APJ - ISV - Database

keys, the loss of the encrypted data itself isn't normally considered a reportable security event. Cloud providers typically offer managed services to simplify the cre‐ ation, control, and management of your encryption keys. Thus, AWS Key Management Service (KMS) provides a centralized view of all the key users in the organization. It integrates with AWS Cloud‐ Trail to provide a log that shows key usage across the organization, thus satisfying several key regulatory and compliance requirements. Infrastructure as Code: Making the Most of the Cloud When you move your databases to the cloud, there's a temptation to keep management changes to a minimum because you're used to doing things a certain way. However, this strategy means that you're simply pouring old wine into new bottles and are failing to fully cap‐ italize on the immense benefits the cloud places at your doorstep. A key technological advance that distinguishes cloud-based systems to those in local datacenters is the easy availability of configuration systems that treat your infrastructure as code. Treating infrastruc‐ ture as code enables many DevOps practices, which in turn facilitate close collaboration between developers and operations so that they can automate application delivery at scale. On-premises, you cer‐ tainly can install automation tools such as configuration manage‐ ment systems (Puppet and Chef being popular examples) and continuous integration (CI) tools (Jenkins, for instance). But very sophisticated tools of this sort are built in to the cloud. For instance, templates provided with AWS CloudFormation help you to model your entire infrastructure as code. You can define your cloud infrastructure by creating and configuring resources such as database tables and storage (Amazon S3) buckets, and treat these resources as code. You can check the AWS CloudFormation tem‐ plates into your source control system and manage them the same way developers manage their code files. A tool like CloudFormation offers the following benefits: • It helps establish a single source of truth for all of your cloud resources. Infrastructure as Code: Making the Most of the Cloud | 23

• Cover
• Table of Contents
• Chapter 1. Database Options in the Cloud
• High-Level Effects of Moving to the Cloud
• Self-Managed Versus Managed Databases
• Cloud Native Databases
• Types of Managed Databases
• When a Managed Database Might Not Be a Good Fit
• Role of the DBA in a Managed Database
• Chapter 2. The Changing Role of the DBA in the Cloud
• How DBA Tasks Change in the Cloud
• DBA Tasks That Are Taken Over by the Vendor
• DBA Tasks That Remain but with Changes
• New Tasks for the DBA in the Cloud
• Security for Data and Applications in the Cloud
• Access Control and Identity and Access Management
• Network Isolation
• Data Encryption
• Infrastructure as Code: Making the Most of the Cloud
• Chapter 3. Moving Your Databases to the Cloud
• Planning
• Factors in a Migration
• Major Migration Tasks
• Readiness Assessment
• Checking for Incompatibilities
• Data Movement
• Migrating the Database
• Migrating Applications
• Post-Migration Checks
• Optimization
• Availability
• Performance Optimization
• Adapting to Differences in the Cloud
• Conclusion
• Chapter 4. Conclusion
• About the Authors