MySQL

Create an integration to manage access to MySQL clusters, databases, and tables

Suggest Edits

MySQL is an open-source relational database management system (RDBMS). It is often used in web development for data storage and retrieval in dynamic web applications.

Through this integration, Apono helps you securely control access to your MySQL clusters, databases, and tables. Apono manages granular access for built-in or custom roles, as well as actions such as SELECT. This integration enables you to do the following:

  • Convert existing MySQL database privileges to on-demand access flows
  • Enable your developers to gain access to clusters and tables using Slack
  • Create approval workflows to specific, sensitive clusters and tables
  • Audit details about access granted to clusters and tables

Prerequisites

Item Description
Apono Connector On-prem connection serving as a bridge between a MySQL database instance and Apono:
MySQL Server InformationHostname and port number of the server you want to provide access to

Create a MySQL user

You must create a user in your MySQL instance for the Apono connector.

Use the following steps to create a user and grant it permissions to your databases:

  1. In your preferred client tool, create a new user. Be sure to set a strong password for the user.

    ⚠️

    The password must be a minimum of eight characters and include characters from at least three of these four categories:

    • Uppercase letters
    • Lowercase letters
    • Digits (0-9)
    • Symbols
    CREATE USER 'apono_connector'@'%' IDENTIFIED BY 'password';

  2. Expose databases to the user. This allows Apono to view database names without accessing the contents of each database.

    GRANT SHOW DATABASES ON *.* TO 'apono_connector'@'%';

  3. Grant the CREATE USER database permission to the user in all the databases.

    GRANT CREATE USER ON *.* TO 'apono_connector'@'%';  
GRANT UPDATE ON mysql.* TO 'apono_connector'@'%';  
GRANT PROCESS ON *.* TO 'apono_connector'@'%';

  4. Grant the user Admin permissions. The Admin permission allows Apono to grant end-users Read, ReadWrite or Admin permissions upon request: 

GRANT EXECUTE,DROP,SELECT,ALTER,ALTER ROUTINE,CREATE,CREATE ROUTINE,CREATE TEMPORARY TABLES,CREATE 
VIEW,DELETE,INDEX,INSERT,TRIGGER,UPDATE,REFERENCES ON *.* TO 'apono_connector'@'%';  
GRANT GRANT OPTION ON *.* TO 'apono_connector'@'%';

  1. (MySQL 8.0+) Grant the user the authority to perform tasks and access server-level features. This enables Apono to create, alter, and drop roles. However, this role does not inherently grant specific database access permissions.

    GRANT ROLE_ADMIN on *.* to apono_connector;

  2. Using the credentials from step 1, create a secret for the database instance:


You can now integrate a MySQL database.


Integrate a MySQL Database

MySQL tile

MySQL tile

Follow these steps to complete the integration:

  1. On the Catalog tab, click MySQL. The Connect MySQL page appears.

  2. From the dropdown menu, select a connector.

    💡

    If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (AWS, Azure, GCP, Kubernetes).


  1. Under Select resource types, select one or multiple resource types for Apono to discover in all instances of the environment.
  2. Click Next. The Complete setup page appears.
  3. Enter a unique, alphanumeric, user-friendly Integration Name, which is used to identify this integration when constructing an Access Flow.
  4. Enter the Hostname of the MySQL database instance to connect.
  5. (Optional) Enter the Port value for the database. By default, Apono sets this value to 3306 .
  6. (Optional) In the Credentials rotation period (in days) field, enter the number of days after which the database credentials must be rotated.
  7. Under Secret Store, associate the secret:
  8. Click Connect.

Now that you have completed this integration, you can create access flows that grant permission to your MySQL database.


Updated 9 days ago

What’s Next