Implementing comprehensive database event management using Amazon RDS native notifications and EventBridge

Introduction

In the financial services industry, database reliability and controlled maintenance are crucial. Database systems form the backbone of critical financial operations, and handle everything from real-time transactions to regulatory reporting and risk management calculations. Any unplanned downtime or data inconsistency can have far-reaching consequences, potentially affecting millions of customers and transactions worth billions of dollars. Recently, AWS Enterprise Support helped a financial services customer implement a robust database event monitoring system. With this system, the customer could control maintenance operations while meeting operational stability and compliance requirements.

In this article, we will explore the following topics:

• How AWS Enterprise Support partnered with a customer to design and implement an enterprise-grade monitoring solution.

• Technical best practices for database event monitoring, including Amazon RDS event subscriptions, EventBridge notification frameworks, and maintenance event management at scale.

Proactively engaging the customer's challenges

A leading financial services organization that operated critical core banking application on AWS uses Amazon RDS as a crucial architect component. One of the main issues that the customer had was database-related maintenance management. To resolve their issues, the solution needed to include the following features:

• Advance notification of all operating system and database engine updates.

• Strict control over maintenance timing to align with pre-approved maintenance windows.

• No unexpected system maintenance.

The customer initially configured Amazon RDS event notifications, but encountered issues after they restored databases with the same names, which led to missed maintenance notifications. This situation put them at risk of unexpected downtime and potential compliance violations.

When AWS Support helps customers, their focus is to provide comprehensive, solution-oriented guidance and implement AWS best practices. AWS Support engagements are structured not only to resolve immediate technical challenges, but enhance the overall architectural reliability and operational efficiency. For this customer, AWS Support worked through a systematic approach that combined technical expertise with industry-specific compliance requirements.

AWS Enterprise Support engaged with the customer through the following phases:

Initial assessment

• Reviewed existing notification setup and identified gaps. Common issues included misconfigured event categories, missing database instances, and broken notification paths.

• Discovered notification issues for restored databases. These issues are a common oversight when you restore databases from snapshots, and can affect critical operational monitoring.

• Clarified the requirements for maintenance event tracking. To maintain audit trails of scheduled maintenance, backup operations, and configuration changes, we had to understand the customer's requirements.

Problem resolution

• Investigated the event subscription status, which was all-sources-deleted. This status indicates that all source identifiers were removed, and is a common issue when databases are deleted without proper event subscription cleanup.

• Helped correctly recreate native event subscriptions. The recreated subscriptions followed proper configurations for source types, event categories, and Amazon Simple Notification Service (Amazon SNS) topic settings to prevent notification gaps.

• Documented best practices for maintaining notification reliability during database lifecycle changes. These best practices include regular status monitoring and subscription testing procedures.

Enhanced solution implementation

• Designed a custom EventBridge notification framework.

• Created filtered rules for specific maintenance events.

• Implemented audit-friendly logging mechanisms.

Implementing a comprehensive solution

The comprehensive database event monitoring solution combined two approaches:

• Amazon RDS native event subscriptions for pre-defined fundamental database event notifications: These include how to categorize different event types, interpret notification messages, and configure appropriate notification targets based on event type.

• EventBridge and Amazon SNS enhanced notification management: This provides advanced filtering, custom message formatting, and integration with multiple downstream systems for notifications, logging, and automated responses.

This dual approach provides both broad coverage and granular control over database events, meeting the customer's strict operational and compliance requirements.

Prerequisites:

Before starting, AWS Support made sure that the customer had the following:

• Active Amazon RDS database instances.

• Appropriate AWS Identity and Access Management (IAM) permissions to configure Amazon RDS event subscriptions.

• An Amazon SNS topic to receive notifications.

• Permissions to configure EventBridge rules for enhanced control.

Configuring Amazon RDS native event subscriptions

To set up Amazon RDS event subscriptions, we directed the customer to subscribe to Amazon RDS event notifications.

Understanding event subscription status

When properly configured with available database instances, the subscription showed an Active status. This status indicated that the subscription was ready to send notifications.

However, when the monitored instances were deleted, the subscription status changed to all-sources-deleted. This status indicated that the monitored resources were no longer available.

Important considerations

When we helped the customer implement the solution, we had to be aware of the following potential issues:

• If the customer deletes and recreates instances with the same name, then they have to manually readd them to the subscription.

• If the customer restores instances from snapshots, then they have to reconfigure the event subscription.

• If the customer uses all instances in their subscription, then they automatically include new instances as well.

Event notification examples

When we configured Amazon RDS event subscriptions for the customer and confirmed the Active status, the customer received various types of notifications based on the subscription settings.

The following are examples of critical notification emails that the customer received:

Operating system update available:

This notification informed the customer about available operating system updates, and included the following information:

• Affected Amazon RDS instance identifier

• Update type, such as a system update

• A console link to the Amazon RDS resource

Database engine update available:

This notification alerted the customer about available database engine updates, and included the following information:

• Amazon RDS instance details

• The available update, such as a DB instance minor version upgrade)

• Console links to the Amazon RDS instance

These notifications allowed for proactive management of Amazon RDS instances and facilitated planned maintenance activities, crucial for meeting the financial services customer's compliance requirements.

Enhancing notifications with EventBridge

To achieve more granular control, AWS Support helped implement EventBridge rules to complement Amazon RDS native event subscriptions.

To implement EventBridge rules for Amazon RDS events, see Create a rule.

Example EventBridge rule pattern:

json
{
    "source": ["aws.rds"],
    "detail-type": ["RDS DB Instance Event"],
    "detail": {
        "EventID": [
            "RDS-EVENT-0026",
            "RDS-EVENT-0027",
            "RDS-EVENT-0047",
            "RDS-EVENT-0155",
            "RDS-EVENT-0178"
        ]
    }
}

This pattern captures critical maintenance events, including scheduled maintenance notifications, reboot requirements, backup and restore operations, and configuration changes. For a complete list of events, see Amazon RDS event categories and event messages.

Setting up targeted notifications with Amazon SNS

To manage specific maintenance scenarios and meet audit requirements, we completed the following tasks:

• We created separate Amazon SNS topics for different event categories, such as for critical maintenance or routine backups.

• We configured EventBridge rules to route events to the related Amazon SNS topics.

• We implemented message filtering within Amazon SNS for more specific event types.

• We used Amazon SNS subscription filters to configure escalation paths for critical maintenance events.

Using EventBridge for advanced scenarios

EventBridge offers several advantages for granular event management:

• You can filter events based on specific attributes, more than what Amazon RDS native subscriptions allow.

• You can route different event types to different targets, such as critical events to pager systems or informational events to logging systems.

• You can implement custom event patterns for complex filter scenarios.

• You can set up multiple targets for the same event rule, such as to notify the operations team and start Lambda functions for custom processing.

Example EventBridge rule for filtering specific Amazon RDS instance events:

json
{
    "source": ["aws.rds"],
    "detail-type": ["RDS DB Instance Event"],
    "detail": {
        "SourceType": ["DB_INSTANCE"],
        "SourceIdentifier": ["your-db-instance-name"],
        "EventCategories": ["maintenance"]
    }
}

Maintaining effective monitoring

AWS Support provided the following best practices for the customer to create reliable ongoing monitoring:

Complete maintenance regularly

• Verify event subscription status for native Amazon RDS service.

• Document all monitored instances and their event subscription configuration.

• Promptly investigate all-sources-deleted statuses.

• Review and update EventBridge rules and notification routing.

Create a change management process

• After instance restoration or recreation, update your subscription configurations.

• Maintain procedures for re-adding instances to subscriptions.

• Document any modifications to your monitoring setup.

• Track status changes in event subscriptions.

Prepare and support your team

• Keep documentation current for both Amazon RDS subscriptions and EventBridge rules.

• Train team members on notification response procedures.

• Establish escalation paths for critical notifications.

• Regularly review and update contact information.

Conclusion

By using AWS Enterprise Support, the financial services customer successfully implemented a comprehensive database event monitoring system that met their strict operational and compliance requirements. The solution combined Amazon RDS native event subscriptions with EventBridge rules, providing both broad event coverage and granular control.

This approach provided the customer with the following benefits:

• Timely notifications of all system updates and maintenance events.

• Strict control over maintenance timing.

• Comprehensive audit trails for compliance purposes.

• Minimized risk of unexpected system changes.

Remember to regularly review and update your notification configurations, especially after database lifecycle changes. This review helps you maintain a reliable monitoring framework that continues to meet your evolving business needs.

To learn more about how AWS Support can help you optimize your database operations and monitoring strategies while meeting compliance requirements, visit AWS Support.

About the authors

Tejas Majamudar

Tejas Majamudar is a Senior Technical Account Manager at Amazon Web Services, where he partners with customers to achieve operational excellence and optimize their cloud infrastructure. As an advisor, Tejas helps organizations implement efficient risk management strategies and cost optimization initiatives. This way, organizations can maximize the value of their AWS investments.

Sathik M

Sathik M is a Technical Account Manager at AWS who specializes in Enterprise IT and cloud computing. Sathik brings a wealth of knowledge in optimizing and securing large-scale deployments in Linux across various industries. As a subject matter expert in Amazon Elastic Compute Cloud (Amazon EC2) Linux, Amazon ElastiCache, and Amazon FSx for NetApp ONTAP, Sathik has led numerous customer engagements. He helps customers achieve unprecedented levels of performance and reliability in their cloud infrastructure.