• Relational Database Service

rds
  1. Help Center
  2. Relational Database Service
  3. User Guide
  4. Getting Started with MySQL
  5. Connecting to a DB Instance

Connecting to a DB Instance

Scenarios

You can use a MySQL client to connect to a DB instance through a common connection or an SSL connection. The SSL connection is encrypted and therefore more secure.

This document uses MySQL-Front as an example to describe how to connect to an RDS DB instance through a common connection. When using a client to connect to a DB instance, you need to select a floating IP address or EIP.

  • If you have deployed MySQL-Front on an ECS that is in the same region as the DB instance to be connected, use the RDS floating IP address.
  • Otherwise, use the EIP.

Preparations

  1. Prepare an ECS or a device that can access RDS DB instances.
    • To connect to a DB instance through an ECS, you must first create an ECS.

      For details on how to create an ECS, see section How Can I Create and Connect to an ECS?

    • To connect to a DB instance through an EIP, you must:
      1. Bind the EIP to the DB instance. For details, see Binding an EIP.
      2. Ensure that the local device can access the EIP that has been bound to the DB instance.
  2. Install MySQL-Front on the ECS or device that was prepared in 1. Prepare an ECS or a d....

Common Connection

  1. Add a security group inbound rule to allow the specific IP address and port to access DB instances. For details on how to create a security group, see section Creating a Security Group.
  2. Start MySQL-Front.
  3. In the displayed dialog box, click New.
  4. Enter the information of the target DB instance, as shown in Figure 1.

    Figure 1 Adding an account
    • Description Name: indicates the name of this database connection task. If you do not set this parameter, it will be the same as Host by default.
    • Host: indicates the connection address, which depends on how you intend to access the DB instance. If you intend to access the DB instance from the private network, enter the floating IP address of the DB instance. If you intend to access the DB instance from the public network, enter the EIP of the DB instance. To view the floating IP address or EIP and port of the DB instance, perform the following steps:
      1. Log in to the RDS console.
      2. Select the region in which the DB instance is located.
      3. Click the DB instance name to enter the Basic Information page.
      4. In the Instance Information area, view the floating IP address or EIP,
    • Port: indicates the database port.
    • User: indicates user root by default.
    • Password: indicates the password of the RDS database username.

  5. Click Ok.
  6. In the displayed window, select the connection that you have created in 4 and click Open. If the connection information is correct, the DB instance is successfully connected.

    Figure 2 Opening a session

SSL Connection

  1. On the Instance Management page, click the target DB instance. On the displayed Basic Information page, click Download Certificate in the SSL field to download the root certificate or certificate bundle.

    NOTE:
    • Since April 2017, RDS has offered a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Replace the old certificate before it expires to improve system security.

      For details, see section How Can I Identify the Validity Period of the SSL Root Certificate?

    • You can also download the certificate bundle, which contains both the new certificate provided in April and the old certificate.

  2. Upload the root certificate to the ECS or save it to the device to be connected to the DB instance.
  3. Run the following command to connect to an RDS DB instance. The Linux OS is used as an example.

    mysql -h <hostName> -P 3306 -u <userName> -p --ssl-ca=<caName>

    • The parameter -h indicates different values depending on how you intend to access the DB instance. If you intend to access the DB instance through an ECS, -h indicates the IP address of the primary DB instance. To obtain this IP address, go to the Instance Management page and click the target DB instance. The IP address can be found in the Floating IP Address field on the Basic Information page. If you intend to access the DB instance through an EIP, -h indicates the EIP displayed in the EIP field on the Basic Information page.
    • The parameter -P indicates the database port in use. The default value is 3306. To obtain this port number, go to the Instance Management page and click the target DB instance. The port number can be found in the Database Port field on the Basic Information page.
    • The parameter -u indicates the username of the RDS database account. The default administrator is root.
    • The parameter -p indicates the password of the database account.
    • The parameter --ssl-ca indicates the name of the SSL certificate file, which should be stored in the same directory where the command is executed.

    For example, to connect to a DB instance through an SSL connection as user root, run the following command:

    mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=ca.pem

    Enter the password of the database account if the following information is displayed:

    Enter password: