After you create an ApsaraDB RDS for MySQL instance and complete the required configurations, such as account creation and whitelist setting, you can connect to the RDS instance by using a client or the CLI. This topic describes how to connect to an RDS instance by using a client or the CLI through the Internet or internal networks. This topic also provides describes how to handle common errors related to connection failures.
Prerequisites
Suggestions
To reduce latencies and improve stability, we recommend that you connect an Elastic Compute Service (ECS) instance to the RDS instance over an internal network. If you want to connect the instance over an internal network, make sure that the following conditions are met:
The ECS instance and RDS instance are created by using the same Alibaba Cloud account and reside in the same region and virtual private cloud (VPC). The private IP address of the ECS instance is added to an IP address whitelist of the RDS instance.
NoteYou can obtain the private IP address of the ECS instance on the Instances page.
If you want to connect to the RDS instance over the Internet, we recommend that you use the instance endpoint.
NoteRun the
curl ipinfo.io/ip
orcurl ifconfig.me
command to obtain the public IP address of the on-premises device. We recommend that you run thecurl ipinfo.io/ip
command.The public IP address may change during the instance upgrade or specification change. If the public IP address of the on-premises device is added to an IP address whitelist but the connection still fails, you can resolve the issue based on Why am I unable to connect to my ApsaraDB RDS for MySQL instance or ApsaraDB RDS for MariaDB instance from a local server over the Internet?
Procedure
Use the CLI to connect to an RDS instance
The following example describes how to connect to an RDS instance from a server that runs Linux. You must install MySQL on the server before the connection. You can run the following commands to install MySQL:
If you use a CentOS operating system, run the
sudo yum install mysql command
.If you use an Ubuntu operating system, run the
sudo apt-get update
command and then thesudo apt install mysql-server
command.
Log on to the server from which you want to connect to the RDS instance. For example, the server can be an ECS instance or an on-premises device.
NoteFor more information about how to log on to an ECS instance, see the "Connect to an instance" section in Create and manage an ECS instance by using the ECS console (express version).
Run the connection command:
mysql -hEndpoint -PPort -uUsername -pPassword
NoteYou can enter the password after you run the command.
The uppercase letter P specifies the port number, and the lowercase letter p specifies the password.
Endpoint and port number: Enter the endpoint and port number that are used to connect to the RDS instance.
Scenario
Endpoint to be obtained
Method to obtain the endpoint
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance meet the conditions for communication over an internal network.
Internal endpoint of the RDS instance
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the Basic Information section of the page that appears, click View Details to the right of the Network Type parameter to view the endpoint and port number that are used to connect to the RDS instance.
NoteThe public endpoint is displayed only after a public endpoint is applied for the RDS instance by clicking Apply for Public Endpoint.
You can modify the read/write endpoint of an RDS cluster in the Cluster Read/Write Connection section and modify the read-only endpoint of the RDS cluster in the Cluster Read-only Connection section.
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance do not meet the conditions for communication over an internal network.
Public endpoint of the RDS instance
You want to connect to the RDS instance from an on-premises device.
Username and password: You can obtain the username and password of the account that is used to connect to the RDS instance from the Accounts page of the instance details page.
Example command
Connection established
NoteIf connection errors occur, you can resolve the errors by following the instructions provided in Common connection errors.
Use MySQL Workbench to connect to an RDS instance
You can use a general-purpose MySQL client to connect to an RDS instance. The following example describes how to use MySQL Workbench 8.0.29 to connect to an RDS instance. If you use a different client, the connection operations are similar.
Install MySQL Workbench. For more information, visit the MySQL Workbench download page.
Start MySQL Workbench and choose .
Enter the connection information and click OK.
Hostname and Port: Enter the endpoint and port number that are used to connect to the RDS instance.
Scenario
Endpoint to be obtained
Method to obtain the endpoint
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance meet the conditions for communication over an internal network.
Internal endpoint of the RDS instance
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the Basic Information section of the page that appears, click View Details to the right of the Network Type parameter to view the endpoint and port number that are used to connect to the RDS instance.
NoteThe public endpoint is displayed only after a public endpoint is applied for the RDS instance by clicking Apply for Public Endpoint.
You can modify the read/write endpoint of an RDS cluster in the Cluster Read/Write Connection section and modify the read-only endpoint of the RDS cluster in the Cluster Read-only Connection section.
You want to connect to the RDS instance from an ECS instance. The ECS instance and the RDS instance do not meet the conditions for communication over an internal network.
Public endpoint of the RDS instance
You want to connect to the RDS instance from an on-premises device.
Username and Password: You can obtain the username and password of the account that is used to connect to the RDS instance from the Accounts page of the instance details page. .
Use Navicat to connect to an RDS instance
Start the Navicat client.
In the toolbar, click Connection and select the type of the database to be connected.
NoteIf your Navicat client is outdated, Alibaba Cloud is not displayed. You can select a database type such as MySQL or PostgreSQL.
Enter information about the RDS instance to which you want to connect. The following table describes the required parameters.
Parameter
Description
Connection Name
Enter a custom name for the connection.
Host
Enter the internal or public endpoint of the RDS instance.
If your client is deployed on an Elastic Compute Service (ECS) instance and the ECS instance is created by using the same Alibaba Cloud account and resides in the same region and virtual private cloud (VPC) as the RDS instance, use the internal endpoint.
In other situations, use the public endpoint.
Port
Enter the internal or public port of the RDS instance. For example, the default port of an ApsaraDB RDS for MySQL instance is 3306.
User Name
Enter the username of the account that is used to connect to the RDS instance.
Password
The password of the account that is used to connect to the RDS instance.
Click OK.
NoteIf the enhanced whitelist mode is enabled for your RDS instance and you want to connect your device to the instance over the Internet, you must add the public IP address of the device to the IP address whitelist of the classic network type.
Cross-region or cross-account connections between an ECS instance and an RDS instance
Internet-based connection: You can use the public endpoint of the RDS instance to establish a cross-region or cross-account Internet-based connection to the RDS instance. You are not charged for the inbound and outbound Internet traffic generated on the RDS instance.
Internal network-based connection: If the ECS instance and the RDS instance reside in different regions or within different Alibaba Cloud accounts, you cannot connect the instances over an internal network. VPCs are isolated from each other. However, you can use VPC peering connections or a Cloud Enterprise Network (CEN) instance to connect two different VPCs. This way, the ECS instance can connect to the RDS instance across regions or Alibaba Cloud accounts.
VPC peering connection: enables communication between VPCs across regions or Alibaba Cloud accounts at low costs. However, a VPC peering connection is relatively complex to configure. This method is suitable for simple scenarios in which a small number of VPCs need to be connected.
CEN instance: enables communication between VPCs across regions or Alibaba Cloud accounts at high costs. However, a CEN instance is simple to configure. This method is suitable for complex scenarios in which a large number of VPCs need to be connected.
Common connection errors
FAQ
Do RDS instances support elastic IP addresses (EIPs)?
No, RDS instances do not support EIPs.
How do I resolve the issue that I fail to use Telnet to connect my computer to an RDS instance?
If you fail to use Telnet to connect your computer to an RDS instance, you can check the following items:
Whether the service port of the RDS instance is correct and accessible over the Internet.
Whether the security group or firewall rule of the RDS instance allows the access requests from the IP address of your computer.
Whether the connection parameters, such as the hostname and port number, are correctly configured.
Whether the firewall rule of your computer blocks the port that is used to connect to the RDS instance.
Whether the issue is a Telnet-specific issue. You can use other methods, such as the
mysql
client or database management tool, to connect to the RDS instance for the check.
How do I allow a user to connect to my RDS for MySQL database?
Perform the following steps to allow a user to connect to your RDS for MySQL database:
Create a standard account and grant it permissions to access the RDS for MySQL instance.
Apply for a public endpoint for the instance.
Configure an IP address whitelist for the instance. If the user uses an ECS instance to connect to your RDS instance, add the internal IP address or security group ID of the ECS instance to the whitelist. If the user uses a local MySQL client to connect to your RDS instance, add the IP address of the client to the whitelist.
Provide the connection information, including the public endpoint of your instance, the database name, the created database account, and the password of the account, to the user.
Let the user to use the CLI to connect to your database.
References
For more information about how to troubleshoot connection errors, see What do I do if I fail to connect to an ApsaraDB RDS instance?
For more information about how to connect to an RDS instance in a more convenient and efficient manner, see Use DMS to log on to an ApsaraDB RDS for MySQL instance.
For more information about how to connect to an RDS instance that runs a different database engine, see the following topics: