Menu
Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Connecting to an Amazon Aurora DB Cluster

You can connect to an Aurora DB instance using the same tools that you use to connect to a MySQL database, including using the same public key for Secure Sockets Layer (SSL) connections. You can use the endpoint and port information from the primary instance or Aurora Replicas in your Amazon Aurora DB cluster in the connection string of any script, utility, or application that connects to a MySQL DB instance. In the connection string, specify the DNS address from the primary instance or Aurora Replica endpoint as the host parameter, and specify the port number from the endpoint as the port parameter.

Once you have a connection to your Amazon Aurora DB cluster, you can execute any SQL command that is compatible with MySQL version 5.6. For more information about MySQL 5.6 SQL syntax, see the MySQL 5.6 Reference Manual.

Note

For a helpful and detailed guide on connecting to an Amazon Aurora DB cluster, you can see RDS Aurora Connectivity.

In the details view for your DB cluster you will find the cluster endpoint, which you can use in your MySQL connection string. The endpoint is made up of the domain name and port for your DB cluster. For example, if an endpoint value is mycluster.cluster-123456789012.us-east-1.rds.amazonaws.com:3306, then you specify the following values in a MySQL connection string:

  • For host or host name, specify mycluster.cluster-123456789012.us-east-1.rds.amazonaws.com

  • For port, specify 3306

The cluster endpoint connects you to the primary instance for the DB cluster. You can perform both read and write operations using the cluster endpoint. Your DB cluster can also have up to 15 Aurora Replicas that support read-only access to the data in your DB cluster. The primary instance and each Aurora Replica each have a unique endpoint that is independent of the cluster endpoint and allows you to connect to a specific DB instance in the cluster directly. The cluster endpoint will always point to the primary instance. If the primary instance fails and is replaced, then the cluster endpoint will point to the new primary instance.


                    Amazon Aurora Launch DB Instance Wizard Create Aurora Replica DB
                        Instance

Connection Utilities

  • Command line – You can connect to an Amazon Aurora DB cluster by using tools like the MySQL command line utility. For more information on using the MySQL utility, see mysql - The MySQL Command Line Tool in the MySQL documentation.

  • GUI – You can use the MySQL Workbench utility to connect by using a UI interface. For more information, see the Download MySQL Workbench page.

  • Applications – You can use the MariaDB Connector/J utility to connect your applications to your Aurora DB cluster. For more information, see the MariaDB Connector/J download page.

A GUI-based application you can use to connect is MySQL Workbench. For more information, see the Download MySQL Workbench page.

You can use SSL encryption on connections to an Amazon Aurora DB instance. For information, see Using SSL with a MySQL DB Instance.

Note

Because an Amazon Aurora DB cluster can only be created in an Amazon Virtual Private Cloud (VPC), connections to an Amazon Aurora DB cluster from AWS instances that are not in a VPC have been required to use the public endpoint address of the Amazon Aurora DB cluster. However, you can now communicate with an EC2 instance that is not in a VPC and an Amazon Aurora DB cluster using ClassicLink. For more information, see A DB Instance in a VPC Accessed by an EC2 Instance Not in a VPC.

Connecting with SSL

To connect using SSL, use the MySQL utility as described in the following procedure.

Note

In order to connect to the cluster endpoint using SSL, your client connection utility must support Subject Alternative Names (SAN). If your client connection utility doesn't support SAN, you can connect directly to the instances in your Aurora DB cluster. For more information on Aurora endpoints, see Aurora Endpoints.

To connect to a DB cluster with SSL using the MySQL utility

  1. Download the public key for the Amazon RDS signing certificate from https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem. Note that this will download a file named rds-combined-ca-bundle.pem.

  2. Type the following command at a command prompt to connect to the primary instance of a DB cluster with SSL using the MySQL utility. For the -h parameter, substitute the endpoint DNS name for your primary instance. For the --ssl_ca parameter, substitute the SSL certificate file name as appropriate. Type the master user password when prompted.

    mysql -h mycluster-primary.123456789012.us-east-1.rds.amazonaws.com --ssl-ca=[full path]rds-combined-ca-bundle.pem --ssl-verify-server-cert

You will see output similar to the following:

Copy
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 350 Server version: 5.6.10-log MySQL Community Server (GPL) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>

For general instructions on constructing Amazon RDS MySQL connection strings and finding the public key for SSL connections, see Connecting to a DB Instance Running the MySQL Database Engine.

Troubleshooting Aurora Connection Failures

Note

For a helpful and detailed guide on connecting to an Amazon Aurora DB cluster, you can see RDS Aurora Connectivity.

Common causes of connection failures to a new Aurora DB cluster are as follows:

  • The DB cluster was created using a VPC that doesn't allow connections from your device. To fix this failure, modify the VPC to allow connections from your device, or create a new VPC for your DB cluster that allows connections from your device. For an example, see Create a VPC and Subnets.

  • The DB cluster was created using the default port of 3306, and your company has firewall rules blocking connections to that port from devices in your company network. To fix this failure, recreate the instance with a different port.