From 4b5d9795116d818986bde2f338b97102bbb2704f Mon Sep 17 00:00:00 2001 From: Zdravko Donev Date: Thu, 2 Oct 2025 14:44:18 +0300 Subject: [PATCH 1/2] RDSC-4040: RDS/Aurora PostgreSQL note for Cloud RDI setup --- content/operate/rc/databases/rdi/setup.md | 31 ++++++++++++++++++----- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/content/operate/rc/databases/rdi/setup.md b/content/operate/rc/databases/rdi/setup.md index 0edcd752f..c0d9fd09d 100644 --- a/content/operate/rc/databases/rdi/setup.md +++ b/content/operate/rc/databases/rdi/setup.md @@ -123,12 +123,24 @@ For more details on AWS PrivateLink, see [Share your services through AWS Privat To set up PrivateLink for a database hosted on AWS RDS or AWS Aurora: -1. [Create an RDS Proxy](#create-rds-proxy) that will route requests to your database. -1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming HTTP requests to the RDS proxy. +{{}} +**RDS Proxy does not work with RDS PostgreSQL and Aurora PostgreSQL.** RDS Proxy doesn't support PostgreSQL logical replication, mainly because RDS and Aurora themselves do not support automatic failovers (from the perspective of the client) very well. + +For PostgreSQL databases, use one of the following alternatives instead: +- **For test environments**: Connect the Network Load Balancer directly to the database IP address (skip the RDS Proxy step). +- **For production environments**: Use the AWS Lambda approach described in [Access Amazon RDS across VPCs using AWS PrivateLink and Network Load Balancer](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/). +{{}} + +1. [Create an RDS Proxy](#create-rds-proxy) that will route requests to your database (MySQL and SQL Server only). +1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming HTTP requests to the RDS proxy (or directly to the database for PostgreSQL). 1. [Create an endpoint service](#create-endpoint-service-rds) through AWS PrivateLink. ### Create RDS proxy {#create-rds-proxy} +{{}} +**Skip this step for PostgreSQL databases.** For RDS PostgreSQL and Aurora PostgreSQL, proceed directly to [Create network load balancer](#create-network-load-balancer-rds) and configure it to connect directly to your database IP address. +{{}} + In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Database** > **Aurora and RDS**. [Create an RDS proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-creating.html) that can access your database. The Proxy's IAM role must have the following permissions to access the database using the credentials secret and encryption key: @@ -142,23 +154,30 @@ You can set the proxy's IAM role during creation in the **Authentication** secti In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Compute** > **EC2**. [Create a network load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html#configure-load-balancer) with the following settings: -1. In **Basic configuration**: +1. In **Basic configuration**: - **Scheme**: Select **Internal**. - **Load balancer IP address type**: Select **IPv4**. 1. In **Network mapping**, select the VPC and availability zone associated with your source database. 1. In **Security groups**, select the security group associated with your source database. -1. In **Listeners and routing**: +1. In **Listeners and routing**: 1. Select **Create target group** to [create a target group](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-target-group.html) with the following settings: 1. In **Specify group details**: - **Target type**: Select **IP Addresses**. - **Protocol : Port**: Select **TCP**, and then enter the port number where your database is exposed. - The **IP address type** and **VPC** should be selected already and match the VPC you selected earlier. - 1. In **Register targets**, enter the static IP address of your RDS proxy, enter the port, and select **Include as pending below**. Then, select **Create target group** to create your target group. Return to **Listeners and routing** in the Network Load Balancer setup. - To get the static IP address of your RDS Proxy, run the following command on an EC2 instance in the same VPC as the Proxy: + 1. In **Register targets**, enter the static IP address of your RDS proxy (for MySQL and SQL Server) or your database (for PostgreSQL), enter the port, and select **Include as pending below**. Then, select **Create target group** to create your target group. Return to **Listeners and routing** in the Network Load Balancer setup. + + **For MySQL and SQL Server**: To get the static IP address of your RDS Proxy, run the following command on an EC2 instance in the same VPC as the Proxy: ```sh $ nslookup ``` Replace `` with the endpoint of your RDS proxy. + + **For PostgreSQL**: To get the static IP address of your database, run the following command on an EC2 instance in the same VPC as the database: + ```sh + $ nslookup + ``` + Replace `` with the endpoint of your RDS or Aurora PostgreSQL database. 1. Set the following **Listener** properties: - **Protocol**: Select **TCP**. - **Port**: Enter your source database's port. From 20e9d5d42a63b3b67af6537cf225ffefa8da31cc Mon Sep 17 00:00:00 2001 From: Cameron Bates <102550101+cmilesb@users.noreply.github.com> Date: Thu, 2 Oct 2025 10:04:51 -0400 Subject: [PATCH 2/2] Apply suggestions from code review --- content/operate/rc/databases/rdi/setup.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/operate/rc/databases/rdi/setup.md b/content/operate/rc/databases/rdi/setup.md index c0d9fd09d..69174b20a 100644 --- a/content/operate/rc/databases/rdi/setup.md +++ b/content/operate/rc/databases/rdi/setup.md @@ -124,7 +124,7 @@ For more details on AWS PrivateLink, see [Share your services through AWS Privat To set up PrivateLink for a database hosted on AWS RDS or AWS Aurora: {{}} -**RDS Proxy does not work with RDS PostgreSQL and Aurora PostgreSQL.** RDS Proxy doesn't support PostgreSQL logical replication, mainly because RDS and Aurora themselves do not support automatic failovers (from the perspective of the client) very well. +The RDS Proxy does not work with RDS PostgreSQL and Aurora PostgreSQL because it does not support PostgreSQL logical replication. For PostgreSQL databases, use one of the following alternatives instead: - **For test environments**: Connect the Network Load Balancer directly to the database IP address (skip the RDS Proxy step). @@ -132,13 +132,13 @@ For PostgreSQL databases, use one of the following alternatives instead: {{}} 1. [Create an RDS Proxy](#create-rds-proxy) that will route requests to your database (MySQL and SQL Server only). -1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming HTTP requests to the RDS proxy (or directly to the database for PostgreSQL). +1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming requests to the RDS proxy (or directly to the database for PostgreSQL). 1. [Create an endpoint service](#create-endpoint-service-rds) through AWS PrivateLink. ### Create RDS proxy {#create-rds-proxy} {{}} -**Skip this step for PostgreSQL databases.** For RDS PostgreSQL and Aurora PostgreSQL, proceed directly to [Create network load balancer](#create-network-load-balancer-rds) and configure it to connect directly to your database IP address. +For RDS PostgreSQL and Aurora PostgreSQL, skip this step and proceed directly to [Create network load balancer](#create-network-load-balancer-rds) and configure it to connect directly to your database IP address. {{}} In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Database** > **Aurora and RDS**. [Create an RDS proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-creating.html) that can access your database.