AWS Amazon RDS Proxy Endpoint
This page shows how to write Terraform and CloudFormation for Amazon RDS Proxy Endpoint and write them securely.
aws_db_proxy_endpoint (Terraform)
The Proxy Endpoint in Amazon RDS can be configured in Terraform with the resource name aws_db_proxy_endpoint
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
db_proxy_endpoint_name
- (Required) The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.db_proxy_name
- (Required) The name of the DB proxy associated with the DB proxy endpoint that you create.vpc_subnet_ids
- (Required) One or more VPC subnet IDs to associate with the new proxy.vpc_security_group_ids
- (Optional) One or more VPC security group IDs to associate with the new proxy.target_role
- (Optional) Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default isREAD_WRITE
. Valid values areREAD_WRITE
andREAD_ONLY
.tags
- (Optional) A mapping of tags to assign to the resource.
In addition to all arguments above, the following attributes are exported:
id
- The name of the proxy and proxy endpoint separated by/
,DB-PROXY-NAME/DB-PROXY-ENDPOINT-NAME
.arn
- The Amazon Resource Name (ARN) for the proxy endpoint.endpoint
- The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.is_default
- Indicates whether this endpoint is the default endpoint for the associated DB proxy.vpc_id
- The VPC ID of the DB proxy endpoint.
Explanation in Terraform Registry
Provides an RDS DB proxy endpoint resource. For additional information, see the RDS User Guide.
Tips: Best Practices for The Other AWS Amazon RDS Resources
In addition to the aws_db_instance, AWS Amazon RDS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_db_instance
Ensure backup retension of your RDS instance is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster
Ensure backup retension of your RDS cluster is specified
It's better to set it explicitly to reduce the risk of availability issues.
aws_rds_cluster_instance
Ensure your RDS cluster instance blocks unwanted access
It's better to limit accessibily to the minimum that is required for the application to work.
AWS::RDS::DBProxyEndpoint (CloudFormation)
The DBProxyEndpoint in RDS can be configured in CloudFormation with the resource name AWS::RDS::DBProxyEndpoint
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
"AWS::RDS::DBProxyEndpoint": {
"Type": "AWS::RDS::DBProxyEndpoint",
"Properties": {}
},
"AWS::EC2::TrafficMirrorTarget": {
"Type": "AWS::EC2::TrafficMirrorTarget",
Parameters
-
DBProxyEndpointName
required - String -
DBProxyName
required - String -
VpcSecurityGroupIds
optional - List -
VpcSubnetIds
required - List -
TargetRole
optional - String -
Tags
optional - List of TagFormat
Explanation in CloudFormation Registry
The
AWS::RDS::DBProxyEndpoint
resource creates or updates a DB proxy endpoint. You can use custom proxy endpoints to access a proxy through a different VPC than the proxy's default VPC.For more information about RDS Proxy, see AWS::RDS::DBProxy.
Frequently asked questions
What is AWS Amazon RDS Proxy Endpoint?
AWS Amazon RDS Proxy Endpoint is a resource for Amazon RDS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon RDS Proxy Endpoint?
For CloudFormation, the mhlabs/aws-icons-directory source code example is useful. See the CloudFormation Example section for further details.