Amazon RDS October 2019 Update

Released on October 29, 2019

Amazon RDS for PostgreSQL Supports User Authentication with Kerberos and Microsoft Active Directory

Amazon RDS for PostgreSQL now supports external authentication of database users using Kerberos and Microsoft Active Directory.  

Amazon RDS for PostgreSQL support for Kerberos and Microsoft Active Directory provides the benefits of single sign-on and centralized authentication of PostgreSQL Database users. Keeping all of your user credentials in the same Active Directory will save you time and effort as you will now have a centralized place for storing and managing them for multiple DB instances. 

With this feature, in addition to the password-based and IAM based authentication methods, you can now authenticate using AWS Managed Microsoft AD Service. You can enable your database users to authenticate against Amazon RDS for PostgreSQL using either the credentials stored in the AWS Directory Service for Microsoft Active Directory, or the credentials stored in your on-premises Microsoft Active Directory, with forest trust relationship established between your on-premise Active Directory and an AWS Managed Active Directory. You can use the same Active Directory for different VPCs within the same AWS region. You can also join Amazon RDS for PostgreSQL instances to shared Active Directory domains owned by different accounts. 

PostgreSQL versions 11.4, 10.9 and above are supported with Active Directory integration. To use your existing on premise Microsoft Active Directory, follow the steps above to set up an AWS managed Active Directory first, then set up a forest trust relationship between your on premise directory and the AWS Managed AD by following the steps shown here.  

Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. 

Amazon RDS for Oracle Sdds Support to Invoke EMCTL Commands for Oracle Enterprise Manager Cloud Control

Amazon RDS for Oracle now supports using Amazon RDS procedures to run certain EMCTL commands on the Oracle Management Agent (OMA) for Oracle Enterprise Manager (OEM) Cloud Control.  

New Amazon RDS procedures have been added which are used to invoke certain EMCTL commands on the Management Agent. By running these procedures, you can get the Management Agent's status, restart the Management Agent, list the targets monitored by the Management Agent, clear the Management Agent's state, force the Management Agent to upload its associated Oracle Management Server (OMS), and ping the Management Agent's OMS.

To learn more about enabling invoking EMCTL commands for Oracle Enterprise Manager Cloud Control, please refer to Amazon RDS for Oracle documentation

Amazon RDS for Oracle makes it easy to set up, operate, and scale Oracle Database deployments in the cloud. See Amazon RDS for Oracle Database Pricing for regional availability.

Amazon RDS Enables Detailed Backup Storage Billing

When using Amazon Relational Database Service (Amazon RDS), you can now view detailed billing at the database instance level. This information is available for RDS automated database backups and manual database snapshots, and can be viewed in AWS Cost Explorer and Cost and Usage Report (CUR).

Once you create tags for your RDS DB instances, you can separate RDS backup charges in AWS Cost Explorer according to the tags of the corresponding DB instances. When you view your Cost and Usage Report (CUR), you’ll find that the ResourceId for each RDS ChargedBackup line contains the name of the corresponding DB instance, and tags associated with the DB instance are marked in additional columns. Note that detailed backup charges have been activated as of October 8, 2019. Your RDS backup charges prior to this date will continue to show up as a single line item per region in your bill.

Amazon RDS detailed backup storage billing is enabled for MySQLMariaDB, PostgreSQLOracle, and SQL Server database engines across all AWS regions. You can learn more by reading our blog post on setting up RDS detailed backup storage billing or log into AWS Cost Explorer to get started.

Amazon RDS for PostgreSQL Supports Minor Version 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24, adds Transportable Database Feature

Following the recent announcement of updates to the PostgreSQL database, we have updated Amazon RDS for PostgreSQL to support new PostgreSQL minor versions. This release contains security fixes, bug fixes and improvements done by the PostgreSQL community.  

With this release, a new Transportable Database feature is added which allows a fast and convenient method of data import and export between databases. By using a new extension pg_transport, large databases can be quickly migrated between RDS PostgreSQL instances. PostgreSQL Transportable Databases is available in RDS for PostgreSQL versions 10.10, 11.5, and newer. For more details about the feature, please refer to the documentation.  

We have also added support for PostGIS 2.5 for all supported major versions. This enables multi major version upgrades to be performed with PostGIS extension, like upgrading from 9.4.24 directly to 11.5 with PostGIS. 

The precheck process used while doing major version upgrades is also improved with this release. Previously, when customers perform major version upgrade, the precheck process scanned for incompatibilities across databases in the instance, but reported only the first issue it encountered. This caused customers to run the major version upgrade process more than once to fix all the incompatible issues and do a successful instance upgrade. The new enhanced precheck process scans for all potential compatibility issues across all databases in the instance and generates detailed, database-level logs. Customers can resolve all the issues based on the logs instead of retrying multiple times. To learn more about the major version upgrade paths and precheck feature, please refer to the documentation

Amazon RDS for PostgreSQL makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. Learn more about upgrading your database instances from the Amazon RDS User Guide. See Amazon RDS for PostgreSQL Pricing for pricing details and regional availability. 

Amazon RDS for Oracle Supports User Authentication with Kerberos and Microsoft Active Directory

Amazon RDS for Oracle now supports external authentication of database users using Kerberos and Microsoft Active Directory.

Kerberos is a network authentication protocol developed by the Massachusetts Institute of Technology (MIT). It uses tickets and symmetric-key cryptography to eliminate the need to transmit passwords over the network. Kerberos has been built into Microsoft Active Directory and is designed to authenticate users to network resources, such as Oracle databases.

Amazon RDS for Oracle support for Kerberos and Microsoft Active Directory provides the benefits of single sign-on and centralized authentication of Oracle Database users. Keeping all of your user credentials in the same Active Directory will save you time and effort as you will now have a centralized place for storing and managing them for multiple DB instances.

With this feature you can enable your database users to authenticate against Amazon RDS for Oracle using either the credentials stored in the AWS Directory Service for Microsoft Active Directory, or the credentials stored in your on-premise Microsoft Active Directory, with forest trust relationship established between your on-premise Active Directory and an AWS Managed Active Directory. You can use the same Active Directory for different VPCs within the same AWS region. You can also join Amazon RDS for Oracle instances to shared Active Directory domains owned by different accounts.

Kerberos authentication with Amazon RDS for Oracle can be used without additional cost or licensing. This feature is supported for 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c versions of Enterprise edition, and 12.1.0.2, 12.2.0.1 and 18c versions of Standard Edition 2.

To use the Kerberos authentication method with your Amazon RDS for Oracle DB instance, please sign up for the AWS Directory Service for Microsoft Active Directory (Enterprise Edition). You can enable Kerberos authentication while creating a new DB instance in the AWS Management Console by selecting an Active Directory record in the Advanced Settings section of the Create DB Instance Wizard in the Amazon RDS console. If the Active Directory record does not yet exist, create a new directory record by clicking on the Create a New Directory link. You can modify an existing DB instance to use the Kerberos authentication method through similar options under the Kerberos authentication section in the Modify DB Instance Wizard. 

To use your existing on premise Microsoft Active Directory, follow the steps above to set up an AWS managed Active Directory first, then set up a forest trust relationship between your on premise directory and the AWS Managed AD by following the steps shown here

Amazon RDS for Oracle makes it easy to set up, operate, and scale Oracle Database deployments in the cloud. To learn more about Kerberos authentication with Amazon RDS for Oracle, including regional availability information, please visit the documentation.  

« Back to Releases

Trustpilot