Aurora MySQL

JDBC Drivers

Amazon Web Services (AWS) JDBC Driver for MySQL

https://github.com/awslabs/aws-mysql-jdbc

The AWS JDBC Driver for MySQL supports fast failover for Amazon Aurora with MySQL compatibility.

Caveats and Gotchas

https://repost.aws/knowledge-center/aurora-mysql-db-cluser-read-only-error

Smart driver

The Amazon Aurora DB cluster endpoints propagate DNS record updates automatically, but the process doesn’t happen instantly. This can cause delays in responding to an event that occurred on the database and the event might be handled by the application. A Smart Driver uses the DB cluster topography through the INFORMATION_SCHEMA.REPLICA_HOST_STATUS metadata table, which is in near-real-time. This helps to route connections to the appropriate role, and helps load-balance across the existing replicas. MariaDB Connector/J is an example of a third party Smart Driver that has native support for Aurora MySQL.

Note: Even Smart Drivers might be affected by excessive DNS Caching.

DNS caching

If you are not using a smart driver, then you depend on the DNS record updates and propagation after a failover event occurs. Aurora DNS zones use a short time-to-live (TTL) of 5 seconds, so it is important that your network and client configurations don’t further increase this. DNS caching can occur at multiple layers of an architecture, such as the operating system (OS), the network layer and the application container. It is important that you understand how each of these layers is configured. If there is unintended DNS caching beyond the TTL of 5 seconds, it is possible that you will re-connect to the old writer after a failover.

Java Virtual Machines (JVM) can excessively cache DNS, indefinitely. When the JVM resolves a hostname to an IP address, it caches the IP address for a specified period of time (TTL). On some configurations, the JVM default TTL is set to never refresh DNS entries until the JVM is restarted. This can lead to read-only errors after a failover. In this case, it is important to manually set a small TTL so that it will periodically refresh.

Interface Endpoint

Private DNS for interface endpoints

If the private DNS option is enabled, an interface endpoint is created with a hidden private hosted zone attached to the associated VPC. Records in this hosted zone point the default service domain to ENIs of the interface endpoint, which have private IPs that isolated subnets can connect to.

Detaching a private hosted zone can take a few minutes, so it is not possible to recreate a deleted AWS service interface endpoint immediately.

private-dns-enabled cannot be set because there is already a conflicting DNS domain for ssm.<region>.amazonaws.com in the VPC

Cloud9

AWS managed temporary credentials

Some Cloud9, IAM and STS actions are restricted. See Actions supported by AWS managed temporary credentials.


Currently, if your environment’s EC2 instance is launched into a private subnet, you can’t use AWS managed temporary credentials to allow the EC2 environment to access an AWS service on behalf of an AWS entity (an IAM user, for example).

https://docs.aws.amazon.com/cloud9/latest/user-guide/security-iam.html#auth-and-access-control-temporary-managed-credentials

Graviton Processor

AWS Graviton Technical Guide

Processor Specifications

ProcessorGraviton2Graviton3(E)
InstancesM6g/M6gd, C6g/C6gd/C6gn, R6g/R6gd, T4g, X2gd, G5g, and I4g/Im4gn/Is4genC7g/C7gd/C7gn, M7g/M7gd, R7g/R7gd, and HPC7g
CoreNeoverse-N1Neoverse-V1
Frequency2500MHz2600MHz
Turbo supportedNoNo
Instruction latenciesInstruction LatenciesInstruction Latencies
InterconnectCMN-600CMN-650
Architecture revisionARMv8.2-aARMv8.4-a
Additional featuresfp16, rcpc, dotprod, cryptosve, rng, bf16, int8, crypto
Recommended -mcpu flagneoverse-n1neoverse-512tvb
RNG InstructionsNoYes
SIMD instructions2x Neon 128bit vectors4x Neon 128bit vectors / 2x SVE 256bit
LSE (atomic mem operations)yesyes
Pointer Authenticationnoyes
Cores6464
L1 cache (per core)64KB inst / 64KB data64KB inst / 64KB data
L2 cache (per core)1MB1MB
LLC (shared)32MB32MB
DRAM8x DDR48x DDR5
DDR Encryptionyesyes

C/C++ on Graviton

Source

Optimal processor features

On arm64 -mcpu= acts as both specifying the appropriate architecture and tuning and it’s generally better to use that vs -march if you’re building for a specific CPU.

CPUFlagGCC versionLLVM verison
Graviton2-mcpu=neoverse-n1*GCC-9^Clang/LLVM 10+
Graviton3(E)-mcpu=neoverse-512tvb%GCC 11+Clang/LLVM 14+

^ Also present in Amazon Linux2 GCC-7

* Requires GCC-9 or later; otherwise we suggest using -mcpu=cortex-a72

% If your compiler doesn’t support neoverse-512tvb, please use the Graviton2 tuning.

Using SVE

The scalable vector extensions (SVE) require both a new enough tool-chain to auto-vectorize to SVE (GCC 11+, LLVM 14+) and a 4.15+ kernel that supports SVE. One notable exception is that Amazon Linux 2 with a 4.14 kernel doesn’t support SVE; please upgrade to a 5.4+ AL2 kernel.

IAM

Policy Limits

https://aws.amazon.com/premiumsupport/knowledge-center/iam-increase-policy-size/

Managed policy limit

You can assign IAM users to up to 10 groups. You can also attach up to 10 managed policies to each group, for a maximum of 120 policies (20 managed policies attached to the IAM user, 10 IAM groups, with 10 policies each).

Inline policy character quota

You can add as many inline policies as you want to an IAM user, role, or group. But the total aggregate policy size (the sum size of all inline policies) per entity cannot exceed the following quotas:

  • User policy size cannot exceed 2,048 characters.
  • Role policy size cannot exceed 10,240 characters.
  • Group policy size cannot exceed 5,120 characters.

S3

Partitioning

https://aws.amazon.com/premiumsupport/knowledge-center/s3-prefix-nested-folders-difference/

A prefix is the complete path in front of the object name, which includes the bucket name. For example, if an object (123.txt) is stored as BucketName/Project/WordFiles/123.txt, the prefix is “BucketName/Project/WordFiles/”. If the 123.txt file is saved in a bucket without a specified path, the prefix value is “BucketName/“.

A partitioned prefix in a bucket can support 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second. There is no limit to the number of prefixes you can have in a bucket.

Note: In Amazon S3, there are no partitions for keys or objects. Partitions exist only at the prefix level, and not at the object level. For more information about using prefixes in Amazon S3. See Organizing objects using prefixes.