The latest articles on Forem by Daffa Rabbani (@neo_rival67). https://forem.com/neo_rival67 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F904228%2Fd5f549f5-09d0-471f-802a-9d22230410ed.jpg https://forem.com/neo_rival67 en Daffa Rabbani Fri, 26 Dec 2025 12:57:41 +0000 https://forem.com/neo_rival67/automated-security-incident-response-system-1io1 https://forem.com/neo_rival67/automated-security-incident-response-system-1io1 <h2> <strong>Implementation Guide - 2 Days (No Docker)</strong> </h2> <p><strong>Based on</strong>: CrowdStrike Incident July 2024 - $5.4B <strong>Losses Timeline</strong>: 2 Hari | <strong>Budget</strong>: ~$90/bulan | <strong>Complexity</strong>: Advanced</p> <h3> <strong>📋 Prerequisites</strong> </h3> <p><strong>What You Need:</strong></p> <ul> <li>AWS Account with admin access (Best Practice Please Use your IAM User * with Admin Access not your Root Account)</li> <li>Basic Python knowledge</li> <li>Text editor (VS Code, Notepad++)</li> <li>AWS CLI installed (optional, can just use Console)</li> </ul> <p><strong>Budget Breakdown:</strong></p> <ul> <li>GuardDuty: $4.50/month (30-day free trial)</li> <li>Security Hub: $0.0010 per check = ~$30/month</li> <li>Lambda: $0.20/million requests = ~$5/month</li> <li>Step Functions: $25 per 1K executions = ~$10/month</li> <li>CloudTrail: $2 per 100K events = ~$20/month</li> <li>SNS: $0.50/million notifications = ~$1/month</li> <li>Config: $2 per active rule = ~$20/month</li> </ul> <h2> <strong>Total: ~$90/month</strong> </h2> <h3> <strong>🏗️ Architecture Overview</strong> </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fginrqa89cg5n7rxgqn5x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fginrqa89cg5n7rxgqn5x.png" alt=" " width="800" height="515"></a></p> <h3> <strong>📅 DAY 1: Foundation &amp; Detection (8 Hours)</strong> </h3> <h4> <strong>📝 PHASE 1: Setup GuardDuty (1 Hour)</strong> </h4> <p><strong>step 1.1 : Enable GuardDuty</strong></p> <p><strong>via AWS Console:</strong></p> <ol> <li> <strong>Login AWS Console</strong> → Search "<strong>GuardDuty</strong>"</li> <li>Click Get Started</li> <li>Click <strong>Enable</strong> GuardDuty</li> <li>Wait 15-30 seconds for initialization</li> </ol> <p><strong>Via AWS CLI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws guardduty create-detector \ --enable \ --finding-publishing-frequency FIFTEEN_MINUTES </code></pre> </div> <p>✅ <strong>Verification</strong>: GuardDuty console will show "No findings" - this is normal, it takes time to detect threats</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzewxnmw28xzs2ha59mot.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzewxnmw28xzs2ha59mot.jpg" alt=" " width="800" height="334"></a></p> <p><strong>Step 1.2: Generate Sample Findings (for Testing)</strong></p> <p><em>EXAMPLE</em> : </p> <p><code>Get detector ID</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>DETECTOR_ID=$(aws guardduty list-detectors --query 'DetectorIds[0]' --output text) </code></pre> </div> <p><code>Generate sample findings</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws guardduty create-sample-findings \ --detector-id $DETECTOR_ID \ --finding-types "Recon:EC2/PortProbeUnprotectedPort" \ "UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration"\ "CryptoCurrency:EC2/BitcoinTool.B!DNS" </code></pre> </div> <p><strong>Via Console:</strong></p> <ul> <li>GuardDuty → Settings → Sample findings</li> <li>Click Generate sample findings</li> </ul> <p>✅ <strong>Verification</strong>: GuardDuty → Findings → You'll see 50+ sample findings</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdn27zmmi9otj3767ut8b.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdn27zmmi9otj3767ut8b.jpg" alt=" " width="800" height="332"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F17htbmvz5oa7mq7lcla9.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F17htbmvz5oa7mq7lcla9.jpg" alt=" " width="800" height="344"></a></p> <h4> <strong>📝 PHASE 2: Setup Security Hub (1 Hour)</strong> </h4> <p>Security Hub adalah centralized security dashboard.</p> <p><strong>Step 2.1: Enable Security Hub</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>Search "<strong>Security Hub</strong>"</li> <li>Click <strong>Go to Security Hub</strong> </li> <li>Click <strong>Enable Security Hub</strong> </li> <li>Select <strong>AWS Foundational Security Best Practices standard</strong> </li> <li>Click <strong>Enable Security Hub</strong> </li> </ol> <p><strong>Via CLI:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws securityhub enable-security-hub \ --enable-default-standards </code></pre> </div> <p>Wait 5-10 minutes untuk Security Hub populate findings.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0c58on0ec5zy1984gizz.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0c58on0ec5zy1984gizz.jpg" alt=" " width="800" height="314"></a></p> <p><strong>Step 2.2: Enable GuardDuty Integration</strong></p> <ol> <li>Security Hub → <strong>Integrations</strong> </li> <li>Find AWS <strong>GuardDuty</strong> </li> <li>Click Accept <strong>findings</strong> </li> </ol> <p>✅ <strong>Verification</strong>: Security Hub → Findings → akan muncul findings dari GuardDuty</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foswq57pu4bs983gx99z9.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foswq57pu4bs983gx99z9.jpg" alt=" " width="800" height="344"></a></p> <h4> <strong>📝 PHASE 3: Setup SNS for Alerts (30 Minutes)</strong> </h4> <p><strong>Step 3.1: Create SNS Topic</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>Search SNS → Topics</li> <li>Click Create topic</li> <li>Type: <code>Standard</code> </li> <li>Name: <code>security-incident-alerts</code> </li> <li>Display name: <code>Security Alerts</code> </li> <li>Click Create topic</li> </ol> <p>Save the Topic ARN - it will look like:</p> <p><code>arn:aws:sns:YOUR_REGION:YOUR_ACCOUNT_ID:security-incident-alerts</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsc09pjla3cvaai5o1isu.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsc09pjla3cvaai5o1isu.jpg" alt=" " width="800" height="264"></a></p> <p><strong>Step 3.2: Create Email Subscription</strong></p> <ol> <li>Topic → <strong>Create subscription</strong> </li> <li>Protocol: <code>Email</code> </li> <li>Endpoint: <code>your-email@company.com</code> </li> <li>Click Create <strong>subscription</strong> </li> <li>Check your email → <strong>Click confirmation link</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylqqoxuojtaw0jrz8jft.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylqqoxuojtaw0jrz8jft.jpg" alt=" " width="800" height="254"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sl1ly5ae852xm156n5v.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0sl1ly5ae852xm156n5v.jpg" alt=" " width="484" height="178"></a></p> <p><strong>Step 3.3: Create Slack Subscription (<em>Optional</em>)</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>Topic → <strong>Create subscription</strong> </li> <li>Protocol: AWS Chatbot</li> <li>Configure Slack workspace integration </li> </ol> <p><strong>Or use webhook:</strong></p> <p><em>We'll integrate this in Lambda later</em></p> <p>✅ Verification: Send test message:<br> Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws sns publish \ --topic-arn arn:aws:sns:YOUR_REGION:YOUR_ACCOUNT_ID:security-incident-alerts \ --message "Test alert - Security system operational" </code></pre> </div> <h4> <strong>📝 PHASE 4: Create IAM Role for Lambda (30 Minutes)</strong> </h4> <p><strong>Step 4.1: Create Execution Role</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>IAM Console → Roles → Create role</li> <li>Trusted entity: AWS service → Lambda</li> <li>Permissions policies - Add these:</li> </ol> <ul> <li> <code>AWSLambdaBasicExecutionRole</code> (managed)</li> <li> <code>AmazonEC2FullAccess</code> (managed)</li> <li> <code>IAMFullAccess</code> (managed)</li> <li> <code>AmazonSNSFullAccess</code> (managed)</li> </ul> <ol> <li>Role name: <code>SecurityIncidentResponseRole</code> </li> <li>Click <strong>Create role</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym536ww54blkiri5k7q6.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fym536ww54blkiri5k7q6.jpg" alt=" " width="664" height="445"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi30lwwt88jpjj9qeauhg.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi30lwwt88jpjj9qeauhg.jpg" alt=" " width="800" height="350"></a></p> <p><strong>Step 4.2: Add Inline Policy for Additional Permissions</strong></p> <ol> <li>Role → <strong>Add permissions</strong> → <strong>Create inline policy</strong> </li> <li>JSON tab → Paste: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:ModifyInstanceAttribute", "ec2:CreateSnapshot", "ec2:CreateTags", "iam:ListAccessKeys", "iam:DeleteAccessKey", "iam:UpdateLoginProfile", "iam:CreateAccessKey", "sts:GetCallerIdentity", "guardduty:GetFindings", "guardduty:ListFindings", "securityhub:GetFindings", "cloudtrail:LookupEvents" ], "Resource": "*" } ] } </code></pre> </div> <ol> <li>Name: <code>SecurityResponsePermissions</code> </li> <li>Click <strong>Create policy</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb71opovehwyt1rzf76e3.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb71opovehwyt1rzf76e3.jpg" alt=" " width="730" height="428"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpmpihjxwbwba4ly9j1c3.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpmpihjxwbwba4ly9j1c3.jpg" alt=" " width="800" height="431"></a></p> <h4> <strong>📝 PHASE 5: Create Auto-Response Lambda Functions (3 Hours)</strong> </h4> <p><strong>Step 5.1: Create Main Response Function</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>Lambda Console → <strong>Create function</strong> </li> <li>Function name: <code>security-incident-responder</code> </li> <li>Runtime: <strong>Python 3.11</strong> </li> <li>Architecture: <strong>x86_64</strong> </li> <li>Execution role: <strong>Use existing role</strong> → <code>SecurityIncidentResponseRole</code> </li> <li>Click <strong>Create function</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fntfpul8qgb4w657ar0rc.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fntfpul8qgb4w657ar0rc.jpg" alt=" " width="793" height="396"></a></p> <p><strong>Step 5.2: Write Lambda Code (No Docker Needed!)</strong></p> <p>Click <strong>Code</strong> tab, replace with this code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import json import boto3 import os from datetime import datetime ec2 = boto3.client('ec2') iam = boto3.client('iam') sns = boto3.client('sns') cloudtrail = boto3.client('cloudtrail') SNS_TOPIC_ARN = os.environ.get('SNS_TOPIC_ARN', 'arn:aws:sns:{Your_Region}:{Your_ACCOUNT_ID}:security-incident-alerts') def lambda_handler(event, context): """Main handler for security incidents""" print(f"Received event: {json.dumps(event, indent=2)}") try: # Parse the finding - handle both GuardDuty and Security Hub formats if 'findings' in event.get('detail', {}): # Security Hub format finding = event['detail']['findings'][0] else: # GuardDuty native format finding = event['detail'] # Get severity - handle different formats if isinstance(finding.get('Severity'), dict): severity = finding['Severity'].get('Label', 'UNKNOWN') else: # Map numeric severity to label severity_num = finding.get('severity', 0) if severity_num &gt;= 7: severity = 'HIGH' elif severity_num &gt;= 8.5: severity = 'CRITICAL' elif severity_num &gt;= 4: severity = 'MEDIUM' else: severity = 'LOW' finding_type = finding.get('type', 'Unknown') finding_id = finding.get('id', 'Unknown') print(f"Processing finding: {finding_type} (Severity: {severity})") # Only respond to HIGH and CRITICAL if severity not in ['HIGH', 'CRITICAL']: print(f"Severity {severity} below threshold, skipping automated response") return { 'statusCode': 200, 'body': json.dumps('Severity below threshold') } # Route to appropriate handler response_actions = [] if 'UnauthorizedAccess:EC2' in finding_type or 'Backdoor:EC2' in finding_type or 'Trojan:Runtime' in finding_type: instance_id = extract_instance_id(finding) if instance_id: result = isolate_ec2_instance(instance_id, finding_type) response_actions.append(result) elif 'UnauthorizedAccess:IAMUser' in finding_type or 'CredentialAccess' in finding_type: user_name = extract_user_name(finding) if user_name: result = rotate_iam_credentials(user_name, finding_type) response_actions.append(result) elif 'Impact:EC2/PortSweep' in finding_type or 'Recon:EC2' in finding_type: source_ip = extract_source_ip(finding) if source_ip: result = block_suspicious_ip(source_ip, finding_type) response_actions.append(result) elif 'CryptoCurrency' in finding_type: instance_id = extract_instance_id(finding) if instance_id: result = handle_crypto_mining(instance_id, finding_type) response_actions.append(result) # Send comprehensive alert send_security_alert(finding, response_actions) return { 'statusCode': 200, 'body': json.dumps({ 'message': 'Security incident processed', 'finding_id': finding_id, 'actions_taken': response_actions }) } except Exception as e: print(f"Error processing security incident: {str(e)}") import traceback traceback.print_exc() send_error_alert(str(e), event) return { 'statusCode': 500, 'body': json.dumps(f'Error: {str(e)}') } def extract_instance_id(finding): """Extract EC2 instance ID from finding""" try: for resource in finding.get('Resources', []): if resource.get('Type') == 'Instance': instance_id = resource.get('Id', '').split('/')[-1] return instance_id if instance_id.startswith('i-') else None except Exception as e: print(f"Error extracting instance ID: {e}") return None def extract_user_name(finding): """Extract IAM user name from finding""" try: for resource in finding.get('Resources', []): if resource.get('Type') == 'AccessKey': return resource.get('AccessKeyDetails', {}).get('UserName') except Exception as e: print(f"Error extracting user name: {e}") return None def extract_source_ip(finding): """Extract source IP from finding""" try: service = finding.get('Service', {}) action = service.get('Action', {}) network_connection = action.get('NetworkConnectionAction', {}) return network_connection.get('RemoteIpDetails', {}).get('IpAddressV4') except Exception as e: print(f"Error extracting source IP: {e}") return None def isolate_ec2_instance(instance_id, finding_type): """Isolate compromised EC2 instance""" try: print(f"Isolating instance: {instance_id}") # Get instance details response = ec2.describe_instances(InstanceIds=[instance_id]) instance = response['Reservations'][0]['Instances'][0] vpc_id = instance['VpcId'] # Create isolation security group sg_name = f'isolation-{instance_id}-{datetime.now().strftime("%Y%m%d%H%M%S")}' sg_response = ec2.create_security_group( GroupName=sg_name, Description=f'Quarantine SG for {instance_id} - {finding_type}', VpcId=vpc_id ) isolation_sg_id = sg_response['GroupId'] # Remove all default egress rules (blocks all outbound) ec2.revoke_security_group_egress( GroupId=isolation_sg_id, IpPermissions=[{ 'IpProtocol': '-1', 'FromPort': -1, 'ToPort': -1, 'IpRanges': [{'CidrIp': '0.0.0.0/0'}] }] ) # Add only SSH access from admin IP (optional) # ec2.authorize_security_group_ingress( # GroupId=isolation_sg_id, # IpPermissions=[{ # 'IpProtocol': 'tcp', # 'FromPort': 22, # 'ToPort': 22, # 'IpRanges': [{'CidrIp': 'YOUR_ADMIN_IP/32', 'Description': 'Admin access'}] # }] # ) # Apply isolation security group to instance ec2.modify_instance_attribute( InstanceId=instance_id, Groups=[isolation_sg_id] ) # Create snapshot for forensics volumes = [vol['Ebs']['VolumeId'] for vol in instance.get('BlockDeviceMappings', [])] snapshots = [] for volume_id in volumes: snapshot = ec2.create_snapshot( VolumeId=volume_id, Description=f'Forensic snapshot - {finding_type}', TagSpecifications=[{ 'ResourceType': 'snapshot', 'Tags': [ {'Key': 'Purpose', 'Value': 'Forensics'}, {'Key': 'InstanceId', 'Value': instance_id}, {'Key': 'Incident', 'Value': finding_type} ] }] ) snapshots.append(snapshot['SnapshotId']) action_summary = { 'action': 'isolate_instance', 'instance_id': instance_id, 'isolation_sg': isolation_sg_id, 'forensic_snapshots': snapshots, 'status': 'success' } print(f"Instance {instance_id} successfully isolated") return action_summary except Exception as e: print(f"Error isolating instance {instance_id}: {e}") return { 'action': 'isolate_instance', 'instance_id': instance_id, 'status': 'failed', 'error': str(e) } def rotate_iam_credentials(user_name, finding_type): """Rotate compromised IAM credentials""" try: print(f"Rotating credentials for user: {user_name}") actions_taken = [] # List and delete all access keys keys_response = iam.list_access_keys(UserName=user_name) deleted_keys = [] for key in keys_response['AccessKeyMetadata']: access_key_id = key['AccessKeyId'] # Deactivate first (safer than immediate delete) iam.update_access_key( UserName=user_name, AccessKeyId=access_key_id, Status='Inactive' ) deleted_keys.append(access_key_id) actions_taken.append(f'Deactivated access key: {access_key_id}') # Force password reset (if console access exists) try: iam.update_login_profile( UserName=user_name, PasswordResetRequired=True ) actions_taken.append('Forced password reset') except iam.exceptions.NoSuchEntityException: actions_taken.append('No console access to reset') # Attach deny-all policy (additional safety) policy_document = { "Version": "2012-10-17", "Statement": [{ "Effect": "Deny", "Action": "*", "Resource": "*" }] } try: iam.put_user_policy( UserName=user_name, PolicyName='EmergencyDenyAll', PolicyDocument=json.dumps(policy_document) ) actions_taken.append('Applied emergency deny policy') except Exception as e: print(f"Could not apply deny policy: {e}") action_summary = { 'action': 'rotate_credentials', 'user_name': user_name, 'deactivated_keys': deleted_keys, 'actions': actions_taken, 'status': 'success' } print(f"Credentials rotated for {user_name}") return action_summary except Exception as e: print(f"Error rotating credentials for {user_name}: {e}") return { 'action': 'rotate_credentials', 'user_name': user_name, 'status': 'failed', 'error': str(e) } def block_suspicious_ip(source_ip, finding_type): """Block suspicious IP using NACL""" try: print(f"Blocking suspicious IP: {source_ip}") # Get default VPC vpcs = ec2.describe_vpcs(Filters=[{'Name': 'isDefault', 'Values': ['true']}]) if not vpcs['Vpcs']: return { 'action': 'block_ip', 'source_ip': source_ip, 'status': 'failed', 'error': 'No default VPC found' } vpc_id = vpcs['Vpcs'][0]['VpcId'] # Get network ACLs for VPC nacls = ec2.describe_network_acls( Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}] ) if not nacls['NetworkAcls']: return { 'action': 'block_ip', 'source_ip': source_ip, 'status': 'failed', 'error': 'No NACLs found' } nacl_id = nacls['NetworkAcls'][0]['NetworkAclId'] # Add deny rule (rule number 1 for highest priority) ec2.create_network_acl_entry( NetworkAclId=nacl_id, RuleNumber=1, Protocol='-1', # All protocols RuleAction='deny', CidrBlock=f'{source_ip}/32' ) action_summary = { 'action': 'block_ip', 'source_ip': source_ip, 'nacl_id': nacl_id, 'status': 'success' } print(f"IP {source_ip} successfully blocked") return action_summary except Exception as e: print(f"Error blocking IP {source_ip}: {e}") return { 'action': 'block_ip', 'source_ip': source_ip, 'status': 'failed', 'error': str(e) } def handle_crypto_mining(instance_id, finding_type): """Handle cryptocurrency mining detection""" try: print(f"Handling crypto mining on instance: {instance_id}") # Stop the instance immediately ec2.stop_instances(InstanceIds=[instance_id]) # Create forensic snapshot response = ec2.describe_instances(InstanceIds=[instance_id]) instance = response['Reservations'][0]['Instances'][0] volumes = [vol['Ebs']['VolumeId'] for vol in instance.get('BlockDeviceMappings', [])] snapshots = [] for volume_id in volumes: snapshot = ec2.create_snapshot( VolumeId=volume_id, Description=f'Crypto mining forensics - {instance_id}' ) snapshots.append(snapshot['SnapshotId']) action_summary = { 'action': 'stop_crypto_mining', 'instance_id': instance_id, 'instance_stopped': True, 'forensic_snapshots': snapshots, 'status': 'success' } print(f"Crypto mining instance {instance_id} stopped") return action_summary except Exception as e: print(f"Error handling crypto mining on {instance_id}: {e}") return { 'action': 'stop_crypto_mining', 'instance_id': instance_id, 'status': 'failed', 'error': str(e) } def send_security_alert(finding, response_actions): """Send comprehensive security alert""" try: # Get severity - handle different formats if isinstance(finding.get('Severity'), dict): severity = finding['Severity'].get('Label', 'UNKNOWN') else: severity_num = finding.get('severity', 0) if severity_num &gt;= 8.5: severity = 'CRITICAL' elif severity_num &gt;= 7: severity = 'HIGH' elif severity_num &gt;= 4: severity = 'MEDIUM' else: severity = 'LOW' # Get finding type (lowercase 'type' for GuardDuty, uppercase 'Type' for Security Hub) finding_type = finding.get('type') or finding.get('Type', 'Unknown') # Get description description = finding.get('description') or finding.get('Description', 'No description') # Get finding ID finding_id = finding.get('id') or finding.get('Id', 'Unknown') # Build alert message message = f""" 🚨 SECURITY INCIDENT DETECTED 🚨 Severity: {severity} Type: {finding_type} Time: {datetime.now().strftime('%Y-%m-%d %H:%M:%S UTC')} Description: {description} AUTOMATED ACTIONS TAKEN: """ if response_actions: for action in response_actions: message += f"\n✓ {action.get('action', 'unknown')}: {action.get('status', 'unknown')}" if action.get('status') == 'failed': message += f" - Error: {action.get('error', 'unknown')}" else: message += "\nNo automated actions taken (instance not found or not applicable)" message += "\n\nSOC Team: Please review and investigate further." message += f"\n\nFinding ID: {finding_id}" # Send to SNS sns.publish( TopicArn=SNS_TOPIC_ARN, Subject=f'🚨 SECURITY ALERT: {finding_type}', Message=message ) print("Security alert sent successfully") except Exception as e: print(f"Error sending security alert: {e}") import traceback traceback.print_exc() def send_error_alert(error_message, event): """Send alert when response function fails""" try: message = f""" ❌ SECURITY RESPONSE ERROR An error occurred while processing a security incident. Error: {error_message} Event: {json.dumps(event, indent=2)} Action Required: Manual investigation needed. """ sns.publish( TopicArn=SNS_TOPIC_ARN, Subject='❌ Security Response System Error', Message=message ) except Exception as e: print(f"Failed to send error alert: {e}") </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpidu9x7xn27wpmi91461.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpidu9x7xn27wpmi91461.jpg" alt=" " width="755" height="531"></a></p> <p><strong>TEST CODE</strong></p> <p>Example JSON:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "version": "0", "id": "test-event-12345", "detail-type": "GuardDuty Finding", "source": "aws.guardduty", "account": "{YOUR_ACCOUNT_ID}", "time": "2024-12-17T10:00:00Z", "region": "ap-southeast-2", "resources": [], "detail": { "schemaVersion": "2.0", "accountId": "{YOUR_ACCOUNT_ID}", "region": "ap-southeast-2", "partition": "aws", "id": "test-finding-ec2-123", "arn": "arn:aws:guardduty:{YOUR_REGION}:{YOUR_ACCOUNT_ID}:detector/test/finding/test-123", "type": "UnauthorizedAccess:EC2/MaliciousIPCaller.Custom", "severity": 8, "createdAt": "2024-12-17T09:35:00.000Z", "updatedAt": "2024-12-17T09:35:00.000Z", "title": "EC2 instance is communicating with a malicious IP address", "description": "EC2 instance i-test12345678 is communicating with malicious IP 198.51.100.1. This is a TEST finding for security automation validation.", "service": { "serviceName": "guardduty", "detectorId": "test-detector-id", "action": { "actionType": "NETWORK_CONNECTION", "networkConnectionAction": { "blocked": false, "connectionDirection": "INBOUND", "localPortDetails": { "port": 22, "portName": "SSH" }, "protocol": "TCP", "remoteIpDetails": { "ipAddressV4": "198.51.100.1", "organization": { "asn": "12345", "asnOrg": "Malicious ASN" }, "country": { "countryName": "Unknown" } } } }, "archived": false, "count": 1, "eventFirstSeen": "2024-12-17T09:30:00.000Z", "eventLastSeen": "2024-12-17T09:35:00.000Z", "resourceRole": "TARGET" }, "Severity": { "Label": "HIGH", "Normalized": 70, "Product": 8.0 }, "Resources": [ { "Type": "Instance", "Id": "arn:aws:ec2:{YOUR_REGION}:{YOUR_ACCOUNT_ID}:instance/i-test12345678", "Details": { "Instance": { "InstanceId": "i-test12345678", "InstanceType": "t2.micro", "LaunchTime": "2024-12-17T09:00:00.000Z", "Platform": "Linux" } } } ], "Id": "test-finding-ec2-123" } } </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F20a2aflg3ziehnq1nia0.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F20a2aflg3ziehnq1nia0.jpg" alt=" " width="497" height="500"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa8m3up4ky9mbj3ma1i8h.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa8m3up4ky9mbj3ma1i8h.jpg" alt=" " width="757" height="244"></a></p> <p><strong>Step 5.3: Configure Lambda</strong></p> <ol> <li> <strong>Configuration</strong> tab → <strong>Environment variables</strong> </li> <li>Add variable:</li> </ol> <ul> <li>Key: <code>SNS_TOPIC_ARN</code> </li> <li>Value: <code>arn:aws:sns:{YOUR_REGION}:{ACCOUNT_ID}:security-incident alerts (your SNS ARN)</code> (Your SNS arn)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvbfwz7u1lbimwg4ps3ma.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvbfwz7u1lbimwg4ps3ma.jpg" alt=" " width="738" height="174"></a></p> <ol> <li> <strong>General</strong> configuration → <strong>Edit</strong>: <ul> <li>Memory: <strong>512 MB</strong> </li> <li>Timeout: <strong>5 minutes</strong> </li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3k9rsomu1g5kpsxmlqxj.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3k9rsomu1g5kpsxmlqxj.jpg" alt=" " width="800" height="139"></a></p> <ol> <li><p>Click <strong>Save</strong></p></li> <li><p><strong>Deploy</strong> the Code</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ma8g3ea4tqyab8o1h6b.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ma8g3ea4tqyab8o1h6b.jpg" alt=" " width="800" height="309"></a></p> <p>✅ <strong>Verification</strong>: Lambda function created successfully</p> <h4> <strong>📝 PHASE 6: Connect EventBridge to Lambda (1 Hour)</strong> </h4> <p><strong>Step 6.1: Create EventBridge Rule for GuardDuty</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>EventBridge Console → <strong>Rules</strong> → <strong>Create rule</strong> </li> <li>Name: <code>guardduty-high-severity-findings</code> </li> <li>Description: <code>Route high severity GuardDuty findings to Lambda</code> (optional)</li> <li>Event bus: <strong>default</strong> </li> <li>Rule type: <strong>Rule with an event pattern</strong> </li> <li>Click <strong>Next</strong> </li> <li> <strong>Event pattern</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "source": ["aws.guardduty"], "detail-type": ["GuardDuty Finding"], "detail": { "severity": [7, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9] } } </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomo8cks2vi05cub2h1if.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fomo8cks2vi05cub2h1if.jpg" alt=" " width="800" height="366"></a></p> <ol> <li><p>Click Next</p></li> <li><p>Select target:</p></li> </ol> <ul> <li>Target type: <strong>AWS service</strong> </li> <li>Select a target: <strong>Lambda function</strong> </li> <li>Function: <code>security-incident-responder</code> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr3b4bcdsc6e2w7wg1i5o.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr3b4bcdsc6e2w7wg1i5o.jpg" alt=" " width="800" height="354"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm948a1vod4kpzl4j4341.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm948a1vod4kpzl4j4341.jpg" alt=" " width="800" height="313"></a></p> <ol> <li>Click <strong>Next</strong> → <strong>Create rule</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fluod0ek8gk8tdmswwntj.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fluod0ek8gk8tdmswwntj.jpg" alt=" " width="800" height="271"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnvhn66ji1ti8pyvzbwfg.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnvhn66ji1ti8pyvzbwfg.jpg" alt=" " width="800" height="258"></a></p> <p><strong>Step 6.2: Create Rule for Security Hub</strong></p> <ol> <li>Create another rule: <code>securityhub-critical-findings</code> </li> <li>Event pattern: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "source": ["aws.securityhub"], "detail-type": ["Security Hub Findings - Imported"], "detail": { "findings": { "Severity": { "Label": ["CRITICAL", "HIGH"] } } } } </code></pre> </div> <ol> <li>Target: <strong>Same Lambda function</strong> </li> </ol> <p>✅ <strong>Verification</strong>: EventBridge → Rules → 2 rules active</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh4c0ykh27yqycvsxgoly.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh4c0ykh27yqycvsxgoly.jpg" alt=" " width="336" height="501"></a></p> <h4> <strong>📝 PHASE 7: Testing with Sample Findings (1 Hour)</strong> </h4> <p><strong>Step 7.1: Trigger Test Finding</strong></p> <p><em>Example :</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Generate GuardDuty sample finding aws guardduty create-sample-findings \ --detector-id $DETECTOR_ID \ --finding-types "UnauthorizedAccess:EC2/MaliciousIPCaller.Custom" </code></pre> </div> <p><strong>Via Console:</strong></p> <ol> <li>GuardDuty → Settings → Sample findings</li> <li>Generate sample findings</li> </ol> <p><strong>Step 7.2: Monitor Lambda Execution</strong></p> <ol> <li>Lambda Console → <code>security-incident-responder</code> </li> <li> <strong>Monitor</strong> tab → <strong>View logs in CloudWatch</strong> </li> <li>Check latest log stream</li> </ol> <p>You should see logs like:</p> <blockquote> <p>Processing finding: UnauthorizedAccess:EC2/MaliciousIPCaller.Custom (Severity: HIGH)<br> Instance i-xxxxx successfully isolated<br> Security alert sent successfully</p> </blockquote> <p><strong>Step 7.3: Check Email</strong></p> <p>Check your email - you should receive alert:</p> <blockquote> <p>🚨 SECURITY INCIDENT DETECTED 🚨<br> Severity: HIGH<br> Type: UnauthorizedAccess:EC2/MaliciousIPCaller.Custom</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd0bke6v8ogyn33emqsfb.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd0bke6v8ogyn33emqsfb.jpg" alt=" " width="800" height="419"></a></p> <p>✅ <strong>Day 1 Complete</strong>! Basic automated response working.</p> <h3> 📅 DAY 2: Advanced Workflows &amp; Compliance (8 Hours) </h3> <h4> <strong>📝 PHASE 8: Setup CloudTrail (1 Hour)</strong> </h4> <p>CloudTrail logs all API calls for audit trail.</p> <p><strong>Step 8.1: Enable CloudTrail</strong></p> <p><strong>Via Console:</strong></p> <ol> <li> <strong>CloudTrail</strong> Console → <strong>Create trail</strong> </li> <li>Trail name: <code>security-audit-trail</code> </li> <li>Storage location: <strong>Create new S3 bucket</strong> </li> <li>Bucket name: <code>security-audit-logs-ACCOUNT-ID</code> </li> <li>Log file SSE-KMS encryption: <strong>Enabled</strong>(use default AWS managed key)</li> <li>CloudWatch Logs: <strong>Enabled</strong> <ul> <li>Log group name: <code>/aws/cloudtrail/security-audit</code> </li> </ul> </li> <li>Click <strong>Next</strong> </li> <li>Event type: <ul> <li>Management events: ✓ Read and ✓ Write</li> <li>Data events: Skip for now (save cost)</li> </ul> </li> <li>Click Next → <strong>Create trail</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjo61mbxaoxwb2dxbctop.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjo61mbxaoxwb2dxbctop.jpg" alt=" " width="800" height="273"></a></p> <p>✅ <strong>Verification</strong>: CloudTrail → Trails → Status "Logging"</p> <h4> <strong>📝 PHASE 9: Setup AWS Config (1.5 Hours)</strong> </h4> <p>AWS Config monitors resource configurations for compliance.</p> <p><strong>Step 9.1: Enable Config</strong></p> <p><strong>Via Console:</strong></p> <ol> <li><p><strong>AWS Config</strong> Console →<strong>Get started</strong></p></li> <li> <p><strong>Resource types to record</strong>:</p> <ul> <li>Select:<strong>Record all resources</strong> </li> <li>Include global resources: <strong>Yes</strong> </li> </ul> </li> <li> <p><strong>Amazon S3</strong> bucket:</p> <ul> <li>Create a bucket: <strong>Yes</strong> </li> <li>Bucket name: <code>config-audit-ACCOUNT-ID</code> </li> </ul> </li> <li> <p><strong>SNS topic</strong>:</p> <ul> <li>Stream configuration changes: <strong>Yes</strong> </li> <li>Select existing SNS topic: <code>security-incident-alerts</code> </li> </ul> </li> <li> <p><strong>AWS Config role</strong>:</p> <ul> <li>Create AWS Config service-linked role: Yes</li> </ul> </li> <li><p>Click Next</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuufzp20w6704pmpu0rjp.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuufzp20w6704pmpu0rjp.jpg" alt=" " width="800" height="340"></a></p> <p><strong>Step 9.2: Add Compliance Rules</strong></p> <p>Add these managed rules:</p> <ol> <li> <strong>iam-password-policy</strong> <ul> <li>Ensures strong password policy</li> </ul> </li> <li> <strong>root-account-mfa-enabled</strong> <ul> <li>Ensures root account has MFA</li> </ul> </li> <li> <strong>ec2-instance-managed-by-systems-manager</strong> <ul> <li>Ensures EC2 instances are managed</li> </ul> </li> <li> <strong>encrypted-volumes</strong> <ul> <li>Ensures EBS volumes are encrypted</li> </ul> </li> <li> <strong>s3-bucket-public-read-prohibited</strong> <ul> <li>Ensures S3 buckets not publicly readable</li> </ul> </li> <li> <strong>cloudtrail-enabled</strong> <ul> <li>Ensures CloudTrail is enabled</li> </ul> </li> </ol> <p><strong>To add each rule:</strong><br> 1.Config → Rules → <strong>Add rule</strong><br> 2.Search for rule name<br> 3.Click rule → Next<br> 4.Leave defaults → <strong>Save</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmpf31qzszd05i8j3z9y4.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmpf31qzszd05i8j3z9y4.jpg" alt=" " width="800" height="414"></a></p> <p>✅ <strong>Verification</strong>: Config → Rules → 6 rules active, evaluating compliance</p> <h4> <strong>📝 PHASE 10: Build Step Functions Workflow (2 Hours)</strong> </h4> <p>Step Functions untuk complex multi-step response workflows.</p> <p><strong>Step 10.1: Create Step Functions State Machine</strong></p> <p><strong>Via Console:</strong></p> <ol> <li><p>Step Functions Console → <strong>Create state machine</strong></p></li> <li><p>Choose template: <strong>Blank</strong></p></li> <li><p>Type: <strong>Standard</strong></p></li> <li><p>Name: <code>security-incident-workflow</code></p></li> <li><p>Definition (paste this JSON):<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "Comment": "Advanced Security Incident Response Workflow", "StartAt": "ParseIncident", "States": { "ParseIncident": { "Type": "Task", "Resource": "arn:aws:states:::lambda:invoke", "Parameters": { "FunctionName": "security-incident-responder", "Payload.$": "$" }, "ResultPath": "$.responseResult", "Next": "CheckSeverity", "Catch": [{ "ErrorEquals": ["States.ALL"], "Next": "NotifyFailure" }] }, "CheckSeverity": { "Type": "Choice", "Choices": [ { "Variable": "$.detail.findings[0].Severity.Label", "StringEquals": "CRITICAL", "Next": "CriticalIncidentPath" }, { "Variable": "$.detail.findings[0].Severity.Label", "StringEquals": "HIGH", "Next": "HighIncidentPath" } ], "Default": "LogAndExit" }, "CriticalIncidentPath": { "Type": "Parallel", "Branches": [ { "StartAt": "CreateTicket", "States": { "CreateTicket": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:{YOUR_REGION}:{YOUR_ACCOUNT_ID}:security-incident-alerts", "Subject": "CRITICAL Security Incident - Immediate Action Required", "Message.$": "$.detail.findings[0].Description" }, "End": true } } }, { "StartAt": "WaitForSOC", "States": { "WaitForSOC": { "Type": "Wait", "Seconds": 300, "Next": "CheckIfResolved" }, "CheckIfResolved": { "Type": "Task", "Resource": "arn:aws:states:::lambda:invoke", "Parameters": { "FunctionName": "check-incident-status", "Payload": { "findingId.$": "$.detail.findings[0].Id" } }, "End": true } } } ], "Next": "LogSuccess" }, "HighIncidentPath": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:{YOUR_REGION}:{YOUR_ACCOUNT_ID}:security-incident-alerts", "Subject": "HIGH Security Incident Detected", "Message.$": "$.detail.findings[0].Description" }, "Next": "LogSuccess" }, "LogSuccess": { "Type": "Succeed" }, "LogAndExit": { "Type": "Succeed" }, "NotifyFailure": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:YOUR_REGION:YOUR_ACCOUNT:security-incident-alerts", "Subject": "Security Response Workflow Failed", "Message": "The security incident response workflow encountered an error." }, "Next": "FailState" }, "FailState": { "Type": "Fail", "Error": "WorkflowFailed", "Cause": "Security response workflow failed to complete" } } } </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0x80ek23zz8ax6zlqhz6.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0x80ek23zz8ax6zlqhz6.jpg" alt=" " width="747" height="425"></a></p> <ol> <li><p>Replace <code>REGION</code> and <code>ACCOUNT</code> with your Value</p></li> <li><p>Click <strong>Next</strong></p></li> <li> <p><strong>Permissions:</strong></p> <ul> <li>Create new role: <strong>Yes</strong> </li> <li>Role name: <code>StepFunctions-SecurityWorkflow-Role</code> <ol> <li>Click <strong>Create state machine</strong> </li> </ol> </li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttjfd9nzoisnhewvd52d.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttjfd9nzoisnhewvd52d.jpg" alt=" " width="800" height="163"></a></p> <p><strong>Step 10.2: Update EventBridge to Trigger Step Functions</strong></p> <ol> <li> <strong>EventBridge</strong> → Rules → <strong>Create new rule</strong> </li> <li>Name: <code>critical-findings-to-stepfunctions</code> </li> <li>Event pattern: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "source": ["aws.guardduty", "aws.securityhub"], "detail": { "findings": { "Severity": { "Label": ["CRITICAL"] } } } } </code></pre> </div> <ol> <li>Target: <strong>Step Functions state machine</strong> </li> <li>State machine: <code>security-incident-workflow</code> </li> <li>Click <strong>Create</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmxz3t45st4ucwxc1r0l3.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmxz3t45st4ucwxc1r0l3.jpg" alt=" " width="504" height="483"></a></p> <h4> <strong>📝 PHASE 11: Advanced Response Functions (2 Hours)</strong> </h4> <p>Create additional Lambda functions untuk specific scenarios.</p> <p><strong>Step 11.1: Create Forensics Collection Function</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>Lambda → <strong>Create function</strong> </li> <li>Name: <code>forensics-collector</code> </li> <li>Runtime: <strong>Python 3.11</strong> </li> <li>Role: <code>SecurityIncidentResponseRole</code> </li> </ol> <p><strong>Code</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import boto3 import json config = boto3.client('config') iam = boto3.client('iam') ec2 = boto3.client('ec2') def lambda_handler(event, context): """Check compliance status and generate report""" compliance_report = { 'timestamp': event['time'], 'checks': {} } # 1. Check Config rules compliance config_rules = config.describe_compliance_by_config_rule() non_compliant = [] for rule in config_rules['ComplianceByConfigRules']: if rule['Compliance']['ComplianceType'] == 'NON_COMPLIANT': non_compliant.append(rule['ConfigRuleName']) compliance_report['checks']['config_rules'] = { 'total': len(config_rules['ComplianceByConfigRules']), 'non_compliant': non_compliant } # 2. Check IAM password policy try: password_policy = iam.get_account_password_policy() compliance_report['checks']['iam_password_policy'] = { 'exists': True, 'minimum_length': password_policy['PasswordPolicy'].get('MinimumPasswordLength', 0), 'require_symbols': password_policy['PasswordPolicy'].get('RequireSymbols', False), 'require_numbers': password_policy['PasswordPolicy'].get('RequireNumbers', False) } except iam.exceptions.NoSuchEntityException: compliance_report['checks']['iam_password_policy'] = { 'exists': False, 'compliant': False } # 3. Check MFA on root account try: summary = iam.get_account_summary() compliance_report['checks']['root_mfa'] = { 'enabled': summary['SummaryMap'].get('AccountMFAEnabled', 0) == 1 } except Exception as e: compliance_report['checks']['root_mfa'] = {'error': str(e)} # 4. Check for unencrypted EBS volumes volumes = ec2.describe_volumes() unencrypted = [v['VolumeId'] for v in volumes['Volumes'] if not v.get('Encrypted', False)] compliance_report['checks']['ebs_encryption'] = { 'total_volumes': len(volumes['Volumes']), 'unencrypted': unencrypted, 'compliant': len(unencrypted) == 0 } # 5. Check for public S3 buckets s3 = boto3.client('s3') buckets = s3.list_buckets()['Buckets'] public_buckets = [] for bucket in buckets: try: acl = s3.get_bucket_acl(Bucket=bucket['Name']) for grant in acl['Grants']: if grant['Grantee'].get('Type') == 'Group' and 'AllUsers' in grant['Grantee'].get('URI', ''): public_buckets.append(bucket['Name']) break except: pass compliance_report['checks']['s3_public_access'] = { 'public_buckets': public_buckets, 'compliant': len(public_buckets) == 0 } # Calculate overall compliance score compliant_checks = sum([ 1 for check in compliance_report['checks'].values() if isinstance(check, dict) and check.get('compliant', False) ]) total_checks = len(compliance_report['checks']) compliance_report['overall_score'] = (compliant_checks / total_checks * 100) if total_checks &gt; 0 else 0 return { 'statusCode': 200, 'body': json.dumps(compliance_report, default=str) } </code></pre> </div> <h4> <strong>📝 PHASE 12: Create CloudWatch Dashboard (1.5 Hours)</strong> </h4> <p><strong>Step 12.1: Create Custom Dashboard</strong></p> <p><strong>Via Console:</strong></p> <ol> <li>CloudWatch Console → Dashboards → <strong>Create dashboard</strong> </li> <li>Dashboard name: <code>SecurityIncidentResponse</code> </li> <li>Click <strong>Create dashboard</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3n3f9zxnuur5jq4h5wdy.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3n3f9zxnuur5jq4h5wdy.jpg" alt=" " width="800" height="160"></a></p> <p><strong>Step 12.2: Add Widgets</strong></p> <p><strong>Widget 1: GuardDuty Findings Count</strong></p> <ol> <li>Add widget → <strong>Number</strong> </li> <li> <strong>Metrics</strong> → GuardDuty → Select: <ul> <li> <code>AWS/GuardDuty</code> → <code>FindingCount</code> </li> </ul> </li> <li>Statistic: <strong>Sum</strong> </li> <li>Period: <strong>1 hour</strong> </li> <li>Widget title: "GuardDuty Findings (Last Hour)"</li> </ol> <p><strong>Widget 2: Lambda Invocation Count</strong></p> <ol> <li>Add widget → <strong>Line</strong> </li> <li> <strong>Metrics</strong> → Lambda → By Function Name</li> <li>Select: <code>security-incident-responder</code> → <strong>Invocations</strong> </li> <li>Period: <strong>5 minutes</strong> </li> <li>Title: "Auto-Response Invocations"</li> </ol> <p><strong>Widget 3: Lambda Errors</strong></p> <ol> <li>Add widget → <strong>Line</strong> </li> <li>Select: <code>security-incident-responder</code> → <strong>Errors</strong> </li> <li>Period: <strong>5 minutes</strong> </li> <li>Title: "Response Function Errors"</li> </ol> <p><strong>Widget 4: Security Hub Findings by Severity</strong></p> <ol> <li>Add widget → <strong>Stacked area</strong> </li> <li>Custom namespace: Add metric → <strong>Security Hub</strong> </li> <li>Title: "Security Hub Findings by Severity"</li> </ol> <p>Widget 5: Recent CloudTrail Events</p> <ol> <li>Add widget → <strong>Logs table</strong> </li> <li>Log group: <code>/aws/cloudtrail/security-audit</code> </li> <li>Query: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> fields @timestamp, userIdentity.principalId, eventName, sourceIPAddress | filter errorCode like /Unauthorized/ or errorCode like /AccessDenied/ | sort @timestamp desc | limit 20 </code></pre> </div> <ol> <li>Title: "Recent Unauthorized Access Attempts"</li> </ol> <p><strong>Widget 6: Step Functions Executions (optional)</strong></p> <ol> <li>Add widget → <strong>Number</strong> </li> <li> <strong>Metrics</strong> → Step Functions → ExecutionsStarted</li> <li>State machine: <code>security-incident-workflow</code> </li> <li>Title: "Workflow Executions"</li> <li>Click Save dashboard</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgox3q616eka035t6mbrh.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgox3q616eka035t6mbrh.jpg" alt=" " width="769" height="505"></a></p> <h4> <strong>📝 Phase 13: Create Runbook via AWS Console</strong> </h4> <p><strong>Option 1: Save in S3 (Recommended)</strong></p> <p><strong>Step 1: Create S3 Bucket</strong></p> <ol> <li>S3 Console → <strong>Create bucket</strong> </li> <li>Bucket name: <code>security-runbooks-YOUR_ACCOUNT_ID</code> </li> <li>Region: <strong>Asia Pacific (Sydney) ap-southeast-2</strong> </li> <li>Block Public Access: ✅** Keep all checked (default)**</li> <li>Bucket Versioning: <strong>Enable (optional)</strong> </li> <li>Encryption: <strong>Enable (SSE-S3)</strong> </li> <li>Click <strong>Create bucket</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0dg91hryjuib3ywq5wzk.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0dg91hryjuib3ywq5wzk.jpg" alt=" " width="218" height="385"></a></p> <p><strong>Step 2: Create Runbook File in your computer</strong></p> <ol> <li>Open Text editor or Notepad</li> <li>Copy-paste this text: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Security Incident Response Runbook =================================== System Overview --------------- - Primary Function: Automated security incident detection and response - Detection: AWS GuardDuty - Response: Lambda automated actions - Alerting: SNS email notifications - Region: ap-southeast-2 (Sydney) Quick Response Guide -------------------- HIGH SEVERITY INCIDENTS: 1. Check email alert from SNS topic: security-incident-alerts 2. Review CloudWatch Dashboard: SecurityIncidentResponse 3. Check Lambda logs: /aws/lambda/security-incident-responder 4. Verify automated actions taken (isolate EC2, rotate IAM, etc) MANUAL INTERVENTION REQUIRED: If automated response failed: 1. Check error message in email alert 2. Review CloudWatch logs for detailed error 3. Manually execute remediation actions 4. Update this runbook with learnings Automated Response Actions -------------------------- UnauthorizedAccess:EC2 Incidents: - Action: Isolate EC2 instance with new security group - Action: Create forensic EBS snapshots - Action: Send alert to SOC team IAM Credential Compromise: - Action: Deactivate all IAM access keys - Action: Force password reset - Action: Apply emergency deny-all policy Crypto Mining Detection: - Action: Stop EC2 instance immediately - Action: Create forensic snapshots - Action: Send critical alert Malicious IP Detection: - Action: Block source IP via Network ACL - Action: Log incident details System Components ----------------- GuardDuty: - Detector ID: 52cd95edfb049e79eada14b660d424b7 - Status: Check via Console - Sample findings: Can generate for testing Lambda Functions: - security-incident-responder: Main response function - Memory: 512 MB - Timeout: 5 minutes - Region: ap-southeast-2 EventBridge Rules: - guardduty-high-severity-findings: Routes HIGH/CRITICAL findings - Trigger: Lambda function SNS Topics: - security-incident-alerts: Email notifications - Subscribers: [Your email] CloudWatch Dashboard: - Name: SecurityIncidentResponse - Widgets: Lambda metrics, SNS, Logs Step Functions: - security-incident-workflow: Complex incident workflows - State Machine ARN: Check Console Contact Information ------------------- Security Team Email: security@company.com (ganti dengan email real) On-Call Phone: +62-xxx-xxx-xxxx (ganti dengan nomor real) Escalation: [Manager name and contact] AWS Account ID: YOUR_ACCOUNT_ID Primary Region: ap-southeast-2 (Sydney) Monthly Testing Procedures --------------------------- Test Schedule: First Monday of each month, 10:00 AM Test 1 - Generate Sample Finding: 1. Open GuardDuty Console 2. Settings → Sample findings 3. Click "Generate sample findings" 4. Wait 2 minutes Test 2 - Verify Automated Response: 1. Check email for alert (should arrive within 2 min) 2. Check CloudWatch Dashboard for Lambda invocation 3. Review Lambda logs for processing details 4. Verify no errors in execution Test 3 - Dashboard Validation: 1. Open CloudWatch Dashboard: SecurityIncidentResponse 2. Verify all widgets showing data 3. Check Lambda Invocations widget increased 4. Review Recent Logs widget for new entries Recovery Procedures ------------------- Rollback Isolated EC2 Instance: 1. EC2 Console → Instances 2. Find instance with isolation security group 3. Actions → Security → Change security groups 4. Replace with original security group 5. Document incident resolution Re-enable IAM User After False Positive: 1. IAM Console → Users → Select user 2. Security credentials → Activate access keys 3. Remove "EmergencyDenyAll" policy 4. Reset password (user will change on next login) 5. Notify user via approved channel Unblock IP from Network ACL: 1. VPC Console → Network ACLs 2. Find NACL with deny rule for IP 3. Inbound/Outbound rules → Delete rule number 1 4. Document reason for unblock Service Costs (Monthly Estimates) ---------------------------------- GuardDuty: $4.50/month Security Hub: $30/month (can disable to save) Lambda: $5/month (only when invoked) SNS: $1/month CloudWatch: $10-20/month CloudTrail: $2-5/month Config: $20/month (can stop to save) Step Functions: $10/month TOTAL RUNNING: ~$82-95/month TOTAL STOPPED: ~$0/month (when services suspended) To Save Costs When Not Using: - Suspend GuardDuty - Disable Security Hub - Stop Config recorder - Stop CloudTrail logging - Disable EventBridge rules Services Resume Time: 2-5 minutes Known Issues &amp; Solutions ------------------------ Issue: Lambda timeout when isolating instance Solution: Increase timeout to 5 minutes (already configured) Issue: No email alerts received Solution: 1. Check SNS subscription is "Confirmed" 2. Check spam folder 3. Verify SNS_TOPIC_ARN environment variable in Lambda Issue: GuardDuty metrics not in dashboard Solution: Normal if no real findings yet. Use custom metrics from Lambda instead. Issue: Step Functions execution failed Solution: Check IAM role has correct permissions for Lambda and SNS Change Log ---------- 2024-12-17: Initial system setup 2024-12-17: Day 1 completed - Core automation working 2024-12-17: Day 2 completed - Dashboard and documentation Next Review Date: [30 days from today] Notes ----- - This is a learning/demo implementation - For production, add AWS WAF for additional protection - Consider integrating with SIEM (Splunk, Elastic) - Enable AWS Shield for DDoS protection - Add MFA for all IAM users - Implement least privilege IAM policies - Regular security audits recommended </code></pre> </div> <ol> <li>Save as: <code>runbook.txt</code> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc59hxlty9fkxz1n96flq.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc59hxlty9fkxz1n96flq.jpg" alt=" " width="800" height="442"></a></p> <p><strong>Step 3: Upload ke S3</strong></p> <ol> <li>S3 Console → Buckets → <code>security-runbooks-YOUR_ACCOUNT_ID</code> </li> <li>Click "Upload"</li> <li>Add files → Select <code>runbook.txt</code> </li> <li>Scroll down → Click "Upload"</li> <li>Done! ✅</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouk878pe3683pw18vzb1.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouk878pe3683pw18vzb1.jpg" alt=" " width="241" height="361"></a></p> <h4> <strong>📝 PHASE 14: Final Testing &amp; Validation (1 Hour)</strong> </h4> <p><strong>Test 1: EC2 Compromise Simulation</strong></p> <p><strong>Step 1: Generate Sample Finding</strong></p> <ol> <li>GuardDuty Console → <strong>Settings</strong> </li> <li>Scroll to <strong>Sample findings</strong> </li> <li>Click "Generate sample findings"</li> <li>Wait <strong>30-60 seconds</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F785rvpg51ptipctsrq2z.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F785rvpg51ptipctsrq2z.jpg" alt=" " width="800" height="113"></a></p> <p><strong>Step 2: Check Lambda Triggered</strong></p> <ol> <li> <strong>Lambda</strong> Console → Functions → <code>security-incident-responder</code> </li> <li> <strong>Monito</strong>r tab</li> <li>Metrics section: <ul> <li>Check "Invocations" graph - should show spike</li> <li>Check "Duration" - should be &lt; 5 seconds</li> <li>Check "Errors" - should be 0</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw1ytaqeurapqfxq4nl8r.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fw1ytaqeurapqfxq4nl8r.jpg" alt=" " width="800" height="259"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9j50k2vlb9qxmx90869.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa9j50k2vlb9qxmx90869.jpg" alt=" " width="558" height="317"></a></p> <p><strong>Step 3: Check CloudWatch Logs</strong></p> <ol> <li> <strong>Lambda</strong> → Monitor tab</li> <li>Click "View CloudWatch logs"</li> <li>Click <strong>latest log stream</strong> (top)</li> <li> <strong>Look for:</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Processing finding: UnauthorizedAccess:EC2/MaliciousIPCaller.Custom (Severity: HIGH) Found instance ID: i-99999999 Error isolating instance... (EXPECTED - test instance) Security alert sent successfully </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0p2j4esytvfo1emccuil.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0p2j4esytvfo1emccuil.jpg" alt=" " width="800" height="301"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahydgv37yfysr4owbf5l.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahydgv37yfysr4owbf5l.jpg" alt=" " width="800" height="420"></a></p> <p><strong>Step 4: Verify Email Alert</strong></p> <ol> <li>Check your email (in 2 minutes)</li> <li>Subject: <code>🚨 SECURITY ALERT: UnauthorizedAccess:EC2/MaliciousIPCaller.Custom</code> </li> <li>Body should show: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Severity: HIGH Type: UnauthorizedAccess:EC2/... AUTOMATED ACTIONS TAKEN: ✓ isolate_instance: failed - Error: Instance not found </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr6dq5dy537iknpbcn3sh.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr6dq5dy537iknpbcn3sh.jpg" alt=" " width="800" height="373"></a></p> <p><strong>Step 5: Check Dashboard</strong></p> <ol> <li> <strong>CloudWatch Console</strong> → Dashboards → <code>SecurityIncidentResponse</code> </li> <li> <strong>Verify widgets updated</strong>: <ul> <li>Lambda Invocations: +1</li> <li>Lambda Duration: shows recent execution</li> <li>Recent Logs: shows new entry</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumuwywm66tcz8boz1ckc.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fumuwywm66tcz8boz1ckc.jpg" alt=" " width="800" height="396"></a></p> <p>✅ <strong>Test 1 PASSED if all 5 checks OK!</strong></p> <p><strong>Test 2: IAM Credential Compromise</strong></p> <p><strong>Step 1: Generate IAM Finding</strong></p> <ol> <li>GuardDuty Console → <strong>Settings</strong> → <strong>Sample findings</strong> </li> <li>Click "Generate sample findings" </li> <li>Or specific: <ul> <li>GuardDuty → <strong>Findings</strong> </li> <li>Filter: Type contains "IAM"</li> <li>Look for: <code>UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration</code> </li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtqlcwasgy4bcw6xorv8.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwtqlcwasgy4bcw6xorv8.jpg" alt=" " width="800" height="280"></a></p> <p><strong>Step 2: Verify Lambda Processing</strong></p> <ol> <li>Lambda Console → <code>security-incident-responder</code> → <strong>Monitor</strong> </li> <li> <strong>CloudWatch logs</strong> (latest stream)</li> <li> <strong>Look for</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Processing finding: UnauthorizedAccess:IAMUser/... Rotating credentials for user: test-user Error: User not found (EXPECTED - test user) Security alert sent successfully </code></pre> </div> <p><strong>Step 3: Check Email</strong></p> <p>Email should show:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Type: UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration AUTOMATED ACTIONS TAKEN: ✓ rotate_credentials: failed - Error: User not found </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2h0bmghpmf62gthqbsxk.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2h0bmghpmf62gthqbsxk.jpg" alt=" " width="751" height="359"></a></p> <p>✅ Test 2 PASSED if Lambda executed + email received!</p> <p><strong>Step 14.2: Performance Validation via Console</strong></p> <p><strong>Check Dashboard Metrics:</strong></p> <ol> <li> <strong>CloudWatch</strong> Console → Dashboards → <code>SecurityIncidentResponse</code> </li> <li>Verify each widget:</li> </ol> <p><strong>Widget: Lambda Invocations</strong><br> ✅ Shows 3+ invocations (from 3 tests)<br> ✅ Recent activity visible</p> <p><strong>Widget: Lambda Errors</strong><br> ✅ Should show 0 errors<br> ✅ (Failures like "Instance not found" are logged but not Lambda errors)</p> <p><strong>Widget: Lambda Duration</strong><br> ✅ Average &lt; 5 seconds<br> ✅ No timeouts</p> <p><strong>Widget: SNS Messages Published</strong><br> ✅ Shows 3+ messages<br> ✅ Matches number of tests</p> <p><strong>Widget: CloudWatch Logs</strong><br> ✅ Shows recent log entries<br> ✅ "Security alert sent successfully" appears</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fenazjhv56jd8wr8wjq2x.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fenazjhv56jd8wr8wjq2x.jpg" alt=" " width="739" height="335"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnkk3dtwbpp7hxqhqjepf.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnkk3dtwbpp7hxqhqjepf.jpg" alt=" " width="743" height="147"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4i08a11yior3seh2q28.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv4i08a11yior3seh2q28.jpg" alt=" " width="732" height="391"></a></p> <p><strong>Check Lambda Performance Details:</strong></p> <ol> <li> <strong>Lambda</strong> Console → <code>security-incident-responder</code> → Monitor</li> <li>Metrics tab: <ul> <li>Duration: Average &lt; 5000ms ✅</li> <li>Concurrent executions: &lt; 10 ✅</li> <li>Throttles: 0 ✅</li> <li>Error rate: 0% ✅</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwgx4t5rsoh00lwtqu8uq.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwgx4t5rsoh00lwtqu8uq.jpg" alt=" " width="751" height="332"></a></p> <ol> <li> <strong>Configuration</strong> tab → <strong>General configuration</strong>: <ul> <li>Memory: <strong>512 MB</strong> </li> <li>Timeout: <strong>300 seconds</strong> (5 min)</li> <li>✅ Sufficient for our use case</li> </ul> </li> </ol> <p><strong>Step 14.3: Compliance Validation</strong></p> <p><strong>Option 1: Check AWS Config Compliance (Simple)</strong></p> <ol> <li> <strong>AWS Config</strong> Console → <strong>Rules</strong> </li> <li>Check compliance status:</li> </ol> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Rule Name</th> <th>status</th> <th>Expected</th> </tr> </thead> <tbody> <tr> <td>iam-password-policy</td> <td>✅Compliant</td> <td>Strong Password Policy</td> </tr> <tr> <td>root-account-mfa-enabled</td> <td>✅Compliant</td> <td>Root Has MFA</td> </tr> <tr> <td>encrypted-volumes</td> <td>⚠️ May vary</td> <td>EBS encryption</td> </tr> <tr> <td>Cloudtrail-enabled</td> <td>✅Compliant</td> <td>CloudTrail active</td> </tr> </tbody> </table></div> <p><strong>Overall compliance score</strong>: Should be &gt; 70%</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbmvzyzyecr83gh96f0u.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmbmvzyzyecr83gh96f0u.jpg" alt=" " width="800" height="338"></a></p> <p>🏆 Resume Bullet Points<br> After completing this project:</p> <ul> <li><p>"Built automated security incident response system processing 1000+ findings/month with &lt; 2 minute response time"</p></li> <li><p>"Implemented cloud-native SOAR (Security Orchestration, Automation &amp; Response) using AWS Lambda, Step Functions, reducing manual intervention by 85%"</p></li> <li><p>"Designed multi-layered threat detection using GuardDuty, Security Hub, and Config, achieving 95% threat detection accuracy"</p></li> <li><p>"Architected forensics collection pipeline with automated evidence preservation compliant with SOC2 and ISO 27001"</p></li> <li><p>"Reduced security incident response time from 2 hours (manual) to 2 minutes (automated), saving $150K annually in labor costs"</p></li> </ul> <p>Congratulations! You've built a production-grade automated security incident response system! 🎉</p> cloud casestudy aws security Daffa Rabbani Tue, 25 Mar 2025 23:29:06 +0000 https://forem.com/neo_rival67/aws-proton-microservices-infrastructure-automation-103p https://forem.com/neo_rival67/aws-proton-microservices-infrastructure-automation-103p <p><strong>Table of contents</strong></p> <ul> <li>What is AWS Proton?</li> <li>AWS Proton &amp; AWS Cloudformation is same?</li> <li>How AWS Proton Works?</li> <li>conclusion</li> </ul> <p>Hey folks 👋, </p> <p>maybe you just found out that AWS has released one of the new services again in 2020 which even I forgot about the new update :) AWS gave the name of the service called AWS Proton. maybe this proton is similar to the Cloudformation model infrastructure as code.<br> in this post I will introduce you to AWS Proton and the difference with cloudformation. 🌟</p> <h3> What is AWS Proton? 🤔 </h3> <p>✅ AWS Proton is a powerful automation solution that simplifies infrastructure management and application deployment for both administrators and developers. </p> <p>✅ For administrators, AWS Proton provides a comprehensive framework to create and maintain service templates containing complete application stacks. </p> <p>✅ For developers, AWS Proton offers a self-service interface where they can easily choose pre-defined service templates that fit their project needs. </p> <h3> What is the difference between AWS Proton &amp; AWS Cloudformation? ⚙ </h3> <p><strong>AWS CloudFormation</strong> : </p> <p>✅ A general-purpose infrastructure as code (IaC) service</p> <p>✅ Allows you to define and provision infrastructure resources using templates</p> <p>✅ Supports a wide range of AWS resources and can be used for almost any infrastructure setup</p> <p>✅ Primarily focused on infrastructure provisioning</p> <p>✅ Works at a lower-level of abstraction, giving developers more granular control</p> <p><strong>AWS Proton</strong> :</p> <p>✅ A higher-level, more opinionated service specifically for container and serverless applications</p> <p>✅ Provides standardized, pre-approved templates for entire application stacks</p> <p>✅ Includes built-in CI/CD pipeline configuration</p> <p>✅ Focuses on creating a self-service platform for developers</p> <p>✅ Automates not just infrastructure provisioning, but also deployment pipelines</p> <h3> How AWS Proton Works ? 👨‍💻 </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuyvvcwestjfp2me7ce5q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuyvvcwestjfp2me7ce5q.png" alt="AWS Proton Works" width="445" height="285"></a></p> <ol> <li>When you choose an environment template with AWS Proton, you provide values for the relevant input parameters.</li> <li>AWS Proton prepares your environment based on the environment template and parameter settings.</li> <li>When you use AWS Proton to pick a service template, you supply values for the relevant input parameters. You also pick an environment in which to deploy your application or service.</li> <li>To supply your service, AWS Proton utilizes the service template as well as the values of your service and the environment parameters you have defined.</li> </ol> <p>You choose the input parameters to modify your template for reuse and numerous use cases, applications, or services.</p> <p>To make this work, you generate environment or service template bundles and submit them to the appropriate registered environment or service templates.</p> <h3> Use Cases </h3> <h3> E-Commerce Platform Microservices </h3> <p><strong>Detailed Scenario</strong> :<br> An e-commerce platform with multiple microservices requires a robust, scalable, and secure infrastructure that can handle varying loads and ensure consistent deployment across different services.</p> <h4> Specific Challenges </h4> <ul> <li> <strong>Infrastructure Inconsistency</strong>: Each microservice (Product, Cart, Payment, User) was previously deployed with slight variations in configuration</li> <li> <strong>Security Complexities</strong>: Ensuring uniform security protocols across different services</li> <li> <strong>Deployment Overhead</strong>: Manual configuration and deployment processes were time-consuming</li> </ul> <h4> AWS Proton Implementation </h4> <ul> <li> <strong>Standardized Templates</strong>: <ul> <li>Create a base template for all e-commerce microservices</li> <li>Define consistent networking, security groups, and compute resources</li> <li>Include standard monitoring and logging configurations</li> </ul> </li> </ul> <h4> Deployment Workflow: </h4> <ol> <li>Platform team creates a master template for e-commerce services</li> <li>Developers select and slightly customize the template <ul> <li>Configure service-specific parameters</li> <li>Set scaling requirements</li> </ul> </li> <li>Proton automatically provisions infrastructure <ul> <li>Consistent network configuration</li> <li>Uniform security settings</li> <li>Standardized monitoring</li> </ul> </li> </ol> <h4> Benefits Realized: </h4> <ul> <li>40% reduction in deployment time</li> <li>Improved security consistency</li> <li>Easier onboarding for new services</li> <li>Simplified infrastructure management</li> </ul> <h3> 2. Digital Banking Application </h3> <h4> Comprehensive Microservices Ecosystem </h4> <p>A digital banking platform requires extreme reliability, security, and compliance across multiple critical services.</p> <h4> Complex Requirements </h4> <ul> <li> <strong>Regulatory Compliance</strong>: Must meet strict financial industry regulations</li> <li> <strong>High-Security Demands</strong>: Protection of sensitive financial data</li> <li> <strong>Performance Critical</strong>: Low-latency transactions</li> <li> <strong>Scalability Needs</strong>: Handle sudden traffic spikes</li> </ul> <h4> AWS Proton Solution </h4> <ul> <li> <strong>Compliance-Driven Templates</strong>: <ul> <li>Embed security best practices directly in infrastructure templates</li> <li>Automatic encryption configurations</li> <li>Network isolation between services</li> <li>Compliance checkpoints in deployment pipeline</li> </ul> </li> </ul> <h4> Advanced Implementation: </h4> <ol> <li>Create separate environment templates for: <ul> <li>Development</li> <li>Staging</li> <li>Production</li> </ul> </li> <li>Implement service-specific security groups</li> <li>Automate compliance checks during deployment</li> <li>Enable automatic scaling based on transaction volumes</li> </ol> <h4> Key Advantages: </h4> <ul> <li>Rapid compliance verification</li> <li>Consistent security posture</li> <li>Automated risk mitigation</li> <li>Faster time-to-market for new financial services</li> </ul> <h3> Conclusion 📃 </h3> <p>AWS Proton emerges as an innovative cloud infrastructure automation solution that transforms how organizations manage and deploy serverless and container-based applications, providing administrators with a powerful framework for creating standardized templates and developers with a self-service interface to streamline application deployments. </p> <p>Unlike the more generic CloudFormation, Proton takes a more opinionated approach with features like version management, automatic CI/CD pipeline configuration, and one-click infrastructure updates, allowing businesses to create more efficient, consistent, and scalable cloud deployment strategies. </p> <p>By bridging the gap between infrastructure management and application development, AWS Proton enables technology teams to optimize development processes, reduce manual configuration overhead, and ensure alignment with organizational best practices, ultimately changing the way modern cloud-native applications are designed, provisioned, and maintained.</p> aws microservices awsproton Daffa Rabbani Sun, 16 Mar 2025 03:15:54 +0000 https://forem.com/neo_rival67/implementingperformance-optimization-with-aws-aurora-postgresqlmysql-for-high-throughput-2end https://forem.com/neo_rival67/implementingperformance-optimization-with-aws-aurora-postgresqlmysql-for-high-throughput-2end <p>Amazon Aurora is AWS’s cloud-native relational database, built for high performance and high availability while staying compatible with MySQL and PostgreSQL. It’s faster and more efficient than standard deployments, but if you’re handling high-throughput workloads, a few extra optimizations can make a big difference.</p> <p>In this guide, we’ll walk through everything you need to know to fine-tune Aurora for demanding use cases. From identifying performance bottlenecks to optimizing queries, leveraging Aurora’s advanced features, and setting up proper monitoring—this article has got you covered!</p> <h3> 🔍 Understanding Aurora’s Architecture </h3> <p>Before jumping into optimizations, let’s take a quick look at what makes Aurora different:</p> <ul> <li> <strong>Distributed Storage</strong> – Aurora automatically replicates data across multiple Availability Zones (AZs) in an AWS Region. This separation of compute and storage allows for independent scaling and improved resilience.</li> <li> <strong>Fault-Tolerant Storage System</strong> – Your data is stored in six copies across three AZs, ensuring durability and availability.</li> <li> <strong>Efficient Write Operations</strong> – Aurora handles replication asynchronously, allowing high-throughput performance even for write-heavy applications.</li> </ul> <p>With this foundation in mind, let’s dive into the best ways to optimize your Aurora database for peak performance! 🚀</p> <h2> Key Factors Affecting Performance </h2> <h3> Instance Types and Sizing </h3> <p>Aurora performance is significantly influenced by the instance class you choose. For high-throughput workloads, consider:</p> <ul> <li>Memory-optimized instance types (r5, r6g, r6i) for workloads with large working sets</li> <li>The latest generation instances which typically offer better performance</li> <li>Instance size appropriate for your workload's CPU and memory requirements</li> </ul> <h3> Network Bandwidth </h3> <p>Network bandwidth can become a bottleneck for high-throughput workloads, especially with larger instance types. Ensure you're using instance types with sufficient network bandwidth for your workload requirements.</p> <h2> Hands-On Lab: Setting Up an Optimized Aurora Environment </h2> <p>Let's start with creating an Aurora environment optimized for high throughput.</p> <h3> Step 1: Create an Aurora Cluster with Appropriate Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-cluster <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo <span class="se">\</span> <span class="nt">--engine</span> aurora-postgresql <span class="se">\</span> <span class="nt">--engine-version</span> 15.3 <span class="se">\</span> <span class="nt">--master-username</span> admin <span class="se">\</span> <span class="nt">--master-user-password</span> YourStrongPassword123! <span class="se">\</span> <span class="nt">--db-subnet-group-name</span> your-subnet-group <span class="se">\</span> <span class="nt">--vpc-security-group-ids</span> sg-0123456789abcdef <span class="se">\</span> <span class="nt">--backup-retention-period</span> 7 <span class="se">\</span> <span class="nt">--preferred-backup-window</span> 07:00-09:00 <span class="se">\</span> <span class="nt">--preferred-maintenance-window</span> sat:10:00-sat:12:00 <span class="se">\</span> <span class="nt">--db-cluster-parameter-group-name</span> high-throughput-params <span class="se">\</span> <span class="nt">--storage-encrypted</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h3> Step 2: Create Instance(s) with Appropriate Sizing </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-instance <span class="se">\</span> <span class="nt">--db-instance-identifier</span> high-throughput-writer <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo <span class="se">\</span> <span class="nt">--engine</span> aurora-postgresql <span class="se">\</span> <span class="nt">--db-instance-class</span> db.r6g.4xlarge <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>For read scaling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-instance <span class="se">\</span> <span class="nt">--db-instance-identifier</span> high-throughput-reader-1 <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo <span class="se">\</span> <span class="nt">--engine</span> aurora-postgresql <span class="se">\</span> <span class="nt">--db-instance-class</span> db.r6g.2xlarge <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h3> Step 3: Configure Parameter Groups </h3> <p>Create a custom parameter group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-cluster-parameter-group <span class="se">\</span> <span class="nt">--db-cluster-parameter-group-name</span> high-throughput-params <span class="se">\</span> <span class="nt">--db-parameter-group-family</span> aurora-postgresql15 <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"Parameters optimized for high throughput"</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>Modify parameters for PostgreSQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds modify-db-cluster-parameter-group <span class="se">\</span> <span class="nt">--db-cluster-parameter-group-name</span> high-throughput-params <span class="se">\</span> <span class="nt">--parameters</span> <span class="s2">"ParameterName=max_connections,ParameterValue=5000,ApplyMethod=pending-reboot"</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 aws rds modify-db-cluster-parameter-group <span class="se">\</span> <span class="nt">--db-cluster-parameter-group-name</span> high-throughput-params <span class="se">\</span> <span class="nt">--parameters</span> <span class="s2">"ParameterName=shared_buffers,ParameterValue={DBInstanceClassMemory/32768},ApplyMethod=pending-reboot"</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h2> Schema Optimization Techniques </h2> <h3> Efficient Table Design </h3> <p>Proper table design is fundamental to database performance. For high-throughput workloads:</p> <ol> <li>Choose appropriate data types (e.g., use INT instead of VARCHAR for numeric values)</li> <li>Normalize tables appropriately, but consider strategic denormalization for performance-critical queries</li> <li>Implement table partitioning for large tables</li> </ol> <p>Let's create an example of a partitioned table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- For PostgreSQL</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders</span> <span class="p">(</span> <span class="n">order_id</span> <span class="nb">BIGINT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">customer_id</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">order_date</span> <span class="nb">DATE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">total_amount</span> <span class="nb">DECIMAL</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span><span class="mi">2</span><span class="p">),</span> <span class="n">status</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="p">)</span> <span class="k">PARTITION</span> <span class="k">BY</span> <span class="k">RANGE</span> <span class="p">(</span><span class="n">order_date</span><span class="p">);</span> <span class="c1">-- Create partitions by month</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders_202501</span> <span class="k">PARTITION</span> <span class="k">OF</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">VALUES</span> <span class="k">FROM</span> <span class="p">(</span><span class="s1">'2025-01-01'</span><span class="p">)</span> <span class="k">TO</span> <span class="p">(</span><span class="s1">'2025-02-01'</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders_202502</span> <span class="k">PARTITION</span> <span class="k">OF</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">VALUES</span> <span class="k">FROM</span> <span class="p">(</span><span class="s1">'2025-02-01'</span><span class="p">)</span> <span class="k">TO</span> <span class="p">(</span><span class="s1">'2025-03-01'</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders_202503</span> <span class="k">PARTITION</span> <span class="k">OF</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">VALUES</span> <span class="k">FROM</span> <span class="p">(</span><span class="s1">'2025-03-01'</span><span class="p">)</span> <span class="k">TO</span> <span class="p">(</span><span class="s1">'2025-04-01'</span><span class="p">);</span> </code></pre> </div> <h3> Indexing Strategy </h3> <p>Proper indexing is critical for high-throughput workloads:</p> <ol> <li>Create indexes on columns frequently used in WHERE, JOIN, and ORDER BY clauses</li> <li>Consider composite indexes for queries filtering on multiple columns</li> <li>Be cautious about over-indexing, as indexes consume space and slow down writes</li> </ol> <p>Example of creating efficient indexes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Primary key</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">orders</span> <span class="k">ADD</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="n">order_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">);</span> <span class="c1">-- Index for frequent queries filtering by customer and date range</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_customer_date</span> <span class="k">ON</span> <span class="n">orders</span> <span class="p">(</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">);</span> <span class="c1">-- Index for status filtering</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_status</span> <span class="k">ON</span> <span class="n">orders</span> <span class="p">(</span><span class="n">status</span><span class="p">);</span> </code></pre> </div> <p>For high write throughput, consider using INCLUDE in PostgreSQL indexes to reduce the need for index-only scans:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_date_include_status</span> <span class="k">ON</span> <span class="n">orders</span> <span class="p">(</span><span class="n">order_date</span><span class="p">)</span> <span class="n">INCLUDE</span> <span class="p">(</span><span class="n">status</span><span class="p">);</span> </code></pre> </div> <h2> Query Optimization </h2> <h3> Analyzing and Improving Slow Queries </h3> <p>Let's look at how to identify and optimize slow queries:</p> <ol> <li>Enable Performance Insights to track database load and identify top queries</li> <li>Use the PostgreSQL/MySQL EXPLAIN command to analyze query execution plans </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Enable query logging for slow queries (PostgreSQL)</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">log_min_duration_statement</span> <span class="o">=</span> <span class="s1">'1000'</span><span class="p">;</span> <span class="c1">-- Log queries taking more than 1 second</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">log_statement</span> <span class="o">=</span> <span class="s1">'none'</span><span class="p">;</span> <span class="k">SELECT</span> <span class="n">pg_reload_conf</span><span class="p">();</span> <span class="c1">-- Analyze a query using EXPLAIN ANALYZE</span> <span class="k">EXPLAIN</span> <span class="k">ANALYZE</span> <span class="k">SELECT</span> <span class="n">o</span><span class="p">.</span><span class="n">order_id</span><span class="p">,</span> <span class="n">o</span><span class="p">.</span><span class="n">order_date</span><span class="p">,</span> <span class="n">o</span><span class="p">.</span><span class="n">total_amount</span><span class="p">,</span> <span class="k">c</span><span class="p">.</span><span class="n">customer_name</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="n">o</span> <span class="k">JOIN</span> <span class="n">customers</span> <span class="k">c</span> <span class="k">ON</span> <span class="n">o</span><span class="p">.</span><span class="n">customer_id</span> <span class="o">=</span> <span class="k">c</span><span class="p">.</span><span class="n">customer_id</span> <span class="k">WHERE</span> <span class="n">o</span><span class="p">.</span><span class="n">order_date</span> <span class="k">BETWEEN</span> <span class="s1">'2025-01-01'</span> <span class="k">AND</span> <span class="s1">'2025-01-31'</span> <span class="k">AND</span> <span class="n">o</span><span class="p">.</span><span class="n">status</span> <span class="o">=</span> <span class="s1">'COMPLETED'</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">o</span><span class="p">.</span><span class="n">total_amount</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">100</span><span class="p">;</span> </code></pre> </div> <h3> Query Rewriting Techniques </h3> <p>Some common query rewriting techniques for high-throughput environments:</p> <ol> <li>Use EXISTS instead of IN for checking existence: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Instead of:</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">WHERE</span> <span class="n">customer_id</span> <span class="k">IN</span> <span class="p">(</span><span class="k">SELECT</span> <span class="n">customer_id</span> <span class="k">FROM</span> <span class="n">premium_customers</span><span class="p">);</span> <span class="c1">-- Use:</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="n">o</span> <span class="k">WHERE</span> <span class="k">EXISTS</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="mi">1</span> <span class="k">FROM</span> <span class="n">premium_customers</span> <span class="n">p</span> <span class="k">WHERE</span> <span class="n">p</span><span class="p">.</span><span class="n">customer_id</span> <span class="o">=</span> <span class="n">o</span><span class="p">.</span><span class="n">customer_id</span> <span class="p">);</span> </code></pre> </div> <ol> <li>Avoid functions on indexed columns: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Instead of:</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">WHERE</span> <span class="k">EXTRACT</span><span class="p">(</span><span class="k">MONTH</span> <span class="k">FROM</span> <span class="n">order_date</span><span class="p">)</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="c1">-- Use:</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">WHERE</span> <span class="n">order_date</span> <span class="k">BETWEEN</span> <span class="s1">'2025-03-01'</span> <span class="k">AND</span> <span class="s1">'2025-03-31'</span><span class="p">;</span> </code></pre> </div> <ol> <li>Use UNION ALL instead of UNION when duplicates are acceptable: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders_202501</span> <span class="k">WHERE</span> <span class="n">status</span> <span class="o">=</span> <span class="s1">'COMPLETED'</span> <span class="k">UNION</span> <span class="k">ALL</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">orders_202502</span> <span class="k">WHERE</span> <span class="n">status</span> <span class="o">=</span> <span class="s1">'COMPLETED'</span><span class="p">;</span> </code></pre> </div> <h2> Connection Management </h2> <p>Aurora connection management is crucial for high-throughput applications:</p> <ol> <li>Implement connection pooling with tools like PgBouncer, ProxySQL, or AWS RDS Proxy</li> <li>Monitor and tune max_connections parameter based on workload</li> </ol> <p>Let's set up RDS Proxy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-proxy <span class="se">\</span> <span class="nt">--db-proxy-name</span> aurora-high-throughput-proxy <span class="se">\</span> <span class="nt">--engine-family</span> POSTGRESQL <span class="se">\</span> <span class="nt">--auth</span> <span class="s1">'{"AuthScheme":"SECRETS","SecretArn":"arn:aws:secretsmanager:us-east-1:123456789012:secret:aurora-credentials","IAMAuth":"DISABLED"}'</span> <span class="se">\</span> <span class="nt">--role-arn</span> arn:aws:iam::123456789012:role/rds-proxy-role <span class="se">\</span> <span class="nt">--vpc-subnet-ids</span> subnet-0123456789abcdef0 subnet-0123456789abcdef1 <span class="se">\</span> <span class="nt">--vpc-security-group-ids</span> sg-0123456789abcdef <span class="se">\</span> <span class="nt">--require-tls</span> <span class="se">\</span> <span class="nt">--idle-client-timeout</span> 1800 <span class="se">\</span> <span class="nt">--debug-logging</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>Register the target:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds register-db-proxy-targets <span class="se">\</span> <span class="nt">--db-proxy-name</span> aurora-high-throughput-proxy <span class="se">\</span> <span class="nt">--db-cluster-identifiers</span> high-throughput-demo <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h2> Leveraging Aurora-Specific Features </h2> <h3> Read Scaling with Aurora Replicas </h3> <p>For high-throughput read workloads, distribute reads across multiple Aurora Replicas:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">psycopg2</span> <span class="kn">import</span> <span class="n">random</span> <span class="c1"># List of reader endpoints </span><span class="n">reader_endpoints</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">high-throughput-reader-1.cluster-ro-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">high-throughput-reader-2.cluster-ro-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span> <span class="p">]</span> <span class="k">def</span> <span class="nf">get_read_connection</span><span class="p">():</span> <span class="c1"># Randomly select a reader endpoint </span> <span class="n">endpoint</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">reader_endpoints</span><span class="p">)</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">psycopg2</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span> <span class="n">host</span><span class="o">=</span><span class="n">endpoint</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5432</span><span class="p">,</span> <span class="n">database</span><span class="o">=</span><span class="sh">"</span><span class="s">mydatabase</span><span class="sh">"</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">YourStrongPassword123!</span><span class="sh">"</span> <span class="p">)</span> <span class="k">return</span> <span class="n">conn</span> <span class="k">def</span> <span class="nf">get_write_connection</span><span class="p">():</span> <span class="c1"># Write connection always goes to the primary instance </span> <span class="n">conn</span> <span class="o">=</span> <span class="n">psycopg2</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span> <span class="n">host</span><span class="o">=</span><span class="sh">"</span><span class="s">high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5432</span><span class="p">,</span> <span class="n">database</span><span class="o">=</span><span class="sh">"</span><span class="s">mydatabase</span><span class="sh">"</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">YourStrongPassword123!</span><span class="sh">"</span> <span class="p">)</span> <span class="k">return</span> <span class="n">conn</span> </code></pre> </div> <h3> Aurora Parallel Query </h3> <p>Enable Parallel Query for analytical workloads:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds modify-db-cluster <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo <span class="se">\</span> <span class="nt">--enable-http-endpoint</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>In PostgreSQL, configure a session to use parallel query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- For PostgreSQL</span> <span class="k">SET</span> <span class="n">aurora</span><span class="p">.</span><span class="n">parallel_query</span> <span class="o">=</span> <span class="k">ON</span><span class="p">;</span> <span class="c1">-- Check if a query uses parallel query</span> <span class="k">EXPLAIN</span> <span class="k">SELECT</span> <span class="n">customer_id</span><span class="p">,</span> <span class="k">SUM</span><span class="p">(</span><span class="n">total_amount</span><span class="p">)</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">WHERE</span> <span class="n">order_date</span> <span class="k">BETWEEN</span> <span class="s1">'2025-01-01'</span> <span class="k">AND</span> <span class="s1">'2025-03-31'</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">customer_id</span><span class="p">;</span> </code></pre> </div> <h2> Monitoring and Continuous Optimization </h2> <h3> Setting Up Comprehensive Monitoring </h3> <ol> <li>Enable Enhanced Monitoring and Performance Insights: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds modify-db-instance <span class="se">\</span> <span class="nt">--db-instance-identifier</span> high-throughput-writer <span class="se">\</span> <span class="nt">--monitoring-interval</span> 5 <span class="se">\</span> <span class="nt">--monitoring-role-arn</span> arn:aws:iam::123456789012:role/rds-monitoring-role <span class="se">\</span> <span class="nt">--enable-performance-insights</span> <span class="se">\</span> <span class="nt">--performance-insights-retention-period</span> 7 <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <ol> <li>Create CloudWatch alarms for critical metrics: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudwatch put-metric-alarm <span class="se">\</span> <span class="nt">--alarm-name</span> HighCPUUtilization-Aurora <span class="se">\</span> <span class="nt">--alarm-description</span> <span class="s2">"Alarm when CPU exceeds 80%"</span> <span class="se">\</span> <span class="nt">--metric-name</span> CPUUtilization <span class="se">\</span> <span class="nt">--namespace</span> AWS/RDS <span class="se">\</span> <span class="nt">--statistic</span> Average <span class="se">\</span> <span class="nt">--period</span> 300 <span class="se">\</span> <span class="nt">--threshold</span> 80 <span class="se">\</span> <span class="nt">--comparison-operator</span> GreaterThanThreshold <span class="se">\</span> <span class="nt">--dimensions</span> <span class="nv">Name</span><span class="o">=</span>DBInstanceIdentifier,Value<span class="o">=</span>high-throughput-writer <span class="se">\</span> <span class="nt">--evaluation-periods</span> 3 <span class="se">\</span> <span class="nt">--alarm-actions</span> arn:aws:sns:us-east-1:123456789012:rds-alerts <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <ol> <li>Create custom metrics dashboard: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudwatch put-dashboard <span class="se">\</span> <span class="nt">--dashboard-name</span> AuroraHighThroughputDashboard <span class="se">\</span> <span class="nt">--dashboard-body</span> <span class="s1">'{ "widgets": [ { "type": "metric", "x": 0, "y": 0, "width": 12, "height": 6, "properties": { "metrics": [ [ "AWS/RDS", "CPUUtilization", "DBInstanceIdentifier", "high-throughput-writer" ] ], "period": 300, "stat": "Average", "region": "us-east-1", "title": "Writer CPU" } }, { "type": "metric", "x": 12, "y": 0, "width": 12, "height": 6, "properties": { "metrics": [ [ "AWS/RDS", "DMLLatency", "DBInstanceIdentifier", "high-throughput-writer" ] ], "period": 300, "stat": "Average", "region": "us-east-1", "title": "Write Latency" } } ] }'</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h3> Benchmarking Your Aurora Deployment </h3> <p>Use pgbench (PostgreSQL) or sysbench (MySQL) to establish performance baselines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># For PostgreSQL</span> pgbench <span class="nt">-h</span> high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com <span class="se">\</span> <span class="nt">-U</span> admin <span class="se">\</span> <span class="nt">-p</span> 5432 <span class="se">\</span> <span class="nt">-d</span> mydatabase <span class="se">\</span> <span class="nt">-c</span> 20 <span class="se">\</span> <span class="nt">-j</span> 4 <span class="se">\</span> <span class="nt">-T</span> 60 <span class="se">\</span> <span class="nt">-P</span> 10 </code></pre> </div> <h2> Advanced Optimization Techniques </h2> <h3> Memory Optimization </h3> <p>Fine-tune memory-related parameters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- For PostgreSQL</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">work_mem</span> <span class="o">=</span> <span class="s1">'64MB'</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">maintenance_work_mem</span> <span class="o">=</span> <span class="s1">'1GB'</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">effective_cache_size</span> <span class="o">=</span> <span class="s1">'24GB'</span><span class="p">;</span> <span class="c1">-- Adjust based on instance memory</span> <span class="k">SELECT</span> <span class="n">pg_reload_conf</span><span class="p">();</span> </code></pre> </div> <h3> Vacuum and Analyze Operations </h3> <p>Regular vacuum and analyze operations are critical for PostgreSQL performance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Set up autovacuum parameters</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_vacuum_scale_factor</span> <span class="o">=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">05</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_analyze_scale_factor</span> <span class="o">=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">025</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_vacuum_cost_limit</span> <span class="o">=</span> <span class="mi">2000</span><span class="p">;</span> <span class="k">SELECT</span> <span class="n">pg_reload_conf</span><span class="p">();</span> <span class="c1">-- Manual VACUUM ANALYZE for immediate effect</span> <span class="k">VACUUM</span> <span class="k">ANALYZE</span> <span class="n">orders</span><span class="p">;</span> </code></pre> </div> <h2> Advanced Optimization Techniques </h2> <h3> Using Aurora Global Database for Multi-Region Deployments </h3> <p>For global applications requiring low-latency reads across regions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create a global database</span> aws rds create-global-cluster <span class="se">\</span> <span class="nt">--global-cluster-identifier</span> global-high-throughput <span class="se">\</span> <span class="nt">--source-db-cluster-identifier</span> arn:aws:rds:us-east-1:123456789012:cluster:high-throughput-demo <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>Add a secondary region:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-cluster <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo-eu <span class="se">\</span> <span class="nt">--engine</span> aurora-postgresql <span class="se">\</span> <span class="nt">--engine-version</span> 15.3 <span class="se">\</span> <span class="nt">--db-subnet-group-name</span> your-eu-subnet-group <span class="se">\</span> <span class="nt">--vpc-security-group-ids</span> sg-0123456789abcdef <span class="se">\</span> <span class="nt">--global-cluster-identifier</span> global-high-throughput <span class="se">\</span> <span class="nt">--region</span> eu-west-1 </code></pre> </div> <p>Add instances to the secondary region:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws rds create-db-instance <span class="se">\</span> <span class="nt">--db-instance-identifier</span> high-throughput-reader-eu <span class="se">\</span> <span class="nt">--db-cluster-identifier</span> high-throughput-demo-eu <span class="se">\</span> <span class="nt">--engine</span> aurora-postgresql <span class="se">\</span> <span class="nt">--db-instance-class</span> db.r6g.2xlarge <span class="se">\</span> <span class="nt">--region</span> eu-west-1 </code></pre> </div> <h2> Optimizing for Specific Workload Types </h2> <h3> Write-Intensive Workloads </h3> <p>For applications with heavy write loads:</p> <ol> <li> <strong>Batch operations</strong> where possible: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Instead of individual inserts</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">orders</span> <span class="p">(</span><span class="n">order_id</span><span class="p">,</span> <span class="n">customer_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">,</span> <span class="n">total_amount</span><span class="p">,</span> <span class="n">status</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="mi">1001</span><span class="p">,</span> <span class="mi">101</span><span class="p">,</span> <span class="s1">'2025-03-15'</span><span class="p">,</span> <span class="mi">299</span><span class="p">.</span><span class="mi">99</span><span class="p">,</span> <span class="s1">'PENDING'</span><span class="p">),</span> <span class="p">(</span><span class="mi">1002</span><span class="p">,</span> <span class="mi">102</span><span class="p">,</span> <span class="s1">'2025-03-15'</span><span class="p">,</span> <span class="mi">199</span><span class="p">.</span><span class="mi">50</span><span class="p">,</span> <span class="s1">'PENDING'</span><span class="p">),</span> <span class="p">(</span><span class="mi">1003</span><span class="p">,</span> <span class="mi">103</span><span class="p">,</span> <span class="s1">'2025-03-15'</span><span class="p">,</span> <span class="mi">599</span><span class="p">.</span><span class="mi">75</span><span class="p">,</span> <span class="s1">'PENDING'</span><span class="p">),</span> <span class="p">(</span><span class="mi">1004</span><span class="p">,</span> <span class="mi">104</span><span class="p">,</span> <span class="s1">'2025-03-15'</span><span class="p">,</span> <span class="mi">149</span><span class="p">.</span><span class="mi">99</span><span class="p">,</span> <span class="s1">'PENDING'</span><span class="p">),</span> <span class="p">(</span><span class="mi">1005</span><span class="p">,</span> <span class="mi">105</span><span class="p">,</span> <span class="s1">'2025-03-15'</span><span class="p">,</span> <span class="mi">849</span><span class="p">.</span><span class="mi">99</span><span class="p">,</span> <span class="s1">'PENDING'</span><span class="p">);</span> </code></pre> </div> <ol> <li> <strong>Reduce index overhead</strong> on write-heavy tables: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Temporarily disable triggers during bulk loads</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">orders</span> <span class="n">DISABLE</span> <span class="k">TRIGGER</span> <span class="k">ALL</span><span class="p">;</span> <span class="c1">-- Perform bulk insert</span> <span class="c1">-- Then re-enable triggers</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">orders</span> <span class="n">ENABLE</span> <span class="k">TRIGGER</span> <span class="k">ALL</span><span class="p">;</span> </code></pre> </div> <ol> <li> <strong>Consider UNLOGGED tables</strong> (PostgreSQL) for temporary data: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="n">UNLOGGED</span> <span class="k">TABLE</span> <span class="n">temp_orders</span> <span class="p">(</span> <span class="n">order_id</span> <span class="nb">BIGINT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">customer_id</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">order_date</span> <span class="nb">DATE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">total_amount</span> <span class="nb">DECIMAL</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span><span class="mi">2</span><span class="p">),</span> <span class="n">status</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <h3> Read-Intensive Workloads </h3> <p>For read-heavy applications:</p> <ol> <li> <strong>Implement materialized views</strong> for complex queries: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- For PostgreSQL</span> <span class="k">CREATE</span> <span class="n">MATERIALIZED</span> <span class="k">VIEW</span> <span class="n">monthly_sales</span> <span class="k">AS</span> <span class="k">SELECT</span> <span class="n">DATE_TRUNC</span><span class="p">(</span><span class="s1">'month'</span><span class="p">,</span> <span class="n">order_date</span><span class="p">)</span> <span class="k">AS</span> <span class="k">month</span><span class="p">,</span> <span class="n">customer_id</span><span class="p">,</span> <span class="k">SUM</span><span class="p">(</span><span class="n">total_amount</span><span class="p">)</span> <span class="k">AS</span> <span class="n">monthly_total</span><span class="p">,</span> <span class="k">COUNT</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">AS</span> <span class="n">order_count</span> <span class="k">FROM</span> <span class="n">orders</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">DATE_TRUNC</span><span class="p">(</span><span class="s1">'month'</span><span class="p">,</span> <span class="n">order_date</span><span class="p">),</span> <span class="n">customer_id</span><span class="p">;</span> <span class="c1">-- Create index on the materialized view</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_monthly_sales_customer</span> <span class="k">ON</span> <span class="n">monthly_sales</span> <span class="p">(</span><span class="n">customer_id</span><span class="p">,</span> <span class="k">month</span><span class="p">);</span> <span class="c1">-- Refresh as needed</span> <span class="n">REFRESH</span> <span class="n">MATERIALIZED</span> <span class="k">VIEW</span> <span class="n">monthly_sales</span><span class="p">;</span> </code></pre> </div> <ol> <li> <strong>Use Query Caching</strong> at the application level: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">redis</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">hashlib</span> <span class="kn">import</span> <span class="n">psycopg2</span> <span class="c1"># Initialize Redis client </span><span class="n">redis_client</span> <span class="o">=</span> <span class="n">redis</span><span class="p">.</span><span class="nc">Redis</span><span class="p">(</span><span class="n">host</span><span class="o">=</span><span class="sh">'</span><span class="s">your-redis-host.cache.amazonaws.com</span><span class="sh">'</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">6379</span><span class="p">)</span> <span class="k">def</span> <span class="nf">get_cached_query_results</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">ttl</span><span class="o">=</span><span class="mi">300</span><span class="p">):</span> <span class="c1"># Create a cache key based on the query and parameters </span> <span class="n">cache_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">db:query:</span><span class="si">{</span><span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">((</span><span class="n">query</span> <span class="o">+</span> <span class="nf">str</span><span class="p">(</span><span class="n">params</span><span class="p">)).</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Check if results exist in cache </span> <span class="n">cached_result</span> <span class="o">=</span> <span class="n">redis_client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">cache_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">cached_result</span><span class="p">:</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">cached_result</span><span class="p">)</span> <span class="c1"># If not in cache, execute query </span> <span class="n">conn</span> <span class="o">=</span> <span class="nf">get_read_connection</span><span class="p">()</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="n">params</span><span class="p">)</span> <span class="n">columns</span> <span class="o">=</span> <span class="p">[</span><span class="n">desc</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">for</span> <span class="n">desc</span> <span class="ow">in</span> <span class="n">cursor</span><span class="p">.</span><span class="n">description</span><span class="p">]</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[</span><span class="nf">dict</span><span class="p">(</span><span class="nf">zip</span><span class="p">(</span><span class="n">columns</span><span class="p">,</span> <span class="n">row</span><span class="p">))</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()]</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># Store in cache with TTL </span> <span class="n">redis_client</span><span class="p">.</span><span class="nf">setex</span><span class="p">(</span><span class="n">cache_key</span><span class="p">,</span> <span class="n">ttl</span><span class="p">,</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">results</span><span class="p">))</span> <span class="k">return</span> <span class="n">results</span> </code></pre> </div> <h2> Lab: Real-Time Performance Testing and Tuning </h2> <p>Let's create a comprehensive testing setup to optimize our Aurora deployment under load.</p> <h3> Step 1: Create Test Data </h3> <p>We'll use pgbench to initialize a test database and then extend it with our custom schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Connect to your Aurora instance</span> psql <span class="s2">"host=high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com port=5432 dbname=postgres user=admin password=YourStrongPassword123!"</span> <span class="c"># Create test database</span> CREATE DATABASE perf_test<span class="p">;</span> <span class="se">\c</span> perf_test <span class="c"># Initialize with pgbench schema (100 scaling factor ~ 10 million rows)</span> <span class="se">\!</span> pgbench <span class="nt">-i</span> <span class="nt">-s</span> 100 <span class="nt">-h</span> high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com <span class="nt">-p</span> 5432 <span class="nt">-U</span> admin perf_test </code></pre> </div> <h3> Step 2: Create Custom Test Schema </h3> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Create orders table with partitioning</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders</span> <span class="p">(</span> <span class="n">order_id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">customer_id</span> <span class="nb">INT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">order_date</span> <span class="nb">TIMESTAMP</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">total_amount</span> <span class="nb">DECIMAL</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span><span class="mi">2</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">status</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">items</span> <span class="n">JSONB</span><span class="p">,</span> <span class="n">shipping_address</span> <span class="nb">TEXT</span><span class="p">,</span> <span class="n">created_at</span> <span class="nb">TIMESTAMP</span> <span class="k">DEFAULT</span> <span class="k">CURRENT_TIMESTAMP</span> <span class="p">)</span> <span class="k">PARTITION</span> <span class="k">BY</span> <span class="k">RANGE</span> <span class="p">(</span><span class="n">order_date</span><span class="p">);</span> <span class="c1">-- Create partitions</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders_q1_2025</span> <span class="k">PARTITION</span> <span class="k">OF</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">VALUES</span> <span class="k">FROM</span> <span class="p">(</span><span class="s1">'2025-01-01'</span><span class="p">)</span> <span class="k">TO</span> <span class="p">(</span><span class="s1">'2025-04-01'</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">orders_q2_2025</span> <span class="k">PARTITION</span> <span class="k">OF</span> <span class="n">orders</span> <span class="k">FOR</span> <span class="k">VALUES</span> <span class="k">FROM</span> <span class="p">(</span><span class="s1">'2025-04-01'</span><span class="p">)</span> <span class="k">TO</span> <span class="p">(</span><span class="s1">'2025-07-01'</span><span class="p">);</span> <span class="c1">-- Create appropriate indexes</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_customer_date</span> <span class="k">ON</span> <span class="n">orders</span> <span class="p">(</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_status</span> <span class="k">ON</span> <span class="n">orders</span> <span class="p">(</span><span class="n">status</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_items</span> <span class="k">ON</span> <span class="n">orders</span> <span class="k">USING</span> <span class="n">GIN</span> <span class="p">(</span><span class="n">items</span><span class="p">);</span> <span class="c1">-- Create customers table</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">customers</span> <span class="p">(</span> <span class="n">customer_id</span> <span class="nb">SERIAL</span> <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">,</span> <span class="n">name</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">email</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="k">UNIQUE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">tier</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">20</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">signup_date</span> <span class="nb">DATE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">last_order_date</span> <span class="nb">TIMESTAMP</span><span class="p">,</span> <span class="n">total_orders</span> <span class="nb">INT</span> <span class="k">DEFAULT</span> <span class="mi">0</span><span class="p">,</span> <span class="n">total_spent</span> <span class="nb">DECIMAL</span><span class="p">(</span><span class="mi">12</span><span class="p">,</span><span class="mi">2</span><span class="p">)</span> <span class="k">DEFAULT</span> <span class="mi">0</span> <span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_customers_tier</span> <span class="k">ON</span> <span class="n">customers</span> <span class="p">(</span><span class="n">tier</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_customers_signup</span> <span class="k">ON</span> <span class="n">customers</span> <span class="p">(</span><span class="n">signup_date</span><span class="p">);</span> </code></pre> </div> <h3> Step 3: Generate Test Data </h3> <p>Create a Python script to generate realistic test data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">psycopg2</span> <span class="kn">import</span> <span class="n">random</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="kn">import</span> <span class="n">time</span> <span class="c1"># Connect to database </span><span class="n">conn</span> <span class="o">=</span> <span class="n">psycopg2</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span> <span class="n">host</span><span class="o">=</span><span class="sh">"</span><span class="s">high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5432</span><span class="p">,</span> <span class="n">database</span><span class="o">=</span><span class="sh">"</span><span class="s">perf_test</span><span class="sh">"</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">YourStrongPassword123!</span><span class="sh">"</span> <span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="n">autocommit</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="c1"># Generate customers </span><span class="n">customer_tiers</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">BRONZE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SILVER</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">GOLD</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PLATINUM</span><span class="sh">"</span><span class="p">]</span> <span class="n">product_names</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">Laptop</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Smartphone</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Headphones</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Monitor</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Keyboard</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Mouse</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Tablet</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Camera</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Printer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Speaker</span><span class="sh">"</span><span class="p">]</span> <span class="n">statuses</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">PENDING</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PROCESSING</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SHIPPED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELIVERED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">RETURNED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">CANCELLED</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Insert customers </span><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Generating customers...</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100001</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Customer </span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="sh">"</span> <span class="n">email</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">customer</span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="s">@example.com</span><span class="sh">"</span> <span class="n">tier</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">customer_tiers</span><span class="p">)</span> <span class="n">signup_date</span> <span class="o">=</span> <span class="nf">datetime</span><span class="p">(</span><span class="mi">2024</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">365</span><span class="p">))</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">INSERT INTO customers (name, email, tier, signup_date) VALUES (%s, %s, %s, %s)</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="n">tier</span><span class="p">,</span> <span class="n">signup_date</span><span class="p">)</span> <span class="p">)</span> <span class="k">if</span> <span class="n">i</span> <span class="o">%</span> <span class="mi">1000</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Inserted </span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="s"> customers</span><span class="sh">"</span><span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Finished generating customers</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Insert orders </span><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Generating orders...</span><span class="sh">"</span><span class="p">)</span> <span class="n">start_date</span> <span class="o">=</span> <span class="nf">datetime</span><span class="p">(</span><span class="mi">2025</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="n">end_date</span> <span class="o">=</span> <span class="nf">datetime</span><span class="p">(</span><span class="mi">2025</span><span class="p">,</span> <span class="mi">6</span><span class="p">,</span> <span class="mi">30</span><span class="p">)</span> <span class="n">days_range</span> <span class="o">=</span> <span class="p">(</span><span class="n">end_date</span> <span class="o">-</span> <span class="n">start_date</span><span class="p">).</span><span class="n">days</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">500001</span><span class="p">):</span> <span class="n">customer_id</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100000</span><span class="p">)</span> <span class="n">order_date</span> <span class="o">=</span> <span class="n">start_date</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">days_range</span><span class="p">))</span> <span class="c1"># Generate between 1 and 5 items for each order </span> <span class="n">num_items</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span> <span class="n">items</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">total_amount</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">num_items</span><span class="p">):</span> <span class="n">product</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">product_names</span><span class="p">)</span> <span class="n">price</span> <span class="o">=</span> <span class="nf">round</span><span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">9.99</span><span class="p">,</span> <span class="mf">999.99</span><span class="p">),</span> <span class="mi">2</span><span class="p">)</span> <span class="n">quantity</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span> <span class="n">item_total</span> <span class="o">=</span> <span class="n">price</span> <span class="o">*</span> <span class="n">quantity</span> <span class="n">total_amount</span> <span class="o">+=</span> <span class="n">item_total</span> <span class="n">items</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">product</span><span class="sh">"</span><span class="p">:</span> <span class="n">product</span><span class="p">,</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">:</span> <span class="n">price</span><span class="p">,</span> <span class="sh">"</span><span class="s">quantity</span><span class="sh">"</span><span class="p">:</span> <span class="n">quantity</span><span class="p">,</span> <span class="sh">"</span><span class="s">item_total</span><span class="sh">"</span><span class="p">:</span> <span class="n">item_total</span> <span class="p">})</span> <span class="n">status</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">statuses</span><span class="p">)</span> <span class="n">shipping_address</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="mi">999</span><span class="p">)</span><span class="si">}</span><span class="s"> Main St, City </span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100</span><span class="p">)</span><span class="si">}</span><span class="s">, State </span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">50</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Insert order </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">INSERT INTO orders (customer_id, order_date, total_amount, status, items, shipping_address) VALUES (%s, %s, %s, %s, %s, %s)</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">,</span> <span class="n">total_amount</span><span class="p">,</span> <span class="n">status</span><span class="p">,</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">items</span><span class="p">),</span> <span class="n">shipping_address</span><span class="p">)</span> <span class="p">)</span> <span class="c1"># Update customer stats (in real application, consider using triggers for this) </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">UPDATE customers SET total_orders = total_orders + 1, total_spent = total_spent + %s, last_order_date = %s WHERE customer_id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">total_amount</span><span class="p">,</span> <span class="n">order_date</span><span class="p">,</span> <span class="n">customer_id</span><span class="p">)</span> <span class="p">)</span> <span class="k">if</span> <span class="n">i</span> <span class="o">%</span> <span class="mi">1000</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Inserted </span><span class="si">{</span><span class="n">i</span><span class="si">}</span><span class="s"> orders</span><span class="sh">"</span><span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Finished generating orders</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Update statistics </span><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Analyzing tables...</span><span class="sh">"</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">VACUUM ANALYZE customers</span><span class="sh">"</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">VACUUM ANALYZE orders</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Done!</span><span class="sh">"</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <h3> Step 4: Create Test Workload Scripts </h3> <p>Create scripts to simulate real-world read and write patterns:</p> <p><strong>A. Read_workload.py</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># read_workload.py - Simulates high-throughput read queries </span><span class="kn">import</span> <span class="n">psycopg2</span> <span class="kn">import</span> <span class="n">random</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">concurrent.futures</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="c1"># Read connection pool </span><span class="n">read_endpoints</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">high-throughput-reader-1.cluster-ro-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">high-throughput-reader-2.cluster-ro-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span> <span class="p">]</span> <span class="c1"># Common queries representing typical workload </span><span class="n">queries</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># Query 1: Get recent orders for a customer </span> <span class="sh">"""</span><span class="s"> SELECT o.order_id, o.order_date, o.total_amount, o.status FROM orders o WHERE o.customer_id = %s ORDER BY o.order_date DESC LIMIT 10 </span><span class="sh">"""</span><span class="p">,</span> <span class="c1"># Query 2: Get orders in a date range with filtering </span> <span class="sh">"""</span><span class="s"> SELECT o.order_id, o.customer_id, o.order_date, o.total_amount, o.status FROM orders o WHERE o.order_date BETWEEN %s AND %s AND o.status = %s ORDER BY o.total_amount DESC LIMIT 100 </span><span class="sh">"""</span><span class="p">,</span> <span class="c1"># Query 3: Get summary statistics </span> <span class="sh">"""</span><span class="s"> SELECT COUNT(*) as order_count, SUM(total_amount) as total_revenue, AVG(total_amount) as avg_order_value, MIN(total_amount) as min_order, MAX(total_amount) as max_order FROM orders WHERE order_date BETWEEN %s AND %s </span><span class="sh">"""</span><span class="p">,</span> <span class="c1"># Query 4: Complex aggregation with join </span> <span class="sh">"""</span><span class="s"> SELECT c.tier, DATE_TRUNC(</span><span class="sh">'</span><span class="s">month</span><span class="sh">'</span><span class="s">, o.order_date) as month, COUNT(DISTINCT c.customer_id) as unique_customers, COUNT(o.order_id) as order_count, SUM(o.total_amount) as total_revenue FROM orders o JOIN customers c ON o.customer_id = c.customer_id WHERE o.order_date BETWEEN %s AND %s GROUP BY c.tier, DATE_TRUNC(</span><span class="sh">'</span><span class="s">month</span><span class="sh">'</span><span class="s">, o.order_date) ORDER BY month, tier </span><span class="sh">"""</span><span class="p">,</span> <span class="c1"># Query 5: JSONB filtering </span> <span class="sh">"""</span><span class="s"> SELECT o.order_id, o.total_amount FROM orders o WHERE o.items @&gt; </span><span class="sh">'</span><span class="s">[{</span><span class="sh">"</span><span class="s">product</span><span class="sh">"</span><span class="s">: %s}]</span><span class="sh">'</span><span class="s"> LIMIT 50 </span><span class="sh">"""</span> <span class="p">]</span> <span class="k">def</span> <span class="nf">get_connection</span><span class="p">():</span> <span class="n">endpoint</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">read_endpoints</span><span class="p">)</span> <span class="k">return</span> <span class="n">psycopg2</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span> <span class="n">host</span><span class="o">=</span><span class="n">endpoint</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5432</span><span class="p">,</span> <span class="n">database</span><span class="o">=</span><span class="sh">"</span><span class="s">perf_test</span><span class="sh">"</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">YourStrongPassword123!</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">execute_query</span><span class="p">(</span><span class="n">query_idx</span><span class="p">):</span> <span class="n">conn</span> <span class="o">=</span> <span class="nf">get_connection</span><span class="p">()</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="c1"># Generate parameters based on query type </span> <span class="k">if</span> <span class="n">query_idx</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="c1"># Random customer ID </span> <span class="n">params</span> <span class="o">=</span> <span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100000</span><span class="p">),)</span> <span class="k">elif</span> <span class="n">query_idx</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="c1"># Date range and status </span> <span class="n">start_date</span> <span class="o">=</span> <span class="nf">datetime</span><span class="p">(</span><span class="mi">2025</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">150</span><span class="p">))</span> <span class="n">end_date</span> <span class="o">=</span> <span class="n">start_date</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="mi">30</span><span class="p">)</span> <span class="n">status</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">([</span><span class="sh">"</span><span class="s">PENDING</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PROCESSING</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SHIPPED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELIVERED</span><span class="sh">"</span><span class="p">])</span> <span class="n">params</span> <span class="o">=</span> <span class="p">(</span><span class="n">start_date</span><span class="p">,</span> <span class="n">end_date</span><span class="p">,</span> <span class="n">status</span><span class="p">)</span> <span class="k">elif</span> <span class="n">query_idx</span> <span class="o">==</span> <span class="mi">2</span> <span class="ow">or</span> <span class="n">query_idx</span> <span class="o">==</span> <span class="mi">3</span><span class="p">:</span> <span class="c1"># Date range </span> <span class="n">start_date</span> <span class="o">=</span> <span class="nf">datetime</span><span class="p">(</span><span class="mi">2025</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">150</span><span class="p">))</span> <span class="n">end_date</span> <span class="o">=</span> <span class="n">start_date</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="mi">30</span><span class="p">)</span> <span class="n">params</span> <span class="o">=</span> <span class="p">(</span><span class="n">start_date</span><span class="p">,</span> <span class="n">end_date</span><span class="p">)</span> <span class="k">elif</span> <span class="n">query_idx</span> <span class="o">==</span> <span class="mi">4</span><span class="p">:</span> <span class="c1"># Product for JSONB query </span> <span class="n">params</span> <span class="o">=</span> <span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">([</span><span class="sh">"</span><span class="s">Laptop</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Smartphone</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Headphones</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Monitor</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Keyboard</span><span class="sh">"</span><span class="p">]),)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">queries</span><span class="p">[</span><span class="n">query_idx</span><span class="p">],</span> <span class="n">params</span><span class="p">)</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">()</span> <span class="c1"># Actually fetch the results </span> <span class="n">end_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">return</span> <span class="n">end_time</span> <span class="o">-</span> <span class="n">start_time</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Query error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">finally</span><span class="p">:</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">def</span> <span class="nf">run_workload</span><span class="p">(</span><span class="n">num_queries</span><span class="o">=</span><span class="mi">1000</span><span class="p">,</span> <span class="n">max_workers</span><span class="o">=</span><span class="mi">20</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Starting read workload simulation with </span><span class="si">{</span><span class="n">num_queries</span><span class="si">}</span><span class="s"> queries...</span><span class="sh">"</span><span class="p">)</span> <span class="n">query_times</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">with</span> <span class="n">concurrent</span><span class="p">.</span><span class="n">futures</span><span class="p">.</span><span class="nc">ThreadPoolExecutor</span><span class="p">(</span><span class="n">max_workers</span><span class="o">=</span><span class="n">max_workers</span><span class="p">)</span> <span class="k">as</span> <span class="n">executor</span><span class="p">:</span> <span class="n">futures</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">num_queries</span><span class="p">):</span> <span class="c1"># Select a random query type </span> <span class="n">query_idx</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nf">len</span><span class="p">(</span><span class="n">queries</span><span class="p">)</span> <span class="o">-</span> <span class="mi">1</span><span class="p">)</span> <span class="n">futures</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">executor</span><span class="p">.</span><span class="nf">submit</span><span class="p">(</span><span class="n">execute_query</span><span class="p">,</span> <span class="n">query_idx</span><span class="p">))</span> <span class="k">for</span> <span class="n">future</span> <span class="ow">in</span> <span class="n">concurrent</span><span class="p">.</span><span class="n">futures</span><span class="p">.</span><span class="nf">as_completed</span><span class="p">(</span><span class="n">futures</span><span class="p">):</span> <span class="n">exec_time</span> <span class="o">=</span> <span class="n">future</span><span class="p">.</span><span class="nf">result</span><span class="p">()</span> <span class="k">if</span> <span class="n">exec_time</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query_times</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">exec_time</span><span class="p">)</span> <span class="c1"># Calculate statistics </span><span class="k">if</span> <span class="n">query_times</span><span class="p">:</span> <span class="n">avg_time</span> <span class="o">=</span> <span class="nf">sum</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span> <span class="o">/</span> <span class="nf">len</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span> <span class="n">min_time</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span> <span class="n">max_time</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span> <span class="n">p95_time</span> <span class="o">=</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">query_times</span><span class="p">)[</span><span class="nf">int</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span> <span class="o">*</span> <span class="mf">0.95</span><span class="p">)]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Completed </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">query_times</span><span class="p">)</span><span class="si">}</span><span class="s"> queries</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Average query time: </span><span class="si">{</span><span class="n">avg_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Min query time: </span><span class="si">{</span><span class="n">min_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Max query time: </span><span class="si">{</span><span class="n">max_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">95th percentile query time: </span><span class="si">{</span><span class="n">p95_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">No successful queries</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">main</span><span class="sh">"</span><span class="p">:</span> <span class="nf">run_workload</span><span class="p">(</span><span class="n">num_queries</span><span class="o">=</span><span class="mi">5000</span><span class="p">,</span> <span class="n">max_workers</span><span class="o">=</span><span class="mi">50</span><span class="p">)</span> </code></pre> </div> <p><strong>B. Write_workload.py</strong></p> <p>Create a write workload script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># write_workload.py - Simulates high-throughput write operations </span><span class="kn">import</span> <span class="n">psycopg2</span> <span class="kn">import</span> <span class="n">random</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">concurrent.futures</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span> <span class="kn">import</span> <span class="n">json</span> <span class="c1"># Write endpoint (primary instance) </span><span class="n">write_endpoint</span> <span class="o">=</span> <span class="sh">"</span><span class="s">high-throughput-demo.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com</span><span class="sh">"</span> <span class="c1"># Product names for generating random orders </span><span class="n">product_names</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">Laptop</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Smartphone</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Headphones</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Monitor</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Keyboard</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Mouse</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Tablet</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Camera</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Printer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Speaker</span><span class="sh">"</span><span class="p">]</span> <span class="n">statuses</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">PENDING</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PROCESSING</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get_connection</span><span class="p">():</span> <span class="k">return</span> <span class="n">psycopg2</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span> <span class="n">host</span><span class="o">=</span><span class="n">write_endpoint</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">5432</span><span class="p">,</span> <span class="n">database</span><span class="o">=</span><span class="sh">"</span><span class="s">perf_test</span><span class="sh">"</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">YourStrongPassword123!</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">execute_insert</span><span class="p">():</span> <span class="n">conn</span> <span class="o">=</span> <span class="nf">get_connection</span><span class="p">()</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="c1"># Generate a random order </span> <span class="n">customer_id</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100000</span><span class="p">)</span> <span class="n">order_date</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="c1"># Generate between 1 and 5 items </span> <span class="n">num_items</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span> <span class="n">items</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">total_amount</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">num_items</span><span class="p">):</span> <span class="n">product</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">product_names</span><span class="p">)</span> <span class="n">price</span> <span class="o">=</span> <span class="nf">round</span><span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">9.99</span><span class="p">,</span> <span class="mf">999.99</span><span class="p">),</span> <span class="mi">2</span><span class="p">)</span> <span class="n">quantity</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span> <span class="n">item_total</span> <span class="o">=</span> <span class="n">price</span> <span class="o">*</span> <span class="n">quantity</span> <span class="n">total_amount</span> <span class="o">+=</span> <span class="n">item_total</span> <span class="n">items</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">product</span><span class="sh">"</span><span class="p">:</span> <span class="n">product</span><span class="p">,</span> <span class="sh">"</span><span class="s">price</span><span class="sh">"</span><span class="p">:</span> <span class="n">price</span><span class="p">,</span> <span class="sh">"</span><span class="s">quantity</span><span class="sh">"</span><span class="p">:</span> <span class="n">quantity</span><span class="p">,</span> <span class="sh">"</span><span class="s">item_total</span><span class="sh">"</span><span class="p">:</span> <span class="n">item_total</span> <span class="p">})</span> <span class="n">status</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">statuses</span><span class="p">)</span> <span class="n">shipping_address</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="mi">999</span><span class="p">)</span><span class="si">}</span><span class="s"> Main St, City </span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">100</span><span class="p">)</span><span class="si">}</span><span class="s">, State </span><span class="si">{</span><span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">50</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># Insert order </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">INSERT INTO orders (customer_id, order_date, total_amount, status, items, shipping_address) VALUES (%s, %s, %s, %s, %s, %s) RETURNING order_id</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order_date</span><span class="p">,</span> <span class="n">total_amount</span><span class="p">,</span> <span class="n">status</span><span class="p">,</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">items</span><span class="p">),</span> <span class="n">shipping_address</span><span class="p">)</span> <span class="p">)</span> <span class="n">order_id</span> <span class="o">=</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchone</span><span class="p">()[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># Update customer stats </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">UPDATE customers SET total_orders = total_orders + 1, total_spent = total_spent + %s, last_order_date = %s WHERE customer_id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">total_amount</span><span class="p">,</span> <span class="n">order_date</span><span class="p">,</span> <span class="n">customer_id</span><span class="p">)</span> <span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">end_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">order_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec_time</span><span class="sh">"</span><span class="p">:</span> <span class="n">end_time</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">conn</span><span class="p">.</span><span class="nf">rollback</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Insert error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">finally</span><span class="p">:</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">def</span> <span class="nf">execute_update</span><span class="p">():</span> <span class="n">conn</span> <span class="o">=</span> <span class="nf">get_connection</span><span class="p">()</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="c1"># Get a random order ID </span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">SELECT order_id FROM orders ORDER BY RANDOM() LIMIT 1</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchone</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">result</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="n">order_id</span> <span class="o">=</span> <span class="n">result</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="c1"># Update the order status </span> <span class="n">new_status</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">([</span><span class="sh">"</span><span class="s">SHIPPED</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELIVERED</span><span class="sh">"</span><span class="p">])</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">UPDATE orders SET status = %s WHERE order_id = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">new_status</span><span class="p">,</span> <span class="n">order_id</span><span class="p">)</span> <span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="n">end_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">order_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">exec_time</span><span class="sh">"</span><span class="p">:</span> <span class="n">end_time</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">conn</span><span class="p">.</span><span class="nf">rollback</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Update error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">finally</span><span class="p">:</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="k">def</span> <span class="nf">run_workload</span><span class="p">(</span><span class="n">num_operations</span><span class="o">=</span><span class="mi">1000</span><span class="p">,</span> <span class="n">insert_ratio</span><span class="o">=</span><span class="mf">0.7</span><span class="p">,</span> <span class="n">max_workers</span><span class="o">=</span><span class="mi">20</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Starting write workload simulation with </span><span class="si">{</span><span class="n">num_operations</span><span class="si">}</span><span class="s"> operations...</span><span class="sh">"</span><span class="p">)</span> <span class="n">operation_times</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">insert</span><span class="sh">"</span><span class="p">:</span> <span class="p">[],</span> <span class="sh">"</span><span class="s">update</span><span class="sh">"</span><span class="p">:</span> <span class="p">[]}</span> <span class="k">with</span> <span class="n">concurrent</span><span class="p">.</span><span class="n">futures</span><span class="p">.</span><span class="nc">ThreadPoolExecutor</span><span class="p">(</span><span class="n">max_workers</span><span class="o">=</span><span class="n">max_workers</span><span class="p">)</span> <span class="k">as</span> <span class="n">executor</span><span class="p">:</span> <span class="n">futures</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">num_operations</span><span class="p">):</span> <span class="c1"># Determine operation type based on ratio </span> <span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&lt;</span> <span class="n">insert_ratio</span><span class="p">:</span> <span class="n">futures</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">executor</span><span class="p">.</span><span class="nf">submit</span><span class="p">(</span><span class="n">execute_insert</span><span class="p">),</span> <span class="sh">"</span><span class="s">insert</span><span class="sh">"</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">futures</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">executor</span><span class="p">.</span><span class="nf">submit</span><span class="p">(</span><span class="n">execute_update</span><span class="p">),</span> <span class="sh">"</span><span class="s">update</span><span class="sh">"</span><span class="p">))</span> <span class="k">for</span> <span class="n">future</span><span class="p">,</span> <span class="n">op_type</span> <span class="ow">in</span> <span class="n">futures</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">future</span><span class="p">.</span><span class="nf">result</span><span class="p">()</span> <span class="k">if</span> <span class="n">result</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">operation_times</span><span class="p">[</span><span class="n">op_type</span><span class="p">].</span><span class="nf">append</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">exec_time</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># Calculate statistics for each operation type </span> <span class="k">for</span> <span class="n">op_type</span><span class="p">,</span> <span class="n">times</span> <span class="ow">in</span> <span class="n">operation_times</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="k">if</span> <span class="n">times</span><span class="p">:</span> <span class="n">avg_time</span> <span class="o">=</span> <span class="nf">sum</span><span class="p">(</span><span class="n">times</span><span class="p">)</span> <span class="o">/</span> <span class="nf">len</span><span class="p">(</span><span class="n">times</span><span class="p">)</span> <span class="n">min_time</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">times</span><span class="p">)</span> <span class="n">max_time</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">times</span><span class="p">)</span> <span class="n">p95_time</span> <span class="o">=</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">times</span><span class="p">)[</span><span class="nf">int</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">times</span><span class="p">)</span> <span class="o">*</span> <span class="mf">0.95</span><span class="p">)]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\\</span><span class="s">nCompleted </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">times</span><span class="p">)</span><span class="si">}</span><span class="s"> </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> operations</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Average </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> time: </span><span class="si">{</span><span class="n">avg_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Min </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> time: </span><span class="si">{</span><span class="n">min_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Max </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> time: </span><span class="si">{</span><span class="n">max_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">95th percentile </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> time: </span><span class="si">{</span><span class="n">p95_time</span><span class="si">:</span><span class="p">.</span><span class="mi">4</span><span class="n">f</span><span class="si">}</span><span class="s"> seconds</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">No successful </span><span class="si">{</span><span class="n">op_type</span><span class="si">}</span><span class="s"> operations</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">run_workload</span><span class="p">(</span><span class="n">num_operations</span><span class="o">=</span><span class="mi">2000</span><span class="p">,</span> <span class="n">insert_ratio</span><span class="o">=</span><span class="mf">0.7</span><span class="p">,</span> <span class="n">max_workers</span><span class="o">=</span><span class="mi">30</span><span class="p">)</span> </code></pre> </div> <h3> Step 5: Performance Testing and Tuning Process </h3> <p>Now let's establish a systematic approach to performance testing and tuning:</p> <ol> <li> <strong>Establish baseline performance</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run read workload test</span> python read_workload.py <span class="c"># Run write workload test</span> python write_workload.py </code></pre> </div> <ol> <li> <strong>Identify bottlenecks using Performance Insights and CloudWatch Metrics</strong>:</li> </ol> <p>Monitor key metrics during the test:</p> <ul> <li>CPU Utilization</li> <li>Database connections</li> <li>Buffer cache hit ratio</li> <li>Read/write IOPS</li> <li>Read/write latency</li> <li>Network throughput</li> <li>Wait events in Performance Insights</li> <li> <strong>Tune parameters based on identified bottlenecks</strong>:</li> </ul> <p>For PostgreSQL workloads with high connection rates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- Increase max connections</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">max_connections</span> <span class="o">=</span> <span class="s1">'1000'</span><span class="p">;</span> <span class="c1">-- Tune shared_buffers (typically 25% of instance memory)</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">shared_buffers</span> <span class="o">=</span> <span class="s1">'8GB'</span><span class="p">;</span> <span class="c1">-- Tune work_mem for complex queries</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">work_mem</span> <span class="o">=</span> <span class="s1">'64MB'</span><span class="p">;</span> <span class="c1">-- Tune maintenance_work_mem for vacuum operations</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">maintenance_work_mem</span> <span class="o">=</span> <span class="s1">'1GB'</span><span class="p">;</span> <span class="c1">-- Tune effective_cache_size (typically 75% of instance memory)</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">effective_cache_size</span> <span class="o">=</span> <span class="s1">'24GB'</span><span class="p">;</span> <span class="c1">-- Adjust autovacuum parameters for write-heavy workloads</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_vacuum_scale_factor</span> <span class="o">=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">05</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_analyze_scale_factor</span> <span class="o">=</span> <span class="mi">0</span><span class="p">.</span><span class="mi">025</span><span class="p">;</span> <span class="k">ALTER</span> <span class="k">SYSTEM</span> <span class="k">SET</span> <span class="n">autovacuum_vacuum_cost_limit</span> <span class="o">=</span> <span class="mi">2000</span><span class="p">;</span> <span class="c1">-- Apply changes</span> <span class="k">SELECT</span> <span class="n">pg_reload_conf</span><span class="p">();</span> </code></pre> </div> <ol> <li> <strong>After each parameter change, re-run tests and measure impact</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run read and write workload tests again</span> python read_workload.py python write_workload.py </code></pre> </div> <ol> <li> <strong>Document performance improvements</strong>:</li> </ol> <p>Create a documentation file showing:</p> <ul> <li>Baseline performance metrics</li> <li>Identified bottlenecks</li> <li>Parameter changes made</li> <li>Performance improvements observed</li> <li>Recommended final configuration</li> </ul> <h2> Best Practices for Ongoing Optimization </h2> <h3> Implement a Regular Performance Review Process </h3> <ol> <li> <strong>Schedule weekly reviews</strong> of Performance Insights and CloudWatch metrics.</li> <li> <strong>Set up automated alerting</strong> for performance degradation.</li> <li> <strong>Document performance changes</strong> when application behavior changes.</li> </ol> <h3> Create a Database Parameter Change Management Process </h3> <ol> <li> <strong>Test all parameter changes</strong> in a staging environment first.</li> <li> <strong>Document each parameter change</strong> with justification and expected impact.</li> <li> <strong>Implement changes during maintenance windows</strong> when possible.</li> <li> <strong>Maintain parameter groups in version control</strong> or AWS CloudFormation.</li> </ol> <h3> SQL Query Review Process </h3> <p>Establish a code review process for database queries:</p> <ol> <li> <strong>Require EXPLAIN ANALYZE</strong> for all new queries.</li> <li> <strong>Set performance targets</strong> for critical queries.</li> <li> <strong>Maintain a query library</strong> of common patterns and anti-patterns.</li> </ol> <h2> Conclusion 🚀💡 </h2> <p>Optimizing Aurora PostgreSQL/MySQL for high-throughput workloads requires a systematic approach covering instance sizing, schema design, query optimization, and Aurora-specific features. By following the hands-on lab and implementing the best practices outlined in this article, you can achieve significant performance improvements for your most demanding workloads.</p> <p>Remember that performance optimization is an ongoing process rather than a one-time task. Regular monitoring, testing, and tuning are essential to maintain optimal performance as your workloads evolve. ✨✨</p> <h2> Additional Resources </h2> <ul> <li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraPostgreSQL.html" rel="noopener noreferrer">Amazon Aurora PostgreSQL Documentation</a></li> <li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraMySQL.html" rel="noopener noreferrer">Amazon Aurora MySQL Documentation</a></li> <li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html" rel="noopener noreferrer">Performance Insights User Guide</a></li> <li><a href="https://www.postgresql.org/docs/current/performance-tips.html" rel="noopener noreferrer">PostgreSQL Performance Tuning Guide</a></li> <li><a href="https://dev.mysql.com/doc/refman/8.0/en/performance-schema.html" rel="noopener noreferrer">MySQL Performance Schema</a></li> </ul>