Skip to content

RDSC-4040 add note for RDS proxy #2203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 3, 2025
Merged

RDSC-4040 add note for RDS proxy #2203

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4b5d979
RDSC-4040: RDS/Aurora PostgreSQL note for Cloud RDI setup
ZdravkoDonev-redis Oct 2, 2025
20e9d5d
Apply suggestions from code review
cmilesb Oct 2, 2025
dd25d85
Merge branch 'preview-rc-rdi' into RDSC-4040-add-note-for-RDS-proxy
cmilesb Oct 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 24 additions & 5 deletions content/operate/rc/databases/rdi/setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,12 +127,24 @@ For more details on AWS PrivateLink, see [Share your services through AWS Privat

To set up PrivateLink for a database hosted on AWS RDS or AWS Aurora:

1. [Create an RDS Proxy](#create-rds-proxy) that will route requests to your database.
1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming HTTP requests to the RDS proxy.
{{<warning>}}
The RDS Proxy does not work with RDS PostgreSQL and Aurora PostgreSQL because it does not support PostgreSQL logical replication.

For PostgreSQL databases, use one of the following alternatives instead:
- **For test environments**: Connect the Network Load Balancer directly to the database IP address (skip the RDS Proxy step).
- **For production environments**: Use the AWS Lambda approach described in [Access Amazon RDS across VPCs using AWS PrivateLink and Network Load Balancer](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/).
{{</warning>}}

1. [Create an RDS Proxy](#create-rds-proxy) that will route requests to your database (MySQL and SQL Server only).
1. [Create a network load balancer](#create-network-load-balancer-rds) that will route incoming requests to the RDS proxy (or directly to the database for PostgreSQL).
1. [Create an endpoint service](#create-endpoint-service-rds) through AWS PrivateLink.

### Create RDS proxy {#create-rds-proxy}

{{<note>}}
For RDS PostgreSQL and Aurora PostgreSQL, skip this step and proceed directly to [Create network load balancer](#create-network-load-balancer-rds) and configure it to connect directly to your database IP address.
{{</note>}}

In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Database** > **Aurora and RDS**. [Create an RDS proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-creating.html) that can access your database.

The Proxy's IAM role must have the following permissions to access the database using the credentials secret and encryption key:
Expand All @@ -146,7 +158,7 @@ You can set the proxy's IAM role during creation in the **Authentication** secti

In the [AWS Management Console](https://console.aws.amazon.com/), use the **Services** menu to locate and select **Compute** > **EC2**. [Create a network load balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html#configure-load-balancer) with the following settings:

1. In **Basic configuration**:
1. In **Basic configuration**:
- **Scheme**: Select **Internal**.
- **Load balancer IP address type**: Select **IPv4**.
1. In **Network mapping**, select the VPC and availability zone associated with your source database.
Expand All @@ -157,12 +169,19 @@ In the [AWS Management Console](https://console.aws.amazon.com/), use the **Serv
- **Target type**: Select **IP Addresses**.
- **Protocol : Port**: Select **TCP**, and then enter the port number where your database is exposed.
- The **IP address type** and **VPC** should be selected already and match the VPC you selected earlier.
1. In **Register targets**, enter the static IP address of your RDS proxy, enter the port, and select **Include as pending below**. Then, select **Create target group** to create your target group. Return to **Listeners and routing** in the Network Load Balancer setup.
To get the static IP address of your RDS Proxy, run the following command on an EC2 instance in the same VPC as the Proxy:
1. In **Register targets**, enter the static IP address of your RDS proxy (for MySQL and SQL Server) or your database (for PostgreSQL), enter the port, and select **Include as pending below**. Then, select **Create target group** to create your target group. Return to **Listeners and routing** in the Network Load Balancer setup.

**For MySQL and SQL Server**: To get the static IP address of your RDS Proxy, run the following command on an EC2 instance in the same VPC as the Proxy:
```sh
$ nslookup <proxy-endpoint>
```
Replace `<proxy-endpoint>` with the endpoint of your RDS proxy.

**For PostgreSQL**: To get the static IP address of your database, run the following command on an EC2 instance in the same VPC as the database:
```sh
$ nslookup <database-endpoint>
```
Replace `<database-endpoint>` with the endpoint of your RDS or Aurora PostgreSQL database.
1. Set the following **Listener** properties:
- **Protocol**: Select **TCP**.
- **Port**: Enter your source database's port.
Expand Down