MySQL RDS instance

In this article we will go through the steps of configuring a MySQL Relational Database Service (RDS) instance using Alibaba Cloud.

Spin up an MySQL RDS instance using the console. The instance created will show up in the list of available RDS instances.The RDS instance will be created under a specif region and any Elastic Cloud Service instance (ECS) sharing the same VPC can connect to the RDS.

Configure white-list

The RDS instance maintains a white-list. To connect a specific ECS instance, the internal IP of the instance has to be white-listed. (If not you will not be able to connect to the MySQL RDS even though the Internal Endpoint DNS is reachable). Below shows what an MySQL RDS detail might look like.

MySQL RDS instance in Alibaba Cloud.
Configuring MySQL RDS instance white-list.

The Internal Endpoint is the name for the MySQL RDS cluster. You can not connect to this endpoint from anywhere within the VPC.

Create RDS User Account(s)

Navigate to the ‘Accounts’ to create a new user account. Here you can create a ‘Privileged Account’  or ‘Standard Account’. This account is the account for the RDS server instance. For best practice, applications should using ‘Privileged Account’ types to connect to the RDS using ‘Standard Account’ permissions.

Creating a 'Standard Account' using console

You can also create user accounts using the DMS portal. This will allow you to configure granular permissions. Below shows an example:

Example of a RDS 'Standard Account' instance user

Connecting to the instance using DMS

One of the easiest ways to connect and view your MySQL RDS instance is to use Alibaba Cloud’s DMS portal. The portal is accessible by navigating to the the RDS instance and clicking ‘Log On To DB’ to open the DMS portal.

Alibaba Cloud console link to DMS portal

The DMS portal acts as an IDE and allows you to execute queries, configure your MySQL databases and instance. Below shows what you might see for a MySQL WordPress database.

DMS showing User Management window
DMS showing Database Management for a WordPress instance

Connecting to the instance using MySQL CLI

To connect to the RDS instance from on ECS instance, you will need to use the MySQL command line interface (CLI). The MySQL CLI can be either installed directly onto the ECS or run from a Docker container instance. Assuming that you have Docker installed, run the Docker command to start an MySQL instance. Make sure that MySQL port, 3306 is not already bound to a particular application.

$ docker run -p 3306:3306 -e MYSQL_ROOT_PASSWORD=pass mysql:5.7
$ docker exec -it [docker_image_id] /bin/bash
$ mysql -h [rds_endpoint] -u wpadmin -p -D wpdb01

You can also run commands without entering the docker MySQL container.

$ docker run mysql:5.7 mysql -h[rds_endpoint] \
-uwpadmin -p[password] \
-Dwpdb01 -e"select Host, User from mysql.user"

Troubleshooting MySQL connections

Checking port 3306

Check that port 3306 is used by your MySQL cli using the following command.

$ netstat -na | find "3306"

If you are running a MySQL instance, it should look like the following image. If not, the netstat command should not show anything listening on 3306 port.

CMD to check port 3306

Checking RDS end point

You can test the connection between the ECS and RDS instance by attempting to resolve the name space of the internal endpoint. You can also ping the end point to check if you can connect to the RDS instance.

$ nslookup [rds_internal_endpoint]

Note The RDS endpoint can be resolved as long as the DNS server is reachable. However verifying that the endpoint resolves does not guarantee that the database instance is accessible.