Professional Documents
Culture Documents
RDS Performance 231129-001959-231130170115
RDS Performance 231129-001959-231130170115
Lakefron-EDC
What is the database instance name?
aws-rds-us-gov-west-1-818199694861-edl-adsd-edc-dev
What is the version of the database?
Engine version
14.7
What port is used for the database?
Port
5432
Does database have a large object? If yes, then what is the type of large object?
It seems like user might have created these large objects as part of AWS DMS job -- converting Oracle
tables to Postgres
total count of large object varies per database, the one we are testing has 4750 count.
• Psql client utility version
PSQL client utility version for what? the one I used for pg_restore? if so, its version 15.2
• PostgreSQL Database user who created large object and Backup username
user: lord0306 created large object and backup service account we are using is:
svc_ebb_veritas_netbk, one example below
oid lomowner lomacl
156486 16455 {lord0306=rw/lord0306,webui_admin=r/lord0306,svc_ebb_veritas_netbk=r/
lord0306}
Does the user have a materialized view on the database?
Yes
Is the database encrypted?
Encryption
Enabled
What is the average amount of time that it takes to backup this database?
5 MB/s
What is the average amount of time that it takes to restore this database?
5 MB/s
"Statement": [
"Action": [
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:DescribeScalingActivities",
"autoscaling:AttachInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2AutoScaling"
},
"Action": [
"kms:ReEncryptTo",
"kms:ReEncryptFrom",
"kms:ListKeys",
"kms:ListAliases",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:GenerateDataKey",
"kms:Encrypt",
"kms:DescribeKey",
"kms:Decrypt",
"kms:CreateGrant"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "KMS"
},
"Action": [
"rds:ModifyDBSnapshotAttribute",
"rds:ListTagsForResource",
"rds:DescribeDBSubnetGroups",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshots",
"rds:DeleteDBSnapshot",
"rds:DeleteDBClusterSnapshot",
"rds:CreateDBSnapshot",
"rds:CreateDBClusterSnapshot",
"rds:CopyDBSnapshot",
"rds:CopyDBClusterSnapshot",
"rds:AddTagsToResource"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "RDSBackup"
},
"Action": [
"rds:RestoreDBInstanceToPointInTime",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:RestoreDBClusterToPointInTime",
"rds:RestoreDBClusterFromSnapshot",
"rds:ModifyDBInstance",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBCluster",
"rds:DescribeDBClusterParameterGroups",
"rds:CreateDBSecurityGroup",
"rds:CreateDBInstance",
"rds:CreateDBCluster"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "RDSRecovery"
},
"Action": [
"sts:GetCallerIdentity",
"ec2:ResetSnapshotAttribute",
"ec2:RegisterImage",
"ec2:ModifySnapshotAttribute",
"ec2:ModifyImageAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeSnapshots",
"ec2:DescribeSecurityGroups",
"ec2:DescribeRegions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeImages",
"ec2:DescribeHosts",
"ec2:DescribeAvailabilityZones",
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:CreateSnapshots",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:CopySnapshot",
"ec2:CopyImage"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2Backup"
},
"Action": [
"secretsmanager:UpdateSecret",
"secretsmanager:RestoreSecret",
"secretsmanager:PutSecretValue",
"secretsmanager:GetSecretValue",
"secretsmanager:GetResourcePolicy",
"secretsmanager:DescribeSecret",
"secretsmanager:DeleteSecret",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:RunInstances",
"ec2:GetEbsEncryptionByDefault",
"ec2:DetachVolume",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:DeleteVolume",
"ec2:DeleteTags",
"ec2:CreateVolume",
"ec2:CreateTags",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AttachVolume",
"ec2:AttachNetworkInterface",
"ec2:AssociateIamInstanceProfile",
"ec2:AssociateAddress"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2Recovery"
},
"Action": [
"ebs:StartSnapshot",
"ebs:PutSnapshotBlock",
"ebs:ListSnapshotBlocks",
"ebs:ListChangedBlocks",
"ebs:GetSnapshotBlock",
"ebs:CompleteSnapshot"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EBS"
},
"Action": [
"sns:Publish",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws-us-gov:sns:*:*:*",
"Sid": "SNS"
},
"Action": [
"iam:SimulatePrincipalPolicy",
"iam:ListAccountAliases"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAM"
},
"Action": [
"eks:UpdateNodegroupConfig",
"eks:ListClusters",
"eks:DescribeUpdate",
"eks:DescribeNodegroup",
"eks:DescribeCluster"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EKS"
},
"Action": [
"dynamodb:UpdateTable",
"dynamodb:UpdateContinuousBackups",
"dynamodb:ListTables",
"dynamodb:ExportTableToPointInTime",
"dynamodb:DescribeTable",
"dynamodb:DescribeExport",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DeleteTable",
"dynamodb:CreateTable",
"dynamodb:BatchWriteItem"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DynamoDB"
},
"Action": [
"s3:RestoreObject",
"s3:PutObjectTagging",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetObjectTagging",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "S3Permissions"
},
"Action": [
"s3:RestoreObject",
"s3:PutObjectTagging",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:ListBucket",
"s3:GetObjectTagging",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetBucketVersioning",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws-us-gov:s3:::v-s3-adsd-edl-dev-cdl-athena-818199694861-us-gov-west-1",
"Sid": "NetbackupS3Access"
},
"Action": "s3:ListAllMyBuckets",
"Effect": "Allow",
"Resource": "*",
"Sid": "NetbackupListS3Buckets"
},
"Action": "rds-db:connect",
"Effect": "Allow",
"Resource": "arn:aws-us-gov:rds-db:us-gov-west-1:818199694861:dbuser:*/svc_ebb_veritas_netbk",
"Sid": "ServiceAccount"
}
],
"Version": "2012-10-17"