I'm looking for some advice on upgrading my PostgreSQL RDS from version 16.1 to 16.8 without causing any downtime. Here's my current setup: I have RDS for PostgreSQL 16.1 with master credentials managed by AWS Secrets Manager, and I'm using an RDS Proxy for database connections. Serverless Lambdas are also hitting the proxy, retrieving the database user and password from Secrets Manager.
I ran into an issue trying to create an RDS Blue/Green deployment, as AWS blocks it due to the Secrets Manager integration. I see a few options:
1. **Temporarily disable Secrets Manager** - Create a new secret for the DB user and password, re-deploy the API to use this new secret, change the RDS cluster to manage the master password manually, and then create the Blue/Green deployment.
2. **Manual Blue/Green deployment** using a new RDS instance and AWS DMS or logical replication for continuous data transfer.
3. **Auto-update** with slight downtime, which could work since it's a minor version change.
Has anyone dealt with this issue? What approach worked best for you?
4 Answers
Keep in mind you can't avoid downtime completely. Blue/Green can still involve about 30 seconds of downtime. For a minor update with multi-AZ enabled, I’d say option 3 could still give you less than a minute of downtime in most cases.
In regard to option 2, do you actually need AWS DMS? Blue/Green setups already handle replication, so there might be simpler solutions.
Honestly, what does minimal downtime really mean for your operations? The auto-update by AWS is pretty straightforward and shouldn't keep you offline for long, especially outside of peak hours.
It really depends on how much downtime you can tolerate. The auto-update is a solid option since it's a minor upgrade. If you're using a cluster, the downtime should be minimal. It might be worth considering the costs compared to the second option that requires more setup. For most, a short maintenance window is more manageable anyway.
With RDS Proxy, I’ve found it doesn't really feel like downtime; just a few moments of increased latency.
Exactly. You might be looking at just a few minutes. If everything goes as planned, it should be quite easy.