Middy database manager
Simple database manager for the middy framework
dbManager provides seamless connection with database of your choice. By default it uses knex.js but you can use any tool that you want.
After initialization your database connection is accessible under:
Mind that if you use knex you will also need driver of your choice (check docs), for PostgreSQL that would be:
yarn add pg // or npm install pg
To install this middleware you can use NPM:
npm install --save @middy/db-manager
config: configuration object passed as is to client (knex.js by default), for more details check knex documentation
client(optional): client that you want to use when connecting to database of your choice. By default knex.js is used but as long as your client is run as
client(config)or you create wrapper to conform, you can use other tools. Due to node6 support in middy, knex is capped at version
0.17.3. If you wish to use newer features, provide your own knex client here.
secretsPath(optional): if for any reason you want to pass credentials using context, pass path to secrets laying in context object - good example is combining this middleware with ssm
secretsParam(optional): override the connection parameter when setting the password directly from ssm using
rdsSigner. This is ignored when passing an object in. Default:
removeSecrets(optional): By default is true. Works only in combination with
secretsPath. Removes sensitive data from context once client is initialized.
forceNewConnection(optional): Creates new connection on every run and destroys it after. Database client needs to have
destroyfunction in order to properly clean up connections.
rdsSigner(optional): Will use to create an IAM RDS Auth Token for the database connection using RDS.Signer. See AWS docs for required params,
regionis automatically pulled from the
const handler =;handler;
Credentials as secrets object
const handler =;handler;handler;
Custom knex (or any other) client and secrets
const knex =const handler =;handler;handler;
Connect to RDS using IAM Auth Tokens and TLS
const tls =const ca = // Download fromconst handler =;handler;
If you're lambda is timing out, likely your database connections are keeping the event loop open. Check out do-not-wait-for-empty-event-loop middleware to resolve this.
See AWS Docs Rotating Your SSL/TLS Certificate to ensure you're using the right certificate.