I have tested your managed database service. After a "recovery from a backup" test I found that a second db cluster was created. According to this answer
an new FQDN is created for the new cluster. In my opinion this is not a good enough design/architecture because it means that I have to change DNS to point to the new FQDN. DNS changes take time to become effective for clients. During this time the clients can't connect to the database even if it is up and running again. To use a floating IP would allow to switch over to the new db cluster much faster. To put it in other words: Why should I pay for a managed HA database service when the design of the solution fails in the worst imaginable scenario (which is a restore from a backup)? Let me know if I have overlooked or misunderstood your solution. If not I hope you can improve on this. Thank you very much.