AWS Aurora MySQL serverless: how to connect from MySQL Workbench
Solution 1
From https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/aurora-serverless.html :
- You can't give an Aurora Serverless DB cluster a public IP address.
- You can access an Aurora Serverless DB cluster only from within a virtual private cloud (VPC) based on the Amazon VPC service.
- You can't access an Aurora Serverless DB cluster's endpoint through an AWS VPN connection or an inter-region VPC peering connection. There are limitations in accessing a cluster's endpoint through an intra-region VPC peering connection; for more information, see Interface VPC Endpoints (AWS PrivateLink) in the Amazon VPC User Guide. However, you can access an Aurora Serverless cluster's endpoint through an AWS Direct Connect connection.
So, aside from SSH-ing through an EC2 instance, you can also access your serverless cluster with mySQL Workbench with AWS Direct Connect.
You can also set up a mySQL Workbench through a RDP connection to a Windows EC2 and access the Serverless cluster. This instance only needs to be up when you need to access the Aurora.
If one of the setups here don't work, the usual suspects are the VPC Security group, firewall rules vs port number configured on the cluster or IAM configuration if connecting using IAM.
Solution 2
One way to connect to an Aurora Serverless DB cluster is by using an Amazon EC2 instance. You cannot create publicly accessible Aurora Serverless DB clusters in the Preview. This task walks you through creating a publicly accessible Amazon EC2 instance in your VPC. You can use this Amazon EC2 instance to connect to an Aurora Serverless DB cluster.
This is directly from the docs provided upon preview signup. Please try creating an EC2 instance and using SSH Tunnel method in your MYSQL Workbench or SQL UI of choice. During the preview the Aurora Serverless is not allowed to be set to publicly accessible.
Solution 3
A common pattern used by customers for connecting to VPC only services (like Aurora Serverless, Amazon Neptune, Amazon DocDB etc) is to have a middle layer (EC2 instance, or ALB etc) and making the middle layer accessible from outside the VPC. If your use case is just trying out some queries or connecting a workbench, then the easiest thing to do is:
- Resolve the DNS of the serverless db and obtain its IP
- Create an ALB in your VPC, with a target group to the IP that you found in #1
- Create a new security group and attach that to your ALB
- Update the SG to allow inbound from where ever you want. If you want public internet access, then allow inbound from all IPs, enable an internet gateway in your VPC, and use a public subnet for your ALB.
Once all of this is done, you would end up with a new DNS - that points to your ALB. Make sure that your ALB is set up correctly by:
- Using telnet to connect to your ALB endpoint.
telnet alb-endpoint alb-port. If it succeeds, then you have a full end to end connection (not jsut to your ALB, but all the way through). - Verify ALB metrics to make sure that all health checks are passing.
Once this is done, use the ALB endpoint in workbench, and you are good to go.
This pattern is recommended only for non production systems. The concerning step is the one where you resolve the DNS to an IP - that IP is ephemeral, it can change when scale compute or failover happens in the background.
Hope this helps, let me know if you need more details on any step. Here is a related answer for Neptune:
Connect to Neptune on AWS from local machine
Solution 4
To connect to Aurora serverless or any database in private subnet you will need a 'jump host' which can be any EC2 instance in a public subnet.
Follow Below Steps:
- Open the security group attached to the database, and add new rule as below:-
Type:MYSQL/Aurora, Protocol:TCP, PortRange:3306,
Source:securitygroupofEC2 (you can all security group by entering 'sg-')
- Open the security group attached to the EC2, and make port 22 is open. If not, add a new rule as below:-
Type:SSH, Protocol:TCP, PortRange:22, Source:MY IP
- Open Workbench, Click New connection
- Standard TCP/IP over SSH - SSH Hostname : < your EC2 Public IP > #34.3.3.1 - SSH Username : < your username > #common ones are : ubuntu, ec2-user, admin - SSH KeyFile: < attach your EC2 .pem file> - MYSQL Hostname: <database endpoint name> #mydb.tbgvsblc6.eu-west-1.rds.amazonaws.com - MYSQL Port: 3306 - Username : <database username> - Password: <database password>
Click 'test connection' and boom done!!
Solution 5
We can't connect Aurora Serverless directly from MySQL Workbench as only private IPs assigned to Aurora Serverless, not public IP ones.
We can connect Aurora Serverless from EC2 but can't connect Aurora Serverless through the Mysql Workbench SSH tunnel.
We can't connect Aurora Serverless through ALB as ALB allow only HTTP and HTTPS traffic. you can telnet ALB-RDS-DNS from local but can't connect to MySQL Workbench
Then what is a solution here;
- We can connect Aurora Serverless through NLB as NLB allow traffic over TCP protocol;
Steps 1: Create NLB and add listener Load Balancer Protocol: TCP, and Load Balancer Port :3306
Step 2: Select the VPC (It should be the same VPC of Aurora Serverless Cluster), and add subnets (public)
Step 3: Navigate to Configure Routing, select Target type: IP, and Protocol: TCP,Port:3306
Step 4: Use DNS Checker to get private IP of Aurora Serverless Cluster, and add those IPs with port 3306
Step 5: Create NLB
Now modify the Security group of Aurora Serverless Cluster, allow traffic from either 0.0.0.0 (not recommended) or VPC CIDR
Now, go to Mysql Workbench and use the NLB DNS name, and try to connect using the correct username and password of Aurora Serverless Cluster.
Phong Vu
Updated on July 09, 2022Comments
-
Phong Vu almost 2 years
I was trying to use AWS Aurora Serverless for MySQL in my project, but I am impossible to connect to it, though I have the endpoint, username, password.
What I have done:
- From AWS console managment, I select RDS > Instances > Aurora > Serverless
- Leave the default settings
- Create database
- AWS will only create an AWS Cluster
- I open MySQL Workbench, and use endpoint, username, password to connect the database
Ressult:
Your connection attempt failed for user 'admin' from your host to server at xxxxx.cluster-abcdefg1234.eu-west-1.rds.amazonaws.com:3306: Can't connect to MySQL server on 'xxxxx.cluster-abcdefg1234.eu-west-1.rds.amazonaws.com' (60)
Did I make any wrong steps ? Please advice me.
****EDIT****
I tried to create another Aurora database with capacity type: Provisioned. I can connect to the endpoint seamlessly with username and password by MySql workbench. It means that the port 3306 is opened for workbench.
About the security group:
-
Phong Vu over 5 yearsThanks for advice, however it's not the case ( please refer my update on question)
-
Phong Vu over 5 yearsAWS created only cluster for Aurora MySql type Serverless, no instance at all.
-
Phong Vu over 5 yearsHi cmtzco, if so, it's currently not the time to use Aurora Serverless DB for production until it's official release. Am I correct?
-
cmtzco over 5 years@PeterPham Yeah I'd suggest just testing it for possible use. It looks like it got announced for public use 5 days ago though. aws.amazon.com/blogs/aws/aurora-serverless-ga -
mattferrin over 5 years@cmtzco The tunneling part is what has stumped me: stackoverflow.com/questions/52448301/…
-
Drakarian almost 5 yearsHe's asking about Aurora Serverless, which doesn't have the "Publicly Accessible" option
-
Carlos Delgado over 4 years@cmtzco here are some pretty clear instructions: aws.amazon.com/es/getting-started/tutorials/… -
Justin Soliz almost 4 yearsIt seems as of now, Serverless DB is also accessible via AWS Client VPN docs.aws.amazon.com/vpn/latest/clientvpn-admin/…
-
Ricardo almost 4 years@Yoga Do you have more info about how to use AWS Direct Connect with Aurora? Thanks.
-
Takayuki Sato over 3 yearsALB doesn't fit for this use case, since ALB supports HTTP/HTTPS protocol only, but connecting to Aurora from MySQL Workbench requires MySQL protocol.
-
The-Big-K over 3 yearsThen use an NLB? -
Takayuki Sato over 3 yearsAs far as I understand, NLB also doesn't fit because Aurora doesn't provide IP address or instance id for the target.
-
Rahly over 3 yearsMySQL Workbench cannot use either
-
Aditya Purandare over 3 yearsTailscale VPN sets up a reverse NAT and you can deploy that on an EC2 instance and follow the steps in this doc to set it as a subnet relay. With that, my team has been able to set up (took us 30 mins) and connect to Aurora Serverless from MySQL workbench and Sequel Pro. Hope it helps. :)
-
njam almost 3 yearsNice it works! One potential downside of this might be that the NLB's healthcheck will prevent the Aurora instance to ever shut down completely (if this is relevant).
-
Fernando Santiago almost 3 yearsIn step 4, how can i get the private IP of my aurora serverless cluster?
-
Amit Joshi over 2 yearsSame thing with video tutorials if some of having some queries. youtube.com/watch?v=qI4hlUrAkAU -
John Cido over 2 years@FernandoSantiago You can perform
nslookup ****.rds.amazonaws.comand add all the IPv4 addresses to the NLB target group. -
Etep over 2 yearsThis should be the accepted answer with maybe a link to the AWS docs as Yoga above pointed out. Doing this gets you up and running quick especially if your end goal is a development project. Spend more time coding, leave the admin to the admins... ;)
-
JakubKnejzlik over 2 years@TakayukiSato that's what's "Resolve the DNS of the serverless db and obtain its IP" for . But the IP addresses may change so it's definitely short term/development solution
-
tschumann over 2 yearsThis works well enough but it doesn't allow mysqldump for example.
