{ "id": "rds-proxy", "title": "RDS Proxy setup for RDI", "url": "https://redis.io/docs/latest/operate/rc/rdi/rds-proxy/", "summary": "Set up RDS Proxy for Redis Data Integration (not recommended).", "tags": [ "docs", "operate", "rc" ], "last_updated": "2026-06-08T15:47:16+02:00", "page_type": "content", "content_hash": "621a7e7ef761c9f04e8fda8e5efb1b69b660809a868069e2fa31f7e36084055c", "sections": [ { "id": "overview", "title": "Overview", "role": "overview", "text": "We do not recommend using RDS Proxy for RDI connections. The [Lambda function approach](https://redis.io/docs/latest/operate/rc/rdi/setup#setup-lambda-function) provides better failover handling and is the recommended solution for production environments.\n\nAdditionally, RDS Proxy does not work with RDS PostgreSQL and Aurora PostgreSQL because it does not support PostgreSQL logical replication.\n\nOnly use RDS Proxy if you have specific requirements that necessitate it." }, { "id": "overview", "title": "Overview", "role": "overview", "text": "RDS Proxy is a fully managed, highly available database proxy for Amazon RDS. While it can be used with RDI, we recommend the Lambda function approach instead for the following reasons:\n\n- **PostgreSQL incompatibility**: RDS Proxy does not support PostgreSQL logical replication, which is required for CDC (Change Data Capture).\n- **Added complexity**: RDS Proxy adds an additional layer between RDI and your database.\n- **Lambda provides better failover**: The Lambda function approach handles failover scenarios more efficiently.\n\nIf you still need to use RDS Proxy, follow the instructions below." }, { "id": "prerequisites", "title": "Prerequisites", "role": "content", "text": "Before setting up RDS Proxy, ensure you have:\n\n- An RDS or Aurora database (MySQL or SQL Server only)\n- AWS Secrets Manager secret containing your database credentials\n- AWS KMS encryption key for the secret\n- Appropriate IAM permissions" }, { "id": "create-rds-proxy", "title": "Create RDS Proxy", "role": "content", "text": "Follow the AWS documentation to create an RDS Proxy:\n\n- [Creating an RDS Proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html) (AWS documentation)\n- [How RDS Proxy works](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.howitworks.html) (AWS documentation)\n- [RDS Proxy TLS/SSL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.howitworks.html#rds-proxy-security.tls) (AWS documentation)" }, { "id": "iam-permissions", "title": "IAM permissions", "role": "content", "text": "The Proxy's IAM role must have the following permissions to access the database using the credentials secret and encryption key:\n\n- `secretsmanager:GetSecretValue`\n- `secretsmanager:DescribeSecret`\n- `kms:Decrypt`\n\nExample IAM policy:\n\n[code example]" }, { "id": "get-the-rds-proxy-ip-address", "title": "Get the RDS Proxy IP address", "role": "content", "text": "After creating the RDS Proxy, you need to get its static IP address to use when configuring the Network Load Balancer.\n\nTo get the static IP address of your RDS Proxy, run the following command on an EC2 instance in the same VPC as the Proxy:\n\n[code example]\n\nReplace `` with the endpoint of your RDS Proxy. Save this IP address for use in the Network Load Balancer configuration." }, { "id": "configure-the-network-load-balancer", "title": "Configure the Network Load Balancer", "role": "configuration", "text": "When you [create the Network Load Balancer](https://redis.io/docs/latest/operate/rc/rdi/setup#create-network-load-balancer-rds), use the RDS Proxy IP address instead of the database IP address:\n\n1. In **Register targets**, enter the static IP address of your RDS Proxy (obtained in the previous step).\n2. Enter the port number where your RDS Proxy is exposed.\n3. Select **Include as pending below**.\n4. Complete the remaining Network Load Balancer setup as described in the [main setup guide](https://redis.io/docs/latest/operate/rc/rdi/setup#create-network-load-balancer-rds)." }, { "id": "next-steps", "title": "Next steps", "role": "content", "text": "After setting up RDS Proxy and the Network Load Balancer:\n\n1. [Create an endpoint service](https://redis.io/docs/latest/operate/rc/rdi/setup#create-endpoint-service-rds) through AWS PrivateLink.\n2. [Share your source database credentials](https://redis.io/docs/latest/operate/rc/rdi/setup#share-source-database-credentials) with Redis Cloud.\n3. Continue with the [RDI pipeline configuration](https://redis.io/docs/latest/operate/rc/rdi/define).\n\n\nWhen using RDS Proxy, you do not need to set up the Lambda function for failover handling, as the proxy provides a static endpoint." } ], "examples": [ { "id": "iam-permissions-ex0", "language": "json", "code": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"secretsmanager:GetSecretValue\",\n \"secretsmanager:DescribeSecret\"\n ],\n \"Resource\": \"arn:aws:secretsmanager:region:account-id:secret:secret-name\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": \"kms:Decrypt\",\n \"Resource\": \"arn:aws:kms:region:account-id:key/key-id\"\n }\n ]\n}", "section_id": "iam-permissions" }, { "id": "get-the-rds-proxy-ip-address-ex0", "language": "sh", "code": "$ nslookup ", "section_id": "get-the-rds-proxy-ip-address" } ] }