Introduction:
In today’s cloud-driven applications, managing database connections efficiently is crucial for performance, scalability, and cost optimization. AWS RDS Proxy acts as a smart intermediary between your application and the database, ensuring seamless connection pooling, automatic failover handling, and improved security, all while reducing the overhead on your RDS instance.
Whether you're running serverless applications with AWS Lambda, containerized workloads, or EC2-based architectures, RDS Proxy can significantly enhance your database performance.
In this guide, we’ll dive deep into:
The key benefits of using AWS RDS Proxy
Step-by-step setup and best practices
Performance benchmarks before and after proxy implementation
Why Use AWS RDS Proxy?
Connection Pooling and Management
- Efficiently manages connections, reducing the number of direct connections to RDS.
- Reuses database connections instead of creating new ones for each request.
2. Reduced Latency and Faster Scaling
- Minimizes the impact of database connection limits on applications.
- Improves response time by reducing connection establishment overhead.
3. Enhanced Security
- AWS IAM authentication support.
- Secure access without exposing database credentials.
4. High Availability and Failover Support
- Automatically handles failovers and database restarts with minimal impact
Setting Up AWS RDS Proxy in an easy way.
Pre-Requisists
VPC
Virtual Private Cloud - It provides enhanced security, network segmentation, and control over cloud resources, allowing organizations to securely deploy applications while managing traffic flow efficiently
Subnets
A Subnet ( Subnetwork ) is a segment within a VPC that divides the network into smaller, manageable sections to improve performance, security, and resource allocation
Types
Public - For a Nat Gateway configuration, connected to the internet via an Internet Gateway (IGW), used for hosting public-facing resources like web servers
Private - No direct internet access, only internal communication - Used for sensitive data and backend resources like databases.
Routing Table
A Routing Table is a set of rules in a VPC that determines how network traffic is directed between subnets, the internet, and other networks.
Each subnet in a VPC is associated with a Routing Table, which contains routes specifying the destination and the next hop for network packets
Allows secure isolation of private and public subnets
Each subnet can be associated with only one routing table, but multiple subnets can share the same routing table
NatGateway - Network Address Translation Gateway
Allows private subnet instances to securely access the internet (e.g., for software updates, API calls).
Prevents inbound internet traffic to private subnet instances, enhancing security.
Provides high availability when deployed in multiple availability zones.
Eliminates manual NAT instance management, as AWS fully manages it
Security Group
A Security Group (SG) is a virtual firewall in AWS that controls inbound and outbound traffic to resources within a VPC. It acts as a stateful security rule set, remembering and allowing the return traffic for initiated connections.
IAM role - This is needed to provide access to the RDS proxy from EC2, the RDS proxy from Lambda. Proxy to DB - We can configure this through Serverless itself. Or in the AWS console select RDSFULLACCESS and DESCRIBE Network Configs - We need to provide access permission between the services we used under this Proxy setup
One Elastic IP - make sure one Elastic IP is available to map for the NatGateway
Steps to configure
VPC creation using VPC wizard
We can create the resources as we need manually, but that requires more manual inputs, which makes it difficult to configure. So, the best way to create the required resources is using VPC Wizard. (A VPC Wizard is used to create all the resources in a click.)
We need to provide the VPC name, the rest will be configured and created by the AWS console.
It is required to select the options in the Create workflow (Refer to the sample images given below)
Go to VPC Service -> Click Create VPC -> Select VPC and More
You will see other configurations, select them based on your requirements, like Multi Zone Availability, etc.
Finally, it will create the below resources
VPC
Subnets
Private
Public
Nat Gateway with Public IP associated. This should contain the Elastic IP
Routing Table
Now we create a Security Group with the required naming conventions
Configure the outbound rules as you wish
Configure the inbound rules - this should contain the resource that we need to allow, which comes under the VPC that was configured earlier
Go to the private routing table, associate the Nat gateway in the inbound rule by providing 0.0.0.0 and NATs
In the Public Table IGW is associated with the default. Don’t change anything here!
Now we want to group the Security Group, Subnets under the specific VPC
For subnet grouping, go to the subnet group page and select the VPC, and select the subnets wants to map and provide a name, and create a new one (These subnets which we got created from the VPC Wizard)
Map the security group as well as within the VPC
Now go to the RDS or anywhere -> Now you will be able to select the VPC, then automatically subnets and Security Group will appear to select.
Now it’s time to create the RDS proxy from AWS RDS console.
Provide the necessary details as is required and fill in the data
Now hit the Create proxy button and wait for some time. It will take some time to complete.
Make sure you are selecting the VPC which we created before using the VPC wizard. Only then will the subnets and the Security group be mapped automatically for this RDS proxy
Once done, it will show an Active in status and it's ready to configure in the Lambda or wherever we need to connect.
Get to the Proxy which we created earlier, and select the proxy URL from the console.
Use this URL in your desired application.
Try hitting the applications with DB connections check using the proxy URL. If you receive the response from the Proxy configured DB with Proxy URL, then we completed the steps, and can ensure that the Proxy is working fine without any issues.
If you are still not able to connect to the DB using Proxy URL, then it could be something with the security group, the VPC configuration, the Nat Gateway config, or the IG config. Recheck all above steps to verify the configurations accomplished properly.
Note: Make sure wherever you are trying to connect this RDS -> Those services need to come under the VPC which we configured. This RDS Proxy URL won't be able to access outside of this VPC, which we've mapped during the VPC create and Proxy Configure.
Make sure all those resources are under the same VPC and Subnets accordingly. Only then will Proxy DB be accessible.
Benchmark of the Proxy ( Before and After Proxy)
Before Proxy Configured - DB connections
After Proxy Configured - DB connections
Finally, you can come to a conclusion that DB connections are seamlessly and properly managed and closed accordingly.
This is one of the important attributes of the application performance and the DB performance. With all the insights shared, we can confidently conclude that efficiently managing database connections plays a crucial role in both application performance and database health. By leveraging PostgreSQL RDS Proxy, we've ensured seamless, optimized, and well-managed database connections, preventing unnecessary resource consumption and connection overload. This approach not only enhances scalability but also reduces latency and costs, making it a valuable addition to any modern cloud-based application architecture.
I appreciate you taking the time to read through this blog series. I hope it has provided valuable knowledge and practical solutions for optimizing your PostgreSQL RDS setup.
Thank you for reading, and happy coding!
