Skip to main content

Caveats when deploying to AWS platforms

The following describes some caveats you might face when deploying to different AWS platforms.

AWS RDS Proxy

Prisma ORM is compatible with AWS RDS Proxy. However, there is no benefit in using it for connection pooling with Prisma ORM due to the way RDS Proxy pins connections:

"Your connections to the proxy can enter a state known as pinning. When a connection is pinned, each later transaction uses the same underlying database connection until the session ends. Other client connections also can't reuse that database connection until the session ends. The session ends when Prisma Client's connection is dropped." - AWS RDS Proxy Docs

Prepared statements (of any size) or query statements greater than 16 KB cause RDS Proxy to pin the session. Because Prisma ORM uses prepared statements for all queries, you won't see any benefit when using RDS Proxy with Prisma ORM.

AWS Elastic Beanstalk

AWS Elastic Beanstalk is a PaaS-like deployment service that abstracts away infrastructure and allows you to deploy applications to AWS quickly.

When deploying an app using Prisma Client to AWS Elastic Beanstalk, Prisma ORM generates the Prisma Client code into node_modules. This is typically done in a postinstall hook defined in a package.json.

Because Beanstalk limits the ability to write to the filesystem in the postinstall hook, you need to create an .npmrc file in the root of your project and add the following configuration:

.npmrc
unsafe-perm=true

Enabling unsafe-perm forces npm to run as root, avoiding the filesystem access problem, thereby allowing the prisma generate command in the postinstall hook to generate your code.

Error: @prisma/client did not initialize yet

This error happens because AWS Elastic Beanstalk doesn't install devDependencies, which means that it doesn't pick up the Prisma CLI. To remedy this you can either:

  1. Add the prisma CLI package to your dependencies instead of the devDependencies. (Making sure to run npm install afterward to update the package-lock.json).
  2. Or install your devDependencies on AWS Elastic Beanstalk instances. To do this you must set the AWS Elastic Beanstalk NPM_USE_PRODUCTION environment property to false.

AWS RDS Postgres

When using Prisma ORM with AWS RDS Postgres, you may encounter connection issues or the following error during migration or runtime:

Error: P1010: User <username> was denied access on the database <database>

Cause

AWS RDS enforces SSL connections by default, and Prisma parses the database connection string with rejectUnauthorized: true, which requires a valid SSL certificate. If the certificate is not configured properly, Prisma cannot connect to the database.

Solution

To resolve this issue, update the DATABASE_URL environment variable to include the sslmode=no-verify option. This bypasses strict SSL certificate verification and allows Prisma to connect to the database. Update your .env file as follows:

DATABASE_URL=postgresql://<username>:<password>@<host>/<database>?sslmode=no-verify&schema=public

Why This Works

The sslmode=no-verify setting passes rejectUnauthorized: false to the SSL configuration via the pg-connection-string package. This disables strict certificate validation, allowing Prisma to establish a connection with the RDS database.

Note

While using sslmode=no-verify can be a quick fix, it bypasses SSL verification and might not meet security requirements for production environments. In such cases, ensure that a valid SSL certificate is properly configured.

AWS Lambda upload limit

AWS Lambda defines an deployment package upload limit, which includes:

note

As of v6.7.0, Prisma ORM has the queryCompiler Preview feature.

When enabled, your Prisma Client will be generated without a Rust-based query engine binary:

generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["queryCompiler", "driverAdapters"] 
}

Note that the driver adapters Preview feature is required alongside queryCompiler.

The deployment package (.zip) size limit for lambdas is 50MB. When you prepare a deployment package, remove any files that the function does not require in production to keep the final .zip as small as possible. This includes some Prisma ORM engine binaries.

Deleting Prisma ORM engines that are not required

Prisma CLI downloads additional engine binaries that are not required in production. You can delete the following files and folders:

  1. The entire node_modules/@prisma/engines folder (refer to the sample bash script used by the Prisma end-to-end tests)

  2. The local engine file for your development platform from the node_modules/.prisma/client folder. For example, your schema might define the following binaryTargets if you develop on Debian (native) but deploy to AWS Lambda (rhel-openssl-3.0.x):

    binaryTargets = ["native", "rhel-openssl-3.0.x"]

    In this scenario:

    • Keep node_modules/.prisma/client/query-engine-rhel-openssl-3.0.x, which is the engine file used by AWS Lambda
    • Delete node_modules/.prisma/client/query-engine-debian-openssl-1.1.x, which is only required locally

    Note: When using Node.js 18 or earlier, the correct binaryTarget for AWS Lambda is rhel-openssl-1.0.x. rhel-openssl-3.0.x is the correct binaryTarget for Node.js versions greater than 18.