Enterprise-grade PostgreSQL wire protocol proxy for AWS Aurora Serverless v2
AuroraWire connects pgAdmin, DBeaver, and any PostgreSQL client to Aurora Serverless without exposing your database publicly or managing EC2 instances.
- Security Risk: Making RDS publicly accessible exposes your database to attacks and breaches
- Infrastructure Overhead: Running bastion hosts or VPN connections requires EC2 management
- Development Friction: Connecting local tools to Aurora Serverless is complex and insecure
- Connection Management: Manual connection pooling and socket handling complexity
AuroraWire eliminates these challenges by providing a zero-infrastructure middleware that acts as a secure bridge between your PostgreSQL clients and Aurora Serverless v2.
|
|
|
- Running AWS RDS from your own infrastructure and need secure access
- Preventing postgresql:// connection strings from traversing public internet
- Reducing operational overhead of bastion hosts and VPN management
- Want to connect interface tools (pgAdmin, DBeaver) to Aurora Serverless v2
- Need local development access to production-like Aurora environments
- Seeking simplified database connectivity without infrastructure complexity
- Prioritizing database security and attack surface reduction
- Meeting strict compliance requirements for database access
- Implementing zero-trust database connectivity patterns
- Node.js 18+
- AWS Account with RDS Data API enabled
- Aurora Serverless v2 PostgreSQL cluster
- IAM credentials with Data API permissions
# Clone the repository
git clone https://github.com/bhoobalan-bhoo/aws-aurora-wire-proxy.git
cd aws-aurora-wire-proxy
# Install dependencies
npm install
# Configure environment
cp .env.example .env
# Edit .env with your AWS and Aurora details
# Start the proxy
npm start- Host:
localhost - Port:
5432 - Database: Your Aurora database name
- Username/Password: Any value (proxy handles authentication)
That's it! Your Aurora Serverless v2 cluster is now accessible through pgAdmin without any public exposure.
graph LR
A[pgAdmin/DBeaver] --> B[AuroraWire]
B --> C[AWS RDS Data API]
C --> D[Aurora Serverless v2]
B -.-> E[PostgreSQL Wire Protocol]
C -.-> F[HTTPS/JSON API]
D -.-> G[Private VPC Network]
%% Color styles
style A fill:#bbdefb,stroke:#1e88e5,stroke-width:2px,color:#0d47a1
style B fill:#e1bee7,stroke:#8e24aa,stroke-width:2px,color:#4a148c
style C fill:#ffe0b2,stroke:#fb8c00,stroke-width:2px,color:#e65100
style D fill:#c8e6c9,stroke:#43a047,stroke-width:2px,color:#1b5e20
style E fill:#f5f5f5,stroke:#9e9e9e,color:#424242,stroke-dasharray: 5 5
style F fill:#f5f5f5,stroke:#9e9e9e,color:#424242,stroke-dasharray: 5 5
style G fill:#ede7f6,stroke:#673ab7,color:#311b92
| Feature | Support Level | Notes |
|---|---|---|
| Basic Queries | ✅ Full | SELECT, INSERT, UPDATE, DELETE |
| Transactions | Data API transaction limitations | |
| Connection Pooling | ✅ Simulated | Handled by Data API middleware |
| SSL/TLS | ✅ Full | End-to-end encryption |
| Large Result Sets | 15-minute query timeout | |
| PostgreSQL Extensions | ❌ Limited | Depends on Aurora Serverless support |
aws-aurora-wire-proxy/
└── src/
├── config/ # AWS & logging configuration
├── data-api/ # RDS Data API client
├── protocol/ # PostgreSQL wire protocol implementation
├── server/ # Proxy server & connection handling
├── translation/ # Query translation & metadata
├── utils/ # Utilities & constants
└── index.js # Main File
# AWS Configuration
AWS_REGION=""
AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
AWS_SESSION_TOKEN="" (Optional, If you wanna connect via SSO using 1 Hour Token)
# RDS Data API Configuration
RDS_CLUSTER_ARN=""
RDS_SECRET_ARN=""
RDS_DATABASE_NAME=""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-data:ExecuteStatement",
"rds-data:BatchExecuteStatement",
"rds-data:BeginTransaction",
"rds-data:CommitTransaction",
"rds-data:RollbackTransaction"
],
"Resource": "arn:aws:rds:*:*:cluster:your-cluster-name"
}
]
}# pgAdmin Server Configuration
Host: localhost
Port: 5432
Maintenance Database: your_db_name
Username: proxy
Password: proxypsql -h localhost -p 5432 -U proxy -d your_database_nameconst connectionString = 'postgresql://proxy:proxy@localhost:5432/your_db_name';- Aurora cluster remains in private subnets
- No public IP addresses or security group modifications needed
- Zero direct internet exposure to your database
- Eliminates direct database connection vulnerabilities
- Protection against SQL injection attacks targeting connection strings
- No exposed database ports or endpoints
- Leverages AWS IAM for authentication and authorization
- Uses AWS Secrets Manager for credential management
- All traffic encrypted with AWS TLS standards
npm run devCooooking!Cooooking!We welcome contributions!
# Fork and clone the repo
git clone https://github.com/your-username/aws-aurora-wire-proxy.git
# Install dependencies
npm install
# Run in development mode
npm run dev
- Enhanced Transaction Support - Extended Data API transaction capabilities
- Query Result Caching - Redis-based result caching for improved performance
- Connection Multiplexing - Advanced connection management and pooling
- Monitoring Dashboard - Real-time metrics and health monitoring
- Kubernetes Operator - Native Kubernetes deployment and management
- Multi-Region Support - Cross-region Aurora cluster support
- GraphQL Interface - GraphQL-to-SQL translation layer
This project is licensed under the MIT License - see the LICENSE file for details.
- PostgreSQL Community - For comprehensive protocol documentation
- AWS Team - For RDS Data API and Aurora Serverless innovations
- Open Source Contributors - Building the ecosystem that makes this possible
⭐ Star this repository if AuroraWire helped you build secure, scalable database connectivity!
Made with ❤️ for the developer community