AWS Lambda
RDS MySQL
Database Update
Serverless Computing
Cloud Integration

can AWS Lambda connect to RDS mySQL database and update the database?

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Introduction

Yes, AWS Lambda can connect to an RDS MySQL instance and run updates, inserts, and deletes. The main work is not the SQL itself but getting networking, credentials, and connection management right so the function can reach the database reliably without exhausting MySQL connections.

What Has To Be In Place

A Lambda function can talk to RDS MySQL when all of these are true:

  • the function can reach the database endpoint over the network
  • the database security group allows inbound traffic from the Lambda side
  • the function has the credentials to authenticate
  • the runtime package includes a MySQL client library

If the RDS instance is in private subnets, the Lambda usually needs to run in the same VPC or a connected network path.

A Practical Python Example

This example uses pymysql to update one row. In real deployments, credentials should come from Secrets Manager or a secure parameter source rather than hard-coded strings.

python
1import os
2import pymysql
3
4connection = None
5
6
7def get_connection():
8    global connection
9    if connection is None or not connection.open:
10        connection = pymysql.connect(
11            host=os.environ["DB_HOST"],
12            user=os.environ["DB_USER"],
13            password=os.environ["DB_PASSWORD"],
14            database=os.environ["DB_NAME"],
15            connect_timeout=5,
16            autocommit=False,
17        )
18    return connection
19
20
21def lambda_handler(event, context):
22    conn = get_connection()
23
24    with conn.cursor() as cursor:
25        cursor.execute(
26            "UPDATE orders SET status = %s WHERE order_id = %s",
27            ("processed", event["order_id"]),
28        )
29    conn.commit()
30
31    return {"updated": event["order_id"]}

This is a normal pattern:

  • create or reuse a connection
  • run parameterized SQL
  • commit the transaction
  • return a small result

Use Parameterized Queries

Never build update statements by concatenating raw event values into SQL strings. Parameterized queries protect you from SQL injection and reduce quoting mistakes.

The example above uses placeholders and a parameter tuple, which is the correct approach.

Networking and Security Group Basics

For private RDS instances, Lambda must usually be attached to the VPC. Once it is, make sure:

  • the Lambda function uses subnets that can route to the RDS instance
  • the RDS security group allows inbound MySQL traffic from the Lambda security group
  • the Lambda execution environment can still reach any required AWS services if it needs them

A common operational mistake is getting the credentials right but forgetting that the function still has no path to the database endpoint.

Secrets and Connection Management

Credentials should be stored in AWS Secrets Manager or another managed secret store, not inside the source bundle.

Connection count is also important. Lambda can scale quickly, and each concurrent execution may try to open a database connection. That can overwhelm a small MySQL instance.

For heavier production workloads, RDS Proxy is often a better design because it manages connection pooling between Lambda and the database.

When This Pattern Works Well

Lambda to RDS is a good fit for:

  • event-driven updates after file uploads or queue messages
  • simple transactional writes
  • low-to-moderate throughput administrative actions
  • APIs with predictable concurrency and efficient SQL

It becomes trickier when thousands of concurrent invocations all want long-lived database sessions.

Common Pitfalls

Putting the function outside the right VPC path is one of the most common reasons connections fail.

Hard-coding passwords instead of using managed secrets is another operational mistake.

Ignoring connection scaling can hurt badly. Lambda concurrency and MySQL connection limits do not scale in the same way.

Finally, remember to package the MySQL client library for the Lambda runtime or include it through a layer if your deployment process requires that.

Summary

  • Lambda can absolutely connect to RDS MySQL and issue updates
  • the critical pieces are networking, security groups, credentials, and a packaged MySQL client
  • use parameterized SQL and explicit commits for safe updates
  • prefer Secrets Manager for credentials and consider RDS Proxy for higher-concurrency workloads
  • most failures come from VPC or connection-management mistakes rather than from Lambda itself

Course illustration
Course illustration

All Rights Reserved.