Connecting to a DB Instance Through a Public Network

You can connect to a DB instance through a non-SSL connection or an SSL connection. The SSL connection encrypts data and is more secure.

Prerequisites

  1. An EIP has been bound to the target DB instance and security group rules have been configured.

    1. Bind an EIP to the target DB instance.

      For details about how to bind an EIP, see section Binding an EIP.

    2. Obtain the IP address of the local device.

    3. Configure security group rules.

      Add the IP address obtained in 1.b and the instance port to the inbound rule of the security group.

      For details about how to configure a security group rule, see section Configuring Security Group Rules.

    4. Run the ping command to check the connectivity between the local device and the EIP that has been bound to the DB instance in 1.a.

  2. You have installed a database client to connect to DB instances.

    You can use a database client to connect to the target DB instance in the Linux or Windows operating system (OS).

    • In the Linux OS, you need to install a MySQL client on the ECS. It is recommended that you download a MySQL client running a version later than that of the DB instance.

      For details about how to obtain and install the MySQL client, see section How Can I Install the MySQL Client?

    • In the Windows OS, you can use any common database client to connect to the target DB instance in a similar way.

      The database client MySQL-Front is used as an example in Using MySQL-Front to Connect to a DB Instance.

Using MySQL-Front to Connect to a DB Instance

  1. Start MySQL-Front.

  2. In the displayed dialog box, click New.

    **Figure 1** Connection management

    Figure 1 Connection management

  3. Enter the information of the DB instance to be connected and click Ok, as shown in Figure 2.

    **Figure 2** Adding an account

    Figure 2 Adding an account

    Table 1 Parameter description

    Parameter

    Description

    Name

    Indicates the name of the database connection task. If you do not set this parameter, it will be the same as the Host value by default.

    Host

    Indicates the EIP of the DB instance to be connected.

    Port

    Indicates the private network port of the DB instance.

    User

    Indicates the name of the user who will access the DB instance. The default user is root.

    Password

    Indicates the password of the RDS database account.

  4. In the displayed window, select the connection that you have created in Figure 3 and click Open.

    If the connection information is correct, the DB instance is successfully connected.

    **Figure 3** Opening a session

    Figure 3 Opening a session

    Note

    If the connection fails, ensure that preparations have been correctly made in Prerequisites and try again.

Using SSL to Connect to a DB Instance

  1. Log in to the management console.

  2. Click image1 in the upper left corner and select a region and a project.

  3. Click Service List. Under Database, click Relational Database Service. The RDS console is displayed.

  4. On the Instances page, click the target DB instance. In the DB Information area on the Basic Information page, click image2 in the SSL field to download the root certificate or certificate bundle.

  5. Import the root certificate to the Linux OS on the ECS. For details, see How Can I Import the Root Certificate to a Windows or Linux OS?

    Note

    • Since April 2017, RDS has offered a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Replace the old certificate before it expires to improve system security.

      For details, see section How Can I Identify the Validity Period of an SSL Root Certificate?

    • You can also download the certificate bundle, which contains both the new certificate provided since April 2017 and the old certificate.

  6. Connect to an RDS DB instance. The Linux OS is used as an example.

    mysql -h <host> -P <port> -u <userName> -p --ssl-ca=<caDIR>

    Table 2 Parameter description

    Parameter

    Description

    <host>

    Indicates the EIP of the DB instance to be connected.

    <port>

    Indicates the port of the DB instance to be connected.

    <userName>

    Indicates the username of the RDS database account. The default administrator is root.

    <caDIR>

    Indicates the directory of the CA certificate. The certificate should be stored in the directory where the command is executed.

    For example, to connect to a DB instance through an SSL connection as user root, run the following command:

    mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=ca.pem

    Enter the password of the database account if the following information is displayed:

    Enter password:

    Note

    If the connection fails, ensure that preparations have been correctly made in Prerequisites and try again.

last updated: 2024-04-26 01:36