AWS RDS Tutorial: The Intuition
Welcome back! Let's demystify AWS RDS. Before we touch a single console button, we need to understand the why and the what.
Intuition: What is a Managed Relational Database?
Think of a relational database like MySQL or PostgreSQL as a specialized engine. You need it to power your application, but maintaining the engine yourself is a full-time job: you must install it, tune its performance, apply security patches, set up backups, and ensure it never stops running.
A managed relational database service like RDS is like hiring an expert mechanic and a 24/7 monitoring team to take care of that engine for you. You tell AWS what kind of engine you want (e.g., "PostgreSQL 15"), how powerful it needs to be, and where to park it (in which AWS region). AWS then handles all the tedious, risky, and routine maintenance—the oil changes, the part replacements, the diagnostics—so you can focus purely on using the database: designing your tables, writing your queries, and building your application.
The core intuition is this:
You manage the data and the schema; AWS manages the database software and the infrastructure.
Common Misconception: RDS is just a virtual machine
It's easy to think an RDS instance is just an EC2 virtual machine you rent with a database pre-installed. This is a critical misunderstanding. While the underlying hardware is virtualized, RDS is not merely a VM you log into.
The Responsibility Shift: Self-Managed vs. RDS
Toggle the switch below to see how much of the "Heavy Lifting" moves from you to AWS.
On a self-managed VM, you are the system administrator with full sudo access. You are responsible for everything. With RDS, you have no OS-level access. You cannot ssh into the host. This is a feature, not a bug. AWS's automation layer handles the host, applying patches, managing failover, and scaling storage.
(Advanced) How RDS differs from self‑managed DBs
| Task | Self‑Managed DB (on EC2) | Amazon RDS |
|---|---|---|
| Provisioning | You install OS & DB software. | You select engine & size; AWS deploys. |
| Patching | You schedule, test, and apply OS/DB patches. | AWS applies patches (you control timing). |
| Backups | You script and manage backup retention & storage. | AWS automates daily snapshots & transaction logs. |
| High Availability | You build & test failover scripts & replication. | You enable Multi-AZ; AWS manages synchronous standby & automatic failover. |
| Scaling | You manually resize instance or add read replicas. | You modify instance class; AWS handles restart. Read replicas are a button click. |
| Monitoring | You install & configure monitoring agents. | Enhanced monitoring & metrics are built-in (CloudWatch). |
| Security | You configure OS firewall, DB user auth, encryption. | You configure DB auth & encryption; AWS manages network isolation (in VPC) and host-level security. |
Cloud Database Setup: Architecture & Cost Reality
Now that we understand what RDS is, let's look at where it lives and how much it costs. This is where many students get tripped up. The cloud isn't just a cheaper hard drive; it's a completely different operating model.
Intuition: The Cloud Network Architecture
Think of your cloud database not as a standalone server, but as a specialized, network-connected component within your application's ecosystem. In the cloud, your database lives inside a private, virtual network (your VPC).
It's isolated from the public internet, placed in specific subnets (often across multiple Availability Zones for resilience), and guarded by a Security Group that acts like a precise firewall—only allowing traffic on the database port (like 5432) from your application servers.
Visualizing the "Private" Connection
Your database should never be exposed to the public internet. Click "Simulate Connection" to see how your App Server talks to the DB through the Security Group.
Common Misconception: Cloud is Always Cheaper
The most persistent myth is that moving to a managed cloud database automatically cuts costs. This is false. Cloud changes the cost structure from large, predictable capital expenses (buying servers) to variable, granular operational expenses (pay-per-second).
It can be cheaper if you leverage the model correctly, but it can also become expensive through mismanagement. You pay for what you provision, not just what you use.
The "Cloud Bill" Simulator
Adjust the sliders to see how configuration choices impact your monthly bill. Notice how Multi-AZ and Storage can double your costs.
Estimated Monthly Bill
Based on On-Demand pricing (simplified)
(Advanced) Cost Modeling Basics
To model cost realistically, treat your RDS instance as a sum of independent billable dimensions. Here is the formulaic approach:
1. Compute
instance_class_hourly_rate * hours_in_month
Use Reserved Instances (1-3 year commitment) for steady workloads to save 30-60%.
2. Storage
storage_gb * storage_rate_per_gb_month
gp3 is cost-effective. io1/io2 is expensive (high performance).
3. I/O Operations
Pay per request beyond baseline.
For gp3, you get 3,000 IOPS free. Beyond that, you pay.
4. Data Transfer
Egress (leaving AWS) is charged. Ingress is free.
Moving data between regions or to the internet costs money.
Practical Tip: Use the AWS Pricing Calculator upfront. Model a "worst-case" scenario with 20% higher storage and 30% more I/O. The difference between on-demand and reserved pricing is often the largest lever—if your workload is constant, a 1-year reserved instance is almost always the rational economic choice.
AWS Managed Database: The Benefits & The Reality
Welcome back! Now that we've seen how RDS fits into the network and cost model, let's dig into the core value proposition. Why do companies choose RDS over installing MySQL on an EC2 instance? Is it just laziness? No—it's about operational risk transfer.
Intuition: The "Leased Car" vs. "Owned Car"
Imagine you drive a car to work every day.
- Self-Managed (Owned Car): You buy the car. You change the oil. You fix the flat tires. If the engine blows, you call a mechanic. You are the owner and the mechanic.
- Managed RDS (Leased Car): You pay a monthly fee. The leasing company guarantees the car runs. If the engine fails, they swap it instantly. You just drive. You are the driver.
The real benefit isn't just saving time; it's transferring risk. You stop worrying about the physical hardware dying or the OS getting hacked, and focus entirely on the data.
Visualizing the Transfer of Toil
Click "Switch to Managed (RDS)" to see which responsibilities disappear from your plate.
Your Responsibility (Self-Managed)
AWS Responsibility (Managed)
Result: With RDS, you trade administrative control for operational reliability.
Common Misconception: "Managed" means "Pre-Configured"
This is a critical error. Managed does not mean "set it and forget it." AWS manages the infrastructure, but you must manage the configuration.
Think of it like a Smart Home System. AWS installs the wiring, the circuit breakers, and the cameras (the infrastructure). You still have to decide where to place the sensors, what temperature to set, and who gets access codes.
The Configuration Boundary
Hover over the boxes to see what YOU control vs. what AWS controls.
(Advanced) Service Level Agreements (SLAs)
An SLA is AWS's financial promise to you. For RDS, they guarantee 99.99% monthly uptime. But what does that actually mean for your business?
| Feature | Single-AZ | Multi-AZ |
|---|---|---|
| Architecture | One instance in one Availability Zone. | Primary + Standby in different AZs. |
| Failure Handling | Manual restore from backup (Hours of downtime). | Automatic failover (Minutes of downtime). |
| Cost | Standard Compute Cost. | ~2x Compute Cost (Standby is paid). |
Practical Tip: The SLA guarantees availability, but it doesn't guarantee performance. If your database is slow because you chose the wrong instance size, the SLA doesn't help. Always right-size your instance to meet your performance needs, not just the uptime guarantee.
RDS Configuration Guide: Orchestrating Your Database
Now that we've analyzed the architecture and cost, we arrive at the most critical phase: Configuration. Once your RDS instance is provisioned, your job shifts from building to orchestrating. This is where you define the rules of engagement for your database.
Intuition: The Four Buckets of Configuration
Think of configuring RDS like setting up a new car before a long road trip. You don't just drive; you adjust the mirrors, check the tires, and set the GPS. Your configuration choices fall into four distinct buckets:
- Security & Access: Who can talk to the database? (Security Groups, Passwords).
- Performance & Cost: How powerful is the engine? (Instance Class, Storage Type).
- Durability & Recovery: How do we survive a crash? (Backups, Retention).
- Maintenance & Updates: When do we get the oil change? (Maintenance Windows).
The RDS Configuration Dashboard
Click each category to reveal the specific settings you must explicitly define.
Security & Access
Firewalls & Auth
Security Groups: Allow inbound traffic only from your App Server's Security Group. Never use 0.0.0.0/0.
Auth: Set a strong Master Password or enable IAM Database Authentication.
Performance & Cost
Compute & Storage
Instance Class: Choose CPU/RAM (e.g., db.t3.medium). This dictates your hourly bill.
Storage Type: gp3 for general use. io2 for high IOPS needs.
Durability & Recovery
Backups & Snapshots
Backup Retention: Set to 7+ days for production. Defaults are often too short.
Preferred Window: Schedule backups during your lowest traffic hours.
Maintenance & Updates
Patching & Upgrades
Maintenance Window: Define a 30-minute slot when AWS can reboot your instance for patches.
Auto-Upgrade: Decide if minor versions should update automatically during this window.
Common Misconception: "Defaults are Optimal"
The most dangerous trap in cloud engineering is assuming AWS defaults are production-ready. They are not. They are generic placeholders designed to get you running quickly, not to secure or optimize your data.
The "Default" Trap
Toggle the switch to see how "Default" settings often fail in a real production environment.
Setting: Backup Retention
Default: 1 Day
Production Need: 7-35 Days
Risk: Data Loss
If you delete a table by mistake on Day 2, your backup from Day 1 is already gone. You cannot recover.
Safe: Point-in-Time Recovery
You have 7 days of snapshots. If you make a mistake, you can restore the database to any second within that week.
(Advanced) Fine-Tuning: Parameter Groups
Beyond the console settings, RDS exposes the engine's internal configuration via Parameter Groups. Think of these as the "knobs" inside the engine room. You can adjust memory allocation, buffer sizes, and query limits.
Warning: Tuning is an art. Increasing work_mem speeds up complex queries, but if you have 100 users running complex queries at once, you could run out of RAM and crash the server. Always benchmark before you tune.
Prerequisites and Account Setup: Building Your Foundation
Welcome to the workshop! Before we click "Create Database," we need to set up our workspace. Think of this like preparing a construction site: you need the permits, the power hookups, and the safety gear before the crane arrives.
Intuition: The Four Pillars of Readiness
You cannot build RDS in a vacuum. It plugs into the existing infrastructure of your AWS account. Ensure you have these four things ready:
- The Permit: An active AWS Account with billing enabled.
- The Hookups: A VPC and Subnets (your private network).
- The Keys: A Security Group strategy (firewall rules).
- The Budget: Awareness of hourly costs.
The Pre-Flight Checklist
Click each item to verify your readiness. If you haven't done these yet, the "Start RDS" button will remain locked.
1. AWS Account Active?
Billing enabled & root secured.
2. VPC & Subnets Ready?
Private network prepared.
3. Security Group Strategy?
Firewall rules defined.
4. Cost Awareness?
Pricing calculated.
Common Misconception: The "Free Tier" Trap
The AWS Free Tier is a generous gift, but it is a temporary training wheel, not a permanent business model. It is limited to 12 months and specific instance sizes.
Is This Configuration Free?
Select your settings. If it turns Red, you will be charged.
Covered by Free Tier
This configuration fits within the 750 hours/month limit for the first 12 months.
(Advanced) Setting Up IAM Permissions
In the cloud, Identity is the new perimeter. You don't need to SSH into the server to manage it; you need the right digital keys (IAM Policies) to talk to the RDS API.
The "Least Privilege" Policy
Hover over the JSON policy below to see what each section controls. This is a safe, custom policy for managing RDS.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:CreateDBInstance",
"rds:DescribeDBInstances",
"rds:ModifyDBInstance",
"rds:DeleteDBInstance"
],
"Resource": "arn:aws:rds:*:*:db:*"
},
{
"Effect": "Allow",
"Action": [
"rds:CreateDBSubnetGroup",
"rds:DescribeDBSubnetGroups"
],
"Resource": "*"
}
]
}
Practical Tip: For learning, the managed policy AmazonRDSFullAccess is fine. For production, always use a custom policy like the one above to follow the Principle of Least Privilege.
Networking and Security Groups: The Campus Analogy
Now that we know how to configure RDS, we must address where it lives and who can talk to it. This is the most common source of connection errors for students. Let's visualize the network architecture.
Intuition: The Private Campus
Think of your AWS VPC (Virtual Private Cloud) as a private, fenced campus. Your RDS instance is a building inside that campus.
By default, that building has no public street address. It can only be reached from within the campus. The Security Group attached to your RDS instance acts like a security guard at the building's door.
The guard doesn't care about your database password. The guard only checks your ID Badge (Source IP or Security Group). If your badge isn't on the approved list, you get turned away at the door, even if you know the password.
The Security Guard Simulator
Configure the Security Group rule and click "Test Connection" to see how the guard handles traffic.
Common Misconception: "Publicly Accessible"
When creating an RDS instance, you will see a checkbox: "Publicly accessible".
Myth: "I need to check this so my laptop can connect."
Reality: This gives your database a public IP address, making it reachable from the internet. This is a major security risk. Your laptop should connect via a secure tunnel (SSH/VPN), not by exposing the database to the world.
The Public Access Toggle
Toggle the switch to see what happens when you enable "Publicly Accessible".
Connecting from Your Laptop (Local Dev)
If your database is private (as it should be), how do you connect from your laptop? You have two main options:
SSH Tunnel (Bastion Host)
You create a small EC2 instance ("Jump Box") with a public IP. You SSH into that box, and forward a local port to the RDS instance.
ssh -L 5432:my-db.xxxxxx.us-east-1.rds.amazonaws.com:5432 ec2-user@bastion-ip
AWS VPN / Direct Connect
You connect your office/home network to AWS via a secure tunnel. Your laptop appears to be "inside" the VPC.
psql -h my-db.xxxxxx.us-east-1.rds.amazonaws.com -U user
(Advanced) VPC Peering & PrivateLink
What if your App is in VPC A and your Database is in VPC B? They cannot talk by default. You need to build a bridge.
Visualizing VPC Peering
VPC Peering connects two VPCs privately. Traffic never leaves the AWS network.
Hover over the line to simulate traffic.
(Advanced) Instance Class and Size Selection
Now we arrive at a critical decision point: Choosing your engine. In AWS RDS, this is your Instance Class. Choosing the wrong one is the most common cause of either wasted money or poor performance. Let's break it down.
Intuition: The Car Engine Analogy
Think of an RDS instance class like choosing an engine for a car.
- The Commuter (Burstable Instance): A small engine that gets great gas mileage. It can sprint (burst) when you merge onto a highway, but it relies on a "fuel tank" (CPU Credits) built up while cruising slowly. If you drive it like a race car constantly, it runs out of fuel and slows down.
- The Truck (Provisioned Instance): A massive engine that consumes more fuel (money) but provides consistent, raw power. It can tow a heavy load (complex queries) without ever getting tired or slowing down.
Your goal is to match the engine to the workload. You don't put a Formula 1 engine in a city commuter—it's wasteful. You don't try to tow a trailer with a scooter—it will fail.
Visualizing Burstable Performance (T-Instances)
This simulation shows how a Burstable Instance (T3/T4g) works. Adjust the "Workload" slider to see how it earns and spends CPU Credits.
You are earning credits faster than you are spending them.
Common Misconception: "Bigger is Better"
It is tempting to just pick the biggest instance (e.g., db.r6g.2xlarge) to ensure performance. This is a costly mistake.
The Cost of Oversizing
- Wasted Money: You pay for CPU cycles you never use.
- False Security: A big instance can hide bad code. If you have an N+1 query problem, a huge CPU might mask it temporarily, but the technical debt remains.
The Danger of Undersizing
- Throttling: On burstable instances, you hit the credit limit and performance tanks.
- Memory Pressure: If RAM is full, the OS swaps to disk, causing catastrophic slowdowns.
The right approach is Right-Sizing. Start with a baseline, load test, and monitor metrics like CPUUtilization and FreeableMemory. Scale up only when metrics consistently show you are hitting limits.
(Advanced) Burstable vs. Provisioned Capacity
This is the most critical distinction in the RDS console. You will see two main families of instance classes:
| Feature | Burstable (T3, T4g) | Provisioned (M, R, C) |
|---|---|---|
| Mechanism | Uses CPU Credits. Baseline performance + Burst capability. | Fixed Performance. Guaranteed vCPU power 24/7. |
| Best For | Dev/Test, low-traffic apps, intermittent workloads. | Production apps, steady traffic, latency-sensitive workloads. |
| Risk | Throttling if credits run out. | Higher cost for equivalent vCPU count. |
Checking for Throttling via CLI
If you suspect a T-instance is throttling, check the CPUCreditBalance metric.
# Check Credit Balance for the last hour
aws cloudwatch get-metric-statistics \
--namespace AWS/RDS \
--metric-name CPUCreditBalance \
--dimensions Name=DBInstanceIdentifier,Value=your-db-name \
--start-time $(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%SZ) \
--end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
--period 300 \
--statistics Average \
--region us-east-10 during business hours, your instance is throttled. You must migrate to a Provisioned instance (M, R, or C family).
(Advanced) Storage Configuration: Performance vs. Capacity
Now that we've selected our engine, we need to decide where the fuel goes. In database terms, this is Storage Configuration.
Students often assume that simply allocating more storage (more Gigabytes) makes a database faster. This is false. Storage size is capacity; IOPS (Input/Output Operations Per Second) is speed. Let's separate these concepts.
Intuition: The Warehouse Analogy
Think of your database storage as a warehouse.
- General Purpose SSD (
gp3): A standard warehouse. Reliable, fast enough for 90% of use cases, and cost-effective. It has a baseline speed (3,000 IOPS) that you can upgrade. - Provisioned IOPS SSD (
io1/io2): A high-speed automated retrieval center. You pay extra to guarantee a specific speed (e.g., 10,000 IOPS). Use this only for critical, high-traffic systems. - Magnetic (
standard): An old, dusty filing cabinet. Do not use this. It is legacy technology and too slow for modern applications.
Storage Tier Selector
Click a storage type to see its characteristics. Notice the difference between Cost and Performance.
General Purpose SSD
gp3The default choice. It provides a baseline of 3,000 IOPS and 125 MB/s throughput regardless of volume size. You can scale these independently.
Common Misconception: "More Storage = Faster Queries"
This is the most dangerous assumption for beginners. Allocating 500 GB of storage does not make your queries run faster than allocating 50 GB.
Think of it like a highway:
- Storage Size (GB): This is the size of the parking lot. It holds more cars (data), but doesn't change the speed limit.
- IOPS/Throughput: This is the speed limit and number of lanes. This determines how fast data moves.
The "Size vs. Speed" Reality Check
Adjust the sliders. Notice how Storage Size does not affect Query Speed, but IOPS does.
Holds more data, but speed stays the same.
Increases throughput and reduces latency.
(Advanced) Provisioned IOPS & Autoscaling
For production systems, you need to plan for growth. Storage Autoscaling allows your database to automatically add storage space when it runs low, without downtime.
Provisioned IOPS (io1/io2) is for when you need guaranteed speed (e.g., financial trading). You pay for the speed you need, not just the size.
Storage Autoscaling Simulation
Watch how the database automatically grows when it hits the 80% threshold.
Enabling Autoscaling via CLI
Here is how you configure the initial size and the maximum limit using the AWS CLI.
aws rds modify-db-instance \
--db-instance-identifier my-prod-db \
--allocated-storage 100 \
--max-allocated-storage 1000 \
--apply-immediately(Advanced) Common Pitfalls and Troubleshooting
Welcome to the "War Room," students. Even with the best architecture, things will go wrong. When they do, panic is your enemy. Methodical diagnosis is your weapon. In this section, we'll dissect the most common RDS errors and learn how to hunt them down.
Intuition: The Three Buckets of Failure
When your application screams "Connection Failed," the error almost always falls into one of these three buckets. Your job is to figure out which one it is.
- Security & Access: The guard at the door (Security Group) won't let you in. Wrong IP, wrong port.
- Connectivity & Networking: You are in the wrong building (Wrong VPC/Subnet) or the road is blocked (Route Tables).
- Authentication & SSL: You made it to the door, but you don't have the key (Wrong Password) or the door is locked (SSL mismatch).
The golden rule of troubleshooting: Start with the network, then credentials, then application logic.
The Troubleshooting Decision Tree
Click the buttons to simulate a troubleshooting session. Follow the path to find the root cause.
Step 1: Can you resolve DNS?
Run: nslookup your-db.rds.amazonaws.com
Step 2: Can you reach the Port?
Run: telnet your-db.rds.amazonaws.com 5432
Step 3: Authentication Test
Run: psql -h ... -U user -d db
Diagnosis
...
Common Misconception: "It's Always the Network"
The first assumption students make is "It's a Security Group issue." While true often, it is not always true.
Here are the "Hidden" culprits that aren't network related:
Wrong Endpoint
Connecting to the public endpoint when Publicly Accessible = No (timeout), or using the private endpoint from your laptop (immediate refusal).
Exhausted Connections
The network is fine, but the database is full. The max_connections limit is hit. New connections are rejected immediately.
SSL/TLS Mismatch
Your client requires SSL, but the RDS parameter group has it disabled (or vice versa). The handshake fails.
Missing User
You connected as root (master user), but your application tries to connect as app_user, which doesn't exist yet.
Log Analysis: The "Black Box" Recorder
When the network checks out, look at the logs. The database engine keeps a diary of every error.
RDS Error Log Simulator
Click on a log line to reveal what it actually means for your troubleshooting.
CloudWatch Metrics: The Vital Signs
Logs tell you why something failed. Metrics tell you what is happening right now.
| Metric | What it tells you | Action if High |
|---|---|---|
| CPUUtilization | % of allocated compute in use. | Scale up instance class. |
| FreeableMemory | Available RAM in MB. | Move to memory-optimized class (R family). |
| Read/Write IOPS | Disk operations per second. | Increase provisioned IOPS (gp3) or optimize queries. |
| BurstBalance | Remaining CPU credits (0-100%). | Switch to Provisioned instance (M/R/C) if 0%. |
| DatabaseConnections | Current active connections. | Fix connection leaks in app or increase max_connections. |
(Advanced) Enhanced Monitoring
Standard CloudWatch metrics are like a car's speedometer. Enhanced Monitoring is like opening the hood and looking at every single piston. It gives you OS-level metrics (CPU Steal, Memory Swap) at 1-60 second intervals.
Pro Tip: If you see high CPUUtilization but low DatabaseConnections, check Enhanced Monitoring for high CPUSteal. This means the hypervisor is fighting for resources. You need a different instance class or Tenancy.
The Troubleshooting Mantra
"Metrics tell you what is happening; Logs tell you why."
Frequently Asked Questions (FAQ)
Welcome to the lab! These are the questions I hear most often from students in the RDS workshop. Let's clear up the confusion and get you building with confidence.
Intuition: Your RDS instance lives in a private, locked room (your VPC). You can only enter if you are already inside the building (your app runs in the same VPC) or you use a secure, authorized tunnel from outside (like a bastion host).
The Connection Checklist:
- Network Access: Ensure your app is in the same VPC. The RDS Security Group must allow inbound traffic on port
5432(PostgreSQL) or3306(MySQL) from your App's Security Group. - Endpoint: Copy the DNS name from the console (e.g.,
mydb.xxxxxx.us-east-1.rds.amazonaws.com). - Client Tool: Use
psqlormysql.
Example (PostgreSQL):psql "host=mydb... port=5432 dbname=mydb user=admin sslmode=verify-full"
Intuition: You're trying to call a private phone number from a public payphone. The database has no public number (IP) because it's locked inside your private VPC.
Solution: Do not change "Publicly Accessible" to "Yes" for production. Instead, run your app inside the same VPC or use an SSH Tunnel (Bastion Host) to securely bridge your laptop to the VPC.
Intuition: Single-AZ is like a single car; if it crashes, you're stranded. Multi-AZ is like a car with a self-driving backup that instantly takes over if the main car fails.
Availability Architecture
Intuition: You start with a small warehouse and can expand it as your inventory grows, but there's a maximum size depending on the warehouse type.
- Minimum: 20 GB.
- Maximum: Up to 64 TB (for PostgreSQL, MySQL, MariaDB, Oracle).
- Autoscaling: You can enable automatic growth when free space is low, but always set a Maximum Limit (e.g., 1 TB) to prevent runaway costs.
Intuition: Yes, but it requires a brief reboot—like swapping a car's engine, the car is offline during the swap.
How: Use the AWS Console (Modify DB Instance) or CLI.
When: You can apply immediately (downtime) or wait for the maintenance window.
Pro Tip: Moving from a Burstable (T-class) to a Provisioned (M/R-class) is common if you are hitting CPU limits.
Intuition: RDS automatically takes daily snapshots (photocopies) and stores transaction logs (diaries). You can rewind to any point in time.
Automated Backups
Daily snapshots + logs. Allows Point-in-Time Restore (PITR). Creates a new instance.
Manual Snapshots
User-initiated. No expiration. Good for major changes. Creates a new instance.
Intuition: Yes, but it's a 12-month "trial" to learn and experiment, not a permanent free service.
Free Tier Limits (12 Months):
- 750 hours/month of a single-AZ
db.t3.micro. - 20 GB of storage.
- No Multi-AZ (standby instance is not free).