P0 routing rules that allow you to request access to the MySQL database instance
P0 CLI version 0.25.0 or higher
An open CloudShell terminal in the database's VPC
Open a CloudShell instance by navigating to the database's page within the "RDS" service in the AWS cloud console, then choosing "CloudShell" under "Connectivity & security", then clicking "Launch CloudShell"
Listing requestable fields
You can list requestable instances, roles, and databases by executing
p0 ls mysql role instance # lists instances and clusters
p0 ls mysql role name --instance <instance> # lists roles
p0 ls mysql role database --instance <instance> # lists databases within an instance
Making a request
From the CLI, execute
p0 aws rds generate-db-auth-token --arch mysql --role <role> --instance <instance>
where <role> is the name of the role you want to access, and <instance> is the identifier configured in P0 when the instance was installed in P0.
After executing p0 aws rds generate-db-auth-token, P0 will create an access request. Have the request approved. Once it is approved, the command will emit instructions to connect to the instance.
Example:
Copy these instructions.
Now, navigate to the open CloudShell terminal, and execute these instructions. You will receive access to the database.
Troubleshooting
Access denial
If, after following the steps above, you encounter:
this is typically due to the role missing permissions on the requested database.
MySQL requires that your user have at least one active role with permissions on the requested database. In this case, the role you've requested may not have these permissions.
You can still access the MySQL instance by executing the mysql CLI with the database omitted:
You may list the databases that you can access with:
