patternjavascriptMajor
RDS Proxy reduces Lambda-to-RDS connection exhaustion under load
Viewed 0 times
@aws-sdk/rds-signer v3.x
RDS proxyconnection poolingmax_connectionsLambda VPCIAM authenticationdatabase connectionsconnection exhaustion
aws-lambda
Error Messages
Problem
Lambda functions connecting directly to RDS create a new database connection per invocation. Under concurrent load, Lambda scales to hundreds of instances simultaneously, exhausting the RDS max_connections limit and causing connection errors.
Solution
Place RDS Proxy between Lambda and RDS. RDS Proxy maintains a pool of connections to RDS and multiplexes Lambda invocations over the pool. Configure the proxy to use IAM authentication to avoid storing credentials in the function.
Why
RDS (PostgreSQL/MySQL) has a hard limit on max_connections (often 100-500 for smaller instances). Lambda can scale to thousands of concurrent instances. Without a proxy, each Lambda instance holds an open connection even when idle.
Gotchas
- RDS Proxy must be in the same VPC as RDS — Lambda must also be in that VPC (adds cold start latency overhead, though ENI pre-provisioning mitigates this)
- RDS Proxy does not support all PostgreSQL features — check compatibility for COPY, LISTEN/NOTIFY, and prepared statements
- IAM authentication for RDS Proxy generates tokens valid for 15 minutes — generate fresh tokens per connection, not per request
- RDS Proxy charges ~$0.015 per vCPU-hour of the RDS instance it fronts
- Connection pinning (caused by SET, BEGIN, prepared statements) reduces multiplexing efficiency
Code Snippets
Connecting to RDS via RDS Proxy with IAM token authentication
import { Signer } from '@aws-sdk/rds-signer';
import { Pool } from 'pg';
// Generate IAM auth token for RDS Proxy (valid 15 min)
async function getAuthToken() {
const signer = new Signer({
hostname: process.env.RDS_PROXY_ENDPOINT,
port: 5432,
region: process.env.AWS_REGION,
username: 'lambda_user',
});
return signer.getAuthToken();
}
// Create pool once per Lambda container (outside handler)
const pool = new Pool({
host: process.env.RDS_PROXY_ENDPOINT,
database: 'mydb',
user: 'lambda_user',
password: getAuthToken, // function reference — pg calls it when needed
ssl: { rejectUnauthorized: false },
});Context
Running Lambda functions that connect to PostgreSQL or MySQL RDS instances at scale
Revisions (0)
No revisions yet.