Choose connection optionlink
Decide whether to connect to your warehouse directly or connect using an SSH tunnel.
- To connect using an SSH tunnel, follow these instructions.
- To connect directly, configure your firewall and/or other access control systems to allow incoming connections to your MySQL port (usually 3306) from Fivetran’s IP.
Allow accesslink
Enable accesslink
The Fivetran data processing servers will need access to your MySql warehouse. Assuming your instance is in a VPC, access is controlled by two mechanisms: VPC Security Groups and Network ACLs (Access Control Lists). If your instance is not in a VPC, then you only need to configure Security Groups.
Configure security grouplink
These instructions assume that your warehouse is in a VPC (if not, you can still use these instructions as a guide because configuring a non-VPC security group is almost identical).
Expand the view on the warehouse by clicking the little black triangle:
A panel of details for your read replica will appear. Write down the warehouse’s port number (you will need this later), then click the link to its Security Group:
In the security group panel, select the “Inbound” tab:
Click edit:
Click “Add Rule”:
A new Custom TCP Rule gets created at the bottom of the list with a blank space for a Port Range and a Source IP address. For the Port, enter your warehouse’s port number that you wrote down earlier (this will be 3306 unless you changed the default). For the Source, enter Fivetran’s IP:
Click “Save”:
Configure Network ACLslink
Return to the RDS Dashboard and expand the view on the warehouse:
Click the link to the read warehouse’s VPC:
Select the VPC:
In the “Summary” tab, click the “Network ACL” link:
You will see tabs for Inbound Rules and Outbound Rules. We will need to edit both. First, select “Inbound Rules”:
If you have a default VPC that was automatically created by AWS, then the settings already allow all incoming traffic as indicated by the Source value 0.0.0.0/0 and the fact that the ALLOW entry is listed above the DENY entry:
If your inbound rules don’t include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow
Fivetran’s IP to access the port number of your warehouse (3306, unless you changed the default).
Help on ACL configuration can be found here.
Select “Outbound Rules”:
If your outbound rules don’t include an ALL - 0.0.0.0/0 - ALLOW entry, edit the rules to allow
outbound traffic to all ports 1024-65535 for destination Fivetran’s IP
Create userlink
Next, we need to create a Fivetran user in your MySQL warehouse.
Using your favorite SQL tool (for example MySQL Workbench or the “mysql” command in your operating system’s terminal window), create the “fivetran” user and grant permissions by running the following SQL commands. The password should of course be replaced with one of your choice:
CREATE USER fivetran@'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW ON *.* TO fivetran@'%';