Amazon RDS Proxy FAQs

RDS Proxy is a fully-managed, highly available, and easy-to-use database proxy feature of Amazon RDS that enables your applications to: 1) improve scalability by pooling and sharing database connections; 2) improve availability by reducing database failover times by up to 66% and preserving application connections during failovers; and 3) improve security by optionally enforcing AWS IAM authentication to databases and securely storing credentials in AWS Secrets Manager.

Applications with unpredictable workloads: Applications that support highly variable workloads may attempt to open a burst of new database connections. RDS Proxy’s connection governance allows customers to gracefully scale applications dealing with unpredictable workloads by efficiently reusing database connections. First, RDS Proxy enables multiple application connections to share a database connection for efficient use of database resources. Second, RDS Proxy allows customers to maintain predictable database performance by regulating the number of database connections that are opened. Third, RDS Proxy removes unserviceable application requests to preserve overall performance and availability of the application.

Applications that frequently open and close database connections: Applications built on technologies, such as Serverless, PHP, or Ruby on Rails, may open and close database connections frequently to serve application requests. RDS Proxy allows customers to maintain a pool of database connections to avoid unnecessary stress on database compute and memory for establishing new connections.

Applications that keep connections open but idle: Applications in industries such as SaaS or eCommerce may keep database connections idling to minimize the response time when a customer reengages. Instead of overprovisioning databases to support mostly idling connections, customers can use RDS Proxy to hold idling connections while only establishing database connections as required to optimally serve active requests.

Applications requiring availability through transient failures: With RDS Proxy, customers can build applications that can transparently tolerate database failures without needing to write complex failure handling code. RDS Proxy automatically routes traffic to a new database instance while preserving application connections. RDS Proxy also bypasses DNS (Domain Name System) caches to reduce failover times by up to 66% for Amazon RDS and Aurora Multi-AZ databases. During database failovers, the application may experience increased latencies and ongoing transactions may have to be retried.

Improved security and centralized credentials management: RDS Proxy aids customers in building more secure applications by giving them a choice to enforce IAM based authentication with relational databases. RDS Proxy also enables customers to centrally manage database credentials through AWS Secrets Manager.

RDS Proxy transforms your approach to building modern serverless applications that leverage the power and simplicity of relational databases. First, RDS Proxy enables serverless applications to scale efficiently by pooling and reusing database connections. Second, with RDS Proxy, you no longer need to handle database credentials in your Lambda code. You can use the IAM execution role associated with your Lambda function to authenticate with RDS Proxy and your database. Third, you don’t need to manage any new infrastructure or code to utilize the full potential of serverless applications backed by relational databases. RDS Proxy is fully managed and scales its capacity automatically based on your application demands.

RDS Proxy is available for Amazon Aurora with MySQL compatibility, Amazon Aurora with PostgreSQL compatibility, Amazon RDS for MariaDB, Amazon RDS for MySQL, Amazon RDS for PostgreSQL, and Amazon RDS for SQL Server. For a list of supported engine versions see the Amazon Aurora User Guide or the Amazon RDS User Guide.

You enable RDS Proxy for your Amazon RDS database with just a few clicks on the Amazon RDS console. While enabling RDS Proxy, you specify the VPC and subnets you want to access RDS Proxy from. As a Lambda user, you can enable RDS Proxy for your Amazon RDS database and set up a Lambda function to access it with just a few clicks and without leaving the Lambda console.

For authentication between your applications and the database through RDS Proxy, you have multiple options. 

You can use traditional username and password authentication with AWS Secrets Manager to store your database credentials, centralizing, securing, and simplifying credential management for your application. When using Secrets Manager, you can connect with RDS Proxy the same way you connect with your database. The username and password you supply are matched with credentials stored in Secrets Manager and then utilized for database connections.

For enhanced security, you can use IAM-based authentication. Instead of specifying a username and password, your applications can use an IAM execution role, associated with services like AWS Lambda or EC2, to authenticate with RDS Proxy. You have two options with IAM authentication:

• Use IAM authentication for client-to-proxy connections while using Secrets Manager for proxy-to-database connections
• Use IAM authentication for both client-to-proxy and proxy-to-database connections, removing the need to store database passwords in Secrets Manager

For more information about authentication with RDS Proxy, see Connecting to a database through RDS Proxy. 

Yes. For full details on the Amazon RDS Proxy SLA, please refer to the Amazon RDS Proxy SLA details page.