By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Databases in RDS is suddenly deleted (empty)

0

My databases in RDS was working normally but suddenly empty. The database was still there but all data inside is deleted.

I check the DB instance monitoring, event log and CloudTrail but still cannot find anything abnormal. Could you suggest what is the best practise and activity to be performed for do some investigation?

Here is sone instance configurations

  • Instance class: db.t2.micro (Free Tier Plan)
  • vCPU: 1
  • RAM: 1 GB
  • Multi-AZ: No
  • Encryption: Not enabled
  • Storage type: General Purpose SSD (gp2)
  • Storage: 5 GiB
  • Storage autoscaling: Disabled
Topics
DatabaseAWS Free Tier
Tags
PostgreSQLDatabaseAWS Free Tier
Language
English
louis
asked 8 months ago606 views
4 Answers
0
Accepted Answer

Hello.
Does it mean that the RDS instance is still there but all the data inside is gone?
RDS data is not deleted unless you manipulate it with SQL or other means.
If the query log is enabled, you will be able to see Delete and Drop operations from there.
https://repost.aws/knowledge-center/rds-postgresql-query-logging

RDS can also be restored from snapshots if RDS snapshots are still available.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html

profile picture
EXPERT
Riku_Kobayashi
answered 8 months ago
profile picture
EXPERT
Gary Mclean
reviewed 8 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 8 months ago
  • louis
    7 months ago

    Thank you for your answer.

    I turned on query logging for PostgreSQL and I can see the DROP statements log. It drops all tables and databases in the RDS Database instances It occurs about once a month.

    Does it relate to Free Tier Plan, the Instance Class or the RDS automatic tasks or something? (I'm using Burstable performance Instance Class)

  • Riku_Kobayashi EXPERT
    7 months ago

    AWS does not automatically delete your data even in the free tier. This means that it will not be removed unless your application or yourself queries it. By the way, is public access enabled for RDS? If public access is enabled, unauthorized access from outside may be the cause. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Hiding
    First, identify who is executing the drop query.

0

you can check it by using logs , like general logs, error logs, audit logs. make sure to click on parameter group then your can see your rds parameter group and then search general,error, audit logs and change value to 1 and restart the DB. now go to RDS logs not cloudwatch logs and you can see it the logs. Now monitor and make sure to take backup according to your requirement.

Afshaar
answered 8 months ago
0

Have you check the CloudWatch metrics to see what happend to your RDS?

profile picture
derekyonghai
answered 8 months ago
0

It happened to me as well, on RDS Postgres Database instance.

You can set the following to prevent the problem: i) Inbound rules for security group shouldn't open to anywhere, but to VPC or specific security group access, ii) Use strong password for default user, don't use the default password

Fong Soon Fan
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content