Cloudformation-coverage-roadmap: AWS::RDS::DBProxy

Expect the following: (updated naming)

AWS::RDS::DBProxy
AWS::RDS::DBProxyTargetGroup

We're working on releasing this soon.

I've had a quick play with this, and found something of an inconvenience.

AWS::RDS::DBProxy-Auth is a list of ways to authenticate to the database. Because it's embedded in the resource, that makes it harder to manage as a dynamic list.

Here are some use cases. For context, I'm adding an optional Proxy to my company-standard PostgreSQL template.

• I want to let the master user connect to the proxy with its credentials: easy, because I can make an AWS::SecretsManager::Secret from the master user password which I need anyway

• I also want to allow a readonly user to connect with IAM credentials: easy, nicely generic

• Now I want to add a few users because different parts of my app should have different privileges (POLA): uh oh, can't do that with my generic template

This sort of pattern comes up quite often, and is catered to nicely with resource relationships between security group rules and security groups, policies and roles, etc.

With an AWS::RDS::DBProxyAuthRule resource ("rule" might not be the best name), I could have a generic template for my database, and add auth methods to it from application templates.

Thanks!

By the way, we've open sourced this resource implementation - you can contribute any new changes/enhancements here: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-rds-proxy