Running OSS Databases on AWS · April 24, 2026

In the Cloud?
Be Cloud-Ready Instead.

Sergey Pronin Founder, Solanica Inc. · Maintainer, OpenEverest
BuildDevCon
April 24, 2026 · Virtual buildevcon.com

Option 1 — The Default Path

Managed Services on AWS

Someone asks "how do I run Postgres on AWS?" — you say RDS. It's the fastest path to a running database.

Amazon RDS Aurora ElastiCache DocumentDB Neptune DynamoDB MemoryDB
✓  What AWS handles for you
No DBA required — provisioning, patching, OS updates
Built-in Multi-AZ HA with automatic failover
Automated backups and point-in-time recovery
Performance Insights and CloudWatch out of the box
Click to scale storage and compute vertically
⚠  What you're also buying
AWS-specific APIs and proprietary features RDS Proxy, Aurora I/O-Optimized storage, AWS-only parameter groups…
Upgrade schedules and timelines you don't control Forced maintenance windows, AWS-driven EOL dates
Data egress fees — charged every time you move data out Moving 1 TB from RDS anywhere costs $90 in transfer alone
Migration = rewrite The more features you use, the harder leaving becomes
The golden cage is comfortable. AWS takes away all the hard parts. The price is that every managed API you adopt is another bar in that cage — and the exit cost grows with every feature you use.

Day 2 Reality

The Promise vs. The Reality

✓  What They Promise ✕  What You Get at Scale
Pricing
Pay as you go — only what you use
Pricing
Data egress fees that look like ransom notes
Moving 1TB from RDS → anywhere costs $90 in transfer alone. Plus the engineer-hours.
Operations
No DBA needed — fully managed
Operations
You still need a DBA — plus a cloud engineer
AWS handles the OS. Query tuning, index design, slow log triage — that's still your DBA. And wiring IAM, VPC, and parameter groups needs someone who knows AWS.
Reliability
99.99% SLA — production ready
Reliability
Regional outages — zero control, full blast radius
When us-east-1 goes down, so does your runbook. You're a passenger.
Portability
Standard SQL, export anytime
Portability
Proprietary Aurora APIs, no standard export path
RDS Proxy, Aurora-specific parameter groups, and AWS-only storage formats. Migration is a rewrite.

The False Sense of Security

"I use Terraform, so I'm cloud-agnostic."

Terraform manages lifecycle,
not logic.

✕  AWS — 1 line in HCL
resource "aws_db_instance" "main" {
  engine         = "postgres"
  instance_class = "db.r6g.xlarge"
  multi_az       = true
}
→  Migrate to GCP — 1 line change, ~100 hours real work
resource "google_sql_database_instance" "main" {
  # Different networking model# Different IAM/auth system# Different backup semantics# Different driver compat
}

Infrastructure as Code Infrastructure as Portable. Terraform abstracts the API calls. It doesn't abstract the networking model, IAM structure, connection strings, driver compatibility, or proprietary SQL extensions baked into your schema.

Option 2 — The DIY Path

Self-Managed on EC2

No vendor lock-in, full control. You install the database, you write the scripts, you own all of it.

Day 1

Looks Simple

apt install postgresql
# or: AWS Marketplace AMI
# or: Ansible playbook
systemctl enable postgresql
  • Pick any version, any config
  • Full OS-level access
  • Marketplace AMIs for quick bootstrap
  • No AWS API lock-in
Month 6

The Ops Pile-Up

  • Manual failover via SSH + runbook
  • Backup cron jobs you wrote and forgot
  • Version drift across instances
  • No observability without custom setup
  • Security patches = scheduled downtime
Year 2

Unmanageable

  • 12 databases × 3 versions × N teams
  • Ticket-driven ops — every change is a request
  • "Don't touch it, it's been stable for 8 months"
  • No one remembers what the scripts do
  • DBA becomes the bottleneck for everything
Works for one database. Breaks at ten. Self-managed EC2 gives you freedom on day one and a support nightmare by year two. You trade operational simplicity for control — and pay for that trade every single day.

Part II

Kubernetes:
The Universal Cloud OS

A standardized abstraction layer for infrastructure — the same API whether you're on EKS, GKE, or bare-metal.

CRDs — Custom Resource Definitions Operators CSI — Storage Interface Cloud Portability

Kubernetes Portability

Same API. Different Engines.

Your manifests stay identical. The cloud underneath is just an implementation detail.

Kubernetes API
Amazon Web Services
Google Cloud Platform
Compute Node (VM) kind: Node
EC2 Instance Selected via node group / Karpenter m5.xlarge · On-Demand / Spot
Compute Engine VM Selected via node pool / Autopilot n2-standard-4 · Spot / Preemptible
Persistent Storage PersistentVolume kind: PersistentVolumeClaim
EBS Volume Provisioned by aws-ebs-csi-driver storageClassName: gp3
GCE Persistent Disk Provisioned by pd-csi-driver storageClassName: pd-ssd
Network Ingress LoadBalancer Service type: LoadBalancer
Network Load Balancer Via AWS Load Balancer Controller aws-load-balancer-type: nlb
Cloud Load Balancing Via GCP cloud-provider integration cloud.google.com/load-balancer-type: External
Identity / Auth ServiceAccount kind: ServiceAccount
IAM Roles (IRSA) IAM Roles for Service Accounts eks.amazonaws.com/role-arn: arn:aws:…
Workload Identity Maps K8s SA → GCP Service Account iam.gke.io/gcp-service-account: …

Your application YAML is identical on both. Change storageClassName and cloud annotations — not your app code, not your schema, not your operator CRDs.

The Real Cost

Kubernetes is complex.
Databases multiply it.

Running stateful workloads means owning every layer — both the platform and the engine on top of it.

Kubernetes Primitives 10 concerns
StatefulSet PersistentVolumeClaim StorageClass Pod Template Service ConfigMap Secret RBAC NetworkPolicy ResourceQuota
×
Database Operations 9 concerns
Primary / Replica Topology Backup Schedules Point-in-Time Recovery Failover Automation WAL / Binlog Shipping Connection Pooling Monitoring & Alerting Schema Migrations Version Upgrades
= ∞
Every combination can fail. Every failure is yours to own.
No pager escalation path? No runbook? Not a managed service's problem — it's yours.
…and that's just one engine.

The Building Block

Kubernetes Operators: The Game Changer

CUSTOM RESOURCE kind: PostgresCluster replicas: 3 storage: 50Gi backup: daily haMode: sync version: "16.2" watches OPERATOR CONTROLLER ① Watch API Server ② Compare ③ Reconcile continuous reconciliation loop creates & manages StatefulSet 3 pods · ordered PersistentVolumeClaims × 3 replicas Services primary · replica · headless Secrets + ConfigMaps creds · tuning CronJob scheduled backups

What the Operator Does for You

Day-2 Operations — Built In

The operator is a DBA encoded in software. It knows your database, not just Kubernetes.

Auto Failover Automatic primary re-election on node failure
Backups & PITR Scheduled full backups + point-in-time recovery
Scale Replicas Add or remove read replicas live, zero downtime
Rolling Upgrades Minor & major version upgrades with no service gap
Metrics & Alerts Prometheus metrics + pre-built alert rules

Devil's Advocate

OK, but it's still not one click.

The manifest is portable. The terabytes inside it are not.

The Custom Resource
✓ Trivially portable
apiVersion: ps.percona.com/v1kind: PerconaServerMySQLmetadata:name: prod-mysqlspec:crSize: 3image: percona/mysql:8.0

Same YAML. EKS, GKE, AKS, bare metal.
Zero changes required.

BUT
The Data Inside
✕ Cloud-bound
Database Pod + CR portable
↕ mounts
PersistentVolumeClaim portable
↕ bound to
AWS EBS · GCE PD · Azure Disk
CSI drivers are not interoperable
not portable
The YAML is free. The terabytes are not. You need a migration strategy. Three paths — next slide.

Moving the Data

Three Migration Paths

Pick based on how much downtime you can afford.

1
PVC Migration Move the volume directly — snapshot, transfer, restore. No logical export needed. Medium downtime
2
Backup & Restore Logical dump → restore → PITR catch-up → drain + flip. Actual downtime is seconds. Low downtime
3
Live Replication Stream changes to the new cluster in real time, then cut over when lag hits zero. Near-zero downtime

Path 1 · Medium Downtime

PVC Migration

1
Stop writes
read-only mode
2
Snapshot PVC
Velero / CSI
3
Export → S3
cross-cloud transfer
4
Import target
restore PVC
5
Start DB ✓
apply CR
⏸ offline ▶ live

Path 2 · Low Downtime

Backup & Restore

1
pg_dump
source stays up
● live
2
Upload S3
object storage
● live
3
Restore
target cluster
● live
4
Stream WAL
catch-up
● live
5
Drain + flip
seconds ✓
▶ source live ⏸ seconds ▶ live

Path 3 · Near-Zero Downtime

Live Replication

1
Start replica
logical replication
● live
2
Stream WAL
continuous
● live
3
Lag → 0
critical gate
● live
4
Promote
new primary
5
Flip LB
sub-second ✓
▶ sub-second — LB propagation only

The Next Problem

Great. Now You Have Five Operators.

Your stack has PostgreSQL, MySQL, MongoDB, Redis — each one brought its own operator, its own CRDs, its own operational model.

3 PostgreSQL
operators
2 MongoDB
operators
2 MySQL
operators
2 Redis
operators
9+ operators on
OperatorHub
N different CRD schemas
Fragmented AWS integrations
No unified Day-2 operations
Single-cluster blind spots

The operators are mature. The missing piece is the control plane above them — something that speaks all their dialects and gives you one consistent interface.

Introducing

A unified, open source control plane for running production databases on any Kubernetes cluster — any cloud, any engine.

3+ years in active
development
Prod running live workloads
across organizations
OSS Apache 2.0 — no
vendor lock-in, ever
100% Open Source
Vendor Neutral
CNCF Sandbox
OpenEverest is a CNCF Sandbox project — part of the Cloud Native Computing Foundation ecosystem
openeverest.io GitHub

OpenEverest · AWS EKS

Deploying on EKS

Production-grade databases on your cluster — AWS-native storage, auth, and networking included

01

Quick Start with Helm

A single Helm command bootstraps the full control plane. Works with EKS 1.27+, compatible with eksctl, Terraform, and all GitOps toolchains. 

helm install openeverest \
  oe/openeverest -n openeverest \
  --create-namespace
Helm Chart EKS 1.27+ GitOps-ready
02

AWS Storage & Backups

EBS CSI driver provisions per-database gp3 volumes with automatic resizing. S3 handles scheduled backups — no cron scripts, no manual dumps, point-in-time restore included.

EBS gp3 S3 Backups KMS Encryption
03

Cloud-Native Integrations

IRSA for zero-secret credential management. ALB / NLB for resilient database endpoints. Multi-AZ failover with automated recovery across availability zones.

IRSA ALB / NLB Multi-AZ
Get started openeverest.io/docs/eks

OpenEverest — What's Next

The Road Ahead

We're building the platform in the open — and we want you to help shape it

01

Modular Architecture

Plug in any data engine, storage backend, or AI tool via the plugin system. Operators, monitoring, backup adapters, custom tooling — all composable, all replaceable. No monolithic lock-in at the platform level.

Plugin System Any Engine AI Copilot
02

Multi-Cluster Deployments

A unified control plane across multiple Kubernetes clusters — cloud, on-prem, or hybrid. Manage databases spanning regions and environments from a single UI, with consistent policy and observability.

Multi-Cluster Multi-Region Cloud + On-Prem
03

Migrations Made Easier

Plugins aren't just for operations — they discover data, execute transforms, and wire up migrations between engines and environments. Moving off RDS? Shifting clouds? The platform does the heavy lifting.

Data Discovery Cross-Engine Moves Escape Any Cage

We're building this in the open. Come help us build the future of database infrastructure on Kubernetes.

Read the vision vision.openeverest.io

Thank you!

Questions?

Key Takeaways
Managed DBs are a Golden Cage Kubernetes is the Universal Cloud OS Live Replication → near-zero downtime migration OpenEverest automates the hard parts
Join the community
Slack — #openeverest-users cloud-native.slack.com/archives/C09RRGZL2UX
GitHub — openeverest/openeverest github.com/openeverest/openeverest
Good First Issues github.com/orgs/openeverest/projects/2
Community Hub openeverest.io/#community

Sergey Pronin  ·  Founder, Solanica Inc.  ·  Maintainer, OpenEverest  ·  BuildDevCon, April 2026