I’m having trouble connecting Zapier to my MySQL RDS production database. My testing database works fine with Zapier, but my main production database doesn’t allow public connections for security reasons.
Is there a workaround to establish this connection while keeping the database private? I’ve been working with rds-ca-2019 SSL certificates and downloaded the .pem file from AWS, but the connection still fails.
Has anyone successfully integrated a private RDS instance with Zapier? What configuration steps am I missing? Any help would be appreciated since I need to keep my production database secure but also want to use Zapier automation.
I ran into this exact issue about six months ago with my production setup. The fundamental problem is that Zapier operates from external IP addresses that can’t reach your private RDS instance directly. What worked for me was setting up an intermediate API layer using AWS Lambda functions that act as a bridge between Zapier and your private database. You can configure Lambda to run within your VPC so it has access to the private RDS instance, then expose specific database operations through API Gateway endpoints that Zapier can call via webhooks. This approach maintains your security posture while giving Zapier the access it needs. The SSL certificate issues you’re experiencing are likely secondary to the fundamental connectivity problem. Make sure your Lambda functions have the proper VPC configuration and security group rules to communicate with RDS.
You could also consider using AWS Database Migration Service (DMS) as a replication solution. I implemented this approach last year when facing similar constraints. Set up a read-only replica of your production RDS in a public subnet specifically for Zapier integration. This way your main production database remains completely isolated while DMS keeps the replica synchronized in near real-time. The replica can have relaxed security groups allowing Zapier’s IP ranges, and you avoid the complexity of managing Lambda functions or API layers. Just make sure to configure the replica with appropriate instance sizing based on your Zapier query frequency. The initial setup takes some time but it’s been rock solid for my production environment. The SSL certificate configuration becomes straightforward once you have the public replica accessible.
another option is using a bastion host or jump server that zapier can connect thru. setup a small ec2 instance in your public subnet with mysql client, then configure ssh tunneling so zapier connects to the bastion which forwards to your private rds. bit more manual setup but cheaper than lambda/api gateway approach and you dont need replication like dms.