How to set up MySQL

πŸ€“ Who can do this? You will probably need your MySQL administrator to run these commands β€” you may not have access yourself.
πŸ’ͺ Did you know? Atlan supports both of the following AWS database engines β€” RDS MySQL and Aurora MySQL.

Currently we support the following authentication mechanisms. You will need to choose one and configure it according to the steps below.

Basic authentication

To configure basic authentication for MySQL, run the following commands:

CREATE USER '{{db-username}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT,SHOW VIEW,EXECUTE ON *.* TO '{{db-username}}'@'%';
FLUSH PRIVILEGES;
  • Replace {{db-username}} with the username you want to create.
  • Replace {{password}} with the password to be used for that username.

Atlan requires the following privileges to:

  • SELECT:
    • Fetch the technical metadata persisted in the INFORMATION_SCHEMA. *.* is required because INFORMATION_SCHEMA tables cannot be granted access directly. Metadata is inferred from the access that the querying user has on the underlying tables.
    • Enable users to preview or query the underlying tables and views β€” this functionality can also be turned off.
  • SHOW VIEW enables the use of the SHOW CREATE VIEW statement to fetch view definitions for generating lineage.
  • EXECUTE is only required if using MySQL 5.7 and any earlier versions.

Identity and Access Management (IAM) authentication

To configure IAM authentication for MySQL follow each of these steps.

Enable IAM authentication

To enable IAM authentication for your database instance:

When given the option, apply the changes immediately and wait until they are complete.

Create database user

To create a database user with the necessary permissions run the following commands:

CREATE USER '{{db-username}}'@'%' WITH AWSAuthenticationPlugin as 'RDS';
GRANT SELECT,SHOW VIEW,EXECUTE ON *.* TO '{{db-username}}'@'%';
FLUSH PRIVILEGES;
  • Replace {{db-username}} with the username you want to create.

These permissions will allow you to crawl metadata, preview and query data from within Atlan.

Create IAM policy

To create an IAM policy with the necessary permissions follow the steps in the AWS Identity and Access Management User Guide.

Create the policy using the following JSON:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds-db:connect"
      ],
      "Resource": [
        "arn:aws:rds-db:{{aws-region}}:{{account-id}}:dbuser:{{resource-id}}/{{db-username}}"
      ]
    }
  ]
}
  • Replace {{aws-region}} with the AWS region of your database instance.
  • Replace {{account-id}} with your account ID.
  • Replace {{resource-id}} with the resource ID.
  • Replace {{db-username}} with the username created in the previous step.

Attach IAM policy

To attach the IAM policy for Atlan's use, you have two options:

  • IAM role: Attach the policy created in the previous step to the EC2 role that Atlan uses for its EC2 instances in the EKS cluster. Please raise a support ticket to use this option.
  • IAM user: Create an AWS IAM user and attach the policy to this user. To create an AWS IAM user:
    1. Follow the steps in the AWS Identity and Access Management User Guide.
    2. On the Set permissions page, attach the policy created in the previous step to this user.
    3. Once the user is created, view or download the user'sΒ access key ID andΒ secret access key.
      🚨 Careful! This will be your only opportunity to view or download the access keys. You will not have access to them again after leaving the user creation screen.

Related articles

Was this article helpful?
1 out of 1 found this helpful