How to :: MySQL to REST API with AWS Lambda and nodejs

This article is a quick step-by-step guide on how to leverage a simple AWS Lambda function in nodejs to support a REST API endpoint for SQL queries to a private database running in AWS.

As a pre-requisite, we need to create a layer for the nodejs mysql module. A step-by-step for how to create a nodejs layer is available here.

Note: use mysql2 instead of mysql to support recent versions of MySQL or MariaDB that don't support native password.

We will be using a MySQL database running on top of a Ubuntu 22.04 EC2 instance. The steps are a bit different for a mysql database via AWS RDS, and are not covered in this article. We used sudo apt-get install mysql-server and then sudo mysql to configure MySQL on Ubuntu.

First, we need to make sure our MySQL test database is accepting remote connections. Since this is a test database, we can accept all remote connections, but for a production database, we would be more granular about security. Let's just allow all remote connections, by setting bind-address in /etc/mysql/mysql.conf.d/mysqld.cnf to 0.0.0.0:

We also need to create a user that is enabled for remote connection and has a native MySQL password with:

CREATE USER 'admin2'@'%' IDENTIFIED WITH mysql_native_password BY '{password_value}';

Note: With mysql2, use the following instead if support for native password is not available for your MySQL database:

CREATE USER 'admin2'@'%' IDENTIFIED BY '{password_value}';

Then we need to modify the Security Group for our MySQL server instance to allow remote connection from our VPC or Virtual Private Cloud subnet:

Then we need to create a layer for the nodejs mysql module in Lambda by importing our layer zip file. Note the ARN value, which is needed to add the layer to our test function:

Next we need to create a test AWS Lambda function using nodejs, add the layer with ARN, and configure a Function URL with Auth type set to NONE :

This is the nodejs code for the function:

Note that AWS CloudWatch can be used to see the outputs of console.log().

We need to enable our function to access the VPC subnet via Configuration:

Now we are ready to test our function. We need a base64 encoded value for our password, which can be generated by using a free tool here. Let's use Postman and create a new POST request with our Function URL:

The mysql_host value needs to be the private IP DNS, which can be obtained via the EC2 instance for our MySQL server. The password is base64 encoded to provide an example on how we can start to make things more secure, by obfuscating its value.

The SQL Query is included in a JSON document and sent as the body:

Now that we have this simple working example in hand, we can start to work on real world Use Cases and improve the code and security. I hope you have enjoyed this article, and that it inspired you to build your own function for a SQL REST API for your MySQL database.