This Lambda function automatically maintains ALB/NLB target group registrations for Aurora cluster or standalone RDS instance IP addresses based on their role (reader/writer).
- Dynamically updates target groups with RDS instance IP addresses
- Supports separate reader and writer endpoint management
- Supports Aurora clusters and standalone RDS instances
- Excludes auto-scaled instances from target registration
- Handles target group registration/deregistration automatically
Provide identifier and target_group_arn to manage a specific RDS instance or Aurora cluster.
Leave identifier and target_group_arn empty. The Lambda will scan all RDS clusters and standalone instances for a tag named place_into_target_group whose value is the target group ARN. All matching resources are synced automatically.
Tag your RDS resources like this:
place_into_target_group = "arn:aws:elasticloadbalancing:eu-west-1:123456789012:targetgroup/my-tg/abc123"
Multiple RDS resources can point to the same or different target groups.
DB_IDENTIFIER: RDS instance or Aurora cluster identifier (empty for discovery mode)TARGET_GROUP_ARN: Target group ARN to manage (empty for discovery mode)TARGET_PORT: Database port (default: 3306)TYPE: Target type - 'reader' or 'writer' (default: 'reader')
Good for NLB used for AWS VPC Endpoints.
Install pre-commit hooks by running following commands:
brew install pre-commit terraform-docs
pre-commit installNo requirements.
| Name | Version |
|---|---|
| archive | n/a |
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.every_minute | resource |
| aws_cloudwatch_event_target.lambda_target | resource |
| aws_iam_role.lambda_execution_role | resource |
| aws_iam_role_policy.lambda_policy | resource |
| aws_lambda_function.aurora_nlb | resource |
| aws_lambda_permission.allow_cloudwatch_to_call_lambda | resource |
| aws_security_group.lambda_sg | resource |
| archive_file.lambda_zip | data source |
| aws_iam_policy_document.lambda_assume_role_policy | data source |
| aws_iam_policy_document.lambda_policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| identifier | ID of the Aurora cluster to fetch IP addresses from, or instance identifier for single RDS instance. Leave empty for discovery mode. | string |
"" |
no |
| lambda_timeout | Timeout in seconds for the Lambda function. Discovery mode needs more time due to multiple API calls. | number |
60 |
no |
| name | Prefixing name for the Lambda function and associated resources | string |
n/a | yes |
| tags | Tags to apply to all resources created by this module | map(string) |
{} |
no |
| target_group_arn | ARN of the target group to update with Aurora endpoints IP addresses. Leave empty for discovery mode. | string |
"" |
no |
| target_port | Port on which the target group is listening | string |
n/a | yes |
| type | Type of the target group, either 'reader' or 'writer' | string |
n/a | yes |
| vpc_id | VPC ID for Lambda security group | string |
n/a | yes |
| vpc_subnet_ids | Subnet IDs for Lambda to run within the VPC | list(string) |
n/a | yes |
| Name | Description |
|---|---|
| function_name | n/a |