Hello Lambda from RDS

Mostafa Ead
Jun 30 · 2 min read

AWS has a diverse portfolio of services and capabilities that makes it easy to build innovative solutions in different types of businesses. Putting myself in RDS for Oracle customers shoes, I see the urge to integrate with AWS services to make my solution simpler. However, I don’t want to write a lot of PL/SQL code to integrate with every service. I can simply integrate with just AWS Lambda, and use it as a lever to integrate with other AWS service.

You can build PL/SQL procedures to implement a simple AWS Lambda client by following the API documentation. You can instead create an Amazon API Gateway backed by your Lambda function, and simply use utl_http to integrate with AWS Lambda through that API Gateway.

In this blog post, I am going to describe how to integrate with AWS Lambda through Amazon API Gateway.

Steps at a high level:

  1. Create a Lambda function in region X
  2. Create a private API gateway in the same region
  3. Create an Interface VPC Endpoint to connect resources from your VPC Y to the API gateway privately without going through the Internet
  4. Create a 12.2 RDS for instance in the same VPC Y
  5. Download a custom wallet to the 12.2 RDS for Oracle instance where the root certificate of Amazon API gateway is trusted
  6. Use utl_http in a PL/SQL small script to trigger the Lambda function

Why Interface VPC Endpoint?
The API Gateway should not be exposed publicly to the Internet. Otherwise, the Lambda function backing it will be invoked by any entity on the Internet, and that is insecure. So the API Gateway has to be private. To make it more secure, you should configure the API Gateway to accept invoke requests from resources in a certain VPC where your RDS for Oracle instance exists. Hence, you should setup an Interface VPC Endpoint to securely and privately connect through it to my API Gateway.

Why downloading a custom wallet on my RDS for Oracle instance?
All of the APIs created with Amazon API Gateway expose HTTPS endpoints only. Hence, you have to setup an Oracle wallet to trust the API Gateway certificate or any certificate authority in its certificate chain. Follow the steps documented here to properly download a custom wallet to your RDS for Oracle instance.

As a quickstart, here is a sample cloud formation template to help you create the Lambda function, the private API Gateway, and the Interface VPC Endpoint. And here is a sample PL/SQL script to invoke your Lambda function from the RDS for Oracle instance.


In this blogpost, I described how to integrate RDS for Oracle with AWS Lambda, and use it as a lever to integrate with other AWS services. I hope you like it and please share comments/improvements below.

Mostafa Ead

Written by

I work for @AWSCloud & my opinions are my own

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade