giuseppe-trisciuoglio/aws-rds-spring-boot-integration
plugins/developer-kit-java/skills/aws-rds-spring-boot-integration/SKILL.md
Provides patterns to configure AWS RDS (Aurora, MySQL, PostgreSQL) with Spring Boot applications. Configures HikariCP connection pools, implements read/write splitting, sets up IAM database authentication, enables SSL connections, and integrates with AWS Secrets Manager. Use when setting up RDS connections in Spring Boot, configuring connection pooling, or managing database credentials securely.
$ install --global
skillsauthnpx skillsauth add giuseppe-trisciuoglio/developer-kit aws-rds-spring-boot-integrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:23 PM7.8s3 files scanned
SKILL.md
- name:
- aws-rds-spring-boot-integration
- description:
- Provides patterns to configure AWS RDS (Aurora, MySQL, PostgreSQL) with Spring Boot applications. Configures HikariCP connection pools, implements read/write splitting, sets up IAM database authentication, enables SSL connections, and integrates with AWS Secrets Manager. Use when setting up RDS connections in Spring Boot, configuring connection pooling, or managing database credentials securely.
- allowed-tools:
- Read, Write, Edit, Bash, Glob, Grep
AWS RDS Spring Boot Integration
Overview
Configure AWS RDS databases (Aurora, MySQL, PostgreSQL) with Spring Boot applications. Provides patterns for datasource configuration, HikariCP connection pooling, SSL connections, environment-specific configurations, and AWS Secrets Manager integration.
When to Use
Use when configuring HikariCP connection pools for RDS workloads, implementing read/write split with Aurora replicas, setting up IAM database authentication, enabling SSL/TLS connections, managing database migrations with Flyway, or troubleshooting RDS connectivity issues.
Instructions
Follow these steps to configure AWS RDS with Spring Boot:
-
Add Dependencies — Include Spring Data JPA, database driver (MySQL/PostgreSQL), and Flyway
-
Configure Datasource — Set connection properties in application.yml
-
Configure HikariCP — Optimize pool settings for your RDS workload
-
Set Up SSL — Enable encrypted connections to RDS
-
Configure Profiles — Set environment-specific configurations (dev/prod)
-
Add Migrations — Create Flyway scripts for schema management
-
Validate Connectivity — Run health check to verify database connection
If validation fails: Check security group rules, verify credentials, ensure RDS is accessible from your network, and confirm SSL certificate configuration.
-
Run Migrations — Apply Flyway migrations only after connectivity validation passes
Quick Start
Step 1: Add Dependencies
Maven (pom.xml):
<dependencies>
<!-- Spring Data JPA -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<!-- Aurora MySQL Driver -->
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<version>8.2.0</version>
<scope>runtime</scope>
</dependency>
<!-- Aurora PostgreSQL Driver (alternative) -->
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<!-- Flyway for database migrations -->
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
</dependency>
<!-- Validation -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
</dependencies>
Gradle (build.gradle):
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-validation'
// Aurora MySQL
runtimeOnly 'com.mysql:mysql-connector-j:8.2.0'
// Aurora PostgreSQL (alternative)
runtimeOnly 'org.postgresql:postgresql'
// Flyway
implementation 'org.flywaydb:flyway-core'
}
Step 2: Basic Datasource Configuration
Use the configuration in the Examples section below. For PostgreSQL, change:
- Driver:
org.postgresql.Driver - URL:
jdbc:postgresql://...with?ssl=true&sslmode=require - Dialect:
org.hibernate.dialect.PostgreSQLDialect
Step 3: Set Up Environment Variables
# Production environment variables
export DB_PASSWORD=YourStrongPassword123!
export SPRING_PROFILES_ACTIVE=prod
# For development
export SPRING_PROFILES_ACTIVE=dev
Database Migration Setup
Create migration files for Flyway:
src/main/resources/db/migration/
├── V1__create_users_table.sql
├── V2__add_phone_column.sql
└── V3__create_orders_table.sql
V1__create_users_table.sql:
CREATE TABLE users (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
email VARCHAR(255) NOT NULL UNIQUE,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
INDEX idx_email (email)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Examples
Example 1: Aurora MySQL Configuration
spring:
datasource:
url: jdbc:mysql://myapp-aurora-cluster.cluster-abc123xyz.us-east-1.rds.amazonaws.com:3306/devops
username: admin
password: ${DB_PASSWORD}
driver-class-name: com.mysql.cj.jdbc.Driver
hikari:
maximum-pool-size: 20
minimum-idle: 5
connection-timeout: 20000
jpa:
hibernate:
ddl-auto: validate
open-in-view: false
Example 2: Aurora PostgreSQL with SSL
spring.datasource.url=jdbc:postgresql://myapp-aurora-pg-cluster.cluster-abc123xyz.us-east-1.rds.amazonaws.com:5432/devops?ssl=true&sslmode=require
spring.datasource.username=${DB_USERNAME}
spring.datasource.password=${DB_PASSWORD}
spring.datasource.hikari.maximum-pool-size=30
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
Example 3: Read/Write Split Configuration
@Configuration
public class DataSourceConfiguration {
@Bean
@Primary
public DataSource dataSource(
@Qualifier("writerDataSource") DataSource writerDataSource,
@Qualifier("readerDataSource") DataSource readerDataSource) {
Map<Object, Object> targetDataSources = new HashMap<>();
targetDataSources.put("writer", writerDataSource);
targetDataSources.put("reader", readerDataSource);
RoutingDataSource routingDataSource = new RoutingDataSource();
routingDataSource.setTargetDataSources(targetDataSources);
routingDataSource.setDefaultTargetDataSource(writerDataSource);
return routingDataSource;
}
}
Constraints and Warnings
- HikariCP pool size must respect RDS instance connection limits
- Security groups must allow traffic from your application's IP range
- Use AWS Secrets Manager instead of hardcoding credentials
- Enable storage autoscaling to prevent storage exhaustion
Best Practices
- HikariCP: Enable leak detection and configure timeouts for failover scenarios
- Security: Enable SSL/TLS; use IAM Database Authentication when possible
- Performance: Disable open-in-view; use appropriate indexing and batch operations
- Monitoring: Enable Spring Boot Actuator with database health checks
Testing
Verify connectivity with this health check endpoint:
@RestController
@RequestMapping("/api/health")
public class DatabaseHealthController {
@Autowired
private DataSource dataSource;
@GetMapping("/db-connection")
public ResponseEntity<Map<String, Object>> testDatabaseConnection() {
Map<String, Object> response = new HashMap<>();
try (Connection connection = dataSource.getConnection()) {
response.put("status", "success");
response.put("database", connection.getCatalog());
response.put("connected", true);
return ResponseEntity.ok(response);
} catch (Exception e) {
response.put("status", "failed");
response.put("error", e.getMessage());
response.put("connected", false);
return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE).body(response);
}
}
}
curl http://localhost:8080/api/health/db-connection
Support
For detailed troubleshooting and advanced configuration, refer to:
- AWS RDS Aurora Advanced Configuration
- AWS RDS Aurora Troubleshooting Guide
- AWS RDS Aurora documentation
- Spring Boot Data RDS Aurora documentation
Related Skills
giuseppe-trisciuoglio/typescript-security-review
development
VerifiedTrustedCommunity
Provides security review capability for TypeScript/Node.js applications, validates code against XSS, injection, CSRF, JWT/OAuth2 flaws, dependency CVEs, and secrets exposure. Use when performing security audits, before deployment, reviewing authentication/authorization implementations, or ensuring OWASP compliance for Express, NestJS, and Next.js. Triggers on "security review", "check for security issues", "TypeScript security audit".
270SKILL.mdUpdated Apr 5, 2026
giuseppe-trisciuoglio/specs-code-cleanup
development
VerifiedTrustedCommunity
Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/ralph-loop
tools
VerifiedTrustedCommunity
Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/constitution
testing
VerifiedTrustedCommunity
Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.
250SKILL.mdUpdated May 5, 2026