MySQL
How to integrate MySQL DB with Apono Cloud-Native access management platform
Overview
Reduce Over Privileges - Discover existing privileges to MySQL databases and convert them to on-demand access flows to reduce over-privileges.
Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows to specific sensitive databases.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
Step by step guide
Prerequisites
An Apono connector installed with network access to the MySQL databases
Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
A user for Apono to your MySQL with the following permissions
A secret created in Secret Store with the following params:
Key
username
, ValueMySQL USERNAME
Key
password
, ValueUSERNAME PASSWORD
📘 Why does Apono need secrets?
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
How to create a MySQL user for Apono
Create user for Connector in the instance, type in some secure
password
Using
aws-cli
, store in AWS Secret Manager, make sure to replace#SECRET_NAME
,#REGION
,#USERNAME
,#PASSWORD
Expose databases to apono_connector
Grant
CREATE USER
to apono_connector in all the databases
Select and grant apono_connector ONE of the following
READ_ONLY
,READ_WRITE
,ADMIN
permissions, this will function as the highest permission level you would like to provision with Apono
READ_ONLY
READ_WRITE
ADMIN
Required for MySQL 8.0 and above
How to integrate MySQL
📘 Is your MySQL running on a cloud service?
If you are trying to connect to an RDS MySQL or a CloudSQL MySQL you should use the specific cloud service integration.
Click on Integrations Catalog.
Pick a connector with network access to the MySQL databases (see prerequisites)
Specify the integrations details:
Integration name – type the name of the integration When building an Access Flow you will reference this name
Hostname – specify the hostname of the MySQL you are connecting
Port – 3306
Provide the secret (see prerequisites)
Click "Connect"
Congratulations on connecting your MySQL. You can now create access flows that grant permissions to your MySQL databases.
Have multiple MySQLs? Use the API
You can check out the Apono API reference to easily integrate multiple integrations.
Last updated