Amazon RDS supports DB instances running one of several editions of Oracle Database. You can create DB instances and DB snapshots, point-in-time restores and automated or manual backups. DB instances running Oracle can be used inside a VPC. You can also enable various options to add additional features to your Oracle DB instance. Amazon RDS currently supports Multi-AZ deployments for Oracle as a high-availability, failover solution.
In order to deliver a managed service experience, Amazon RDS does not provide shell access to DB instances, and it restricts access to certain system procedures and tables that require advanced privileges. Amazon RDS supports access to databases on a DB instance using any standard SQL client application such as Oracle SQL Plus. Amazon RDS does not allow direct host access to a DB instance via Telnet or Secure Shell (SSH). When you create a DB instance, you create a master account that gets DBA privileges (with some limitations) and the SYS password or SYSDBA privileges are not provided.
Before creating a DB instance, you should complete the steps in the Setting Up for Amazon RDS section of this guide.
These are the common management tasks you perform with an Amazon RDS Oracle DB instance, with links to information about each task:
For planning information, such as Oracle versions, storage engines, security, and features supported in Amazon RDS, see Planning Your Amazon RDS Oracle DB Instance.
If you are creating a DB instance for production purposes, you should understand how instance classes, storage, and Provisioned IOPS work in Amazon RDS. For more information about DB instance classes, see DB Instance Class For more information about Amazon RDS storage, see Amazon RDS Storage Types. For more information about Provisioned IOPS, see Amazon RDS Provisioned IOPS Storage to Improve Performance.
A production DB instance should also use Multi-AZ deployments. All Multi-AZ deployments provide increased availability, data durability, and fault tolerance for DB instances. For more information about Multi-AZ deployments, see High Availability (Multi-AZ).
There are prerequisites you must complete before you create your DB instance. For example, DB instances are created by default with a firewall that prevents access to it. You therefore must create a security group with the correct IP addresses and network configuration you will use to access the DB instance. The security group you need to create will depend on what EC2 platform your DB instance is on, and whether you will be accessing your DB instance from an EC2 instance. For more information about the two EC2 platforms supported by Amazon RDS, EC2-VPC and EC2-Classic, see Determining Whether You are Using the EC2-VPC or EC2-Classic Platform. In general, if your DB instance is on the EC2-Classic platform, you will need to create a DB security group; if your DB instance is on the EC2-VPC platform, you will need to create a VPC security group. For more information about security groups, see Amazon RDS Security Groups or the Setting Up for Amazon RDS section of this guide.
If your AWS account has a default VPC (a default virtual private network), then your DB instance will automatically be created inside the default VPC. If your account does not have a default VPC and you want the DB instance to be inside a VPC, you must create the VPC and subnet groups before you create the DB instance. For more information about determining if your account has a default VPC, see Determining Whether You are Using the EC2-VPC or EC2-Classic Platform. For more information about using VPCs with Amazon RDS, see Using Amazon RDS with Amazon Virtual Private Cloud (VPC).
If your DB instance is going to require specific database parameters or options, you should create the parameter or option groups before you create the DB instance. For more information on parameter groups, see Working with DB Parameter Groups. For more information on options for Oracle, see Appendix: Options for Oracle Database Engine.
After creating a security group and associating it to a DB instance, you can connect to the DB instance using any standard SQL client application such as Oracle SQL Plus. For more information on connecting to a DB instance, see Connecting to a DB Instance Running the Oracle Database Engine.
You can configure your DB instance to take automated backups, or take manual snapshots, and then restore instances from the backups or snapshots. For information, see Back Up and Restore.
You can monitor an instance through actions such as viewing the Oracle logs, CloudWatch Amazon RDS metrics, and events. For information, see Monitoring Amazon RDS.
There are also several appendices with useful information about working with Oracle DB instances:
Amazon RDS supports DB instances running several editions of Oracle Database. This section shows how you can work with Oracle on Amazon RDS. You should also be aware of the limits for Oracle DB instances.
For information about importing Oracle data into a DB instance, see Importing Data Into Oracle on Amazon RDS.
The following list shows a subset of the key Oracle database engine features that are currently supported by Amazon RDS. The availability of the Oracle feature is dependent on the edition of Oracle that you choose. For example, OEM optional packs such as the Database Diagnostic Pack and the Database Tuning Pack are only available with Oracle Enterprise Edition.
The following list shows the Oracle features supported by Amazon RDS; for a complete list of features supported by each Oracle edition, go to Oracle Database 11g Editions.
Flashback Table, Query and Transaction Query
Virtual Private Database
Comprehensive support for Microsoft .NET, OLE DB, and ODBC
Automatic Memory Management
Automatic Undo Management
Star Query Optimization
Summary Management - Materialized View Query Rewrite
Oracle Data Redaction (version 18.104.22.168 or later)
Import/Export and sqlldr Support
Oracle Enterprise Manager Database Control
Oracle XML DB (without the XML DB Protocol Server)
Oracle Application Express
Automatic Workload Repository for Enterprise Edition (AWR). For more information, see Working with Automatic Workload Repository (AWR)
Datapump (network only)
Native network encryption (part of the Oracle Advanced Security feature)
Transparent data encryption (Oracle TDE, part of the Oracle Advanced Security feature)
Oracle database engine features that are not currently supported include the following:
Real Application Clusters (RAC)
Real Application Testing
Data Guard / Active Data Guard
Oracle Enterprise Manager Grid Control
Automated Storage Management
Oracle XML DB Protocol Server
Network access utilities such as utl_http, utl_tcp, utl_smtp, and utl_mail, are not supported at this time.
The Oracle database engine uses role-based security. A role is a collection of privileges that can be granted to or revoked from a user. A predefined role, named DBA, normally allows all administrative privileges on an Oracle database engine. The following privileges are not available for the DBA role on an Amazon RDS DB instance using the Oracle engine:
Create any directory
Drop any directory
Grant any privilege
Grant any role
While Amazon RDS Oracle does not support SSL/TLS encrypted connections, you can use the Oracle Native Network Encryption option to encrypt connections between your application and your Oracle DB instance. For more information about the Oracle Native Network Encryption option, see Oracle Native Network Encryption. Also, this change could be timed with the upcoming change to NNE support for SE1 and SE (it's no longer part of the Advanced Security option exclusive to Enterprise Edition):
DB Engine Version Management is a feature of Amazon RDS that enables you to control when and how the database engine software running your DB instances is patched and upgraded. This feature gives you the flexibility to maintain compatibility with database engine patch versions, test new patch versions to ensure they work effectively with your application before deploying in production, and perform version upgrades on your own terms and timelines.
Amazon RDS periodically aggregates official Oracle database patches using an Amazon RDS-specific DB Engine version. To see a list of which Oracle patches are contained in an Amazon RDS Oracle-specific engine version, go to Appendix: Oracle Database Engine Release Notes.
Taking advantage of the DB Engine Version Management feature of Amazon RDS is easily accomplished using the ModifyDBInstance API call or the rds-modify-db-instance command line utility. Your DB instances are upgraded to minor patches by default (you can override this setting).
There are two types of licensing options available for using Amazon RDS for Oracle.
In this licensing model, you can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS. To run a DB instance under the BYOL model, you must have the appropriate Oracle Database license (with Software Update License and Support) for the DB instance class and Oracle Database edition you wish to run. You must also follow Oracle's policies for licensing Oracle Database software in the cloud computing environment. For more information on Oracle's licensing policy for Amazon EC2, go to Licensing Oracle Software in the Cloud Computing Environment.
In the License Included service model, you do not need separately purchased Oracle licenses; AWS holds the license for the Oracle Database software.
Amazon RDS currently supports the following Oracle Database Editions under each of the licensing models below:
BYOL: Standard Edition One (SE1), Standard Edition (SE) and Enterprise Edition (EE)
To run a DB instance under the BYOL model, you must have the appropriate Oracle Database license (with Software Update License & Support) for the DB instance class and Oracle Database edition you wish to run.You must follow Oracle's policies for licensing Oracle Database software in the cloud computing environment. DB instances reside in the Amazon EC2 environment, and Oracle's licensing policy for Amazon EC2 is located here.
Under this model, you will continue to use your active Oracle support account and contact Oracle directly for Oracle Database specific service requests. If you have an active AWS Premium Support account, you can contact AWS Premium Support for Amazon RDS specific issues. Amazon Web Services and Oracle have multi-vendor support process for cases which require assistance from both organizations.
License Included: Standard Edition One (SE1)
In the "License Included" service model, you do not need separately purchased Oracle licenses; the Oracle Database software has been licensed by AWS.
In this model, if you have an active AWS Premium Support account, you should contact AWS Premium Support for both Amazon RDS and Oracle Database specific service requests.
Most Amazon RDS DB engines support option groups that allow you to select additional features for your DB instance. Oracle DB instances support several options, including OEM, TDE, APEX, and Native Network Encryption. For a complete list of supported Oracle options, see Appendix: Options for Oracle Database Engine. For more information about working with option groups, see Working with Option Groups.