6

I am using cloudformation to provision lambda and RDS on AWS. But I don't know how to add database proxy on lambda. Below screenshot is from lambda console:

enter image description here

Does cloudformation support adding this? I can't see it in lambda and db proxy template.

jtoberon
  • 8,706
  • 1
  • 35
  • 48
Joey Yi Zhao
  • 37,514
  • 71
  • 268
  • 523

4 Answers4

3

The exact configuration I use in CloudFormation template is:

MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Policies:
        - Version: '2012-10-17' 
          Statement:
            - Effect: Allow
              Action:
                - rds-db:connect
              Resource:
                - <rds_proxy_arn>/*

where <rds_proxy_arn> is the ARN of the proxy but service is rds-db instead of rds and resource type is dbuser instead of db-proxy. For example, if your proxy's ARN is arn:aws:rds:us-east-1:123456789012:db-proxy:prx-0123456789abcdef01 the whole line should be arn:aws:rds-db:us-east-1:123456789012:db-proxy:prx-0123456789abcdef01/*.

After deployed, we can see a new link is added in Database Proxies of the Console.

huyc
  • 337
  • 2
  • 10
0

As per the CloudFormation/Lambda documentation there is no option to specify the DB Proxy for a Lambda.

I don't see an option to add an RDS proxy while creating a Lambda function in the low level HTTP API also. Not sure why.

Praveen Sripati
  • 32,799
  • 16
  • 80
  • 117
0

As per the following Github issue, it seems this is not required to connect lambda to RDS proxy. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/750

You merely need to provide the new connection details to lambda (e.g. using env variables to make it work)

Pedro
  • 416
  • 1
  • 8
  • 24
0

After talking with AWS support, the screenshot in AWS console to add proxy on lambad is only to grant below IAM permission to lambda. That means it is an optional.

Allow: rds-db:connect
Allow: rds-db:*
Joey Yi Zhao
  • 37,514
  • 71
  • 268
  • 523