Creates a RDS proxy for use with AWS Aurora MySQL and Postgres engines.
kurgan add rds-proxy| Name | Use | Default | Global | Type | Allowed Values |
|---|---|---|---|---|---|
| EnvironmentName | Tagging | dev | true | string | |
| EnvironmentType | Tagging | development | true | string | ['development','production'] |
| DnsDomain | create route53 record for the proxy endpoint | false | string | ||
| TargetDBClusterIdentifier | Aurora cluster to attach to the proxy | false | string | ||
| TargetDBClusterPort | Aurora cluster port | 5432 for postgres, 3306 for mysql | false | string | |
| DBClusterSecurityGroup | Aurora cluster security group id, a ingress rule is created on this security to allow access from the proxy | false | AWS::EC2::SecurityGroup::Id | ||
| ProxyName | name of the rds proxy required by cloudformation. this value prefixed with the environment name | rdsproxy | false | string | |
| SecretCredentials | secrets manager arn of the secret. | false | string | ||
| IdleClientTimeout | proxy idle connection timeout in seconds | 120 | false | number | |
| RequireTLS | require tls connections to the proxy | true | false | boolean | true, false |
| MaxConnectionsPercent | The maximum size of the connection pool for each target in a target group | 100 | false | number | min: 1, max: 100 |
| MaxIdleConnectionsPercent | Controls how actively the proxy closes idle database connections in the connection pool | 50 | false | number | |
| ConnectionBorrowTimeout | The number of seconds for a proxy to wait for a connection to become available in the connection pool | 120 | false | number | |
| VPCId | AWS VPC ID to put the proxy in | false | string | ||
| SubnetIds | list of subnet ids to put the proxy in | false | CommaDelimitedList | ||
| NamespaceId | if using aws service discovery | false | string |
Postgres
database_engine: POSTGRESQLMySQL
database_engine: MYSQLIAM Auth
IAM authentication to the proxy is enabled by default, to disable this use the following config
iam_auth: DISABLEDSecurity Group Rules
configure network access to the proxy, set a ingress rule on the security group. For further rule options see docs here
security_group_rules:
ingress:
-
from: 5432
protocol: tcp
security_group_id: ${MyAppSecurityGroupId}
desc: access to the postgres port from another security groupOther Config Options
See the test configs in the tests directory
| Name | Value | Exported |
|---|
gem install cfhighlanderor via docker
docker pull theonestack/cfhighlanderGenerate cftest
kurgan test exampleRun cftest
cfhighlander cftest -t tests/example.test.yamlor run all tests
cfhighlander cftestGenerate spec tests
kurgan test example --type specrun spec tests
gem install rspecrspec