Checking the Health of a Specific Endpoint

In this case, you would create a check from Route 53 that conducts checks at regular intervals specified by you. Your health checks monitor an endpoint that is either an IP address or a domain name. Route 53 then checks at specified intervals if the server, application, or other resource is operational and/or available. The request can be made to a URL that requires data from other services (such as cached data from Elasticache or static data served from S3 or CloudFront) that would mirror most of the actions your users would perform, or it could be a simple health check page that returns a 200 code showing that the server is up and running.

Calculated health checks (health checks that monitor other health checks) act as a root health check, where descendant checks can fail before the origin is considered unhealthy. This type of health check is designed to fail if any of the alarms are set off.

Security Considerations for Route 53

The following are some of the security considerations we should keep in mind when using the service:

• Use Route 53 health checks with the AWS CloudWatch service to monitor your AWS resources.
• For any domain names registered with the Route 53 service, make sure that you have the Auto Renew option selected. This prevents domain squatters from buying your name if there is a lapse in payment and then selling it back to you at a substantial markup.
• Ensure you have DNS query logging enabled for all of your Route 53 hosted zones.

Having gained a basic understanding of the Route 53 service and the best security practices, you can now go through a brief overview of the cloud databases available in AWS that can be used to store your data.

Cloud Databases

Looking at the following model (Figure 2.5), you may wonder why there are so many databases. This comes from the evolution of application architecture over the past few decades, where specialization, speed, and scale have become keys to success in the cloud computing industry.

Figure 2.5: Database types and services in AWS

Going through each and every type of database that AWS offers is beyond the scope of this chapter. However, this section will cover some of the databases and their basic features, including security, as part of the foundational overview.

Note on Data Security

Data security will be covered in depth in Chapter 17, Protecting Data in Flight and at Rest.

Relational Databases

The word “database” usually brings to mind relational databases and star schemas with rows and columns. Schemas, rows, and columns are associated with relational databases or RDBMS systems. Relational databases in AWS give you the ability to choose from a variety of RDMBS engines, and they are easy to set up and provision, allowing you both to use the databases that you are familiar with and try ones you are not familiar with to see how they perform.

Relational databases in AWS come in three primary flavors. The underlying engines of these flavors can then be classified as community, commercial, or cloud-native. Cloud-native engines are used in the Aurora service since they are built based on community engines and replication capabilities.

As you go to provision a relational database in AWS, you will use Relational Database Service; take a look at that next.