rds
This Claude Code skill provides AWS RDS management capabilities for creating, configuring, and troubleshooting managed relational databases across MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. Use it when provisioning database instances, configuring Multi-AZ deployments and read replicas, managing backups and encryption, scaling storage and compute resources, or diagnosing connectivity and performance issues in RDS environments.
git clone --depth 1 https://github.com/itsmostafa/aws-agent-skills /tmp/rds && cp -r /tmp/rds/skills/rds ~/.claude/skills/rdsSKILL.md
# AWS RDS
Amazon Relational Database Service (RDS) provides managed relational databases including MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Aurora. RDS handles provisioning, patching, backups, and failover.
## Table of Contents
- [Core Concepts](#core-concepts)
- [Common Patterns](#common-patterns)
- [CLI Reference](#cli-reference)
- [Best Practices](#best-practices)
- [Troubleshooting](#troubleshooting)
- [References](#references)
## Core Concepts
### DB Instance Classes
| Category | Example | Use Case |
|----------|---------|----------|
| Standard | db.m6g.large | General purpose |
| Memory Optimized | db.r6g.large | High memory workloads |
| Burstable | db.t3.medium | Variable workloads, dev/test |
### Storage Types
| Type | IOPS | Use Case |
|------|------|----------|
| gp3 | 3,000-16,000 | Most workloads |
| io1/io2 | Up to 256,000 | High-performance OLTP |
| magnetic | N/A | Legacy, avoid |
### Multi-AZ Deployments
- **Multi-AZ Instance**: Synchronous standby in different AZ
- **Multi-AZ Cluster**: One writer, two reader instances (Aurora-like)
### Read Replicas
Asynchronous copies for read scaling. Can be cross-region.
## Common Patterns
### Create a PostgreSQL Instance
**AWS CLI:**
```bash
# Create DB subnet group
aws rds create-db-subnet-group \
--db-subnet-group-name my-db-subnet-group \
--db-subnet-group-description "Private subnets for RDS" \
--subnet-ids subnet-12345678 subnet-87654321
# Create security group (allow PostgreSQL from app)
aws ec2 create-security-group \
--group-name rds-postgres-sg \
--description "RDS PostgreSQL access" \
--vpc-id vpc-12345678
aws ec2 authorize-security-group-ingress \
--group-id sg-rds12345 \
--protocol tcp \
--port 5432 \
--source-group sg-app12345
# Create RDS instance
aws rds create-db-instance \
--db-instance-identifier my-postgres \
--db-instance-class db.t3.medium \
--engine postgres \
--engine-version 16.1 \
--master-username admin \
--master-user-password 'SecurePassword123!' \
--allocated-storage 100 \
--storage-type gp3 \
--db-subnet-group-name my-db-subnet-group \
--vpc-security-group-ids sg-rds12345 \
--multi-az \
--backup-retention-period 7 \
--storage-encrypted \
--no-publicly-accessible
```
**boto3:**
```python
import boto3
rds = boto3.client('rds')
response = rds.create_db_instance(
DBInstanceIdentifier='my-postgres',
DBInstanceClass='db.t3.medium',
Engine='postgres',
EngineVersion='16.1',
MasterUsername='admin',
MasterUserPassword='SecurePassword123!',
AllocatedStorage=100,
StorageType='gp3',
DBSubnetGroupName='my-db-subnet-group',
VpcSecurityGroupIds=['sg-rds12345'],
MultiAZ=True,
BackupRetentionPeriod=7,
StorageEncrypted=True,
PubliclyAccessible=False
)
```
### Create Read Replica
```bash
aws rds create-db-instance-read-replica \
--db-instance-identifier my-postgres-replica \
--source-db-instance-identifier my-postgres \
--db-instance-class db.t3.medium \
--availability-zone us-east-1b
```
### Take a Snapshot
```bash
aws rds create-db-snapshot \
--db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
--db-instance-identifier my-postgres
```
### Restore from Snapshot
```bash
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier my-postgres-restored \
--db-snapshot-identifier my-postgres-snapshot-2024-01-15 \
--db-instance-class db.t3.medium \
--db-subnet-group-name my-db-subnet-group \
--vpc-security-group-ids sg-rds12345
```
### Point-in-Time Recovery
```bash
aws rds restore-db-instance-to-point-in-time \
--source-db-instance-identifier my-postgres \
--target-db-instance-identifier my-postgres-pitr \
--restore-time 2024-01-15T10:30:00Z \
--db-instance-class db.t3.medium
```
### Modify Instance
```bash
# Change instance class (with downtime)
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--db-instance-class db.m6g.large \
--apply-immediately
# Scale storage (no downtime)
aws rds modify-db-instance \
--db-instance-identifier my-postgres \
--allocated-storage 200 \
--apply-immediately
```
### Connect with IAM Authentication
```python
import boto3
import psycopg2
rds = boto3.client('rds')
# Generate auth token
token = rds.generate_db_auth_token(
DBHostname='my-postgres.abc123.us-east-1.rds.amazonaws.com',
Port=5432,
DBUsername='iam_user',
Region='us-east-1'
)
# Connect
conn = psycopg2.connect(
host='my-postgres.abc123.us-east-1.rds.amazonaws.com',
port=5432,
database='mydb',
user='iam_user',
password=token,
sslmode='require'
)
```
## CLI Reference
### Instance Management
| Command | Description |
|---------|-------------|
| `aws rds create-db-instance` | Create instance |
| `aws rds describe-db-instances` | List instances |
| `aws rds modify-db-instance` | Modify settings |
| `aws rds delete-db-instance` | Delete instance |
| `aws rds reboot-db-instance` | Reboot instance |
| `aws rds start-db-instance` | Start stopped instance |
| `aws rds stop-db-instance` | Stop instance |
### Backups
| Command | Description |
|---------|-------------|
| `aws rds create-db-snapshot` | Manual snapshot |
| `aws rds describe-db-snapshots` | List snapshots |
| `aws rds restore-db-instance-from-db-snapshot` | Restore from snapshot |
| `aws rds restore-db-instance-to-point-in-time` | Point-in-time restore |
| `aws rds copy-db-snapshot` | Copy snapshot |
### Replicas
| Command | Description |
|---------|-------------|
| `aws rds create-db-instance-read-replica` | Create read replica |
| `aws rds promote-read-replica` | Promote to standalone |
## Best Practices
### Security
- **Never make publicly accessible** — use VPC and security groups
- **Enable encryption** at rest (KMS) and in transit (SSL)
- **Use IAM authentication** for application access
- **Store credentials in Secrets Manager** with rotation
- **Use parameter groups** to enforce SSL
```bash
# EnforceAWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.
AWS Bedrock foundation models for generative AI. Use when invoking foundation models, building AI applications, creating embeddings, configuring model access, or implementing RAG patterns.
AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks.
AWS CloudWatch monitoring for logs, metrics, alarms, and dashboards. Use when setting up monitoring, creating alarms, querying logs with Insights, configuring metric filters, building dashboards, or troubleshooting application issues.
AWS Cognito user authentication and authorization service. Use when setting up user pools, configuring identity pools, implementing OAuth flows, managing user attributes, or integrating with social identity providers.
AWS DynamoDB NoSQL database for scalable data storage. Use when designing table schemas, writing queries, configuring indexes, managing capacity, implementing single-table design, or troubleshooting performance issues.
>
AWS ECS container orchestration for running Docker containers. Use when deploying containerized applications, configuring task definitions, setting up services, managing clusters, or troubleshooting container issues.