Amazon RDS Proxy and MariaDB Integration
As a associate system administrator I worked on Redhat Linux servers, including user management, permissions, services, and performance monitoring Automated routine administrative tasks using Bash scripting and cron jobs, reducing manual effort by ~30% I am aws certified sysops administrator and Google Certified Cloud Engineer. Determined to transition my career into cloud architect /Cloud Support role
Learn how to build a Python-based AWS Lambda function integrated with Amazon RDS Proxy and MariaDB for secure, scalable CRUD operations via API Gateway using AWS Secrets Manager.We’ll also explore best practices like using AWS Secrets Manager for secure credential storage.
Introduction
When building serverless applications, connecting AWS Lambda functions directly to Amazon RDS can be inefficient and insecure if not handled properly. Every cold start may create a new connection, potentially overwhelming the database. That’s where Amazon RDS Proxy comes into play—it allows efficient pooling and management of database connections while integrating seamlessly with AWS Lambda.
In this blog, we’ll walk through a Python-based AWS Lambda function that integrates with Amazon RDS Proxy and MariaDB to perform stateless CRUD operations via API Gateway. We’ll also explore best practices like using AWS Secrets Manager for secure credential storage.
Why Use RDS Proxy with Lambda?
Connection pooling: Avoids opening too many direct DB connections.
Improved scalability: Manages spikes in database requests.
Enhanced security: Works natively with AWS Secrets Manager.
Better availability: Supports automatic failover with Multi-AZ RDS.
Environment Setup
Before diving into the code, ensure you have:
An Amazon RDS (MariaDB) instance.
An RDS Proxy configured to connect to the RDS instance.
A secret in AWS Secrets Manager containing database credentials.
Environment variables set in Lambda:
Why Use RDS Proxy with Lambda?
Connection pooling: Avoids opening too many direct DB connections.
Improved scalability: Manages spikes in database requests.
Enhanced security: Works natively with AWS Secrets Manager.
Better availability: Supports automatic failover with Multi-AZ RDS.
Environment Setup
Before diving into the code, ensure you have:
An Amazon RDS (MariaDB) instance.
An RDS Proxy configured to connect to the RDS instance.
A secret in AWS Secrets Manager containing database credentials.
Environment variables set in Lambda:
This Lambda function provides CRUD (Create, Read, Update, Delete) APIs for a users table.
DB_SECRET_NAME=mydb-secret DB_PROXY_ENDPOINT=mydb.proxy.amazonaws.com DB_NAME=customerdb DB_TABLE=usersKey components:Secrets Manager → Securely fetch DB credentials.
RDS Proxy → Efficient DB connection pooling.
API Gateway → Acts as the HTTP interface for CRUD requests.
def get_db_connection(): global db_connection if db_connection and db_connection.open: return db_connection creds = get_db_credentials() db_connection = pymysql.connect( host=DB_PROXY_ENDPOINT, user=creds["username"], password=creds["password"], db=DB_NAME, connect_timeout=5, cursorclass=pymysql.cursors.DictCursor, ) return db_connectionConnections are reused to minimize cold start impact.
3. Handling CRUD Requests
GET → Retrieve a user.
POST → Create a new user.
PUT → Update user details.
DELETE → Remove a user.
Example:
def handle_post(conn, body):
name = body.get("name")
email = body.get("email")
with conn.cursor() as cursor:
cursor.execute(f"INSERT INTO `{DB_TABLE}` (name, email) VALUES (%s, %s)", (name, email))
conn.commit()
return build_response(201, {"id": conn.insert_id(), "message": "User created"})
Testing via API Gateway:
Deploy the Lambda via API Gateway.
Test using
POST /userswith a JSON body:
{ "name": "Alice", "email": "alice@example.com" }
{ "id": 1, "message": "User created" }
Conclusion:
By integrating AWS Lambda with Amazon RDS Proxy and MariaDB, you can build secure, stateless, and scalable serverless applications. This approach minimizes database connection overhead, ensures secure credential management via AWS Secrets Manager, and supports high-concurrency CRUD operations with ease.
