AWS Amazon RDS Proxy Endpoint

This page shows how to write Terraform and CloudFormation for Amazon RDS Proxy Endpoint and write them securely.

aws_db_proxy_endpoint (Terraform)

The Proxy Endpoint in Amazon RDS can be configured in Terraform with the resource name aws_db_proxy_endpoint. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • db_proxy_endpoint_name - (Required) The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
  • db_proxy_name - (Required) The name of the DB proxy associated with the DB proxy endpoint that you create.
  • vpc_subnet_ids - (Required) One or more VPC subnet IDs to associate with the new proxy.
  • vpc_security_group_ids - (Optional) One or more VPC security group IDs to associate with the new proxy.
  • target_role - (Optional) Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default is READ_WRITE. Valid values are READ_WRITE and READ_ONLY.
  • tags - (Optional) A mapping of tags to assign to the resource.

In addition to all arguments above, the following attributes are exported:

  • id - The name of the proxy and proxy endpoint separated by /, DB-PROXY-NAME/DB-PROXY-ENDPOINT-NAME.
  • arn - The Amazon Resource Name (ARN) for the proxy endpoint.
  • endpoint - The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.
  • is_default - Indicates whether this endpoint is the default endpoint for the associated DB proxy.
  • vpc_id - The VPC ID of the DB proxy endpoint.

Explanation in Terraform Registry

Provides an RDS DB proxy endpoint resource. For additional information, see the RDS User Guide.

Tips: Best Practices for The Other AWS Amazon RDS Resources

In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_db_instance

Ensure backup retension of your RDS instance is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster

Ensure backup retension of your RDS cluster is specified

It's better to set it explicitly to reduce the risk of availability issues.

risk-label

aws_rds_cluster_instance

Ensure your RDS cluster instance blocks unwanted access

It's better to limit accessibily to the minimum that is required for the application to work.

Review your AWS Amazon RDS settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::RDS::DBProxyEndpoint (CloudFormation)

The DBProxyEndpoint in RDS can be configured in CloudFormation with the resource name AWS::RDS::DBProxyEndpoint. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

template.json#L3039
    "AWS::RDS::DBProxyEndpoint": {
      "Type": "AWS::RDS::DBProxyEndpoint",
      "Properties": {}
    },
    "AWS::EC2::TrafficMirrorTarget": {
      "Type": "AWS::EC2::TrafficMirrorTarget",

Parameters

Explanation in CloudFormation Registry

The AWS::RDS::DBProxyEndpoint resource creates or updates a DB proxy endpoint. You can use custom proxy endpoints to access a proxy through a different VPC than the proxy's default VPC.

For more information about RDS Proxy, see AWS::RDS::DBProxy.

Frequently asked questions

What is AWS Amazon RDS Proxy Endpoint?

AWS Amazon RDS Proxy Endpoint is a resource for Amazon RDS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon RDS Proxy Endpoint?

For CloudFormation, the mhlabs/aws-icons-directory source code example is useful. See the CloudFormation Example section for further details.