> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prequel.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Aurora MySQL

> Configuring your Aurora MySQL destination.

## Prerequisites

* If your MySQL database is protected by security groups or other firewall settings, you will need to have our static IP available to complete Step 1.

<Steps>
  <Step title="Allow access">
    Allow write access to a portion of your Aurora MySQL database.

    ### Configure the security group

    1. In your **Amazon RDS** > **Databases** list, click the MySQL instance you want to send data to.
    2. In the database page, in the **Connectivity & security** tab, make note of the **Endpoint** and the **Port** number. Note that you may need to select the "**Writer instance**" in the DB identifier list to reveal the endpoint.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/aws-mysql-endpoint-port.png "mysql endpoint port.png")
    </Frame>

    3. To ensure that the destination is accessible from outside your VPC, click "**Modify**" in the top right, and in the "**Connectivity**" section, within the **Additional configuration** dropdown, confirm the **Publicly accessible** setting is set to **Yes** . Note that it is still only accessible through whitelisted IPs at this point.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/aws-mysql-publicly-accessible.png "mysql publicly accessible.png")
    </Frame>

    4. Returning to the database page, within the "**Writer instance**" details, click one of the VPC security groups (usually `default`). Note: VPC groups are permissive (vs. restrictive) and for instances with multiple VPC security groups, only one needs to be configured with the new inbound rule.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/aws-mysql-default-security-group.png "vsg.png")
    </Frame>

    5. In the **Security Groups** section, select the **Inbound rules** tab.
    6. Click **Edit inbound rules** and then click **Add rule**.
    7. Edit the newly created rule of type **Custom TCP** with the **Port range** noted in the first step (usually `5432`) and a `Custom` **Source** value that includes all of the service IPs. Note: you will need to add `/32` to the end of each IP (CIDR notation).
    8. Click **Save rules**.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-add-rule.png "add rule.png")
    </Frame>

    ### Configure network ACLs (access control list)

    For database instances in a VCP

    1. In your RDS dashboard, select the MySQL instance.
    2. Click the link to the instance's VPC.
    3. Click the **VPC ID**.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-vpc-id.png "vpc id.png")
    </Frame>

    4. In the **Details** section, click on the link under **Main network ACL**.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-main-network-acl-id.png "network acl id.png")
    </Frame>

    5. Click on the network ACL ID.

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-network-acl-id.png "network acl id.png")
    </Frame>

    #### Edit the inbound rules

    6. Click on the **Inbound rules** tab, and check if there is an existing rule with a Source of `0.0.0.0/0` set to `Allow`. (This is a default rule created by AWS. If this rule already exists, skip to **Edit outbound rules**.)

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-inbound-rules.png "inbound rules.png")
    </Frame>

    7. Create the inbound rule (if it doesn't exist). Click **Edit inbound rules** and either **Add new rule** or edit an existing rule to allow access to the **port number** of your database instance (usually `5432`) from the Prequel static IP. Click **Save changes**.

    #### Edit the outbound rules

    8. In the ACL menu, select the **Outbound rules** tab, and check if there is an existing rule with a Destination of `0.0.0.0/0` set to `Allow`. (This is a default rule created by AWS. If this rule already exists, skip to the next step.)

    <Frame>
      ![](https://storage.googleapis.com/prequel_docs/images/postgres-outbound-rules.png "outbound rules.png")
    </Frame>

    9. Create the outbound rule (if it doesn't exist). Click **Edit outbound rules** and edit the rules to allow outbound traffic to ports 1024-65535 for **Destination** `0.0.0.0/0`.
  </Step>

  <Step title="Create writer user">
    Create a database user to perform the writing of the source data.

    1. Open a connection to your Aurora MySQL database.
    2. Create a user for the data transfer by executing the following SQL command.

    ```sql title="Create user" icon="database" theme={null}
    CREATE USER <username>@'%' IDENTIFIED BY '<some-password>';
    ```

    3. Grant user required privileges on the database.

    ```sql title="Grant privileges" icon="database" theme={null}
    GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW ON *.* TO <username>@'%';
    ```

    <Warning>
      **If the `schema/database` already exists:**

      By default, the service creates a new schema (*in MySQL, `schema` is synonymous with `database`*). If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema, using `GRANT ALL PRIVILEGES ON <database_name>.* TO <username>@'%';`
    </Warning>
  </Step>

  <Step title="Add your destination">
    Use the following details to complete the connection setup: **host name**, **database name**, **port**, your chosen **schema name**, **username**, and **password**.
  </Step>
</Steps>
