Skip to main content
Documentation
Troubleshooting
Feature Requests Status

Aurora RDS MySQL Warehouse Setup Guide

Edit on GitHub
  • Updated
Fivetran System User Fivetranner

Choose connection optionlink

Decide whether to connect to your warehouse directly or connect using an SSH tunnel.

  • To connect using an SSH tunnel, follow these instructions.
  • To connect directly, configure your firewall and/or other access control systems to allow incoming connections to your MySQL port (usually 3306) from Fivetran’s IP.

Allow accesslink

Your Aurora master server needs to be made accessible to Fivetran’s data processing server. In your RDS Dashboard, select the Aurora instance you would like to use. Click to expand its details:

Select master

Select the configuration details tab and make sure the Publicly Accessible setting is “Yes” (if not, please contact our support team to discuss options).

Ensure master publicly accessible

Then enter the Cluster Endpoint host address and port number into the form fields on the left:

Copy host and port

Configure security grouplink

Your Aurora cluster’s VPC security group needs to be configured to allow Fivetran to access the cluster. Click the link to the master node’s Security Group:

Click link to Security Group

In the security group panel, select the “Inbound” tab:

Select inbound tab

Click edit:

Click edit

Click “Add Rule”:

Click add rule

A new Custom TCP Rule gets created at the bottom of the list with a blank space for a Port Range and a Source IP address. For the Port, enter your master node’s port number that you copied into the form on the left. For the Source, enter Fivetran’s IP:

Add rule

Click “Save”:

Click save

Configure Network ACLslink

Return to the RDS Dashboard and click the link to the master node’s VPC:

Click vpc

Select the VPC:

Select vpc

In the “Summary” tab, click the “Network ACL” link:

Click network acl

You will see tabs for Inbound Rules and Outbound Rules. We will need to edit both.

Edit inbound ruleslink

Select “Inbound Rules”:

Click inbound rules

If you have a default VPC that was automatically created by AWS, then the settings already allow all incoming traffic as indicated by the Source value 0.0.0.0/0 and the fact that the ALLOW entry is listed above the DENY entry:

All are allowed

If your inbound rules don’t include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow Fivetran’s IP to access the port number of your master node (same as you entered in the form on the left). Help on ACL configuration can be found here.

Edit outbound ruleslink

Select “Outbound Rules”:

Select outbound rules

If your outbound rules don’t include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow outbound traffic to all ports 1024-65535 for destination Fivetran’s IP

Create userlink

Next, we need to create a Fivetran user in your Aurora warehouse.

Using your favorite SQL tool (for example MySQL Workbench or the “mysql” command in your operating system’s terminal window), create the “fivetran” user and grant permissions by running the following SQL commands. The password should of course be replaced with one of your choice:

CREATE USER fivetran@'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW ON *.* TO fivetran@'%';

Related articles

Didn’t find what you need?

Contact support