IntegrationsDatabasesAmazon RDS

Amazon RDS

Datafly Signal delivers events to Amazon RDS and Aurora databases via the Data API, eliminating the need for direct database connections or VPC peering.

Prerequisites

Before configuring Amazon RDS in Signal, you need an AWS account with an Aurora cluster, the Data API enabled, and credentials stored in AWS Secrets Manager.

Create an AWS Account

If you don’t already have one, sign up at aws.amazon.com.

Create an Aurora Cluster

  1. Open the RDS console.
  2. Click Create database.
  3. Choose Aurora (MySQL-compatible) or Aurora (PostgreSQL-compatible).
  4. Select a capacity type — Aurora Serverless v2 is recommended for variable workloads.
  5. Set a Master username and Master password.
  6. Configure networking and security group settings.
  7. Click Create database.
  8. Note the Cluster ARN from the cluster details page.
⚠️

The RDS Data API is supported on Aurora Serverless v1, Aurora Serverless v2, and Aurora provisioned clusters only. Standard RDS instances (non-Aurora) do not support the Data API.

Enable the Data API

  1. In the RDS console, select your Aurora cluster.
  2. Click Modify.
  3. Under Connectivity, enable Data API.
  4. Click Continue > Apply immediately.

Create a Database and Table

Connect to the cluster and create the target database and table:

CREATE DATABASE datafly_events;
 
USE datafly_events;
 
CREATE TABLE events (
  event_id VARCHAR(64) PRIMARY KEY,
  type VARCHAR(20),
  event VARCHAR(256),
  anonymous_id VARCHAR(64),
  user_id VARCHAR(256),
  timestamp TIMESTAMP,
  received_at TIMESTAMP,
  context JSON,
  properties JSON,
  traits JSON,
  source_id VARCHAR(64),
  integration_id VARCHAR(64)
);

Store Credentials in Secrets Manager

The Data API authenticates using an AWS Secrets Manager secret.

  1. Open the Secrets Manager console.
  2. Click Store a new secret.
  3. Select Credentials for Amazon RDS database.
  4. Enter the database Username and Password.
  5. Select your Aurora cluster.
  6. Name the secret (e.g. datafly/rds-credentials).
  7. Click Store.
  8. Note the Secret ARN from the secret details page.

Create an IAM User for Signal

  1. Open the IAM console.
  2. Create a user (e.g. datafly-signal-rds) with a custom policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds-data:ExecuteStatement",
        "rds-data:BatchExecuteStatement"
      ],
      "Resource": "arn:aws:rds:us-east-1:123456789012:cluster:your-cluster-id"
    },
    {
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:us-east-1:123456789012:secret:datafly/rds-credentials-*"
    }
  ]
}
  1. Replace the region, account ID, cluster ID, and secret name with your values.
  2. Generate access keys and store them securely.

Configuration

FieldTypeRequiredDescription
cluster_arnstringYesThe ARN of the Aurora cluster.
databasestringYesThe database name within the cluster.
table_namestringYesThe target table name to insert rows into.
secret_arnsecretYesThe ARN of the Secrets Manager secret containing database credentials.
regionselectYesThe AWS region where the cluster is located.

Signal Setup

Quick Setup

  1. Navigate to Integrations in the sidebar.
  2. Open the Integration Library tab.
  3. Find Amazon RDS or filter by Cloud Storage.
  4. Click Install, select a variant if available, and fill in the required fields.
  5. Click Install Integration to create the integration with a ready-to-use default blueprint.

API Setup

curl -X POST http://localhost:8084/v1/admin/integration-catalog/amazon_rds/install \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Amazon RDS",
    "variant": "default",
    "config": {
      "cluster_arn": "arn:aws:rds:us-east-1:123456789012:cluster:datafly-aurora",
      "database": "datafly_events",
      "table_name": "events",
      "secret_arn": "arn:aws:secretsmanager:us-east-1:123456789012:secret:datafly/rds-credentials-AbCdEf",
      "region": "us-east-1"
    },
    "delivery_mode": "server_side"
  }'

Testing

  1. Enable the integration in Signal and trigger a test event on your website.
  2. Use the RDS Query Editor in the AWS console (or any SQL client connected via the Data API) to query the target table:
SELECT * FROM events ORDER BY timestamp DESC LIMIT 10;
  1. Verify that event rows are appearing with correct data.
  2. In Signal, check the Live Events view to confirm delivery status shows as successful.

Troubleshooting

ProblemSolution
Events not appearing in the tableVerify the cluster ARN, database name, table name, and secret ARN are all correct.
AccessDeniedExceptionThe IAM user lacks rds-data:ExecuteStatement or secretsmanager:GetSecretValue permission. Update the IAM policy.
BadRequestException: Data API is not enabledEnable the Data API on the Aurora cluster via Modify > Connectivity > Data API.
BadRequestException: Database not foundThe database name does not match. Verify the database config field matches the database you created.
StatementTimeoutExceptionThe query timed out. Check database performance and consider adding indexes.
Secret rotation issuesIf the Secrets Manager secret has been rotated, verify the new credentials are valid by testing the connection.
Credential errorsVerify the Secrets Manager secret contains valid database credentials and the IAM user has secretsmanager:GetSecretValue on the secret ARN.

Visit Amazon RDS Data API documentation for full API reference and supported SQL statements.

Amazon DynamoDBAzure Cosmos DB