> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/integrations/resource-integrations/mysql/requesting-access.md).

# Requesting MySQL access

P0 recommends using the P0 CLI to request access to a MySQL instance (or cluster).

### Via the P0 CLI

#### Prerequisites:

* An installed [MySQL](/integrations/resource-integrations/mysql.md) P0 integration on the database
* P0 access policies that allow you to request access to the MySQL database instance
* P0 CLI version 0.25.0 or higher
* An open CloudShell terminal in the database's VPC
  * Open a CloudShell instance by navigating to the database's page within the "RDS" service in the AWS cloud console, then choosing "CloudShell" under "Connectivity & security", then clicking "Launch CloudShell"

#### Listing requestable fields

You can list requestable instances, roles, and databases by executing

```
p0 ls mysql role instance                        # lists instances and clusters
p0 ls mysql role name --instance <instance>      # lists roles
p0 ls mysql role database --instance <instance>  # lists databases within an instance 
```

#### Making a request

From the CLI, execute

```
p0 aws rds generate-db-auth-token --arch mysql --role <role> --instance <instance>
```

where `<role>` is the name of the role you want to access, and `<instance>` is the identifier configured in P0 when the instance was installed in P0.

After executing `p0 aws rds generate-db-auth-token`, P0 will create an access request. Have the request approved. Once it is approved, the command will emit instructions to connect to the instance.

*Example:*

```
export RDS_SSL_CA='/certs/global-bundle.pem'
export RDS_HOST=<hostname>
export MYSQL_PWD=<password>

mysql -h ${RDS_HOST} --ssl-ca=${RDS_SSL_CA} --ssl-verify-server-cert -P <port> -u <user> <database>
```

Copy these instructions.

Now, navigate to the open CloudShell terminal, and execute these instructions. You will receive access to the database.

#### Troubleshooting

*Access denial*

If, after following the steps above, you encounter:

```
ERROR 1045 (28000): Access denied for user
```

this is typically due to the role missing permissions on the requested database.

MySQL requires that your user have at least one active role with permissions on the requested database. In this case, the role you've requested may not have these permissions.

You can still access the MySQL instance by executing the `mysql` CLI with the database omitted:

```
mysql -h ${RDS_HOST} --ssl-ca=${RDS_SSL_CA} --ssl-verify-server-cert -P <port> -u <user>
```

You may list the databases that you can access with:

```
SHOW DATABASES;
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/integrations/resource-integrations/mysql/requesting-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.