Amazon RDS Proxy FAQs

Page Topics

General

General

RDS Proxy is a fully-managed, highly available, and easy-to-use database proxy feature of Amazon RDS that enables your applications to: 1) improve scalability by pooling and sharing database connections; 2) improve availability by reducing database failover times by up to 66% and preserving application connections during failovers; and 3) improve security by optionally enforcing AWS IAM authentication to databases and securely storing credentials in AWS Secrets Manager.

Applications with unpredictable workloads: Applications that support highly variable workloads may attempt to open a burst of new database connections. RDS Proxy’s connection governance allows customers to gracefully scale applications dealing with unpredictable workloads by efficiently reusing database connections. First, RDS Proxy enables multiple application connections to share a database connection for efficient use of database resources. Second, RDS Proxy allows customers to maintain predictable database performance by regulating the number of database connections that are opened. Third, RDS Proxy removes unserviceable application requests to preserve overall performance and availability of the application.

Applications that frequently open and close database connections: Applications built on technologies, such as Serverless, PHP, or Ruby on Rails, may open and close database connections frequently to serve application requests. RDS Proxy allows customers to maintain a pool of database connections to avoid unnecessary stress on database compute and memory for establishing new connections.

Applications that keep connections open but idle: Applications in industries such as SaaS or eCommerce may keep database connections idling to minimize the response time when a customer reengages. Instead of overprovisioning databases to support mostly idling connections, customers can use RDS Proxy to hold idling connections while only establishing database connections as required to optimally serve active requests.

Applications requiring availability through transient failures: With RDS Proxy, customers can build applications that can transparently tolerate database failures without needing to write complex failure handling code. RDS Proxy automatically routes traffic to a new database instance while preserving application connections. RDS Proxy also bypasses DNS (Domain Name System) caches to reduce failover times by up to 66% for Amazon RDS and Aurora Multi-AZ databases. During database failovers, the application may experience increased latencies and ongoing transactions may have to be retried.

Improved security and centralized credentials management: RDS Proxy aids customers in building more secure applications by giving them a choice to enforce IAM based authentication with relational databases. RDS Proxy also enables customers to centrally manage database credentials through AWS Secrets Manager.

RDS Proxy transforms your approach to building modern serverless applications that leverage the power and simplicity of relational databases. First, RDS Proxy enables serverless applications to scale efficiently by pooling and reusing database connections. Second, with RDS Proxy, you no longer need to handle database credentials in your Lambda code. You can use the IAM execution role associated with your Lambda function to authenticate with RDS Proxy and your database. Third, you don’t need to manage any new infrastructure or code to utilize the full potential of serverless applications backed by relational databases. RDS Proxy is fully managed and scales its capacity automatically based on your application demands.

RDS Proxy is available for Amazon Aurora with MySQL compatibility, Amazon Aurora with PostgreSQL compatibility, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL, and Amazon RDS for SQL Server. For a list of supported engine versions see the Amazon Aurora User Guide or the Amazon RDS User Guide.

You enable RDS Proxy for your Amazon RDS database with just a few clicks on the Amazon RDS console. While enabling RDS Proxy, you specify the VPC and subnets you want to access RDS Proxy from. As a Lambda user, you can enable RDS Proxy for your Amazon RDS database and set up a Lambda function to access it with just a few clicks and without leaving the Lambda console.

RDS Proxy supports IAM-based authentication to offload credential management from applications. Instead of specifying a username and password while establishing connections, you can use an IAM execution role associated with your Lambda function or EC2 instance to authenticate with RDS Proxy. RDS Proxy also allows you to enforce IAM authentication to help improve the security posture of your applications. Database credentials used by RDS Proxy in turn are stored in AWS Secrets Manager, centralizing, securing, and simplifying credential management for your application. Alternatively, you can connect with RDS Proxy the same way you connect with your database. The username and password you supply for establishing connections with RDS Proxy are matched with credentials stored in Secrets Manager and then utilized for creating connections to the underlying database.

Yes. RDS Proxy will direct traffic to one of the primary instances in an Aurora Multi-Master cluster and enable customers to achieve high write availability by diverting connection to another primary node if the first primary node fails.

Yes. For full details on the Amazon RDS Proxy SLA, please refer to the Amazon RDS Proxy SLA details page.