Lambda with RDS Proxy
Problem
Direct Lambda-to-RDS connections can open too many DB sessions under high concurrency, leading to connection exhaustion and degraded performance.
Solution – RDS Proxy
- Scalability: Pools and shares connections across Lambda invocations.
- Availability: Reduces failover time by ~66%, keeps connections alive during failover.
- Security: Uses IAM authentication and stores credentials in AWS Secrets Manager.
Requirements
- Lambda must run inside a VPC (RDS Proxy is never publicly accessible).
Architecture
Lambda → RDS Proxy → RDS/Aurora in private subnets.
Invoking Lambda from RDS & Aurora
Some DB engines can call Lambda directly to process data-related events from within the database.
Supported Engines
- RDS for PostgreSQL
- Aurora MySQL
Example Use Case
INSERT → triggers Lambda → Lambda sends email via SES.
Requirements
- DB instance needs network path to Lambda (Internet, NAT Gateway, or VPC Endpoint).
- DB must have permissions:
- Lambda resource-based policy allowing DB invocation.
- IAM policy on DB instance role to invoke Lambda.
RDS Event Notifications
Send state change notifications for DB instances and related resources (not actual data changes).
Categories
- DB Instance
- DB Snapshot
- DB Parameter Group
- DB Security Group
- RDS Proxy
- Custom Engine Version
Delivery
- Near real-time (~5 minutes).
- Via SNS or EventBridge, which can trigger Lambda, send to SQS, etc.