Creating an RDS Proxy
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Creating an RDS Proxy

  • Dark
    Light
  • PDF

Proxying requests to AWS RDS

The motivation behind creating a Proxy for RDS

The main reason to proxy requests to your RDS Database is to gain the ability to connect it to Elastic Load Balancers.
There are two ways (currently) to do so. One is by registering an Instance to the Load Balancer and one is by registering an IP Address.

Creating an RDS Proxy Service (For RDS MySQL and Postgres Databases)

AWS doesn't officially provide support for load balancing an RDS through their regular Network Load Balancer, and you can't simply use the IP address you fetch from your RDS Endpoint, because it may change without warning.

How to do it

To create the RDS Proxy and use it on your Load Balancer, go to your RDS Console, and in the navigation pane, pick Proxies.
Click on Create proxy.

First of all, go to the Connectivity section, and click the Create a new secret link. This will take you to a new page where you have to enter your RDS login credentials.

After you created the new secret in the Secret Manager, go back to the RDS Proxy creation page and refresh it.
Now you can fill in a valid name for your proxy, select all the relevant settings (your DB Engine, encryption, etc.), and then under Connectivity, you can now pick the new secret you just created.
Select the Subnets you want the proxy to live in, tick the I acknowledge this limited service agreement for the RDS Proxy, and click on Create proxy.

Now to the "iffy" part. We have to get the IP addresses of the proxy. This is usually not recommended, but as stated before, according to AWS, these IP addresses should stay the same.
To get the IP addresses, you have to connect to a machine that runs in the same VPC with your RDS Proxy. Make sure this machine is allowed to connect to the service and then run this command:

dig +short YOUR_RDS_PROXY_DNS_ENDPOINT
# Output should be one or more IP addresses

Take the IPs this command prints out, create a target group that routes traffic to IP addresses, and set them to register as the targets of this group.

That's it! Connect your Target Group to a Load Balancer using a Listener and you're good to go.


Creating an EC2 Proxy Machine (For other DB engines and on-prem databases)

You can create an EC2 machine within your VPC (the one your RDS Database resides in). Make sure it's allowed to connect to your RDS in the relevant port.

After creating this machine, you can install a ProxySQL on it, and configure it using the configuration files (all of the information can be found on ProxySQL's Official Tutorial).
You then can easily register this EC2 instance to a Target Group (using the relevant port) and then connect the Target Group to your load balancer.


Was this article helpful?