Can't connect lambda to RDS Proxy

Question

Hi,

I have set up a lambda function to connect to an rds proxy. I can connect directly to the database but not the proxy. I have:
1. Added it through the rds using connected compute service
2. Put everything in a single vpc and adjusted the inbound/outbound rules
3. Adjusted the iam to include AWSLambdaVPCAccessExecutionRole and AWSLambdaBasicExecutionRole

I am also getting the warning that: "Function execution role: iamRole does not have the required permission for RDS proxy: proxyname" (I have anonymized the execution role and proxy name).

Answer

Hello.

Is IAM authentication enabled on RDS Proxy?  
If IAM authentication is enabled, the IAM policy "rds-db:connect" is required in the Lambda IAM role.  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html#rds-proxy-connecting-iam  
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "rds-db:connect"
            ],
            "Resource": [
                "arn:aws:rds-db:ap-northeast-1:AWS-Account-ID:dbuser:prx-ABCDEFGHIJKL01234/proxy_user"
            ]
        }
    ]
}

```

If you want to connect using only password authentication, please disable IAM authentication with RDS Proxy.

Can't connect lambda to RDS Proxy

相關內容