Connecting to a DB System from a MySQL client requires a MySQL user account on the MySQL DB System. You can use the MySQL Administrator user that you specified when creating the DB System (see Creating a DB System) or a MySQL user account created on the DB System using CREATE USER . If you are not the MySQL Administrator and you do not have a MySQL user account, have your MySQL Administrator create one for you.

You cannot connect from a MySQL client to a DB System using the Oracle Cloud Account user name and password used to access the MySQL HeatWave Console.

For MySQL client connections to the DB System, a public endpoint is exposed as a fully qualified domain name (the host name of the DB System). The host name is found on the MySQL DB System Details page. See Viewing DB System Details.

The MySQL HeatWave on AWS Administrator may have restricted access to your DB System to certain public-facing IPv4 client IP addresses or address ranges. Allowed client addresses are specified in CIDR format and are found on the MySQL DB System Details page. See Viewing DB System Details. To edit allowed client addresses, see Editing a DB System. Specifying IP addresses in CIDR format is discussed in Creating a DB System.

If you are connecting from a MySQL client that resides in a private subnet, you have the option of connecting to a DB System through a public Network Address Translation (NAT) gateway, which permits clients and applications in a private subnet to access services outside of the private subnet while preventing external services from initiating inbound connections. When establishing a NAT gateway, ensure that the elastic IP address of the NAT gateway is added as an Allowed Client Address, as described above. For example, if your NAT gateway elastic IP address is 1.2.3.4, edit your DB System to add 1.2.3.4/32 (the address in CIDR notation) to your DB System's Allowed Client Addresses. See Editing a DB System. For more information about NAT gateways, refer to NAT Gateways, in the Amazon VPC User Guide.

MySQL HeatWave on AWS supports TLSv1.2 and requires that all MySQL client and application connections over the public internet are encrypted. Private connections over PrivateLinks are also encrypted by default. For DB Systems that only accept private connections (i.e., not accessible from public IP addresses), if you need to disable encryption for your client connections (for example, due to certain client-side limitations), you can update the MySQL configuration of your DB System to set the system variable require_secure_transport to OFF, and have clients connect to the MySQL DB System through a PrivateLink. For added security, download a signed certificate bundle to enable host name identity verification for connecting clients and applications (for more information, see Enabling Host Name Identity Verification).

To reduce network costs and avoid potential latency issues and bandwidth fluctuations, it is recommended that connecting clients reside in the same Region as the MySQL HeatWave on AWS instance. Latency and bandwidth fluctuations experienced by connections from outside the MySQL HeatWave on AWS Region are outside of the control MySQL HeatWave on AWS service managers. Connecting from the same Availability Zone is also recommended to avoid potential latency issues.

• Connecting with MySQL Shell
  
• Connecting with MySQL Command-Line Client
  
• Connecting with MySQL Workbench