aws-cdk-lib.aws_rds.DatabaseProxyProps

interface DatabaseProxyProps

LanguageType name
.NETAmazon.CDK.AWS.RDS.DatabaseProxyProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsrds#DatabaseProxyProps
Javasoftware.amazon.awscdk.services.rds.DatabaseProxyProps
Pythonaws_cdk.aws_rds.DatabaseProxyProps
TypeScript (source)aws-cdk-lib » aws_rds » DatabaseProxyProps

Construction properties for a DatabaseProxy.

Example

declare const vpc: ec2.Vpc;
const cluster = new rds.DatabaseCluster(this, 'Database', {
  engine: rds.DatabaseClusterEngine.auroraMysql({
    version: rds.AuroraMysqlEngineVersion.VER_3_03_0,
  }),
  writer: rds.ClusterInstance.provisioned('writer'),
  vpc,
});

const proxy = new rds.DatabaseProxy(this, 'Proxy', {
  proxyTarget: rds.ProxyTarget.fromCluster(cluster),
  secrets: [cluster.secret!],
  vpc,
});

const role = new iam.Role(this, 'DBProxyRole', { assumedBy: new iam.AccountPrincipal(this.account) });
proxy.grantConnect(role, 'admin'); // Grant the role connection access to the DB Proxy for database user 'admin'.

Properties

NameTypeDescription
proxyTargetProxyTargetDB proxy target: Instance or Cluster.
secretsISecret[]The secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster.
vpcIVpcThe VPC to associate with the new proxy.
borrowTimeout?DurationThe duration for a proxy to wait for a connection to become available in the connection pool.
dbProxyName?stringThe identifier for the proxy.
debugLogging?booleanWhether the proxy includes detailed information about SQL statements in its logs.
iamAuth?booleanWhether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy.
idleClientTimeout?DurationThe number of seconds that a connection to the proxy can be inactive before the proxy disconnects it.
initQuery?stringOne or more SQL statements for the proxy to run when opening each new database connection.
maxConnectionsPercent?numberThe maximum size of the connection pool for each target in a target group.
maxIdleConnectionsPercent?numberControls how actively the proxy closes idle database connections in the connection pool.
requireTLS?booleanA Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy.
role?IRoleIAM role that the proxy uses to access secrets in AWS Secrets Manager.
securityGroups?ISecurityGroup[]One or more VPC security groups to associate with the new proxy.
sessionPinningFilters?SessionPinningFilter[]Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection.
vpcSubnets?SubnetSelectionThe subnets used by the proxy.

proxyTarget

Type: ProxyTarget

DB proxy target: Instance or Cluster.


secrets

Type: ISecret[]

The secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster.

These secrets are stored within Amazon Secrets Manager. One or more secrets are required.


vpc

Type: IVpc

The VPC to associate with the new proxy.


borrowTimeout?

Type: Duration (optional, default: cdk.Duration.seconds(120))

The duration for a proxy to wait for a connection to become available in the connection pool.

Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.

Value must be between 1 second and 1 hour, or Duration.seconds(0) to represent unlimited.


dbProxyName?

Type: string (optional, default: Generated by CloudFormation (recommended))

The identifier for the proxy.

This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.


debugLogging?

Type: boolean (optional, default: false)

Whether the proxy includes detailed information about SQL statements in its logs.

This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.


iamAuth?

Type: boolean (optional, default: false)

Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy.


idleClientTimeout?

Type: Duration (optional, default: cdk.Duration.minutes(30))

The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it.

You can set this value higher or lower than the connection timeout limit for the associated database.


initQuery?

Type: string (optional, default: no initialization query)

One or more SQL statements for the proxy to run when opening each new database connection.

Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2.

not currently supported for PostgreSQL.


maxConnectionsPercent?

Type: number (optional, default: 100)

The maximum size of the connection pool for each target in a target group.

For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.

1-100


maxIdleConnectionsPercent?

Type: number (optional, default: 50)

Controls how actively the proxy closes idle database connections in the connection pool.

A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.

between 0 and MaxConnectionsPercent


requireTLS?

Type: boolean (optional, default: true)

A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy.

By enabling this setting, you can enforce encrypted TLS connections to the proxy.


role?

Type: IRole (optional, default: A role will automatically be created)

IAM role that the proxy uses to access secrets in AWS Secrets Manager.


securityGroups?

Type: ISecurityGroup[] (optional, default: No security groups)

One or more VPC security groups to associate with the new proxy.


sessionPinningFilters?

Type: SessionPinningFilter[] (optional, default: no session pinning filters)

Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection.

Including an item in the list exempts that class of SQL operations from the pinning behavior.


vpcSubnets?

Type: SubnetSelection (optional, default: the VPC default strategy if not specified.)

The subnets used by the proxy.