How to configure database proxy (RDS) in serverless.yml

InTwoMinds · May 11, 2020, 7:59am

Hello,

Wondering whether you can specify and ARN for a database proxy? I see it’s a feature marked as “preview”, and I cant find anything to do with proxies here: https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/.

But thought I’de check on this forum incase??

EDIT: serverless seems to auto-magically create this when attaching an IAM Policy for IAM Database Access via a database proxy.

iamRoleStatements:
  - Effect: Allow
    Action:
      - "rds-db:connect"
    Resource: "arn:aws:rds-db:<region>:<database-arn-id>:dbuser:<proxy-arn-id>/*"

gu3sss · September 2, 2020, 12:29pm

Hello, I am looking for a sample use case on this too. Any luck with this yet?

onmiddleground · October 2, 2020, 11:47am

Unfortunately this still does not work for me. Anyone else had luck? Seems a big gap in documentation on the AWS site as well.

luxxoh · December 5, 2020, 8:37pm

My mistake was using the proxys’ ARN as the IAM resource for “rds-db:connect”. The resource has to be in the format:

"arn:aws:rds-db:<region>:<database-arn-id>:dbuser:<proxy-arn-id>/*"

If you compare that to the proxy ARN, you’ll notice the proxy ARN says “db-proxy” instead of “dbuser”, which is what fixed it in my case.

This resource was pretty helpful as well: https://itnext.io/work-with-aws-rds-proxy-9d7e09668080