Using MySQL CLI to Connect to an Instance Through a Public Network

Step 1: Create an ECS

1. Log in to the management console and check whether there is an ECS available.
   • If there is a Linux ECS, go to 3.
   • If no ECS is available, go to 2.
2. Create an ECS and select Linux (for example, CentOS) as its OS.

   To install a MySQL client on the ECS, bind an EIP to the ECS and ensure that the ECS is in the same region, VPC, and security group as the RDS for MySQL instance for seamless communication.

   For details about how to purchase a Linux ECS, see "Purchasing an ECS" in Elastic Cloud Server User Guide.

3. On the ECS Information page, view the region and VPC of the ECS.
4. On the Basic Information page of the RDS for MySQL instance, view its region and VPC.

Step 2: Test Connectivity and Install a MySQL Client

1. Log in to the ECS. For details, see "Logging In to a Linux ECS Using VNC (Through the Console)" in Elastic Cloud Server User Guide.
2. On the Instances page of the RDS console, click the DB instance name to go to the Basic Information page.
3. Choose Connectivity & Security from the navigation pane. In the Connection Information area, obtain the EIP and database port of the DB instance.

   If no EIP has been bound to the DB instance, see Binding an EIP.

4. After logging in to the ECS, check whether the EIP and port of the RDS for MySQL instance can be connected.

   curl -kv EIP:Port

   • If yes, network connectivity is normal.
   • If no, check security group rules.
     • Check the outbound rules of the ECS security group. If there is no outbound rule with Destination set to 0.0.0.0/0 and Protocol & Port set to All, add an outbound rule for the EIP and port of the DB instance.
     • Check the inbound rules of the RDS security group. If there is no inbound rule allowing the access from the private IP address and port of the ECS, add an inbound rule. For details, see Configuring a Security Group Rule.
5. Import the MySQL client installation package to the ECS.

   Method 1:

   Download a MySQL client installation package for Linux using the ECS. To do so, you need to bind an EIP to the ECS.

   • MySQL 8.0:

     wget https://dev.mysql.com/get/mysql-community-client-8.0.28-1.el6.x86_64.rpm

   • MySQL 5.7:

     wget https://dev.mysql.com/get/mysql-community-client-5.7.38-1.el6.x86_64.rpm

   

   A MySQL client running a version later than that of the DB instance is recommended.

   Method 2:

   Download a MySQL client installation package for Linux using a browser and upload the package to the ECS.

   You can use any terminal connection tool, such as WinSCP and PuTTY, to upload the installation package to the ECS.

   • MySQL 8.0:

     Click here to download an installation package. mysql-community-client-8.0.28-1.el6.x86_64.rpm is used as an example.

     Figure 1 Downloading a MySQL 8.0 installation package
     
   • MySQL 5.7:

     Click here to download an installation package. mysql-community-client-5.7.38-1.el6.x86_64.rpm is used as an example.

     Figure 2 Downloading a MySQL 5.7 installation package
     
   

   A MySQL client running a version later than that of the DB instance is recommended.

6. Run the following command to install the MySQL client:
   • MySQL 8.0:

     rpm -ivh --nodeps mysql-community-client-8.0.28-1.el6.x86_64.rpm

   • MySQL 5.7:

     rpm -ivh --nodeps mysql-community-client-5.7.38-1.el6.x86_64.rpm

   

   • If any conflicts occur during the installation, add the replacefiles parameter to the command and install the client again.

     rpm -ivh --replacefiles mysql-community-client-installation_package_version-1.el6.x86_64.rpm

   • If a message is displayed prompting you to install a dependent package during the installation, add the nodeps parameter to the command and install the client again.

     rpm -ivh --nodeps mysql-community-client-installation_package_version-1.el6.x86_64.rpm

Step 3: Connect to the DB Instance Using Commands

On the Instances page of the RDS console, click the instance name to go to the Basic Information page. Check the SSL status next to the SSL field.

• If SSL is disabled (default), use a non-SSL connection. The procedure is as follows:
  1. Run the following command on the ECS to connect to the RDS for MySQL instance:

     mysql -h <host> -P <port> -u <userName> -p

     Example:

     mysql -h 172.16.0.31 -P 3306 -u root -p

     Table 1 Parameter description

     Parameter	Description
     <host>	EIP obtained in 3.
     <port>	Database port obtained in 3. The default value is 3306.
     <userName>	Enter the administrator account root.

  2. Enter the password of the database account as prompted.

     Enter password:

• If SSL is enabled, you can connect to the instance only through an SSL connection. SSL encrypts connections to the instance, making in-transit data more secure.
  1. Click next to the SSL field to download the Certificate Download package, and extract the root certificate ca.pem and bundle ca-bundle.pem from the package.
  2. Upload ca.pem to the ECS.
     

     • ca-bundle.pem contains both the new certificate provided as of April 2017 and the old certificate.
     • Both ca.pem and ca-bundle.pem can be used to establish SSL connections. Since ca-bundle.pem includes ca.pem, using ca.pem alone is enough.
     • RDS for MySQL instances do not support X.509-based authentication.
  3. Run the following command on the ECS to connect to the RDS for MySQL instance:

     mysql -h <host> -P <port> -u <userName> -p --ssl-ca=<caName>

     Example:

     mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=ca.pem

     Table 2 Parameter description

     Parameter	Description
     <host>	EIP obtained in 3.
     <port>	Database port obtained in 3. The default value is 3306.
     <userName>	Administrator account root.
     <caName>	Name of the CA certificate. The certificate should be stored in the directory where the command is executed.

  4. Enter the password of the database account if the following information is displayed:

     Enter password: