Connecting to a DB instance running the MySQL database engine - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connecting to a DB instance running the MySQL database engine

Before you can connect to a DB instance running the MySQL database engine, you must create a DB instance. For information, see Creating an Amazon RDS DB instance. After Amazon RDS provisions your DB instance, you can use any standard MySQL client application or utility to connect to the instance. In the connection string, you specify the DNS address from the DB instance endpoint as the host parameter, and specify the port number from the DB instance endpoint as the port parameter.

To authenticate to your RDS DB instance, you can use one of the authentication methods for MySQL and Amazon Identity and Access Management (IAM) database authentication:

You can connect to a MySQL DB instance by using tools like the MySQL command-line client. For more information on using the MySQL command-line client, see mysql - the MySQL command-line client in the MySQL documentation. One GUI-based application you can use to connect is MySQL Workbench. For more information, see the Download MySQL Workbench page. For information about installing MySQL (including the MySQL command-line client), see Installing and upgrading MySQL.

Most Linux distributions include the MariaDB client instead of the Oracle MySQL client. To install the MySQL command-line client on Amazon Linux 2023, run the following command:

sudo dnf install mariadb105

To install the MySQL command-line client on Amazon Linux 2, run the following command:

sudo yum install mariadb

To install the MySQL command-line client on most DEB-based Linux distributions, run the following command:

apt-get install mariadb-client

To check the version of your MySQL command-line client, run the following command:

mysql --version

To read the MySQL documentation for your current client version, run the following command:

man mysql

To connect to a DB instance from outside of its Amazon VPC, the DB instance must be publicly accessible, access must be granted using the inbound rules of the DB instance's security group, and other requirements must be met. For more information, see Can't connect to Amazon RDS DB instance.

You can use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption on connections to a MySQL DB instance. For information, see Using SSL/TLS with a MySQL DB instance. If you are using Amazon Identity and Access Management (IAM) database authentication, make sure to use an SSL/TLS connection. For information, see IAM database authentication for MariaDB, MySQL, and PostgreSQL.

You can also connect to a DB instance from a web server. For more information, see Tutorial: Create a web server and an Amazon RDS DB instance.

Note

For information on connecting to a MariaDB DB instance, see Connecting to a DB instance running the MariaDB database engine.

Finding the connection information for a MySQL DB instance

The connection information for a DB instance includes its endpoint, port, and a valid database user, such as the master user. For example, suppose that an endpoint value is mydb.123456789012.us-east-1.rds.amazonaws.com. In this case, the port value is 3306, and the database user is admin. Given this information, you specify the following values in a connection string:

  • For host or host name or DNS name, specify mydb.123456789012.us-east-1.rds.amazonaws.com.

  • For port, specify 3306.

  • For user, specify admin.

To connect to a DB instance, use any client for the MySQL DB engine. For example, you might use the MySQL command-line client or MySQL Workbench.

To find the connection information for a DB instance, you can use the Amazon Web Services Management Console, the Amazon CLI describe-db-instances command, or the Amazon RDS API DescribeDBInstances operation to list its details.

To find the connection information for a DB instance in the Amazon Web Services Management Console
  1. Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/.

  2. In the navigation pane, choose Databases to display a list of your DB instances.

  3. Choose the name of the MySQL DB instance to display its details.

  4. On the Connectivity & security tab, copy the endpoint. Also, note the port number. You need both the endpoint and the port number to connect to the DB instance.

    
                                The endpoint and port of a DB instance
  5. If you need to find the master user name, choose the Configuration tab and view the Master username value.

To find the connection information for a MySQL DB instance by using the Amazon CLI, call the describe-db-instances command. In the call, query for the DB instance ID, endpoint, port, and master user name.

For Linux, macOS, or Unix:

aws rds describe-db-instances \ --filters "Name=engine,Values=mysql" \ --query "*[].[DBInstanceIdentifier,Endpoint.Address,Endpoint.Port,MasterUsername]"

For Windows:

aws rds describe-db-instances ^ --filters "Name=engine,Values=mysql" ^ --query "*[].[DBInstanceIdentifier,Endpoint.Address,Endpoint.Port,MasterUsername]"

Your output should be similar to the following.

[ [ "mydb1", "mydb1.123456789012.us-east-1.rds.amazonaws.com", 3306, "admin" ], [ "mydb2", "mydb2.123456789012.us-east-1.rds.amazonaws.com", 3306, "admin" ] ]

To find the connection information for a DB instance by using the Amazon RDS API, call the DescribeDBInstances operation. In the output, find the values for the endpoint address, endpoint port, and master user name.

Connecting from the MySQL command-line client (unencrypted)

Important

Only use an unencrypted MySQL connection when the client and server are in the same VPC and the network is trusted. For information about using encrypted connections, see Connecting from the MySQL command-line client with SSL/TLS (encrypted).

To connect to a DB instance using the MySQL command-line client, enter the following command at the command prompt. For the -h parameter, substitute the DNS name (endpoint) for your DB instance. For the -P parameter, substitute the port for your DB instance. For the -u parameter, substitute the user name of a valid database user, such as the master user. Enter the master user password when prompted.

mysql -h mysql–instance1.123456789012.us-east-1.rds.amazonaws.com -P 3306 -u mymasteruser -p

After you enter the password for the user, you should see output similar to the following.

Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9738 Server version: 8.0.28 Source distribution Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>

Connecting from MySQL Workbench

To connect from MySQL Workbench
  1. Download and install MySQL Workbench at Download MySQL Workbench.

  2. Open MySQL Workbench.

    
                        MySQL Workbench
  3. From Database, choose Manage Connections.

  4. In the Manage Server Connections window, choose New.

  5. In the Connect to Database window, enter the following information:

    • Stored Connection – Enter a name for the connection, such as MyDB.

    • Hostname – Enter the DB instance endpoint.

    • Port – Enter the port used by the DB instance.

    • Username – Enter the user name of a valid database user, such as the master user.

    • Password – Optionally, choose Store in Vault and then enter and save the password for the user.

    The window looks similar to the following:

    
                        MySQL Workbench Connection window

    You can use the features of MySQL Workbench to customize connections. For example, you can use the SSL tab to configure SSL/TLS connections. For information about using MySQL Workbench, see the MySQL Workbench documentation. Encrypting client connections to MySQL DB instances with SSL/TLS, see Encrypting client connections to MySQL DB instances with SSL/TLS.

  6. Optionally, choose Test Connection to confirm that the connection to the DB instance is successful.

  7. Choose Close.

  8. From Database, choose Connect to Database.

  9. From Stored Connection, choose your connection.

  10. Choose OK.

Connecting with the Amazon Web Services JDBC Driver for MySQL

The Amazon JDBC Driver for MySQL is a client driver designed for RDS for MySQL. By default, the driver has settings that are optimized for use with RDS for MySQL. For more information about the driver and complete instructions for using it, see the Amazon JDBC Driver for MySQL GitHub repository.

The driver is drop-in compatible with the MySQL Connector/J driver. To install or upgrade your connector, replace the MySQL connector .jar file (located in the application CLASSPATH) with the Amazon JDBC Driver for MySQL .jar file, and update the connection URL prefix from jdbc:mysql:// to jdbc:mysql:aws://.

The Amazon JDBC Driver for MySQL supports IAM database authentication. For more information, see Amazon IAM Database Authentication in the Amazon JDBC Driver for MySQL GitHub repository. For more information about IAM database authentication, see IAM database authentication for MariaDB, MySQL, and PostgreSQL.

Troubleshooting connections to your MySQL DB instance

Two common causes of connection failures to a new DB instance are:

  • The DB instance was created using a security group that doesn't authorize connections from the device or Amazon EC2 instance where the MySQL application or utility is running. The DB instance must have a VPC security group that authorizes the connections. For more information, see Amazon VPC VPCs and Amazon RDS.

    You can add or edit an inbound rule in the security group. For Source, choose My IP. This allows access to the DB instance from the IP address detected in your browser.

  • The DB instance was created using the default port of 3306, and your company has firewall rules blocking connections to that port from devices in your company network. To fix this failure, recreate the instance with a different port.

For more information on connection issues, see Can't connect to Amazon RDS DB instance.