How to configure database proxy (RDS) in serverless.yml


Wondering whether you can specify and ARN for a database proxy? I see it’s a feature marked as “preview”, and I cant find anything to do with proxies here: Serverless Framework - AWS Lambda Guide - Serverless.yml Reference.

But thought I’de check on this forum incase??

EDIT: serverless seems to auto-magically create this when attaching an IAM Policy for IAM Database Access via a database proxy.

  - Effect: Allow
      - "rds-db:connect"
    Resource: "arn:aws:rds-db:<region>:<database-arn-id>:dbuser:<proxy-arn-id>/*"

Hello, I am looking for a sample use case on this too. Any luck with this yet?

Unfortunately this still does not work for me. Anyone else had luck? Seems a big gap in documentation on the AWS site as well.

My mistake was using the proxys’ ARN as the IAM resource for “rds-db:connect”. The resource has to be in the format:


If you compare that to the proxy ARN, you’ll notice the proxy ARN says “db-proxy” instead of “dbuser”, which is what fixed it in my case.

This resource was pretty helpful as well: