Being able to quickly identify and resolve common errors on your Amazon Web Services (AWS) database is important both in the workplace to avoid prolonged outages and also during the AWS Certified Database – Specialty exam. The exam will often ask questions about the most likely root cause of a problem or the simplest way to resolve an issue. Understanding the basic troubleshooting steps and knowing some advanced tools that AWS offers to help diagnose faults will help you in the exam.

In this chapter, we're going to cover the following main topics:

• Using Trusted Advisor
• Troubleshooting techniques
• Resolving common errors

Let's start by learning about Trusted Advisor, including how to use it to assist with troubleshooting scenarios and how it can be used to help you correctly configure and use your AWS databases.

You will require an AWS account with root access; not everything we will do in this chapter may be available in Free Tier, which means it may cost you a small amount to follow the hands-on sections. You will also require AWS Command Line Interface (CLI) access. The AWS guide found at https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html will explain the steps required, but I will summarize these here: 

1. Open an AWS account if you have not already done so. 
2. Download the AWS CLI latest version from here: https://docs.aws.amazon.com/cli/latest/userguide/welcome-versions.html#welcome-versions-v2.
3. Create an admin user by going to the following link: https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html#getting-started_create-admin-group-cli.

Create an access key for your admin user by going to the following link: https://docs.aws.amazon.com...

AWS Trusted Advisor is a tool you can use to get real-time reports on all of your AWS services. Trusted Advisor will by default highlight the following areas:

• Cost optimization—You will be given recommendations that can save you money. Typically, this will be downsizing an instance or changing a storage type if it isn't being used.
• Performance—You will be advised on how to improve the performance of your applications or databases. For example, this may show when an RDS instance is running at a high central processing unit (CPU) or is suffering from high disk input/output (I/O).
• Security—You will be able to see recommendations about security for your application and database, including security group configuration and patches that need to be applied.
• Fault tolerance—Typically, Trusted Advisor will notify you if you are not using a Multi-Availability Zone (Multi-AZ) configuration for production workloads or if...

With any of the AWS managed services such as RDS, it can be difficult to work out if any error you are seeing or performance issue is being caused by the database itself or if there is a problem with the RDS service or the VPC. For example, users are complaining of not being able to log into the database; this could be a database-level issue where perhaps a password has changed or user permissions have been modified, or perhaps they are hitting connection limits, or this could be an issue with the RDS service itself—the RDS instance may be down or the underlying virtual machine (VM) may have a fault, or the issue could be linked to security groups or network access control lists (NACLs) not allowing the end user's connection through. As you can see, without further information, you might need to check in multiple different locations. The first troubleshooting technique is to always gather as much information as required before you start to debug...

Some issues on RDS are seen more frequently than others. We are going to learn some of the most common errors and how to resolve them. Firstly, we will learn how to deal with connectivity issues with an RDS instance.

RDS connection issues

Typically, connection errors are caused by one of five areas, as outlined here:

• Security group rules—Review your security groups to make sure the inbound rules allow connections from the source on the port the database is running on.
• NACL rules—Review your NACLs to ensure that inbound or outbound traffic to/from the database has not been set to DENY.
• Publicly available not set—To access the RDS instance from outside of your VPC, you need to have made it publicly available and given it a public Internet Protocol (IP) address. You can change this by modifying the instance.
• Internet gateway—To access the RDS instance, you need an internet gateway within the public subnets of...

In this chapter, we have learned about Trusted Advisor and used it to help identify security configuration problems, wrongly sized RDS instances, and RDS servers that need to be patched. We then looked at some best practices for troubleshooting RDS, DynamoDB, and other AWS-managed databases, including how to use the database logs, CloudWatch, CloudTrail, and AWS Health Dashboard to identify problems. Finally, we looked at how you can resolve some common problems and error messages from AWS-managed databases.

The AWS Certified Database – Specialty exam will have many questions about troubleshooting errors with connectivity, storage issues, performance bottlenecks, and excessive costs, so being able to understand best-practice methods to diagnose and resolve them will greatly improve your chances of success in the exam.

In the next chapter, we will be completing a practice exam so that you can learn the style of the AWS exam questions. You will also be able to note...

This cheat sheet summarizes the main key points from this chapter, as follows:

• Trusted Advisor will offer recommendations about your AWS services.
• Trusted Advisor follows the same pillars as the Well-Architected Framework:
  • Security
  • Cost optimization
  • Fault tolerance
  • Performance
  • Service limits
• You can use Trusted Advisor to view all AWS services in all regions.
• The AWS Health Dashboard gives an overview of any current operational issues that may be affecting your AWS services.
• The AWS Health Dashboard also shows any outstanding patches or maintenance operations that need to be carried out on your services.
• You can use Application Insights to get the power of ML analytics to help quickly identify the root causes of application failures or errors.

Let's now practice a few exam-style questions, as follows:

1. A company has a critical system that runs on RDS SQL Server and is accessed through an in-house web application. The web application has recently been improved with additional reporting capabilities. The program has been slow to reply to certain reporting requests after the upgrade. How can you find the root cause of the issue?
   1. Install and configure Amazon CloudWatch Application Insights for Microsoft .NET and Microsoft SQL Server. Use a CloudWatch dashboard to identify the root cause of application issues.
   2. Enable RDS Performance Insights and determine which query is creating the problem. Request changes to the query to address the problem.
   3. Use AWS X-Ray deployed with Amazon RDS to track query system traces.
   4. Create a support request and work with AWS Support to identify the source of the issue.
2. You are a database administrator for a small company. Over the weekend, some security modifications were made...

To understand the concepts of this chapter in further detail, you can refer to the following sources:

• AWS service limits:

https://docs.aws.amazon.com/awssupport/latest/user/service-limits.html

• AWS Trusted Advisor documentation:

https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html