Connecting from a Client
Connecting to a DB System from a MySQL client requires a MySQL
user account on the MySQL DB System. You can use the MySQL
Administrator user that you specified when creating the DB
System (see Creating a DB System) or a
MySQL user account created on the DB System using
. If you are not the
MySQL Administrator and you do not have a MySQL user account,
have your MySQL Administrator create one for you.
You cannot connect from a MySQL client to a DB System using the Oracle Cloud Account user name and password used to access the MySQL HeatWave Console.
For MySQL client connections to the DB System, a public endpoint is exposed as a fully qualified domain name (the host name of the DB System). The host name is found on the MySQL DB System Details page. See Viewing DB System Details.
The MySQL HeatWave on AWS Administrator may have restricted access to your DB System to certain public-facing IPv4 client IP addresses or address ranges. Allowed client addresses are specified in CIDR format and are found on the MySQL DB System Details page. See Viewing DB System Details. To edit allowed client addresses, see Edit DB System. Specifying IP addresses in CIDR format is discussed in Creating a DB System.
If you are connecting from a MySQL client that resides in a
private subnet, you have the option of connecting to a DB System
through a public Network Address Translation (NAT) gateway,
which permits clients and applications in a private subnet to
access services outside of the private subnet while preventing
external services from initiating inbound connections. When
establishing a NAT gateway, ensure that the elastic IP address
of the NAT gateway is added as an Allowed Client
Address, as described above. For example, if your NAT
gateway elastic IP address is 188.8.131.52, edit your DB System to
184.108.40.206/32 (the address in CIDR notation)
to your DB System's Allowed Client
Edit DB System. For more
information about NAT gateways, refer to
Gateways, in the Amazon VPC User
MySQL HeatWave on AWS supports TLSv1.2 and requires that all connections are encrypted. For added security, you can download a signed certificate bundle and enable host name identity verification. For more information, see Enabling Host Name Identity Verification.
To reduce network costs and avoid potential latency issues and bandwidth fluctuations, it is recommended that connecting clients reside in the same Region as the MySQL HeatWave on AWS instance. Latency and bandwidth fluctuations experienced by connections from outside the MySQL HeatWave on AWS Region are outside of the control MySQL HeatWave on AWS service managers. Connecting from the same Availability Zone is also recommended to avoid potential latency issues.