3

I am trying to use the AWS RDS Proxy on my lambda to proxy our database (Aurora MySQL). I wasn't able to find any specific instructions for Sequelize, but it seemed like all I needed for RDS proxy to work is to create a signer, use it to get my token and then pass in the token as my password to the Sequelize constructor:

const signer = new RDS.Signer({
  region: process.env.REGION,
  hostname: process.env.DB_PROXY_ENDPOINT,
  port: 3306,
  username: process.env.DB_PROXY_USERNAME,
});

const token = signer.getAuthToken({
  username: process.env.DB_PROXY_USERNAME,
});

const connection = new Sequelize(process.env.DB_DATABASE, process.env.DB_PROXY_USERNAME, token, {
  dialect: 'mysql',
  host: process.env.DB_HOSTNAME,
  port: process.env.DB_PORT,
  pool: {
    acquire: 15000,
    idle: 9000,
    max: 10
  },
});

The RDS proxy is attached to my lambda and I'm able to log the token, but as soon as I make a request against the database, my connection times out. Does anyone know if there is something I could be missing in this setup?

jtoberon
  • 8,706
  • 1
  • 35
  • 48
Tyson Cadenhead
  • 352
  • 3
  • 8

1 Answers1

0

Here's how I connected from AWS Lambda to RDS Proxy using MySql (in typescript)

import { APIGatewayProxyEvent, APIGatewayProxyResult } from "aws-lambda";
import { Signer } from "@aws-sdk/rds-signer";
import { Sequelize } from "sequelize";

//other code

const signer = new Signer({
  hostname: host
  port: port,
  region: region,
  username: username,
});

const sequelize = new Sequelize({
  username,
  host,
  port,
  dialect: "mysql",
  dialectOptions: {
    ssl: "Amazon RDS",
    authPlugins: {
      mysql_clear_password: () => () => signer.getAuthToken(),
    },
  },
});

// some more code

Your connection timing out may be due to some authentication error, perhaps in the way you're passing in the token. I would double check your RDS Proxy IAM role has secretsmanager:GetSecretValue permission for the Secrets Manager resource of the db user credentials as well as kms:Decrypt on the key used to encrypt the secret. And your lambda (or whatever context your code is running in) has the rds-db:connect permission.

NOTE: This doesn't include the connection pooling options, I'm still trying to figure out how to optimize that. Check out Using sequelize in AWS Lambda docs for a place to start.

Joseph
  • 93
  • 1
  • 5