Aurora MySQL Destination Setup Guidelink
Follow our setup guide to connect Aurora MySQL database as a destination to Fivetran.
Prerequisiteslink
To connect Aurora MySQL to Fivetran, you need the following:
- MySQL version 5.5 or above (5.5.40 is the earliest version tested)
- Database host's IP (e.g.,
1.2.3.4
) or host (your.server.com
) - Port (usually
3306
) - Database administrator permissions to create a Fivetran-specific MySQL user
- A Fivetran role with the Create Destinations or Manage Destinations permissions
- Provide at least 1024MB for
innodb_buffer_pool_size
. For more information aboutinnodb_buffer_pool_size
, see MySQL's Buffer Pool documentation. - Set the
local_infile
system variable to ON. For more infomation aboutlocal_infile
, see Server System Variables documentation. Check the variable status withSHOW GLOBAL VARIABLES LIKE 'local_infile'
and switch the status to ON withSET GLOBAL local_infile = true
.
Setup instructionslink
Choose connection method link
Decide whether to connect to your Aurora MySQL database directly or using an SSH tunnel. For more information, see our destination connection options documentation.
Connect directlylink
If you connect directly, you must create a rule in a security group that allows Fivetran access to your database instance and port.
Configure your firewall and/or other access control systems to allow:
- incoming connections to your host and port (usually
3306
) from Fivetran's IPs for your database's region - outgoing connections from all ports (
1024
to65535
) to Fivetran's IPs
Connect using an SSH tunnellink
If you connect using an SSH tunnel, Fivetran connects to a separate server in your network that provides an SSH tunnel to your Aurora MySQL database. You must configure your tunnel server's security group to allow Fivetran access and configure the instance's security to allow access from the tunnel.
You must connect through SSH if your database is contained within an inaccessible subnet.
To connect using SSH, do the following:
In the destination setup form, select the Connect via an SSH tunnel option.
Copy Fivetran's public SSH key.
Add the public key to the
authorized_keys
file of your SSH server. The key must be all on one line, so make sure that you don't introduce any line breaks when cutting and pasting.
Connect using AWS PrivateLink Betalink
IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.
AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. PrivateLink is the most secure connection method. Learn more in AWS’ PrivateLink documentation.
Follow our AWS PrivateLink setup guide to configure PrivateLink for your destination.
Allow Fivetran accesslink
You must allow Fivetran access to your Aurora MySQL database:
If your instance is in a Virtual Private Cloud (VPC), you must configure:
- VPC Security Groups
- Network Access Control Lists (ACLs)
If your instance is not in a VPC, then you only need to configure Security Groups
Enable public accesslink
Log in to your RDS dashboard.
In the Databases pane, expand the view on the database.
In the Connectivity & security tab, make sure that the Public Accessibility field is set to Yes. If the field is set to No, contact our support team.
Make a note of the Endpoint (host name) and Port number. You will need them to configure Fivetran.
Configure security grouplink
The following instructions assume that your database is in a VPC.
NOTE: You can use these instructions to configure a non-VPC security group because the process is almost identical.
In the Connectivity & security tab, click the VPC security groups link.
In the Security Groups section, go to the Inbound rules tab.
Click Edit inbound rules.
Click Add Rule.
A new Custom TCP Rule is created at the bottom of the list with a blank space for a Port Range and a Source IP address.
Enter the following details:
- In the Port Range field, enter the port number that you found earlier (usually
3306
) - In the Source field, select Custom IP and then enter Fivetran's IPs
- In the Port Range field, enter the port number that you found earlier (usually
Click Save rules.
Configure Network ACLslink
Return to the RDS dashboard and expand the view on the database.
Click the VPC link.
Select the VPC ID link.
In the Summary tab, click the Main network ACL link.
Go to the Inbound Rules tab.
If you have a default VPC that was automatically created by AWS, then the settings already allow all incoming traffic as indicated by the Source value 0.0.0.0/0 and the fact that the ALLOW entry is listed above the DENY entry.
If your inbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, edit the rules to allow Fivetran's IPs to access the port number of your database (usually3306
).
NOTE: See Amazon's Network ACLs documentation for more information.
Go to the Outbound Rules tab.
- If your outbound rules don't include an
ALL - 0.0.0.0/0 - ALLOW
entry, click Edit to edit the rules to allow outbound traffic to all ports1024-65535
for Destination.
- If your outbound rules don't include an
Create Fivetran userlink
Create a Fivetran user in your MySQL database:
Open a connection to your MySQL database using your SQL tool (MySQL Workbench or the mysql command line interface).
Execute the following query to create a user for Fivetran. Choose a memorable username (for example,
fivetran
). Replace<password>
with a password of your choice:CREATE USER fivetran@'%' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW ON *.* TO fivetran@'%';
Complete Fivetran configuration link
- Log in to your Fivetran account.
- Go to the Destinations page and click Add destination.
- Enter a Destination name of your choice and then click Add.
- Select Aurora MySQL as the destination type.
- In the destination setup form, enter the Host name or the IP address of the database server.
- Enter the Port number. For example,
5432
. - Enter the User name you created in Step 3.
- Enter the Password you created in Step 3.
- Choose your Connection method:
- Connect directly
- Connect via an SSH
- Connect via Private Networking
- If you choose Connect via an SSH tunnel in the Connection method drop-down menu, enter the following details:
- SSH Host
- SSH Port
- SSH User
- (Optional) Enable the Require TLS through tunnel toggle if you want to use TLS.
- Choose the Data processing location. Depending on the plan you are on and your selected cloud service provider, you may also need to choose a Cloud service provider and cloud region as described in our Destinations documentation.
IMPORTANT: If you are using AWS PrivateLink, select AWS in the Cloud service provider drop-down menu.
- Choose your Time zone.
- (Optional for Business Critical accounts) To enable regional failover, set the Use Failover toggle to ON, and then select your Failover Location and Failover Region. Make a note of the IP addresses of the secondary region and safelist these addresses in your firewall.
- Click Save & Test.
Fivetran tests and validates the Aurora MySQL destination connection. On successful completion of the setup tests, you can sync your data using Fivetran connectors to the Aurora MySQL destination.
Setup testslink
Fivetran performs the following Aurora MySQL connection tests:
- The SSH Tunnel Test validates the SSH tunnel details you provided in the setup form and then checks the connectivity to the instance using the SSH Tunnel if you are connecting using an SSH tunnel.
- The Database Host Connection Test validates the database credentials you provided in the setup form. The test verifies that the host is not private and then checks the connectivity to the host.
- The Database Certificate Validation Test generates a pop-up window where you must choose which certificate you want Fivetran to use. The test then validates that certificate and checks that we can connect to your database using TLS. We skip this test if you aren't connecting directly.
- The Permission Test checks that we have the correct permissions to create schemas and tables in your database.
- The Warehouse User Test checks if:
- we can access the
TABLES
,COLUMNS
, andKEY_COLUMN_USAGE
tables in theINFORMATION_SCHEMA
- the
local_infile
variable is ON - the
innodb_buffer_pool_size
is greater than 1024 MB
- we can access the
Related articleslink
description Destination Overview
settings API Destination Configuration