Amazon Aurora
User Guide for Aurora (API Version 2014-10-31)

Migrating Data from an External MySQL Database to an Amazon Aurora MySQL DB Cluster

If your database supports the InnoDB or MyISAM tablespaces, you have these options for migrating your data to an Amazon Aurora MySQL DB cluster:

Migrating Data from MySQL by Using an Amazon S3 Bucket

You can copy the full and incremental backup files from your source MySQL version 5.5 or 5.6 database to an Amazon S3 bucket, and then restore an Amazon Aurora MySQL DB cluster from those files.

This option can be considerably faster than migrating data using mysqldump, because using mysqldump replays all of the commands to recreate the schema and data from your source database in your new Aurora MySQL DB cluster. By copying your source MySQL data files, Aurora MySQL can immediately use those files as the data for an Aurora MySQL DB cluster.

Note

The Amazon S3 bucket and the Amazon Aurora MySQL DB cluster must be in the same AWS Region.

Aurora MySQL doesn't restore everything from your database. You should save the database schema and values for the following items from your source MySQL database and add them to your restored Aurora MySQL DB cluster after it has been created:

  • User accounts

  • Functions

  • Stored procedures

  • Time zone information. Time zone information is loaded from the local operating system of your Amazon Aurora MySQL DB cluster. For more information, see Local Time Zone for Amazon Aurora DB Clusters.

You can encrypt the data being migrated, or leave the data unencrypted during the migration process.

Also, decide whether you want to minimize downtime by using binary log replication during the migration process. If you use binary log replication, the external MySQL database remains open to transactions while the data is being migrated to the Aurora MySQL DB cluster. After the Aurora MySQL DB cluster has been created, you use binary log replication to synchronize the Aurora MySQL DB cluster with the transactions that happened after the backup. When the Aurora MySQL DB cluster is caught up with the MySQL database, you finish the migration by completely switching to the Aurora MySQL DB cluster for new transactions.

Before You Begin

Before you can copy your data to an Amazon S3 bucket and restore a DB cluster from those files, you must do the following:

  • Install Percona XtraBackup on your local server.

  • Permit Aurora MySQL to access your Amazon S3 bucket on your behalf.

Installing Percona XtraBackup

Amazon Aurora can restore a DB cluster from files that were created using Percona XtraBackup. You can install Percona XtraBackup from Download Percona XtraBackup.

Note

You must use Percona XtraBackup version 2.3 or later. Aurora MySQL is not compatible with earlier versions of Percona XtraBackup.

Required Permissions

To migrate your MySQL data to an Amazon Aurora MySQL DB cluster, several permissions are required:

  • The user that is requesting that Amazon RDS create a new cluster from an Amazon S3 bucket must have permission to list the buckets for your AWS account. You grant the user this permission using an AWS Identity and Access Management (IAM) policy.

  • Amazon RDS requires permission to act on your behalf to access the Amazon S3 bucket where you store the files used to create your Amazon Aurora MySQL DB cluster. You grant Amazon RDS the required permissions using an IAM service role.

  • The user making the request must also have permission to list the IAM roles for your AWS account.

  • If the user making the request is to create the IAM service role or request that Amazon RDS create the IAM service role (by using the console), then the user must have permission to create an IAM role for your AWS account.

  • If you plan to encrypt the data during the migration process, update the IAM policy of the user who will perform the migration to grant RDS access to the KMS keys used for encrypting the backups. For instructions, see Creating an IAM Policy to Access AWS KMS Resources.

For example, the following IAM policy grants a user the minimum required permissions to use the console to list IAM roles, create an IAM role, list the Amazon S3 buckets for your account, and list the KMS keys.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:ListRoles", "iam:CreateRole", "iam:CreatePolicy", "iam:AttachRolePolicy", "s3:ListBucket", "s3:ListObjects" "kms:ListKeys" ], "Resource": "*" } ] }

Additionally, for a user to associate an IAM role with an Amazon S3 bucket, the IAM user must have the iam:PassRole permission for that IAM role. This permission allows an administrator to restrict which IAM roles a user can associate with Amazon S3 buckets.

For example, the following IAM policy allows a user to associate the role named S3Access with an Amazon S3 bucket.

{ "Version":"2012-10-17", "Statement":[ { "Sid":"AllowS3AccessRole", "Effect":"Allow", "Action":"iam:PassRole", "Resource":"arn:aws:iam::123456789012:role/S3Access" } ] }

For more information on IAM user permissions, see Using Identity-Based Policies (IAM Policies) for Amazon RDS.

Creating the IAM Service Role

You can have the AWS Management Console create a role for you by choosing the Create a New Role option (shown later in this topic). If you select this option and specify a name for the new role, then Amazon RDS creates the IAM service role required for Amazon RDS to access your Amazon S3 bucket with the name that you supply.

As an alternative, you can manually create the role using the following procedure.

To create an IAM role for Amazon RDS to access Amazon S3

  1. Complete the steps in Creating an IAM Policy to Access Amazon S3 Resources.

  2. Complete the steps in Creating an IAM Role to Allow Amazon Aurora to Access AWS Services.

  3. Complete the steps in Associating an IAM Role with an Amazon Aurora MySQL DB Cluster.

Backing Up Files to be Restored as an Amazon Aurora MySQL DB Cluster

You can create a full backup of your MySQL database files using Percona XtraBackup and upload the backup files to an Amazon S3 bucket. Alternatively, if you already use Percona XtraBackup to back up your MySQL database files, you can upload your existing full and incremental backup directories and files to an Amazon S3 bucket.

Creating a Full Backup With Percona XtraBackup

To create a full backup of your MySQL database files that can be restored from Amazon S3 to create an Amazon Aurora MySQL DB cluster, use the Percona XtraBackup utility (xtrabackup) to back up your database.

For example, the following command creates a backup of a MySQL database and stores the files in the /s3-restore/backup folder.

xtrabackup --user=myuser --password=<password> /s3-restore/backup

If you want to compress your backup into a single file (which can be split, if needed), you can use the --stream option to save your backup in one of the following formats:

  • Gzip (.gz)

  • tar (.tar)

  • Percona xbstream (.xbstream)

The following command creates a backup of your MySQL database split into multiple Gzip files.

xtrabackup --user=myuser --password=<password> --stream=tar \ /s3-restore/backup | gzip - | split -d --bytes=500MB \ - /s3-restore/backup/backup.tar.gz

The following command creates a backup of your MySQL database split into multiple tar files.

xtrabackup --user=myuser --password=<password> --stream=tar \ /s3-restore/backup | split -d --bytes=500MB \ - /s3-restore/backup/backup.tar

The following command creates a backup of your MySQL database split into multiple xbstream files.

xtrabackup --stream=xbstream --user=myuser --password=<password> \ /s3-restore/backup | split -d --bytes=500MB \ - /s3-restore/backup/backup.xbstream

Once you have backed up your MySQL database using the Percona XtraBackup utility, you can copy your backup directories and files to an Amazon S3 bucket.

For information on creating and uploading a file to an Amazon S3 bucket, see Getting Started with Amazon Simple Storage Service in the Amazon S3 Getting Started Guide.

Using Incremental Backups With Percona XtraBackup

Amazon Aurora MySQL supports both full and incremental backups created using Percona XtraBackup. If you already use Percona XtraBackup to perform full and incremental backups of your MySQL database files, you don't need to create a full backup and upload the backup files to Amazon S3. Instead, you can save a significant amount of time by copying your existing backup directories and files for your full and incremental backups to an Amazon S3 bucket. For more information about creating incremental backups using Percona XtraBackup, see Incremental Backup.

When copying your existing full and incremental backup files to an Amazon S3 bucket, you must recursively copy the contents of the base directory. Those contents include the full backup and also all incremental backup directories and files. This copy must preserve the directory structure in the Amazon S3 bucket. Aurora iterates through all files and directories. Aurora uses the xtrabackup-checkpoints file included with each incremental backup to identify the base directory and to order incremental backups by log sequence number (LSN) range.

For information on creating and uploading a file to an Amazon S3 bucket, see Getting Started with Amazon Simple Storage Service in the Amazon S3 Getting Started Guide.

Backup Considerations

When you upload a file to an Amazon S3 bucket, you can use server-side encryption to encrypt the data. You can then restore an Amazon Aurora MySQL DB cluster from those encrypted files. Amazon Aurora MySQL can restore a DB cluster with files encrypted using the following types of server-side encryption:

  • Server-side encryption with Amazon S3–managed keys (SSE-S3) – Each object is encrypted with a unique key employing strong multifactor encryption.

  • Server-side encryption with AWS KMS–managed keys (SSE-KMS) – Similar to SSE-S3, but you have the option to create and manage encryption keys yourself, and also other differences.

For information about using server-side encryption when uploading files to an Amazon S3 bucket, see Protecting Data Using Server-Side Encryption in the Amazon S3 Developer Guide.

Amazon S3 limits the size of a file uploaded to an Amazon S3 bucket to 5 terabytes (TB). If the backup data for your database exceeds 5 TB, use the split command to split the backup files into multiple files that are each less than 5 TB.

Amazon RDS limits the number of source files uploaded to an Amazon S3 bucket to 1 million files. In some cases, backup data for your database, including all full and incremental backups, can come to a large number of files. In these cases, use a tarball (.tar.gz) file to store full and incremental backup files in the Amazon S3 bucket.

Aurora consumes your backup files based on the file name. Be sure to name your backup files with the appropriate file extension based on the file format—for example, .xbstream for files stored using the Percona xbstream format.

Aurora consumes your backup files in alphabetical order and also in natural number order. Always use the split option when you issue the xtrabackup command to ensure that your backup files are written and named in the proper order.

Aurora doesn't support partial backups created using Percona XtraBackup. You can't use the following options to create a partial backup when you back up the source files for your database: --tables, --tables-exclude, --tables-file, --databases, --databases-exclude, or --databases-file.

For more information about backing up your database with Percona XtraBackup, see Percona XtraBackup - Documentation and The xtrabackup Binary on the Percona website.

Aurora supports incremental backups created using Percona XtraBackup. For more information about creating incremental backups using Percona XtraBackup, see Incremental Backup.

Restoring an Amazon Aurora MySQL DB Cluster from an Amazon S3 Bucket

You can restore your backup files from your Amazon S3 bucket to create a new Amazon Aurora MySQL DB cluster by using the Amazon RDS console.

To restore an Amazon Aurora MySQL DB cluster from files on an Amazon S3 bucket

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Instances, and then choose Restore from S3.

  3. On the Select engine page, choose Amazon Aurora, choose the MySQL-compatible edition, and then choose Next.

  4. In Specify source backup details, specify the following.

    For This Option Do This

    Source engine

    Aurora MySQL currently supports restoring from backup files only for the mysql database engine.

    Source engine version

    Type the version of the MySQL database that the backup files were created from. MySQL version 5.5 and 5.6 are supported. Type 5.5 or 5.6 in the box.

    S3 bucket

    Choose the Amazon S3 bucket that contains your backup files.

    S3 folder path prefix (optional)

    Specify a file path prefix for the files stored in your Amazon S3 bucket. The S3 Bucket Prefix is optional. If you don't specify a prefix, then Aurora MySQL creates the DB cluster using all of the files and folders in the root folder of the Amazon S3 bucket. If you specify a prefix, then Aurora MySQL creates the DB cluster using the files and folders in the Amazon S3 bucket where the full path for the file begins with the specified prefix.

    Aurora doesn't traverse other subfolders in your Amazon S3 bucket looking for backup files. Only the files from the folder identified by the S3 Bucket Prefix are used. If you store your backup files in a subfolder in your Amazon S3 bucket, specify a prefix that identifies the full path to the folder where the files are stored.

    For example, suppose that you store your backup files in a subfolder of your Amazon S3 bucket named backups. Suppose also that you have multiple sets of backup files, each in its own directory (gzip_backup1, gzip_backup2, and so on). In this case, you specify a prefix of backups/gzip_backup1 to restore from the files in the gzip_backup1 folder.

    Create a new role

    Choose Yes to create a new IAM role, or No to select an existing IAM role, to authorize Aurora to access Amazon S3 on your behalf. For more information, see Required Permissions.

    IAM role name

    Type the name of the new IAM role to be created. The new role is used to authorize Amazon Aurora to access Amazon S3 on your behalf. For more information, see Required Permissions.

    IAM role

    Select the IAM role that you created to authorize Aurora to access Amazon S3 on your behalf. If you have not created an IAM role, you can instead set Create a new role to Yes to create one. For more information, see Required Permissions.

    Allow access to KMS key

    This option is available only if Create a new role is set to Yes.

    If you didn't encrypt the backup files, choose No.

    If you encrypted the backup files with AES-256 (SSE-S3) when you uploaded them to Amazon S3, choose No. In this case, the data is decrypted automatically.

    If you encrypted the backup files with AWS-KMS (SSE-KMS) server-side encryption when you uploaded them to Amazon S3, choose Yes. Next, choose the correct master key for Master key. The AWS Management Console creates an IAM policy that enables Amazon RDS to decrypt the data.

    For more information, see Protecting Data Using Server-Side Encryption in the Amazon S3 Developer Guide.

    A typical Specify source backup details page for AWS-KMS encrypted backup files looks like the following.

    
                                Amazon Aurora migration from an Amazon S3 bucket
  5. Choose Next.

  6. On the Specify DB details page, specify your DB cluster information. The following table shows settings for a DB instance.

    For This Option Do This

    DB instance class

    Select a DB instance class that defines the processing and memory requirements for each instance in the DB cluster. For more information about DB instance classes, see Choosing the DB Instance Class.

    Multi-AZ deployment

    Determine if you want to create Aurora Replicas in other Availability Zones for failover support. If you select Create Replica in Different Zone, then Amazon RDS creates an Aurora Replica for you in your DB cluster in a different Availability Zone than the primary instance for your DB cluster. For more information about multiple Availability Zones, see Choosing the Regions and Availability Zones.

    DB instance identifier

    Type a name for the primary instance in your DB cluster. This identifier is used in the endpoint address for the primary instance of your DB cluster.

    The DB instance identifier has the following constraints:

    • It must contain from 1 to 63 alphanumeric characters or hyphens.

    • Its first character must be a letter.

    • It cannot end with a hyphen or contain two consecutive hyphens.

    • It must be unique for all DB instances per AWS account, per AWS Region.

    Master username

    Type a name using alphanumeric characters to use as the master user name to log on to your DB cluster.

    Master password

    Type a password that contains from 8 to 41 printable ASCII characters (excluding /,", and @) for your master user password.

    A typical Specify DB details page looks like the following.

    
                                Amazon Aurora Details
  7. Confirm your master password, and then choose Next.

  8. On the Configure advanced settings page, you can customize additional settings for your Aurora MySQL DB cluster. The following table shows the advanced settings for a DB cluster.

    For This Option Do This

    Virtual Private Cloud (VPC)

    Select the VPC to host the DB cluster. Select Create a New VPC to have Amazon RDS create a VPC for you. For more information, see DB Cluster Prerequisites earlier in this topic.

    Subnet group

    Select the DB subnet group to use for the DB cluster. For more information, see DB Cluster Prerequisites earlier in this topic.

    Public accessibility

    Select Yes to give the DB cluster a public IP address; otherwise, select No. The instances in your DB cluster can be a mix of both public and private DB instances. For more information about hiding instances from public access, see Hiding a DB Instance in a VPC from the Internet.

    Availability zone

    Determine if you want to specify a particular Availability Zone. For more information about Availability Zones, see Choosing the Regions and Availability Zones.

    VPC security groups

    Select Create new VPC security group to have Amazon RDS create a VPC security group for you. Or, select Select existing VPC security groups and specify one or more VPC security groups to secure network access to the DB cluster. For more information, see DB Cluster Prerequisites earlier in this topic.

    DB Cluster Identifier

    Type a name for your DB cluster that is unique for your account in the AWS Region you selected. This identifier is used in the cluster endpoint address for your DB cluster. For information on the cluster endpoint, see Amazon Aurora Connection Management.

    The DB cluster identifier has the following constraints:

    • It must contain from 1 to 63 alphanumeric characters or hyphens.

    • Its first character must be a letter.

    • It cannot end with a hyphen or contain two consecutive hyphens.

    • It must be unique for all DB clusters per AWS account, per AWS Region.

    Database name

    Type a name for your default database of up to 64 alpha-numeric characters. If you don't provide a name, Amazon RDS doesn't create a database on the DB cluster you are creating.

    To create additional databases, connect to the DB cluster and use the SQL command CREATE DATABASE. For more information about connecting to the DB cluster, see Connecting to an Amazon Aurora DB Cluster.

    Database port

    Specify the port for applications and utilities to use to access the database. Aurora MySQL DB clusters default to the default MySQL port, 3306, and Aurora PostgreSQL DB clusters default to the default PostgreSQL port, 5432. The firewalls at some companies block connections to these default ports. If your company firewall blocks the default port, choose another port for the new DB cluster.

    DB parameter group

    Select a parameter group. Aurora has a default parameter group you can use, or you can create your own parameter group. For more information about parameter groups, see Working with DB Parameter Groups and DB Cluster Parameter Groups.

    DB cluster parameter group

    Select a DB cluster parameter group. Aurora has a default DB cluster parameter group you can use, or you can create your own DB cluster parameter group. For more information about DB cluster parameter groups, see Working with DB Parameter Groups and DB Cluster Parameter Groups.

    Option group

    Aurora has a default option group.

    Copy tags to snapshots

    Applies only to Aurora PostgreSQL. Select to specify that tags defined for this DB instance are copied to DB snapshots created from this DB instance. For more information, see Tagging Amazon RDS Resources.

    IAM DB authentication

    Applies only to Aurora MySQL. Select Enable IAM DB authentication to enable IAM database authentication. For more information, see IAM Database Authentication.

    Encryption

    Select Enable Encryption to enable encryption at rest for this DB cluster. For more information, see Encrypting Amazon RDS Resources.

    Master key

    Only available if Encryption is set to Enable Encryption. Select the master key to use for encrypting this DB cluster. For more information, see Encrypting Amazon RDS Resources.

    Priority

    Choose a failover priority for the instance. If you don't select a value, the default is tier-1. This priority determines the order in which Aurora Replicas are promoted when recovering from a primary instance failure. For more information, see Fault Tolerance for an Aurora DB Cluster.

    Backup retention period

    Select the length of time, from 1 to 35 days, that Aurora retains backup copies of the database. Backup copies can be used for point-in-time restores (PITR) of your database down to the second.

    Enhanced monitoring

    Choose Enable enhanced monitoring to enable gathering metrics in real time for the operating system that your DB cluster runs on. For more information, see Enhanced Monitoring.

    Monitoring Role

    Only available if Enhanced Monitoring is set to Enable enhanced monitoring. Choose the IAM role that you created to permit Amazon RDS to communicate with Amazon CloudWatch Logs for you, or choose Default to have RDS create a role for you named rds-monitoring-role. For more information, see Enhanced Monitoring.

    Granularity

    Only available if Enhanced Monitoring is set to Enable enhanced monitoring. Set the interval, in seconds, between when metrics are collected for your DB cluster.

    Auto minor version upgrade

    This setting doesn't apply to Aurora MySQL DB clusters.

    For more information about engine updates for Aurora MySQL, see Amazon Aurora MySQL Database Engine Updates.

    Maintenance window

    Select Select window and specify the weekly time range during which system maintenance can occur. Or, select No preference for Amazon RDS to assign a period randomly.

  9. Choose Create database to launch your Aurora DB instance, and then choose Close to close the wizard.

On the Amazon RDS console, the new DB instance appears in the list of DB instances. The DB instance has a status of creating until the DB instance is created and ready for use. When the state changes to available, you can connect to the primary instance for your DB cluster. Depending on the DB instance class and store allocated, it can take several minutes for the new instance to be available.

To view the newly created cluster, choose the Clusters view in the Amazon RDS console and choose the DB cluster. For more information, see Viewing an Amazon Aurora DB Cluster.


                        Amazon Aurora DB Instances List

Note the port and the endpoint of the DB cluster. Use the endpoint and port of the DB cluster in your JDBC and ODBC connection strings for any application that performs write or read operations.

Synchronizing the Amazon Aurora MySQL DB Cluster with the MySQL Database Using Replication

To achieve little or no downtime during the migration, you can replicate transactions that were committed on your MySQL database to your Aurora MySQL DB cluster. Replication enables the DB cluster to catch up with the transactions on the MySQL database that happened during the migration. When the DB cluster is completely caught up, you can stop the replication and finish the migration to Aurora MySQL.

Configuring Your External MySQL Database and Your Aurora MySQL DB Cluster for Encrypted Replication

To replicate data securely, you can use encrypted replication.

Note

If you don't need to use encrypted replication, you can skip these steps and move on to the instructions in Synchronizing the Amazon Aurora MySQL DB Cluster with the External MySQL Database.

The following are prerequisites for using encrypted replication:

  • Secure Sockets Layer (SSL) must be enabled on the external MySQL master database.

  • A client key and client certificate must be prepared for the Aurora MySQL DB cluster.

During encrypted replication, the Aurora MySQL DB cluster acts a client to the MySQL database server. The certificates and keys for the Aurora MySQL client are in files in .pem format.

Note

Currently, encrypted replication with an external MySQL database is only supported for Aurora MySQL version 5.6.

To configure your external MySQL database and your Aurora MySQL DB cluster for encrypted replication

  1. Ensure that you are prepared for encrypted replication:

    • If you don't have SSL enabled on the external MySQL master database and don't have a client key and client certificate prepared, enable SSL on the MySQL database server and generate the required client key and client certificate.

    • If SSL is enabled on the external master, supply a client key and certificate for the Aurora MySQL DB cluster. If you don't have these, generate a new key and certificate for the Aurora MySQL DB cluster. To sign the client certificate, you must have the certificate authority key that you used to configure SSL on the external MySQL master database.

    For more information, see Creating SSL Certificates and Keys Using openssl in the MySQL documentation.

    You need the certificate authority certificate, the client key, and the client certificate.

  2. Connect to the Aurora MySQL DB cluster as the master user using SSL.

    For information about connecting to an Aurora MySQL DB cluster with SSL, see Using SSL with Aurora MySQL DB Clusters.

  3. Run the mysql.rds_import_binlog_ssl_material stored procedure to import the SSL information into the Aurora MySQL DB cluster.

    For the ssl_material_value parameter, insert the information from the .pem format files for the Aurora MySQL DB cluster in the correct JSON payload.

    The following example imports SSL information into an Aurora MySQL DB cluster. In .pem format files, the body code typically is longer than the body code shown in the example.

    call mysql.rds_import_binlog_ssl_material( '{"ssl_ca":"-----BEGIN CERTIFICATE----- AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE -----END CERTIFICATE-----\n","ssl_cert":"-----BEGIN CERTIFICATE----- AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE -----END CERTIFICATE-----\n","ssl_key":"-----BEGIN RSA PRIVATE KEY----- AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE -----END RSA PRIVATE KEY-----\n"}');

    For more information, see mysql_rds_import_binlog_ssl_material Using SSL with Aurora MySQL DB Clusters.

    Note

    After running the procedure, the secrets are stored in files. To erase the files later, you can run the mysql_rds_remove_binlog_ssl_material stored procedure.

Synchronizing the Amazon Aurora MySQL DB Cluster with the External MySQL Database

You can synchronize your Amazon Aurora MySQL DB cluster with the MySQL database using replication.

To synchronize your Aurora MySQL DB cluster with the MySQL database using replication

  1. Ensure that the /etc/my.cnf file for the external MySQL database has the relevant entries.

    If encrypted replication is not required, ensure that the external MySQL database is started with binary logs (binlogs) enabled and SSL disabled. The following are the relevant entries in the /etc/my.cnf file for unencrypted data.

    log-bin=mysql-bin server-id=2133421 innodb_flush_log_at_trx_commit=1 sync_binlog=1

    If encrypted replication is required, ensure that the external MySQL database is started with SSL and binlogs enabled. The entries in the /etc/my.cnf file include the .pem file locations for the MySQL database server.

    log-bin=mysql-bin server-id=2133421 innodb_flush_log_at_trx_commit=1 sync_binlog=1 # Setup SSL. ssl-ca=/home/sslcerts/ca.pem ssl-cert=/home/sslcerts/server-cert.pem ssl-key=/home/sslcerts/server-key.pem

    You can verify that SSL is enabled with the following command.

    mysql> show variables like 'have_ssl';

    Your output should be similar the following.

    +~-~-~-~-~-~-~-~-~-~-~-~-~-~--+~-~-~-~-~-~--+ | Variable_name | Value | +~-~-~-~-~-~-~-~-~-~-~-~-~-~--+~-~-~-~-~-~--+ | have_ssl | YES | +~-~-~-~-~-~-~-~-~-~-~-~-~-~--+~-~-~-~-~-~--+ 1 row in set (0.00 sec)
  2. Determine the starting binary log position for replication:

    1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

    2. In the navigation pane, choose Events.

    3. In the Events list, note the position in the Recovered from Binary log filename event.

      
                                        View MySQL master

      You specify the position to start replication in a later step.

  3. While connected to the external MySQL database, create a user to be used for replication. This account is used solely for replication and must be restricted to your domain to improve security. The following is an example.

    mysql> CREATE USER '<user_name>'@'<domain_name>' IDENTIFIED BY '<password>';

    The user requires the REPLICATION CLIENT and REPLICATION SLAVE privileges. Grant these privileges to the user.

    GRANT REPLICATION CLIENT, REPLICATION SLAVE ON *.* TO '<user_name>'@'<domain_name>';

    If you need to use encrypted replication, require SSL connections for the replication user. For example, you can use the following statement to require SSL connections on the user account <user_name>.

    GRANT USAGE ON *.* TO '<user_name>'@'<domain_name>' REQUIRE SSL;

    Note

    If REQUIRE SSL is not included, the replication connection might silently fall back to an unencrypted connection.

  4. In the Amazon RDS Management Console, add the IP address of the server that hosts the external MySQL database to the VPC security group for the Aurora MySQL DB cluster. For more information on modifying a VPC security group, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

    You might also need to configure your local network to permit connections from the IP address of your Aurora MySQL DB cluster, so that it can communicate with your external MySQL database. To find the IP address of the Aurora MySQL DB cluster, use the host command.

    host RDS_MySQL_DB_<host_name>

    The host name is the DNS name from the Aurora MySQL DB cluster endpoint.

  5. Enable binary log replication by running the mysql.rds_set_external_master stored procedure. This stored procedure has the following syntax.

    CALL mysql.rds_set_external_master ( host_name , host_port , replication_user_name , replication_user_password , mysql_binary_log_file_name , mysql_binary_log_file_location , ssl_encryption );

    For information about the parameters, see mysql_rds_set_external_master.

    For mysql_binary_log_file_name and mysql_binary_log_file_location, use the position in the Recovered from Binary log filename event you noted earlier.

    If the data in the Aurora MySQL DB cluster is not encrypted, the ssl_encryption parameter must be set to 0. If the data is encrypted, the ssl_encryption parameter must be set to 1.

    The following example runs the procedure for an Aurora MySQL DB cluster that has encrypted data.

    CALL mysql.rds_set_external_master( 'Externaldb.some.com', 3306, 'repl_user'@'mydomain.com', 'password', 'mysql-bin.000010', 120, 1);

    This stored procedure sets the parameters that the Aurora MySQL DB cluster uses for connecting to the external MySQL database and reading its binary log. If the data is encrypted, it also downloads the SSL certificate authority certificate, client certificate, and client key to the local disk.

  6. Start binary log replication by running the mysql.rds_start_replication stored procedure.

    CALL mysql.rds_start_replication;
  7. Monitor how far the Aurora MySQL DB cluster is behind the MySQL replication master database. To do so, connect to the Aurora MySQL DB cluster and run the following command.

    SHOW SLAVE STATUS;

    In the command output, the Seconds Behind Master field shows how far the Aurora MySQL DB cluster is behind the MySQL master. When this value is 0 (zero), the Aurora MySQL DB cluster has caught up to the master, and you can move on to the next step to stop replication.

  8. Connect to the MySQL replication master database and stop replication. To do so, run the following command.

    CALL mysql.rds_stop_replication;

Migrating from MySQL to Amazon Aurora by Using mysqldump

Because Amazon Aurora MySQL is a MySQL-compatible database, you can use the mysqldump utility to copy data from your MySQL or MariaDB database to an existing Aurora MySQL DB cluster.

For a discussion of how to do so with MySQL databases that are very large, see Importing Data to an Amazon RDS MySQL or MariaDB DB Instance with Reduced Downtime. For MySQL databases that have smaller amounts of data, see Importing Data from a MySQL or MariaDB DB to an Amazon RDS MySQL or MariaDB DB Instance.