Testing the connection to RDS Proxy
View SourceRelease NotesYou connect to an RDS DB instance through a proxy in generally the same way as you connect directly to the database. The main difference is that you specify the proxy endpoint instead of the DB endpoint. When using this module, the proxy endpoint will be avaialable from the rds_proxy_endpoint
output variable. Note that RDS Proxy can't be publicly accessible, so you might need to use provision EC2 instance inside the same VPC to test the connection.
Configuring access to RDS Proxy
If you don't provide the allow_connections_from_cidr_blocks
variable, you will need to provision your own access. To
do that create an ingress rule on the security group that this module creates. The security group ID will be available
from the security_group_id
output variable.
Sample Usage
- Terraform
- Terragrunt
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S RDS-PROXY MODULE
# ------------------------------------------------------------------------------------------------------
module "rds_proxy" {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.35.0"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
connection_pool_config = <object(
connection_borrow_timeout = number
init_query = string
max_connections_percent = number
max_idle_connections_percent = number
session_pinning_filters = list(string)
)>
# The DB secret should contain username and password for the DB as a key-value
# pairs. Otherwise, you can insert plaintext secret with the format should
# look like {"username":"your_username","password":"your_password"}.
db_secret_arn = <string>
# The kinds of databases that the proxy can connect to. This value determines
# which database network protocol the proxy recognizes when it interprets
# network traffic to and from the database. The engine family applies to MySQL
# and PostgreSQL for both RDS and Aurora. Valid values are MYSQL and
# POSTGRESQL.
engine_family = <string>
# The identifier for the proxy.
name = <string>
# A list of subnet ids where the database instances should be deployed. In the
# standard Gruntwork VPC setup, these should be the private persistence subnet
# ids. This is ignored if create_subnet_group=false.
subnet_ids = <list(string)>
# The id of the VPC in which this DB should be deployed.
vpc_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of CIDR-formatted IP address ranges that can connect to this DB.
# Should typically be the CIDR blocks of the private app subnet in this VPC
# plus the private subnet in the mgmt VPC.
allow_connections_from_cidr_blocks = []
# The DB cluster identifier. Note that one of `db_instance_identifier` or
# `db_cluster_identifier` is required.
db_cluster_identifier = null
# The DB instance identifier. Note that one of `db_instance_identifier` or
# `db_cluster_identifier` is required.
db_instance_identifier = null
# The KMS key used to encrypt the DB secret.
db_secret_kms_key_arn = null
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
idle_client_timeout = null
# The port the RDS proxy will listen on (e.g. 3306)
port = 3306
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
require_tls = null
}
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S RDS-PROXY MODULE
# ------------------------------------------------------------------------------------------------------
terraform {
source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/rds-proxy?ref=v0.35.0"
}
inputs = {
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
connection_pool_config = <object(
connection_borrow_timeout = number
init_query = string
max_connections_percent = number
max_idle_connections_percent = number
session_pinning_filters = list(string)
)>
# The DB secret should contain username and password for the DB as a key-value
# pairs. Otherwise, you can insert plaintext secret with the format should
# look like {"username":"your_username","password":"your_password"}.
db_secret_arn = <string>
# The kinds of databases that the proxy can connect to. This value determines
# which database network protocol the proxy recognizes when it interprets
# network traffic to and from the database. The engine family applies to MySQL
# and PostgreSQL for both RDS and Aurora. Valid values are MYSQL and
# POSTGRESQL.
engine_family = <string>
# The identifier for the proxy.
name = <string>
# A list of subnet ids where the database instances should be deployed. In the
# standard Gruntwork VPC setup, these should be the private persistence subnet
# ids. This is ignored if create_subnet_group=false.
subnet_ids = <list(string)>
# The id of the VPC in which this DB should be deployed.
vpc_id = <string>
# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
# A list of CIDR-formatted IP address ranges that can connect to this DB.
# Should typically be the CIDR blocks of the private app subnet in this VPC
# plus the private subnet in the mgmt VPC.
allow_connections_from_cidr_blocks = []
# The DB cluster identifier. Note that one of `db_instance_identifier` or
# `db_cluster_identifier` is required.
db_cluster_identifier = null
# The DB instance identifier. Note that one of `db_instance_identifier` or
# `db_cluster_identifier` is required.
db_instance_identifier = null
# The KMS key used to encrypt the DB secret.
db_secret_kms_key_arn = null
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
idle_client_timeout = null
# The port the RDS proxy will listen on (e.g. 3306)
port = 3306
# The number of seconds that a connection to the proxy can be inactive before
# the proxy disconnects it. You can set this value higher or lower than the
# connection timeout limit for the associated database.
require_tls = null
}
Reference
- Inputs
- Outputs
Required
connection_pool_config
object(…)The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.
object({
connection_borrow_timeout = number
init_query = string
max_connections_percent = number
max_idle_connections_percent = number
session_pinning_filters = list(string)
})
db_secret_arn
stringThe DB secret should contain username and password for the DB as a key-value pairs. Otherwise, you can insert plaintext secret with the format should look like {'username':'your_username','password':'your_password'}.
engine_family
stringThe kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. Valid values are MYSQL and POSTGRESQL.
name
stringThe identifier for the proxy.
subnet_ids
list(string)A list of subnet ids where the database instances should be deployed. In the standard Gruntwork VPC setup, these should be the private persistence subnet ids. This is ignored if create_subnet_group=false.
vpc_id
stringThe id of the VPC in which this DB should be deployed.
Optional
allow_connections_from_cidr_blocks
list(string)A list of CIDR-formatted IP address ranges that can connect to this DB. Should typically be the CIDR blocks of the private app subnet in this VPC plus the private subnet in the mgmt VPC.
[]
db_cluster_identifier
stringThe DB cluster identifier. Note that one of db_instance_identifier
or db_cluster_identifier
is required.
null
db_instance_identifier
stringThe DB instance identifier. Note that one of db_instance_identifier
or db_cluster_identifier
is required.
null
db_secret_kms_key_arn
stringThe KMS key used to encrypt the DB secret.
null
idle_client_timeout
numberThe number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.
null
port
numberThe port the RDS proxy will listen on (e.g. 3306)
3306
require_tls
boolThe number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.
null