Updated on 2025-01-02 GMT+08:00

Overview

Before connecting to a DB instance, you must create one first. For details about how to create a DB instance, see Buying an RDS for MySQL DB Instance. You can connect to an RDS for MySQL instance through a command-line interface (CLI), graphical user interface (GUI), Data Admin Service (DAS), or using Java database connectivity (JDBC).

Connecting to a DB Instance over a Private or Public Network Using CLI

Table 1 lists how to use CLI to connect to an RDS for MySQL instance over a private or public network.

Table 1 Connecting to a DB instance over a private or public network

Connection Method

IP Address

Security Group Rules

Description

Private network

Private IP address

  • If the ECS and RDS DB instance are in the same security group, they can communicate with each other over a private network by default. No security group rules need to be configured.
  • If they are in different security groups, configure security group rules for them, separately.
    • RDS DB instance: Configure an inbound rule for the security group with which the RDS DB instance is associated. For details, see Configuring a Security Group Rule.
    • ECS: The default security group rule allows all outgoing data packets. In this case, you do not need to configure a security group rule for the ECS. If not all outbound traffic is allowed in the security group, you need to configure an outbound rule for the ECS.
  • Secure and high-performance
  • Recommended

Public network

You need to purchase an EIP. For pricing details, see EIP Billing.

To access a DB instance from resources outside the security group that the DB instance is associated with, you need to configure an inbound rule for the security group. For details, see Configuring a Security Group Rule.

  • Less secure
  • To achieve a higher transmission rate and security level, you are advised to migrate your applications to an ECS that is in the same VPC as your RDS DB instance and use a private IP address to access the DB instance.
Figure 1 Connecting to a DB instance over a private or public network

Connection Methods

Table 2 Connection methods

Connection Method

Description

Connecting to an RDS for MySQL Instance Through DAS (Recommended)

DAS enables you to manage databases on a web-based console. It supports SQL execution, advanced database management, and intelligent O&M, simplifying database management and improving both efficiency and data security. The permissions required for connecting to DB instances through DAS are enabled by default.

Connecting to an RDS for MySQL Instance Through the MySQL CLI Client

In Linux, you need to install the mysql client on the ECS and connect to the instance through the MySQL CLI over a private or public network.

  • A private IP address is provided by default.

    When your applications are deployed on an ECS that is in the same region and VPC as the RDS for MySQL instance, you are advised to use a floating IP address to connect to the instance through the ECS.

  • If you cannot access your RDS instance through a floating IP address, bind an EIP to the instance and connect to the instance through the EIP.

Connecting to an RDS for MySQL Instance Through the GUI

In Windows, you can use any common database client to connect to an RDS for MySQL instance.

Connecting to an RDS for MySQL Instance Through JDBC

If you are connecting to an instance through JDBC, the SSL certificate is optional. For security reasons, you are advised to download the SSL certificate to encrypt the connection. SSL is disabled by default for RDS for MySQL instances. You can enable SSL by referring to Configuring an SSL Connection. SSL encrypts connections to databases but it increases the connection response time and CPU usage. Therefore, you are advised not to enable SSL.