pgAgroal Enterprise · Explanation
Choosing between pgAgroal Enterprise, RDS Proxy, pgBouncer, and pgPool-II
A connection pooler sits between your application and PostgreSQL and reuses a small set of server connections across many client connections, so the database is not overwhelmed by connection count. Several good poolers exist. This page is honest about what each is best at and where it stops fitting — including the cases where pgAgroal Enterprise is not the right answer — so you can choose for your situation rather than a feature list.
pgAgroal Enterprise
What it is. A managed distribution that operates standard, unmodified upstream pgagroal (a high-performance open-source PostgreSQL pooler) at fleet scale, through a Kubernetes operator and an optional fleet control plane. Elevarq does not fork or patch the pooler; it packages, hardens, and operates the upstream project and adds a management layer above it.
What it is genuinely best at. Operating pooling across many instances, on any infrastructure, without you running it yourself. It adds hardened defaults, signed images with attested SBOMs (a Software Bill of Materials — the list of everything in the image), a CVE-response SLA for rebuilding and rolling out patched images, compliance evidence aligned with SOC 2 and ISO/IEC 27001, and a support relationship. Because it runs the lightweight upstream pooler directly in the request path, per-statement latency stays low — that speed comes from the open base, so what you actually buy is the operation and assurance, not faster pooling. And because it is just standard pgagroal under management, it pools anyPostgreSQL — RDS, Aurora, self-managed on EC2 or Kubernetes, another cloud, or on-premises — not only one vendor's managed database.
On credentials, it sources the pooler's secrets from a cloud Secrets Manager — AWS Secrets Manager and SSM, Azure Key Vault, or Google Secret Manager — using the workload's own cloud identity (IRSA on EKS and the equivalents), so passwords are resolved at startup and rotated centrally with no plaintext on disk or in images. That secret resolution is multi-cloud, not tied to one provider. It does not replicate RDS Proxy's native AWS IAM authentication — for either clients or the database connection: clients authenticate to the pooler through pgagroal's own mechanisms, and the pooler authenticates to the backend with resolved credentials, not an IAM token.
The honest trade-off. It is a licensed product built for Kubernetes fleets. If you run a single pooler on one host, or you do not need managed operation, supply-chain artifacts, or a support SLA, the operational layer is overhead you would be paying for and not using — one of the alternatives below is the better choice.
Pick pgAgroal Enterprise whenyou run PostgreSQL pooling across a fleet — on Kubernetes, across clouds, or in front of self-managed Postgres — and you want it managed, hardened, and supported, with signed/SBOM'd images, a CVE-response SLA, and compliance evidence, without operating the pooler yourself.
AWS RDS Proxy
What it is. A fully AWS-managed connection pooler for Amazon RDS and Aurora, run by AWS as part of your database stack rather than as software you operate.
What it is genuinely best at. Being native to AWS, for a single managed database. It can enforce IAM (Identity and Access Management) authentication for clients connecting to the proxy, it keeps application connections alive across an RDS/Aurora failover by automatically reconnecting to the standby, and it suits serverless callers such as AWS Lambda that open and close many short-lived connections. It removes the pooler from your operational surface entirely — there is no host, process, or image for you to patch.
The honest trade-off. RDS Proxy is locked to one environment and adds latency to the data path:
- AWS and managed databases only. It fronts managed RDS and Aurora engines (PostgreSQL, MySQL, MariaDB, SQL Server) inside AWS. It cannot pool a self-managed PostgreSQL you run on EC2, EKS, another cloud, or on-premises, and it does not run outside AWS.
- One database per proxy, with hard caps. Each proxy targets a single DB instance, it lives inside one VPC, and an account is limited to a small number of proxies by default — so a fleet of many databases means many separate proxies to wire up, not one pooling layer.
- Per-statement latency overhead. Every statement passes through an extra fully-managed hop that terminates and re-speaks the PostgreSQL wire protocol and multiplexes (and at times pins) backend connections. That added round trip costs latency on each statement — the price of having AWS operate the pooler for you, and a real cost for latency-sensitive workloads.
- You do not control the pooler.Its configuration surface, upgrade cadence, and behaviour are AWS's to set, within the knobs AWS exposes.
Pick RDS Proxy instead when you are all-in on a single managed RDS or Aurora database, you want a zero-operations AWS-native pooler that AWS keeps running for you, you specifically want native AWS IAM client authentication and Aurora-failover integration, and you do not need portability, fleet-wide management, the lowest per-statement latency, or your own compliance evidence.
pgBouncer
What it is. The ubiquitous lightweight open-source PostgreSQL pooler: a single small binary that has been in production use for many years.
What it is genuinely best at. Being small and predictable. It is a single process with a compact configuration, it is battle-tested across a huge range of deployments, and on one host it is about as simple as a pooler gets.
The honest trade-off. pgBouncer gives you the pooler and nothing above it. Running it across many hosts, keeping configuration consistent, patching it, and wiring up monitoring and high availability are all your responsibility.
Pick pgBouncer instead when you want the simplest possible pooler on one host (or a small, hand-managed set of hosts), you are comfortable operating it yourself, and you do not need fleet management, a support contract, or supply-chain artifacts.
pgPool-II
What it is. Open-source middleware that sits in front of PostgreSQL and adds, on top of connection pooling, features such as load balancing, read/write splitting (sending writes to a primary and reads to replicas), and replication management.
What it is genuinely best at. Query-level distribution. If you want a single component that pools connections and also spreads read traffic across replicas and helps coordinate replication, pgPool-II targets exactly that.
The honest trade-off. Those extra features add moving parts and operational complexity relative to a pooler that only pools. That cost is justified when you use the load-balancing and replication features, and hard to justify when you do not.
Pick pgPool-II instead when you specifically want query-level load balancing, read/write splitting, or replication management from the same component that pools, and you accept the added complexity that comes with it.
How to decide
These four tools overlap on the core job of pooling, but they part ways on everything around it — where they run, how many databases they cover, and how much they add to the request path. A short way to choose:
- Pooling across a fleet, across clouds, or in front of self-managed Postgres — and you want it managed, hardened, and supported? Use pgAgroal Enterprise. This is also the answer on AWS when you run self-managed PostgreSQL, span many databases or regions, are latency-sensitive, or need your own compliance evidence and a support SLA — none of which RDS Proxy covers.
- All-in on a single managed RDS or Aurora database, want zero operations, and need none of the above? Use RDS Proxy — the AWS-native pooler is the simpler fit for that narrow case. Off AWS, in front of self-managed Postgres, or across many databases, it is not an option.
- Simplest possible pooler on one host, self-operated? Use pgBouncer.
- Need query-level load balancing or replication management from the pooling layer? Use pgPool-II.
If two of these fit, choose the one whose primary strength matches the problem you actually have, not the longest feature list. The questions that usually decide it are: do you need to run the same pooler in more than one place, and do you want to operate it yourself?
Related
For the full picture of what the licensed layer is and is not, see the pgAgroal Enterprise overview and the open-core boundary, which draws the line between the free, open pooler and the paid operation and compliance layer above it.