Is it possible to use Amazon Aurora with Netlify Lambdas?

We’d like to use a more traditional RDBMS like MySQL or Postgres and Aurora appears to be the best serverless option.

I’ve created an Aurora DB and I’m able to connect to it with the Amazon Cloud9 IDE. However, when I try to connect to it using a Netlify Lambda function I get an error that the “cluster does not belong to the calling account id”. This makes sense. I think it will only allow connections from within the same VPC by default. However, it also seems like there should be a way around it since the Aurora Data API is HTTP based. Unfortunately I haven’t had any luck and I can’t find anything in the Amazon docs (which are somewhat overwhelming.)

Has anyone else done this? I’d really appreciate some pointers or even a definitive “no it’s not possible because X” so that I can just move on.

EDIT: I’m trying to use the Aurora “Serverless” option. It’s possible to make the other types publicly accessible.

I’ve never tried the Aurora “serverless” database but if it is HTTP based, you’ll probably need to have your Netlify Lambda function is sending some sort of authorization token somehow. I’m not sure what kind of authorization Aurora needs, though. You can use env vars to set your token without having to commit it in your git repo.

Hope that helps point you in the right direction.

When I try to pass AWS credentials into the RDS.DataService
const RDS = new AWS.RDSDataService({credentials: credentials})
Netlify has an error that the options [credentials] is not supported. Is that something I’m doing wrong, or is Netlify preventing it?

RE: env vars - AWS_ACCESS_KEY_ID is apparently reserved, and while it will let me save AWS_ACCESS_KEY, it causes the build to fail. I don’t think that’s documented.

With regards to env vars, yes, AWS_ prefixed vars are reserved, you can create something like MY_AWS_ prefixed vars instead and explicitly use those variables. You’ll need to check AWS’s documentation on how to pass credentials using specific env vars. Let me know how that goes.

It’s working now.

const rdsConfig: RDSDataService.ClientConfiguration = {
  region: awsRegion,
  credentials: new AWS.Credentials({
    accessKeyId: awsAccessKeyId,
    secretAccessKey: awsSecretAccessKey,

const RDS = new AWS.RDSDataService(rdsConfig)

thanks for closing the loop and providing your working code!~