region-library: A library to facilitate cross-region replication with Amazon DynamoDB Streams
Other replication options are discussed at Planning for failures with Amazon DynamoDB | Sungard AS CTO Labs Blog
Encryption at Rest
There is no “checkbox” for server-side encryption at rest and any solution requires client-side encryption.
- Client-side Encryption for Amazon DynamoDB - AWS Developer Blog - Java
- How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext - AWS Security Blog
- GitHub - awslabs/aws-dynamodb-encryption-java: Amazon DynamoDB Encryption Client for Java
RDS, S3, and EBS all support server-side encryption.
- Protecting Data Using Server-Side Encryption - Amazon Simple Storage Service[
- New – Amazon S3 Server Side Encryption for Data at Rest
- Data Encryption Made Easier – New Encryption Options for Amazon RDS | AWS Official Blog
- Amazon EBS Encryption - Amazon Elastic Compute Cloud
AWS DynamoDB does not have the same “checkbox” features related to disaster recovery that other AWS PaaS solutions include. Therefore, any solution that is looking at this managed NoSQL offering needs to manage these features as part of the application infrastructure.