RDS Proxy with non-default port ? #28321
-
I have an RDS MySQL db with an RDS Proxy in front. I am using cdk-nag library to alert of potential security issues. One of the issues it alerts for is RDS11, which recommends using a non-default port for the database. So I set my db port to other than 3306.
But I cannot connect to the RDS Proxy using the non-default port (the one stored in the database secret credentials object). Changing my whole stack back to use the default port restores connectivity. I have not confirmed yet but I am guessing that RDS Proxy does not reflect the port number of the database and always exposes port 3306 for MySQL proxy? And there does not seem to be any option to specify a port in https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rds.DatabaseProxy.html So I can't really make my stack compliant with the spirit of RDS11, although the nag only cares about the db port and not the proxy. Or have I misunderstood - is there a way to configure this? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
also the RDS Proxy construct doesn't seem to expose the port as a property, seems like I should hard-code the default MySQL port in the app that connects to the proxy instead of deriving it from the stack? |
Beta Was this translation helpful? Give feedback.
-
Well, this is actually in the RDS Proxy docs: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html#rds-proxy.limitations-my
|
Beta Was this translation helpful? Give feedback.
Well, this is actually in the RDS Proxy docs: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html#rds-proxy.limitations-my