Book a demo

Register a MySQL Connection

Immuta policies will not be automatically enforced in MySQL

While you can author and apply subscription and data policies on MySQL data sources within Immuta, these policies will not be enforced natively in the MySQL platform. You can use Immuta webhooks to be notified about changes to user access and make appropriate access updates in MySQL using your own process.

To use this integration, contact your Immuta representative.

Requirements

  • Amazon RDS or Amazon Aurora for MySQL

Permissions

The user registering the connection must have the permissions below.

  • APPLICATION_ADMIN Immuta permission

  • The MySQL user registering the connection must be the root user or have the GRANT OPTION MySQL privilege.

Create a database user account

  1. Create a new database user in MySQL to serve as the Immuta system account. Immuta will use this system account continuously to crawl the database you register. How you create this user depends on your database authentication method. Follow the instructions linked below to create this user:

    1. Password authentication: Follow the MySQL documentation to create the database user in and assign that user a password.

    2. IAM database authentication:

      1. Create the database user in MySQL.

      2. Create an IAM policy for IAM database authentication.

      3. Create the database account.

  2. Grant this account the following MySQL privileges. A sample command that provides all these privileges to all databases and views is provided below:

    1. SHOW DATABASES on all databases in the server

    2. SELECT on all databases, tables, and views in the server

    3. SHOW VIEW on all views in the server

    GRANT SELECT, SHOW DATABASES, SHOW VIEW ON *.* TO '<user>'@'%';

Register a MySQL connection

  1. In Immuta, click Data and select Connections in the navigation menu.

  2. Click the + Add Connection button.

  3. Select the MySQL tile.

  4. Select your deployment type:

    1. Aurora

    2. RDS

  5. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: The URL of your MySQL instance.

    3. Port: The port configured for MySQL.

    4. Region: The region of the AWS account with your MySQL instance.

  6. Select an authentication method from the dropdown menu.

    1. AWS Access Key: Provide the access key ID and secret access key for the database user account you created above.

    2. AWS Assumed Role (recommended): Immuta will assume this IAM role from Immuta's AWS account to request temporary credentials that it can use to perform operations in the registered MySQL database. Before proceeding, contact your Immuta representative and provide your service principal's IAM role. Immuta will allowlist the service principal so that Immuta can successfully assume that role. Your Immuta representative will provide the account to add to your trust relationship. Then, complete the steps below.

      1. Enter the Username of the database user account you created above

      2. Enter the Role ARN of the database user account you created above.

      3. Set the External ID provided in a condition on the trust relationship for the role specified above. See the AWS documentation for guidance.

    3. Username and Password: Enter the credentials for the MySQL database user account you created above.

  7. Click Save connection.

PreviousMySQLNextMySQL Integration Reference Guide

Last updated

Was this helpful?