Hello,
Wondering whether you can specify and ARN for a database proxy? I see it’s a feature marked as “preview”, and I cant find anything to do with proxies here: Serverless Framework - AWS Lambda Guide - Serverless.yml Reference.
But thought I’de check on this forum incase??
EDIT: serverless seems to auto-magically create this when attaching an IAM Policy for IAM Database Access via a database proxy.
iamRoleStatements:
- Effect: Allow
Action:
- "rds-db:connect"
Resource: "arn:aws:rds-db:<region>:<database-arn-id>:dbuser:<proxy-arn-id>/*"
gu3sss
2
Hello, I am looking for a sample use case on this too. Any luck with this yet?
Unfortunately this still does not work for me. Anyone else had luck? Seems a big gap in documentation on the AWS site as well.
luxxoh
4
My mistake was using the proxys’ ARN as the IAM resource for “rds-db:connect”. The resource has to be in the format:
"arn:aws:rds-db:<region>:<database-arn-id>:dbuser:<proxy-arn-id>/*"
If you compare that to the proxy ARN, you’ll notice the proxy ARN says “db-proxy” instead of “dbuser”, which is what fixed it in my case.
This resource was pretty helpful as well: https://itnext.io/work-with-aws-rds-proxy-9d7e09668080
