node.js, node-oracledb and Oracle Instant Client

To access an Oracle DB from an AWS Lambda function developed with node.js, you need to package you Lambda with shared libraries from Oracle’s Instant Client. The install instructions are here ( http://oracle.github.io/node-oracledb/INSTALL.html#quickstart ) but the only part that is really needed is the download location (since there’s no specific instructions for bundling the libs with an AWS Lambda): https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html

Not all the Oracle Instant Client files are needed. From this older npm module to automate the packaging of the required libraries, I used this same list of required libraries:

libclntshcore.so.19.1
libclntsh.so.19.1
libmql1.so
libipc1.so
libnnz19.so
libons.so (not packaged in current Instant Client)
libociicus.so
libaio.so (from separate download - see next step)

libaio – if you’re on a Linux platform you can ‘apt-get install libaio’ or similar, but building my Lambda on a Mac I had to manually download the package and extract just the .so file from here (download the Arch Linux x64 package): https://pkgs.org/download/libaio

Put these in a /lib dir and zip up the folder and files. Use this to create a Lambda Layer.

For the Lambda itself install the node.js module for the api:

npm install –save node-oracledb

For examples in api usage, see the examples here: https://github.com/oracle/node-oracledb/tree/master/examples

Installing Oracle Instant Client and Tools in an AWS EC2

I’m using the AWS Amazon Linux 2 AMI on my EC2. To download the Oracle Instant Client get the download urls for the instant client and instant client tools from: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html

Download using curl and install with rpm:

curl instant-client-url-from-page-above --output instant-client.rpm
rpm -i instant-client.rpm
curl instant-client-tools-from-page-above --output instant-client-tools.rpm
rpm -i instant-client-tools.rpm

To connect using sql-plus:

sqlplus 'admin@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=your-instance-endpoint.rds.amazonaws.com)(PORT=1521))(CONNECT_DATA=(SID=your-db-name)))'

Enter password when prompted.

AWS Lambda access to AWS RDS databases

For a Lambda to access an AWS RDS database instance, it needs to be in the same VPC as the RDS instance. However, if you haven’t created and assigned a role with persmissions for the Lambda to access the VPC, you’ll see this error when creating your Lambda:

To fix this per steps in the tutorial here, create a role with permission ‘AWSLambdaVPCAccessExecutionRole’.

Connecting to an AWS RDS Oracle instance from an EC2 in same VPC

I’ve created an RDS Oracle instance and I want to connect to it from an EC2 instance. I created both in the same VPC.

By default, even though they’re in the same VPC, the EC2 will not be able to connect to the Oracle instance because you still need to configure the Security Group to allow inbound traffic.

Let’s summarize the setup like this – both are in VPC1:

EC2 : Security Group SG-111

RDS Oracle instance: Security Group SG-222

Edit SG-222 for the Oracle instance, and add an inbound rule. Instead of adding a CIDR block range, start typing SG-111… and it will list matching SGs with that id – click to select the id for Security Group associated to the EC2. You’ve now allowed inbound traffic to your RDS Oracle instance from the EC2.

Done!