can AWS Lambda connect to RDS mySQL database and update the database?

amazon-web-services amazon-rds amazon-iam aws-lambda
ARUNBALAN NV picture ARUNBALAN NV · Aug 4, 2015 · Viewed 49.9k times · Source

I am trying to connect AWS Lambda function to RDS mysql database.
I just wanted to update the database from my lambda function. Is it possible to access RDS by specifiying IAM Role and access Policy?.
I can connect to mysql databse using mysql client.but when i try on lambda i can't do that. here is my code. 

console.log('Loading function');
var doc = require('dynamodb-doc');
var dynamo = new doc.DynamoDB();
var mysql = require('mysql');
exports.handler = function(event, context) {
    //console.log('Received event:', JSON.stringify(event, null, 2));  
    var operation = event.operation;
    delete event.operation;
    switch (operation) {
        case 'create':
            var conn = mysql.createConnection({
                host: 'lamdatest.********.rds.amazonaws.com', // RDS endpoint 
                user: 'user', // MySQL username 
                password: 'password', // MySQL password 
                database: 'rdslamda'
            });
            conn.connect();
            console.log("connecting...");
            conn.query('INSERT INTO login (name,password) VALUES("use6","password6")', function(err, info) {
                console.log("insert: " + info.msg + " /err: " + err);
            });
            console.log("insert values in to database");
            break;
        case 'read':
            dynamo.getItem(event, context.done());
            break;

        default:
            context.fail(new Error('Unrecognized operation "' + operation + '"'));

    }
    context.succeed();
};

Answer

Matt Houser picture Matt Houser · Aug 4, 2015

Yes. You can access a MySql RDS database from AWS Lambda.

You can use node-mysql library.

However, there is a big caveat that goes with it.

AWS Lambda does not (currently) have access to private subnets inside a VPC. So in order for AWS Lambda to access your RDS database, it must be publicly accessible, which could be a security risk for you.

Update (2015-10-30): AWS Lambda announced upcoming VPC support (as of re:Invent 2015), so this won't be an issue for much longer.

Update (2015-11-17): AWS Lambda still does not have VPC support.

Update (2016-02-11): AWS Lambda can now access VPC resources:

https://aws.amazon.com/blogs/aws/new-access-resources-in-a-vpc-from-your-lambda-functions/

To achieve this functionality, your Lambda function will actually execute inside your VPC in a subnet. Some caveats come with this functionality:

  • The VPC subnet needs enough free IP addresses to handle Lambda's scaling
  • If your Lambda function needs internet access, then it's designated VPC subnet will need an Internet Gateway or NAT

Related questions

Access denied; you need (at least one of) the SUPER privilege(s) for this operation

So I try to import sql file into rds (1G MEM, 1 CPU). The sql file is like 1.4G mysql -h xxxx.rds.amazonaws.com -u user -ppass --max-allowed-packet=33554432 db < db.sql It got stuck at: ERROR 1227 (42000) at line 374: Access …

Read More
MySQL/Amazon RDS error: "you do not have SUPER privileges..."

I'm attempting to copy my mysql database from an Amazon EC2 to an RDS: I successfully did a mysqldump of my database into my root folder using this: root@ip-xx-xx-xx-xx:~# mysqldump my_database -u my_username -p > my_database.…

Read More
Creating A New MySQL User In Amazon RDS Environment

I need to create a new MySQL user with limited permission on an existing Amazon RDS instance. After encountering a couple error messages I was sort of able to do this using the official MySQL Administrator tool and the user …

Read More