Create an RDS Proxy in the console for the target Aurora PostgreSQL or RDS PostgreSQL cluster; the proxy requires a Secrets Manager secret containing the database username and password
Set MaxConnectionsPercent (expressed as a percentage of the DB's max_connections) and MaxIdleConnectionsPercent to reserve backend connections; leave room for direct admin connections
Update application connection strings to point to the proxy endpoint instead of the DB endpoint; no application code changes are needed for basic use
To minimize connection pinning (which prevents multiplexing), avoid issuing SET commands, PREPARE/EXECUTE, DISCARD, or opening cursors across transaction boundaries; use parameterized queries at the protocol level instead of named prepared statements where possible
Enable IAM authentication on the proxy for applications that should not store passwords: generate a short-lived auth token with aws rds generate-db-auth-token and pass it as the password
Monitor the proxy with CloudWatch metrics: DatabaseConnectionsCurrentlyBorrowed, ClientConnections, and QueryDatabaseResponseLatency to detect saturation
Known gotchas
PostgreSQL prepared statements (PREPARE / EXECUTE), SET commands, and cursors cause connection pinning, negating the multiplexing benefit; audit ORM and driver settings to use protocol-level parameterized queries instead
The proxy enforces IAM authentication separately from the database; if IAM auth is enabled on the proxy but the DB does not have rds.force_ssl=1 and the correct pg_hba.conf entries, connections will fail
RDS Proxy does not reduce the number of backend connections below MaxConnectionsPercent; if all backend connections are busy, client connections queue or fail — size MaxConnectionsPercent relative to actual DB max_connections
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp