Amazon RDS Proxy

Applications with unpredictable workloads: Applications that support highly variable workloads may attempt to open a burst of new database connections. RDS Proxy’s connection governance allows you to gracefully scale applications dealing with unpredictable workloads by efficiently reusing database connections. First, RDS Proxy enables multiple application connections to share a database connection for efficient use of database resources. Second, RDS Proxy allows you to maintain predictable database performance by regulating the number of database connections that are opened. Third, RDS Proxy removes unserviceable application requests to preserve overall performance and availability of the application.

Applications that frequently open and close database connections: Applications built on technologies, such as Serverless, PHP, or Ruby on Rails, may open and close database connections frequently to serve application requests. RDS Proxy allows you to maintain a pool of database connections to avoid unnecessary stress on database compute and memory for establishing new connections.

Applications that keep connections open but idle: Applications in industries, such as SaaS or eCommerce, may keep database connections idling to minimize the response time when end users re-engages. Instead of overprovisioning databases to support mostly idling connections, you can use RDS Proxy to hold idling connections while only establishing database connections as required to optimally serve active requests.

Applications requiring availability through transient failures: With RDS Proxy, you can build applications that can transparently tolerate database failures without needing to write complex failure handling code. RDS Proxy automatically routes traffic to a new database instance while preserving application connections. It also bypasses DNS (Domain Name System) caches to reduce failover times by up to 66% for RDS and Aurora Multi-AZ databases. During database failovers, the application may experience increased latencies and ongoing transactions may have to be re-tried.

Improved security and centralized credentials management: RDS Proxy aids you in building more secure applications by giving you a choice to enforce IAM based authentication, and lets you centrally manage database credentials through AWS Secrets Manager.

RDS Proxy transforms your approach to building modern serverless applications that leverage the power and simplicity of relational databases. It enables serverless applications to scale efficiently by pooling and reusing database connections. This allows you to handle highly variable workloads that may attempt to open a burst of new connections or keep many connections open but idle—situations that could strain your database server leading to slower queries and limited application scalability.

With RDS Proxy, you no longer need to handle database credentials in your Lambda code. Instead, you can use the IAM execution role associated with your Lambda function to authenticate with RDS Proxy and your database. Furthermore, RDS Proxy is fully managed and scales its capacity automatically based on your application demands—you don't need to manage any new infrastructure or code. It maintains predictable database performance by controlling the total number of database connections that are opened, and preserves application availability by denying unserviceable connections that may degrade database performance.

RDS Proxy is available for Aurora PostgreSQL, Aurora MySQL, RDS for PostgreSQL, RDS for MySQL, RDS for MariaDB, and RDS for SQL Server. You can find a list of supported engine versions in the Aurora User Guide or the RDS User Guide.

You enable RDS Proxy for your RDS database with just a few clicks in the RDS console. While enabling RDS Proxy, you specify the VPC and subnets you want to access RDS Proxy from. As a Lambda user, you can enable RDS Proxy for your RDS database and set up a Lambda function to access it with just a few clicks and without leaving the Lambda console.

For authentication between your applications and the database through RDS Proxy, you have multiple options. You can use traditional username and password authentication with AWS Secrets Manager to store your database credentials while centralizing, securing, and simplifying credential management for your application. When using Secrets Manager, you can connect with RDS Proxy the same way you connect with your database. The username and password you supply are matched with credentials stored in Secrets Manager and then utilized for database connections.

For enhanced security, you can use IAM-based authentication. Instead of specifying a username and password, your applications can use an IAM execution role associated with services, such as AWS Lambda or Amazon EC2, to authenticate with RDS Proxy. You have two options with IAM authentication:

• Use IAM authentication for client-to-proxy connections and use Secrets Manager for proxy-to-database connections.
• Use IAM authentication for both client-to-proxy and proxy-to-database connections, removing the need to store database passwords in Secrets Manager.

For more information about authentication with RDS Proxy, you can learn more in Connecting to a database through RDS Proxy documentation. 

Yes, please refer to the RDS Proxy SLA page.