AWS Database Blog

Perform minor version upgrades with a downtime of 1 second or less with Amazon RDS Proxy and Amazon RDS Multi-AZ deployments with two readable standbys

Amazon RDS Multi-AZ deployments with two readable standbys now supports minor version upgrades and system maintenance updates with typically 1 second or less of downtime when used with Amazon RDS Proxy. In this post, we discuss this new feature, its benefits, and the steps to set it up.

Amazon RDS Multi-AZ deployments with two readable standbys

In March 2022, AWS introduced Amazon Relational Database Service (RDS) Multi-AZ deployments with two readable standbys in Amazon RDS for PostgreSQL and MySQL. This new deployment option consists of a single primary and two readable standby database instances (i.e., a Multi-AZ database cluster). In this configuration, each of the nodes of the cluster utilizes a high-speed, directly attached NVMe volume, as well as an Amazon Elastic Block Store (Amazon EBS) volume. Writes are initially written to the NVMe volume, instead of Amazon EBS in the commit path, which results in lower latency. These writes are then asynchronously written to the EBS volume for durability. In addition to this performance enhancement, this deployment option enables both standby nodes to serve read traffic.

Amazon RDS Proxy

In June 2020, AWS introduced Amazon RDS Proxy. RDS Proxy offers a number of benefits. The first benefit is connection pooling. For certain applications, connection pooling is a challenge. By using this RDS Proxy feature, database resources that would have otherwise been spent negotiating TCP and TLS handshakes, as well as authentication, can now be allocated to running more queries. Applications can now connect to RDS Proxy, and RDS Proxy will maintain a pool of connections to the database, thereby offloading the burden that would otherwise be placed on the database server.

Another connection-related benefit of RDS Proxy is connection multiplexing. With this feature, RDS Proxy establishes only the required number of database connections to the database instance, regardless of how many connections the application makes to the proxy. By keeping the connection count to the database instance low, you can use fewer resources for the same number of application connections.

The third feature of RDS Proxy is the ability to enable fast failovers. Based on our testing, RDS Proxy can reduce client recovery time after failover. This is due to a number of factors. First, when a failover happens on Amazon RDS, the underlying host and its IP address change. This means that the application without RDS Proxy will need to establish new TCP connections to the database server. With RDS Proxy, the application maintains its TCP connections to the proxy itself.

Certain applications—often those written in Java, cache the CNAME of a cluster endpoint beyond the advertised TTL. In this scenario, even though the cluster has fully failed over, the application doesn’t connect to the new writer because it’s still using the cached endpoint. With RDS Proxy, there is no CNAME change, and therefore this problem is eradicated.

In addition to connection pooling, connection multiplexing, and faster failovers, it’s also important to note that RDS Proxy is fully managed and serverless, and offers an additional layer of security by adding a layer of abstraction between the application and the database instance.

Solution overview

Currently, minor version upgrades or system maintenance updates for Amazon RDS for PostgreSQL or MySQL databases can take several minutes, and they require a planned downtime. Custom-built upgrade solutions are not fully automated and are complex to use with database fleets because they need coordination among various application users, require additional infrastructure, are resource intensive, and are expensive to build. Amazon RDS Multi-AZ database (DB) clusters can now perform a minor version upgrade with a downtime typically under 35 seconds. Customers who have even more stringent downtime requirements can reduce the downtime further to 1 second or less by adding RDS Proxy.

When patching or doing a minor version upgrade on an Amazon RDS Multi-AZ DB cluster, the process begins by applying the patch to each of the readers in sequence. After the readers are upgraded, one of them becomes the new writer and the original writer becomes a reader. When the reader and writer switch roles, there is downtime. With Amazon RDS Multi-AZ DB clusters, that downtime is now typically less than 35 seconds. Much of this time is due to Domain Name System (DNS) propagation delays of the cluster endpoint. RDS Proxy senses the change in the role of the reader and writer directly and is not dependent on the DNS propagation that causes the 35 second delay. As a result, RDS Proxy when used with Amazon RDS Multi-AZ DB clusters typically results in a downtime of 1 second or less.

Now that we have examined how you can complete a minor version upgrade in typically 1 second or less, let’s look at how to set up RDS Proxy with Amazon RDS Multi-AZ DB cluster.

Set up RDS Proxy with a New Amazon RDS Multi-AZ DB cluster

To set up an Amazon RDS Multi-AZ DB cluster and RDS Proxy, complete the following steps:

  1. On the Amazon RDS console, choose Create database.
  2. For Engine type, select MySQL or PostgreSQL.
  3. Under Hide filters, select Show versions that support the Multi-AZ DB cluster.
  4. For Engine Version, choose your preferred version.
  5. Under Availability and durability, select Multi-AZ DB Cluster.
  6. Under Connectivity, for RDS Proxy, select Create an RDS Proxy.
  7. Choose Create database.

This procedure also creates a secret in AWS Secrets Manager and an AWS Identity and Access Management (IAM) policy that accesses the secret for use with the newly created proxy. After these resources are created, the read/write and read-only endpoints can be found in the Proxy endpoints section of the proxy detail page.

Set up RDS Proxy with an Existing Amazon RDS Multi-AZ DB cluster

To set up RDS Proxy with an existing Amazon RDS Multi-AZ DB cluster, complete the following steps:

  1. On the Amazon RDS console, choose Proxies.
  2. Choose Create proxy.
  3. Under Proxy configuration, select MariaDB and MySQL, or PostgreSQL, and enter a name for the new RDS Proxy in the Proxy identifier field.
  4. Under Target group configuration, select the Amazon RDS Multi-AZ DB cluster for which this RDS Proxy is being created.
  5. Under Authentication, specify the Secrets Manager secret containing the credentials this proxy will use to connect to the Amazon RDS Multi-AZ DB cluster, as well as the IAM role which the proxy will use to read this secret.
  6. Choose Create proxy.

It is important to clean up any resources no longer in use after following the steps in this post. You can find instructions for RDS Proxy, Amazon RDS Multi-AZ DB clusters, IAM policies, and Secrets Manager secrets in the AWS documentation.


In this post, we examined how to use RDS Proxy with Amazon RDS Multi-AZ DB cluster to achieve a downtime of typically 1 second or less when the reader instances have no replica lag. This solution can provide additional benefits like connection pooling and connection multiplexing to optimize database resources. For more information, refer to Readable standby instances in Amazon RDS Multi-AZ deployments: A new high availability option and start using RDS Proxy today!

About the Author

Steve Abraham is a principal solutions architect for Amazon Web Services. He works with our customers to provide guidance and technical assistance on database projects, helping them improving the value of their solutions when using AWS.