This topic describes how to configure IP address whitelists and use a database client or the CLI to connect to an ApsaraDB RDS for MySQL instance.
Prerequisites
The operations that are described in the following topics are complete:Step 1: Check whether your application can connect to the RDS instance over an internal network
- View the region of the Elastic Compute Service (ECS) instance on which your application is deployed. Also, view the network type of the ECS instance. For more information, see Get ready to use ApsaraDB RDS for MySQL.
- View the region and network type of the RDS instance.
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region where the RDS instance resides. Then, find the RDS instance and click the instance ID. On the page that appears, you can view the region, network type, and virtual private cloud (VPC) ID of the RDS instance.
- Check whether the ECS instance and the RDS instance meet the following conditions
for communication over an internal network:
- The ECS instance and the RDS instance reside in the same region.
- The ECS instance and the RDS instance reside in the same type of network. If the ECS instance and the RDS instance both reside in VPCs, these instances must reside in the same VPC.
Note If one of the preceding conditions is not met, the ECS instance cannot communicate with the RDS instance over an internal network.
Step 2: Configure IP address whitelists for the RDS instance
- Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the left-side navigation pane, click Data Security.
- View the network isolation mode of the RDS instance.
Note Existing RDS instances may run in enhanced whitelist mode. New RDS instances run in standard whitelist mode.
Figure 1. Standard whitelist mode Figure 2. Enhanced whitelist mode - Click Modify to the right of the IP address whitelist named default.
Note You can also click Create Whitelist to create an IP address whitelist.
- Add the IP address of the server on which your application is deployed to the default
IP address whitelist.
The server can communicate with the RDS instance only after you add the IP address of the server to the default IP address whitelist.
The following table describes various connection scenarios. You can obtain the required IP address based on your connection scenario and add the IP address to an IP address whitelist of the RDS instance.
Table 1. Obtain IP addresses Connection scenario IP address to be obtained How to obtain the IP address You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance meet the conditions for communication over an internal network. The private IP address of the ECS instance - Log on to the ECS console and go to the Instances page.
- In the top navigation bar, select the region where the ECS instance resides.
- View the public IP address and private IP address of the ECS instance.
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance do not meet the conditions for communication over an internal network. The public IP address of the ECS instance You want to connect to the RDS instance from an on-premises device. The public IP address of the on-premises device On the on-premises device, use a search engine such as Google to search for IP. Note The IP address that you obtain by using this method may be inaccurate. For more information about how to obtain the accurate IP address of an on-premises device, see Why am I unable to connect to my ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instance from a local server over the Internet?Note- If you add multiple IP addresses and CIDR blocks to an IP address whitelist, you must separate the IP addresses and CIDR blocks with commas (,) and leave no spaces before and after each comma.
- You can add a maximum of 1,000 IP addresses and CIDR blocks in total for each RDS instance. If you want to add a large number of IP addresses, we recommend that you merge the IP addresses into CIDR blocks, such as 10.10.10.0/24.
- If an RDS instance runs in standard whitelist mode, you do not need to take note of
special considerations when you configure IP address whitelists for the RDS instance.
If an RDS instance runs in enhanced whitelist mode, you must take note of the following
considerations when you configure IP address whitelists for the RDS instance:
- Add public IP addresses or the private IP addresses of classic network-hosted ECS instances to IP address whitelists of the classic network type.
- Add the private IP addresses of VPC-hosted ECS instances to IP address whitelists of the VPC network type.
- Click OK.
Step 3: Connect to the RDS instance
To connect to the RDS instance by using the CLI, perform the following steps:
- Log on to the server from which you want to connect to the RDS instance. For example,
the server can be an ECS instance or an on-premises device.
Note For more information about how to log on to an ECS instance, see the "Connect to an instance" section in Create and manage an ECS instance by using the ECS console (express version).
- Run the following command:
mysql -hEndpoint -PPort number -uUsername -p //Take note that the uppercase letter P precedes the lowercase letter p.
- Endpoint and port number: Enter the endpoint and port number that are used to connect
to the RDS instance.
Connection scenario Endpoint to be obtained How to obtain the endpoint You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance meet the conditions for communication over an internal network. For more information, see the "Step 1: Check whether your application can connect to the RDS instance over an internal network" section of this topic. The internal endpoint of the RDS instance - Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the Basic Information section of the page that appears, click See Details to the right of the Network Type parameter to view the endpoint and port number that
are used to connect to the RDS instance.
Note- Before you can view the endpoint and port number that are used to connect to the RDS instance, you must configure IP address whitelists for the RDS instance.
- A public endpoint is displayed only after you click Apply for Public Endpoint to apply for a public endpoint for the RDS instance.
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance do not meet the conditions for communication over an internal network. The public endpoint of the RDS instance Connect to the RDS instance from an on-premises device. - Username and password: Obtain the username and password of the account that is used to connect to the RDS instance from the Accounts page.
Figure 3. Example Figure 4. Successful connection Note If connection errors occur, you can troubleshoot the errors by following the instructions provided in Common connection errors. - Endpoint and port number: Enter the endpoint and port number that are used to connect
to the RDS instance.
You can use a general-purpose MySQL client to connect to the RDS instance. In this example, MySQL Workbench is used. The methods of using other database clients to connect to the RDS instance are similar.
- Go to the MySQL Community Downloads page, select the MySQL Workbench software package that can be used with your operating system, and then click Download.
- Install MySQL Workbench.
- Start MySQL Workbench and choose .
- Enter the information that is used to connect to the RDS instance.
- Hostname and Port: Enter the endpoint and port number that are used to connect to the RDS instance.
Connection scenario Endpoint to be obtained How to obtain the endpoint You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance meet the conditions for communication over an internal network. For more information, see the "Step 1: Check whether your application can connect to the RDS instance over an internal network" section of this topic. The internal endpoint of the RDS instance - Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
- In the Basic Information section of the page that appears, click See Details to the right of the Network Type parameter to view the endpoint and port number that
are used to connect to the RDS instance.
Note- Before you can view the endpoint and port number that are used to connect to the RDS instance, you must configure IP address whitelists for the RDS instance.
- A public endpoint is displayed only after you click Apply for Public Endpoint to apply for a public endpoint for the RDS instance.
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance do not meet the conditions for communication over an internal network. The public endpoint of the RDS instance Connect to the RDS instance from an on-premises device. - Username and Password: Obtain the username and password of the account that is used to connect to the RDS instance from the Accounts page.
- Hostname and Port: Enter the endpoint and port number that are used to connect to the RDS instance.
Common connection errors
Error message | Cause and solution |
---|---|
mysql command not found | MySQL is not installed. Run the following commands to install MySQL:
|
SSL connection error: SSL is required but the server doesn't support it | You are using the latest version of MySQL Workbench. In this version, standard TCP/IP connections require SSL encryption. However, the connected server does not support SSL encryption. In this case, you can download an earlier version of MySQL Workbench to establish regular connections. |
Can't connect to MySQL server on 'rm-bp1xxxxxxxxxxxxxx.mysql.rds.aliyuncs.com'(10060)
Cannot Connect to Database Server Your connection attempt failed for user 'xx" to the MySQL server |
|
Access denied for user 'xxxxx'@'xxxxx'(using password:YES) | This error occurs because the username and password that you entered are incorrect. You can obtain the correct username and password from the Accounts page. |
Unknown MySQL server host 'xxxxxxxxx'(11001) | This error occurs because the endpoint that you entered is invalid. Valid endpoints are in the rm-xxxxxx.mysql.rds.aliyuncs.com format. |
References
- For more information about how to troubleshoot connection errors, see What do I do if I cannot connect an ECS instance to an ApsaraDB for RDS instance?
- For more information about how to connect to an RDS instance in a more convenient and efficient manner, see Use DMS to log on to an ApsaraDB RDS for MySQL instance.
- For more information about how to connect to an RDS instance that runs a different database engine, see the following topics: