Relational Database Service
Instance Connection Guide /
Issue / 01
Date / 2017-10-16
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2017. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: / Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: /
Issue 01 (2017-10-16) / Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. / 1
Relational Database Service
Instance Connection Guide / Contents

Contents

1 Getting Started

1.1 Connecting to an RDS DB Instance

1.1.1 Connecting to an RDS MySQL Instance

1.1.2 Connecting to an RDS PostgreSQL Instance

1.1.3 Connecting to an RDS Microsoft SQL Server DB Instance

Issue 01 (2017-10-16) / Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. / 1
Relational Database Service
Instance Connection Guide / 1 Getting Started

1 Getting Started

1.1 Connecting to an RDS DB Instance

You can access RDS through an ECS. You can use the database client on the ECS to maintain RDS DB instances.

When creating a DB instance, RDS creates an SSL server certificate for the DB instance. The SSL certificate includes the DB instance IP address as the Common Name (CN) for the SSL certificate to guard against spoofing attacks. You are advised to use SSL to encrypt connections from applications a DB instance.

1.1.1 Connecting to an RDS MySQL Instance

You can use a MySQL client to connect to a DB instance through a common or an SSL connection. The SSL connection is encrypted and more secure.

Preparations

1.Prepare an ECS.

To connect to a DB instance through an ECS, create an ECS first.

For details on how to create and connect to an ECS, see How Can I Create and Connect to an ECS?

2.Install the MySQL client on the ECS prepared in 1.

For details, see How Can I Install the MySQL Client?

Common Connection

Step 1Log in to the ECS.

Step 2Run the following command to connect to an RDS DB instance:

mysql -hhost_name-P8635-uUser-pPassword

-h indicates the IP address of the primary DB instance. To obtain the IP address, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address in the Connection Address column.

-P indicates the database port in use. The default value is 8635. To obtain the database port, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the port in the Connection Address column.

-u indicates the user name, that is, the RDS database account. (The default administrator account is root.)

-p indicates the password of the database account.

For example, run the following command as user root to connect to a DB instance:

mysql -h 172.16.0.31 -P 8635 -u root -pRDSpwd@4321

----End

SSL Connection

Step 1On the Instance Mgmt page, click here to go to the Developer Tool Center page and download the root certificate and certificate bundle.

Figure 1-1Downloading the root certificate

In April 2017, RDS provides a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Update the old certificate before it expires. For details, see How Can I Identify the Validity Period of the SSL Root Certificate?

You can also download the certificate bundle, containing both the new certificate provided in April and the old certificate.

Step 2Upload the root certificate to the ECS to be connecting to the MySQL DB instance.

Step 3Connect to an RDS DB instance. In Linux, for example, run the following command:

mysql -hhostName-P8635-uuserName-p--ssl-ca=caName

-h indicates the IP address of the primary DB instance. To obtain the IP address, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address in the Connection Address column.

-P indicates the database port in use. The default value is 8635. To obtain the database port, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the port in the Connection Address column.

-u indicates the user name, that is, the RDS database account. (The default administrator account is root.)

-p indicates the password of the database account.

--ssl-ca indicates the SSL certificate file name. The SSL certificate file should be stored in the directory where the command executes.

Use user root to connect to a DB instance through an SSL connection. An example is as follows:

mysql -h172.16.0.31 -P8635 -uroot -p --ssl-ca=ca.pem

----End

1.1.2 Connecting to an RDS PostgreSQL Instance

You can use a PostgreSQL client to connect to a DB instance through a common or an SSL connection. The SSL connection is encrypted and more secure.

Preparations

1.Prepare an ECS.

To connect to a DB instance through an ECS, create an ECS first.

For details on how to create and connect to an ECS, see How Can I Create and Connect to an ECS?

2.Install the PostgreSQL client on the ECS prepared in 1.

For details, see How Can I Install the PostgreSQL Client?

Common Connection

Step 1Log in to the ECS.

Step 2Run the following command to connect to an RDS DB instance:

psql --no-readline -Uuser-hhost-pport-ddatastore-W

-U indicates the user name, that is, the RDS database account. (The default administrator account is root.)

-h indicates the IP address of the primary DB instance. To obtain the IP address, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address in the Connection Address column.

-p indicates the database port in use. The default value is 8635. To obtain the database port, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the port in the Connection Address column.

-d indicates the name of the database to be connected. (The default database name is postgres.)

-W indicates the password for the connection must be input. After running the command, input the password as prompted.

Example:

Run the following command as user root to connect to a postgres DB instance:

psql --no-readline -U root -h 192.168.0.44 -p 8635 -d postgres -W

----End

SSL Connection

Step 1On the Instance Mgmt page, click here to go to the Developer Tool Center page and download the root certificate and certificate bundle.

Figure 1-2Downloading the root certificate

Step 2Upload the root certificate to the ECS to be connecting to the PostgreSQL DB instance.

Step 3Connect to the DB instance. In Linux, for example, run the following command:

psql --no-readline -h <host>-p<port>"dbname=<database>user=<user>password=<password>sslmode=verify-ca sslrootcert=<ca.pem>"

-h indicates the IP address of the primary DB instance. To obtain the IP address, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address in the Connection Address column.

-p indicates the database port in use. The default value is 8635. To obtain the database port, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the port in the Connection Address column.

dbname indicates the name of the database to be connected. (The default database name is postgres.)

user indicates the user name, that is, the RDS database account. (The default administrator account is root.)

password indicates the login password of the user.

sslmod indicates an SSL connection mode. Set it to verify-ca to use the CA to check whether the service is trusted.

sslrootcert indicates the directory of the SSL connection CA certificate. The certificate should be stored in the directory where the command executes.

For example, run the following command as user root to connect to a postgres DB instance through SSL:

psql --no-readline -h 192.168.0.44 -p 8635 "dbname=postgres user=root sslmode=verify-ca sslrootcert=/root/ca.pem"

Step 4The SSL connection is established if information similar to the following is displayed after you log in to the database:

SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

----End

1.1.3 Connecting to an RDS Microsoft SQL Server DB Instance

You can use a Microsoft SQL Server client to connect to a DB instance through a common or an SSL connection. The SSL connection is encrypted and more secure.

Preparations

1.Prepare an ECS.

To connect to a DB instance through an ECS, create an ECS first.

For details on how to create and connect to an ECS, see How Can I Create and Connect to an ECS?

2.Install the Microsoft SQL Server client on the ECS prepared in 1.

For details, see How Can I Install SQL Server Management Studio?

Common Connection

Step 1Log in to the ECS.

Step 2Use SQL Server Management Studio to connect to a Microsoft SQL Server DB instance.

Figure 1-3Connecting to a Microsoft SQL Server DB instance

Server name indicates the IP address and port of the primary DB instance. To obtain the server name, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address and port in the Connection Address column.

Authentication indicates the authentication mode. Select SQL Server Authentication for it.

Login indicates the user name, that is, the RDS database account. (The default administrator account is rdsuser.)

Password indicates the password of the database account.

For example, connect to a DB instance as user rdsuser.

Figure 1-4Connecting to a DB instance

----End

SSL Connection

Step 1On the Instance Mgmt page, click here to go to the Developer Tool Center page and download the root certificate and certificate bundle.

Figure 1-5Downloading the root certificate

Step 2Upload the root certificate to the ECS to be connecting to the Microsoft SQL Server DB instance.

Step 3Import the root certificate to the ECS Windows OS by referring to How Can I Import the Root Certificate to the Windows OS?

Step 4Use SQL Server Management Studio to connect to the DB instance as user rdsuser through SSL.

1.Input the login username and password in the Login and Password text boxes, respectively, and click Options.

Figure 1-6Login

Server name indicates the IP address and port of the primary DB instance. To obtain the server name, go to the Instance Mgmt page, locate the target primary DB instance in the DB instance list area, and view the IP address and port in the Connection Address column.

Authentication indicates the authentication mode. Select SQL Server Authentication for it.

Login indicates the user name, that is, the RDS database account. (The default administrator account is rdsuser.)

Password indicates the password of the database account.

2.On the Connection Properties page, specify parameters and click Encrypt connection.

Figure 1-7Connection Properties

Selecting Encrypt connection indicates that using SSL to encrypt connections to a DB instance. (Encrypt connection is unselected by default.)

----End

Issue 01 (2017-10-16) / Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. / 1