☁️
AWS Reference Notes
  • About
    • README
  • Compute
    • Amazon EC2
      • Common
        • Monitor
        • Networking
        • Security
        • Resources and tags
        • Troubleshoot
      • Topics
        • Amazon Machine Images
        • Instances
        • Storage
    • Amazon EC2 Image Builder
      • Common
      • Topics
        • Get started
        • AWSTOE component manager
        • Manage resources
        • Manage pipelines
        • Integrate products and services
        • Security in EC2 Image Builder
    • AWS End-of-Support Migration Program (EMP) for Windows Server
      • Common
      • Topics
        • Get started
        • Working with EMP packages
    • AWS ParallelCluster
      • Common
      • Topics
        • AWS ParallelCluster version 2
    • AWS Serverless Application Model (AWS SAM)
      • Common
        • Getting started
        • Monitoring
      • Topics
        • AWS SAM specification
        • Authoring
        • Building
        • Testing and debugging
        • Deploying
        • Publishing
        • Example applications
        • AWS CDK
        • AWS SAM reference
    • AWS Serverless Application Repository
      • Common
      • Topics
        • Publishing Applications
        • Deploying Applications
  • Serverless
    • Amazon S3
      • Common
        • Getting started
        • Tutorials
        • Security
        • Monitoring Amazon S3
        • Developing with Amazon S3
        • Troubleshooting
      • Topics
        • Working with buckets
        • Working with objects
        • Working with access points
        • Working with Multi-Region Access Points
        • Managing storage
        • Using analytics and insights
        • Hosting a static website
    • AWS Lambda
      • Common
        • Configuring functions
        • Access permissions
        • Monitoring functions
        • Troubleshooting
      • Topics
        • Lambda foundations
        • Lambda runtimes
        • Deploying functions
        • Invoking functions
        • Managing functions
        • Building with Node.js
        • Building with TypeScript
        • Building with Python
        • Building with Ruby
        • Building with Java
        • Building with Go
        • Building with C#
        • Building with PowerShell
        • Integrating other services
        • Creating container images
        • Lambda extensions
        • Lambda applications
        • Orchestrating functions
  • Database
    • Amazon Aurora
      • Common
        • What is Aurora?
        • Getting started
        • Configuring your Aurora DB cluster
        • Monitoring metrics in an Aurora DB cluster
        • Monitoring events, logs, and database activity streams
        • Security
      • Topics
        • Managing an Aurora DB cluster
        • Using Blue/Green Deployments for database updates
        • Backing up and restoring an Aurora DB cluster
        • Working with Aurora MySQL
        • Working with Aurora PostgreSQL
        • Using RDS Proxy
        • Using Aurora Serverless v2
        • Using Aurora Serverless v1
    • Amazon RDS
      • Common
        • What is Amazon RDS?
        • Getting started
        • Configuring a DB instance
        • Configuring and managing a Multi-AZ deployment
        • Monitoring metrics in a DB instance
        • Monitoring events, logs, and database activity streams
        • Security
      • Topics
        • Managing a DB instance
        • Using Blue/Green Deployments for database updates
        • Backing up and restoring
        • Working with Amazon RDS Custom
        • Working with RDS on AWS Outposts
        • Using RDS Proxy
        • MariaDB on Amazon RDS
        • Microsoft SQL Server on Amazon RDS
        • MySQL on Amazon RDS
        • Oracle on Amazon RDS
        • PostgreSQL on Amazon RDS
  • Machine Learning
    • Amazon SageMaker
      • Common
        • Security
        • Monitoring
      • Topics
        • What Is Amazon SageMaker?
        • Get Started
        • Machine Learning Environments
        • Autopilot: Automated ML
        • Label Data
        • Prepare and Analyze Datasets
        • Create, Store, and Share Features
        • Training
        • Deploy Models for Inference
        • Docker containers with SageMaker
        • Augmented AI
        • Marketplace
    • Amazon CodeGuru
      • Common
        • Getting started
        • Security
      • Topics
        • Setting up
        • Working with repository associations
        • Working with code reviews
    • Amazon Comprehend Medical
      • Common
      • Topics
        • Text analysis APIs
        • Ontology Linking APIs
    • Amazon Forecast
      • Common
        • Getting Started
      • Topics
        • Setting Up
        • Importing Datasets
        • Training Predictors
        • Managing Resources
    • Amazon Kendra
      • Common
        • Getting started
      • Topics
        • How Amazon Kendra works
        • Searching indexes
        • Adding custom synonyms to an index
        • Tutorial: Building an intelligent search solution
    • Amazon Lex
      • Common
        • Getting Started
      • Topics
        • How It Works
        • Using Lambda Functions
        • Deploying Bots
        • Importing and Exporting
        • Bot Examples
    • Amazon Lookout for Vision
      • Common
      • Topics
        • Setting up Amazon Lookout for Vision
        • Creating your model
        • Improving your model
        • Running your model
        • Using your model on an edge device
        • Managing your resources
        • Example code and datasets
    • AWS Panorama
      • Common
        • Getting started
        • Monitoring
      • Topics
        • Permissions
        • Appliance
        • Building applications
    • Amazon Personalize
      • Common
      • Topics
        • Filtering results
    • Amazon Polly
      • Common
      • Topics
        • Voices in Amazon Polly
        • Neural TTS
        • Speech Marks
        • Using SSML
        • Amazon Polly for Windows (SAPI)
    • Amazon Rekognition
      • Common
        • Getting started
        • Tutorials
        • Security
      • Topics
        • How it works
        • Detecting and analyzing faces
        • Searching faces in a collection
        • Recognizing celebrities
        • Moderating content
        • Detecting text
        • Detecting video segments
    • Amazon Textract
      • Common
        • Getting Started
        • Security
      • Topics
        • How It Works
        • Processing Documents with Synchronous Operations
        • Processing Documents with Asynchronous Operations
        • Amazon A2I and Amazon Textract
        • Quotas
    • AWS Deep Learning AMIs
      • Common
        • Getting Started
      • Topics
        • What Is the AWS Deep Learning AMI?
        • Launching a DLAMI
        • Using a DLAMI
        • Upgrading Your DLAMI
    • AWS Deep Learning Containers
      • Common
      • Topics
        • Getting Started With Deep Learning Containers
        • Deep Learning Containers Resources
    • AWS DeepLens
      • Common
      • Topics
        • Managing Your Device
    • AWS DeepRacer
      • Common
      • Topics
        • How it works
        • Operate your vehicle
        • Join a race
        • Tagging
        • Troubleshoot common issues
  • Containers
    • AWS App Runner
      • Common
        • Networking
      • Topics
        • Managing your service
        • Observability
        • App Runner configuration file
        • App Runner API
    • Amazon ECS
      • Common
        • Getting started
        • Resources and tags
        • Monitoring
        • Working with other services
        • Tutorials
        • Troubleshooting
      • Topics
        • Developer tools overview
        • Clusters
        • Task definitions
        • Account settings
        • Container instances
        • Container agent
        • Scheduling tasks
        • Services
  • Storage
    • Amazon EBS
      • Common
        • Monitor
        • Networking
        • Security
        • Resources and tags
        • Troubleshoot
      • Topics
        • Amazon Machine Images
        • Instances
        • Storage
    • Amazon EFS
      • Common
        • Getting started
        • Security
      • Topics
        • Working with EFS resources
        • Using amazon-efs-utils
        • Mounting file systems
        • Transferring data
        • Managing file systems
        • EFS backups
        • Walkthroughs
        • Troubleshooting Amazon EFS
        • Additional information
    • Amazon S3 Glacier
      • Common
        • Getting Started
      • Topics
        • What Is Amazon S3 Glacier?
        • Working with Vaults
        • Working with Archives
        • Using the AWS SDKs
        • API Reference
  • Migration & Transfer
    • AWS Snow Family
      • Common
        • What is Snowball Edge?
        • Getting Started
        • Security
      • Topics
        • Large Data Migration
        • Using AWS OpsHub to Manage Devices
        • Using a Snowball Edge Device
        • Using Snow Device Management to Manage Devices
        • Understanding AWS Snowball Edge Jobs
        • Best Practices
        • Quotas
    • AWS Application Discovery Service
      • Common
      • Topics
        • Setting up
        • Discovery Agent
        • View, export & explore data
        • Console Walkthroughs
        • Appendix
    • AWS Database Migration Service
      • Common
        • Getting started
        • Security
      • Topics
        • Working with replication instances
        • Endpoints
        • Tasks
        • Troubleshooting and diagnostic support
        • Reference
    • AWS DataSync
      • Common
        • Getting started
        • Security
        • Tutorials
      • Topics
        • Requirements
        • Working with agents
        • Discovering your storage
        • Transferring your data
        • Using the AWS CLI
    • AWS Migration Hub
      • Common
        • Getting started
      • Topics
    • AWS Transfer Family
      • Common
        • Configuring AS2
        • Security
      • Topics
        • Setting up
        • Creating a server
        • Managing users
        • Managing workflows
        • Managing servers
        • API reference
  • Security, Identity, & Compliance
    • AWS Identity and Access Management (IAM)
      • Common
        • What is IAM?
        • Tutorials
        • Security
      • Topics
        • Identities
        • Access management
        • Troubleshooting IAM
        • Reference
    • Amazon Cognito
      • Common
        • Tutorials
        • Security
      • Topics
        • Amazon Cognito user pools
        • Amazon Cognito identity pools
        • Amazon Cognito Sync
    • AWS IAM Identity Center (successor to AWS Single Sign-On)
      • Common
        • Getting started
      • Topics
        • Workforce identities
        • Multi-account permissions
        • Application assignments
        • Resiliency design and Regional behavior
    • AWS Resource Access Manager (AWS RAM)
      • Common
        • Getting started
        • Troubleshooting
      • Topics
        • Working with shared resources
        • Managing permissions in AWS RAM
    • AWS Secrets Manager
      • Common
      • Topics
        • Create and manage secrets
        • Retrieve secrets
        • Rotate secrets
        • Security in Secrets Manager
    • AWS WAF
      • Common
      • Topics
        • AWS WAF
        • AWS WAF Classic
        • AWS Shield
  • Cryptography & PKI
    • AWS Cryptographic Services Overview
      • Common
      • Topics
        • AWS cryptographic services and tools
    • AWS CloudHSM
      • Common
        • Getting started
        • Troubleshooting
      • Topics
        • Managing clusters
        • Managing backups
        • Integrating third-party applications
    • AWS Key Management Service (AWS KMS)
      • Common
      • Topics
        • AWS Key Management Service
        • Managing keys
        • Authentication and access control
        • Special-purpose keys
        • Quotas
        • How AWS services use AWS KMS
        • Programming the AWS KMS API
    • AWS Private Certificate Authority
      • Common
        • What is AWS Private CA?
        • Security
      • Topics
        • Planning a private CA
        • CA administration
        • Certificate administration
        • Using the API (Java examples)
  • Management & Governance
    • AWS Chatbot
      • Common
        • Getting started
        • Monitoring AWS services
        • Monitoring AWS Chatbot
        • Security
      • Topics
        • Understanding permissions
        • Performing actions
    • AWS Command Line Interface (AWS CLI)
      • Common
        • Getting started
        • Configuring the AWS CLI
      • Topics
        • Authentication and access credentials
        • Using the AWS CLI
        • Using the AWS CLI with AWS Services
    • AWS Config
      • Common
      • Topics
        • What Is AWS Config?
        • Using AWS Config
        • AWS Config Rules
        • Conformance Packs
        • Multi-Account Multi-Region Data Aggregation
    • AWS Control Tower
      • Common
        • Getting started
        • Security
      • Topics
        • What Is AWS Control Tower?
        • Best practices for administrators
        • Automate tasks
        • Customize your landing zone
        • Configure Regions
        • Accounts
        • Drift
        • Organizations
        • Controls reference guide
        • Integrated services
        • Logging and monitoring
        • Walkthroughs
        • Release notes
    • AWS Health
      • Common
      • Topics
        • Aggregating AWS Health events
    • AWS Launch Wizard
      • Common
        • Security
      • Topics
        • AWS Launch Wizard for Amazon Elastic Kubernetes Service
        • AWS Launch Wizard for Exchange Server
        • AWS Launch Wizard for Internet Information Services
        • AWS Launch Wizard for Remote Desktop Gateway
        • AWS Launch Wizard for SAP
    • AWS Resource Groups
      • Common
      • Topics
        • Resource groups
  • Networking & Content Delivery
    • Amazon API Gateway
      • Common
      • Topics
        • Working with REST APIs
        • Working with HTTP APIs
        • Working with WebSocket APIs
        • OpenAPI extensions
        • Tagging
    • AWS App Mesh
      • Common
        • Getting started
        • Troubleshooting
      • Topics
        • Concepts
        • Envoy
        • Observability
        • Securing Applications
    • AWS Direct Connect
      • Common
        • What is AWS Direct Connect?
      • Topics
        • Using the AWS Direct Connect Resiliency Toolkit to get started
        • Connections
        • Virtual interfaces
        • LAGs
        • Working with Direct Connect gateways
    • Amazon Route 53
      • Common
        • Getting started
        • Configuring Amazon Route 53 as your DNS service
        • What is Route 53 Resolver?
        • Monitoring
        • Troubleshooting
        • Tutorials
      • Topics
        • Registering and managing domains
        • Routing internet traffic to your AWS resources
        • Creating health checks and configuring DNS failover
  • Application Integration
    • AWS Step Functions
      • Common
        • Tutorials
        • Working with other services
        • Troubleshooting
      • Topics
        • How Step Functions works
        • Workflow Studio
        • Developer tools
        • Best practices
        • Sample projects for Step Functions
        • Logging and monitoring
  • Developer Tools
    • AWS Cloud9
      • Common
        • Security
      • Topics
        • Setting up
        • Working with environments
        • Working with the IDE
        • Working with other AWS services
        • Visual source control with Git panel
        • AWS Toolkit
        • Tutorials and samples
        • Advanced topics
    • AWS CodeArtifact
      • Common
        • Security
      • Topics
        • Working with repositories
        • Working with upstream repositories
        • Working with packages
        • Working with domains
        • Using npm
        • Using Python
        • Using Maven
        • Using NuGet
        • Using CodeArtifact with CodeBuild
        • Working with VPC endpoints
    • AWS CodeDeploy
      • Common
        • What is CodeDeploy?
        • Getting started
        • Tutorials
        • Security
        • Troubleshooting
      • Topics
        • Product and service integrations
        • Working with instances
        • Working with application revisions
        • Working with deployments
        • Reference
    • AWS CodeStar
      • Common
      • Topics
        • Getting Started with AWS CodeStar
        • Working with Projects
        • Working with Teams
        • Working with Your AWS CodeStar User Profile
    • Porting Assistant for .NET
      • Common
      • Topics
        • Get Started
        • Porting Assistant for .NET Visual Studio IDE extension
    • AWS X-Ray
      • Common
        • Security
      • Topics
        • X-Ray console
        • X-Ray API
        • Sample application
        • X-Ray daemon
        • Integrating with AWS services
        • Working with Go
        • Working with Node.js
        • Working with Python
        • Working with .NET
  • Media Services
    • Amazon Elastic Transcoder
      • Common
      • Topics
        • Working with Pipelines
        • Working with Jobs
        • Working with Presets
        • Securing Your Content
        • API Reference
  • Internet of Things (IoT)
    • AWS IoT Device Defender
      • Common
        • Security
        • Monitoring AWS IoT
        • Troubleshooting
      • Topics
        • Getting started with AWS IoT Core
        • Connecting to AWS IoT Core
        • Managing devices with AWS IoT
        • Tagging your AWS IoT resources
        • Rules
        • Device Shadow service
        • Jobs
        • AWS IoT secure tunneling
        • Device provisioning
        • Fleet indexing
        • MQTT-based file delivery
        • AWS IoT Device Defender
        • Device Advisor
        • Event messages
        • AWS IoT Core for LoRaWAN
        • Event notifications for AWS IoT Wireless
    • AWS IoT Device Management
      • Common
        • Security
        • Monitoring AWS IoT
        • Troubleshooting
      • Topics
        • Getting started with AWS IoT Core
        • Connecting to AWS IoT Core
        • Managing devices with AWS IoT
        • Tagging your AWS IoT resources
        • Rules
        • Device Shadow service
        • Jobs
        • AWS IoT secure tunneling
        • Device provisioning
        • Fleet indexing
        • MQTT-based file delivery
        • AWS IoT Device Defender
        • Device Advisor
        • Event messages
        • AWS IoT Core for LoRaWAN
        • Event notifications for AWS IoT Wireless
    • AWS IoT Events
      • Common
        • Tutorials
        • Monitoring with alarms
        • Troubleshooting
      • Topics
        • Supported actions
        • Expressions
    • AWS IoT Greengrass
      • Common
        • What is AWS IoT Greengrass?
        • Tutorials
        • Security
      • Topics
        • Setting up Greengrass core devices
        • Components
        • Logging and monitoring
        • Run Lambda functions
        • Communicate with the Greengrass nucleus, other components, and AWS IoT Core
        • Interact with local IoT devices
        • Interact with device shadows
        • Manage data streams
        • Perform machine learning inference
        • Manage core devices with AWS Systems Manager
        • Using AWS IoT Device Tester for AWS IoT Greengrass V2
    • AWS IoT SiteWise
      • Common
        • Getting started
        • Tutorials
        • Monitoring data with alarms
        • Monitoring data with web portals
        • Security
        • Troubleshooting
      • Topics
        • Ingesting data to AWS IoT SiteWise
        • Using AWS IoT SiteWise gateways
        • Modeling industrial assets
        • Managing data ingestion
        • Interacting with other services
        • Logging and monitoring
        • Endpoints and quotas
  • Business Applications
    • Amazon Chime SDK
      • Common
      • Topics
        • Using the Amazon Chime SDK
        • Using Amazon Chime SDK meetings
        • Using Amazon Chime SDK messaging
  • Analytics
    • Amazon CloudSearch
      • Common
        • Getting Started
      • Topics
        • What Is Amazon CloudSearch?
        • Creating and Managing Search Domains
        • Controlling How Data is Indexed
        • Uploading and Indexing Data
        • Searching Your Data
        • Querying For More Information
        • Controlling Search Results
        • Amazon CloudSearch API Reference
    • AWS Data Exchange
      • Common
        • Security
      • Topics
        • Subscribing to data products
        • Providing data products
        • AWS Marketplace Catalog API
    • AWS Data Pipeline
      • Common
        • Troubleshooting
      • Topics
        • AWS Data Pipeline Concepts
        • Working with Pipelines
        • Pipeline Expressions and Functions
        • Pipeline Object Reference
        • Working with Task Runner
    • Amazon OpenSearch Service
      • Common
        • Getting started
        • Monitoring domains
        • Security
        • Monitoring data
        • Tutorials
      • Topics
        • Amazon OpenSearch Serverless
        • Amazon OpenSearch Ingestion
        • Creating and managing domains
        • Sample code
        • Indexing data
        • Searching data
        • Managing indexes
        • Best practices
        • General reference
    • AWS Glue
      • Common
        • Getting started
      • Topics
        • How it works
        • Data Catalog and crawlers
        • Job development (interactive sessions)
        • ETL jobs
        • Orchestration
        • AWS Glue API
        • Troubleshooting AWS Glue
    • Amazon MSK
      • Common
        • Getting started
        • Security
        • Monitoring a cluster
      • Topics
        • How it works
        • Configuration
        • MSK Connect
        • Connecting to an MSK cluster
        • Apache Kafka versions
  • Robotics
    • AWS RoboMaker
      • Common
        • Security
      • Topics
  • Blockchain
    • Amazon Managed Blockchain
      • Common
        • Getting Started
      • Topics
        • Work with Hyperledger Fabric
  • Game Development
    • Amazon GameLift
      • Common
      • Topics
        • Setting up
        • Preparing games for Amazon GameLift
        • Managing hosting resources
        • Viewing game data
Powered by GitBook
On this page
  • RDS Proxy concepts and terminology
  • Getting started with RDS Proxy
  • Managing an RDS Proxy
  • Working with RDS Proxy endpoints
  • Monitoring RDS Proxy with CloudWatch
  • Using RDS Proxy with Aurora global databases

Was this helpful?

Edit on GitHub
  1. Database
  2. Amazon Aurora
  3. Topics

Using RDS Proxy

PreviousWorking with Aurora PostgreSQLNextUsing Aurora Serverless v2

Last updated 1 year ago

Was this helpful?

This page was generated from content adapted from the

RDS Proxy concepts and terminology

  • Note RDS Proxy uses certificates from the AWS Certificate Manager (ACM). If you are using RDS Proxy, you don't need to download Amazon RDS certificates or update applications that use RDS Proxy connections.

Getting started with RDS Proxy

  • Note RDS Proxy never uses more than 215 IP addresses in a VPC.

  • Tip The following procedure applies if you use the IAM console. If you use the AWS Management Console for RDS, RDS can create the IAM policy for you automatically. In that case, you can skip the following procedure.

  • Tip If you don't already know the subnet IDs to use for the --vpc-subnet-ids parameter, see for examples of how to find them.

  • Note The security group must allow access to the database the proxy connects to. The same security group is used for ingress from your applications to the proxy, and for egress from the proxy to the database. For example, suppose that you use the same security group for your database and your proxy. In this case, make sure that you specify that resources in that security group can communicate with other resources in the same security group. When using a shared VPC, you can't use the default security group for the VPC, or one that belongs to another account. Choose a security group that belongs to your account. If one doesn't exist, create one. For more information about this limitation, see .

Managing an RDS Proxy

  • Important The values in the Client authentication type and IAM authentication fields apply to all Secrets Manager secrets that are associated with this proxy. To specify different values for each secret, modify your proxy by using the AWS CLI or the API instead.

  • Important If the DB cluster is part of a global database with write forwarding turned on, reduce your proxy's MaxConnectionsPercent value by the quota that's allotted for write forwarding. The write forwarding quota is set in the DB cluster parameter aurora_fwd_writer_max_connections_pct. For information about write forwarding, see .

  • Note RDS Proxy closes database connections some time after 24 hours when they are no longer in use. The proxy performs this action regardless of the value of the maximum idle connections setting.

Working with RDS Proxy endpoints

  • Note When you specify that a new endpoint is read-only, RDS Proxy requires that the Aurora cluster has one or more reader DB instances. In some cases, you might change the target of the proxy to an Aurora cluster containing only a single writer or a multi-writer Aurora cluster. If you do, any requests to the reader endpoint fail with an error. Requests also fail if the target of the proxy is an RDS instance instead of an Aurora cluster. If an Aurora cluster has reader instances but those instances aren't available, RDS Proxy waits to send the request instead of returning an error immediately. If no reader instance becomes available within the connection borrow timeout period, the request fails with an error.

  • Tip Don't rely only on checking the DB instance name to determine whether the connection is read/write or read-only. Remember that DB instances in an Aurora cluster can change roles between writer and reader when failovers happen.

  • Note You can't delete the default endpoint that RDS Proxy automatically creates for each proxy. When you delete a proxy, RDS Proxy automatically deletes all the associated endpoints.

Monitoring RDS Proxy with CloudWatch

  • Note RDS publishes these metrics for each underlying Amazon EC2 instance associated with a proxy. A single proxy might be served by more than one EC2 instance. Use CloudWatch statistics to aggregate the values for a proxy across all the associated instances. Some of these metrics might not be visible until after the first successful connection by a proxy.

  • Important These logs are intended for human consumption for troubleshooting purposes and not for programmatic access. The format and content of the logs is subject to change. In particular, older logs don't contain any prefixes indicating the endpoint for each request. In newer logs, each entry is prefixed with the name of the associated proxy endpoint. This name can be the name that you specified for a user-defined endpoint, or the special name default for requests using the default endpoint of a proxy.

Using RDS Proxy with Aurora global databases

Tip When you create a proxy for an Aurora cluster using the AWS Management Console, you can have RDS Proxy automatically create a reader endpoint. For information about the benefits of a reader endpoint, see .

Important If the DB cluster is part of a global database with write forwarding turned on, reduce your proxy's MaxConnectionsPercent value by the quota that's allotted for write forwarding. The write forwarding quota is set in the DB cluster parameter aurora_fwd_writer_max_connections_pct. For information about write forwarding, see .

Using write forwarding in an Amazon Aurora global database
AWS Developer Guide
Work with shared VPCs
Using write forwarding in an Amazon Aurora global database
Setting up network prerequisites
Using reader endpoints with Aurora clusters