Wondering what’s next for npm?Check out our public roadmap! »

    TypeScript icon, indicating that this package has built-in type declarations

    2.0.1 • Public • Published

    Middy rds-signer middleware

    Middy logo

    RDS Signer middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

    Fetches RDS credentials to be used when connecting to RDS with IAM roles.


    To install this middleware you can use NPM:

    npm install --save @middy/rds-signer


    • AwsClient (object) (default AWS.RDS.Signer): AWS.RDS.Signer class constructor (e.g. that has been instrumented with AWS XRay). Must be from aws-sdk v2.
    • awsClientOptions (object) (optional): Options to pass to AWS.RDS.Signer class constructor.
    • awsClientAssumeRole (string) (optional): Internal key where role tokens are stored. See @middy/sts on to set this.
    • awsClientCapture (function) (optional): Enable XRay by passing captureAWSClient from aws-xray-sdk in.
    • fetchData (object) (required): Mapping of internal key name to API request parameters.
    • disablePrefetch (boolean) (default false): On cold start requests will trigger early if they can. Setting awsClientAssumeRole disables prefetch.
    • cacheKey (string) (default rds-signer): Internal cache key for the fetched data responses.
    • cacheExpiry (number) (default -1): How long fetch data responses should be cached for. -1: cache forever, 0: never cache, n: cache for n ms.
    • setToEnv (boolean) (default false): Store role tokens to process.env. Storing secrets in process.env is considered security bad practice
    • setToContext (boolean) (default false): Store role tokens to request.context.


    • Lambda is required to have IAM permission for rds-db:connect with a resource like arn:aws:rds-db:#{AWS::Region}:#{AWS::AccountId}:dbuser:${database_resource}/${iam_role}
    • setToEnv and setToContext are included for legacy support and should be avoided for performance and security reasons. See main documentation for best practices.

    Sample usage

    import middy from '@middy/core'
    import rdsSigner from '@middy/rds-signer'
    const handler = middy((event, context) => {
      const response = {
        statusCode: 200,
        headers: {},
        body: JSON.stringify({ message: 'hello world' })
      return response
        fetchData: {
          rdsToken: {
            region: 'ca-central-1',
            hostname: '***.rds.amazonaws.com',
            username: 'iam_role',
            database: 'postgres',
            port: 5432

    Middy documentation and examples

    For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.


    Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.


    Licensed under MIT License. Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the Middy team.

    FOSSA Status


    npm i @middy/rds-signer

    DownloadsWeekly Downloads






    Unpacked Size

    9.71 kB

    Total Files


    Last publish


    • avatar
    • avatar
    • avatar