Connect to your ApsaraDB RDS for MySQL instance from an Elastic Compute Service (ECS) instance or an on-premises device using the MySQL CLI or a GUI client such as MySQL Workbench or Navicat.
Prerequisites
Before you begin, make sure that you have:
An RDS instance with a database and an account created
An IP address whitelist configured for the RDS instance
Choose your connection type
Your connection type determines which endpoint to use.
| Scenario | Endpoint to use | How to get it |
|---|---|---|
| Your ECS instance and RDS instance use the same Alibaba Cloud account, are in the same region, and belong to the same VPC | Internal endpoint | RDS console > Instances > click the instance ID > Basic Information > click View Details next to Network Type |
| Any other scenario — different account, different region, different VPC, or connecting from an on-premises device | Public endpoint | Same path as above. The public endpoint appears only after you click Apply for Public Endpoint. |
For internal-network connections, get the private IP address of your ECS instance from the Instances page and add it to the RDS IP address whitelist.
For cross-region or cross-account internal-network connections, VPCs are isolated by default. Use a VPC peering connection (low cost but complex to configure, best for connecting a small number of VPCs) or a Cloud Enterprise Network (CEN) instance (higher cost but simpler to configure, best for connecting a large number of VPCs) to bridge the VPCs. You can also connect over the Internet using the public endpoint — inbound and outbound traffic on the RDS instance is not charged.
Procedure
Connect using the CLI
Install MySQL before connecting:
CentOS:
sudo yum install mysqlUbuntu:
sudo apt-get updatethensudo apt install mysql-server
Steps:
Log in to your server (an ECS instance or an on-premises device).
For ECS login instructions, see the Connect to an instance section in Create and manage an ECS instance by using the ECS console (express version).
Run the connection command:
-P(uppercase) is the port.-p(lowercase) is the password. The default MySQL port is3306. Get the username and password from the Accounts page in the instance details.mysql -h<Endpoint> -P<Port> -u<Username> -p<Password>You can omit the password flag and enter it when prompted.
A successful connection displays the MySQL prompt: Example command: If the connection fails, check the following: For error-specific solutions, see Troubleshooting.
Is your client IP address added to the RDS IP address whitelist? Run
curl ipinfo.io/ipto get your public IP address, then add it to the whitelist.Are you using the internal endpoint when the ECS and RDS instances don't meet the internal-network conditions? Switch to the public endpoint.
Is the endpoint format correct? Valid endpoints follow the format
rm-xxxxxx.mysql.rds.aliyuncs.com.Are the username and password correct? Get them from the Accounts page in the instance details.
Connect using MySQL Workbench
This example uses MySQL Workbench 8.0.29. Other MySQL clients follow a similar process.
Open MySQL Workbench and choose Database > Connect to Database.
Enter the connection details and click OK.
The public endpoint appears only after you click Apply for Public Endpoint. For RDS clusters, modify the read/write endpoint in the Cluster Read/Write Connection section and the read-only endpoint in the Cluster Read-only Connection section.
Parameter Description Example value Hostname The internal or public endpoint of the RDS instance. See Choose your connection type. rm-xxxxxx.mysql.rds.aliyuncs.comPort The port number. 3306Username The account username. Get it from the Accounts page in the instance details. alicePassword The account password. — 
Connect using Navicat
Open Navicat and click Connection in the toolbar. Select the database type to connect to.
If your Navicat client is outdated, Alibaba Cloud may not appear in the list. Select MySQL or PostgreSQL instead.
Enter the connection details.
Parameter Description Example value Connection Name A name for this connection. my-rds-prodHost The internal or public endpoint of the RDS instance. Use the internal endpoint if the ECS and RDS instances meet internal-network conditions; otherwise use the public endpoint. rm-xxxxxx.mysql.rds.aliyuncs.comPort The port number. 3306User Name The account username. alicePassword The account password. — 
Click OK.
If enhanced whitelist mode is enabled and you're connecting over the Internet, add the public IP address of your device to the IP address whitelist of the classic network type.
Troubleshooting
FAQ
Do RDS instances support elastic IP addresses (EIPs)?
No, RDS instances do not support EIPs.
Telnet to my RDS instance fails. What should I check?
Check the following:
The service port of the RDS instance is correct and accessible over the Internet.
The security group or firewall allows access from your computer's IP address.
The hostname and port number are correctly configured.
Your computer's firewall doesn't block the port used to connect to the RDS instance.
The issue is not Telnet-specific. Use the
mysqlclient or another database management tool to verify connectivity independently.
How do I let another user connect to my RDS for MySQL database?
Create a standard account and grant it the required permissions.
Apply for a public endpoint for the instance.
Configure an IP address whitelist: add the internal IP address or security group ID of the user's ECS instance, or the public IP address of their local client.
Share the public endpoint, database name, account username, and password with the user.
Have the user connect via the CLI.
What's next
Use DMS to connect to your RDS instance — a browser-based alternative that requires no client installation
Connect to other database engines: SQL Server, PostgreSQL, MariaDB