Skip to main content

How to set up MySQL

Setup takes about 5 minutes.

Introduction

Connect MySQL to Foundational to give Foundational access to metadata from your MySQL databases, including table schemas, column definitions, and relationships.

Foundational supports two authentication methods for MySQL: User and Password, and AWS IAM for Aurora instances. Choose the method that matches your setup.

To make the connection:

  • Choose an authentication method

  • Configure access permissions in MySQL

  • Connect Foundational to MySQL

Prerequisites

Ensure you have:

  • A MySQL instance with a security group policy that allows external connections from Foundational's backend.

  • An AWS user with permissions to edit IAM and Amazon Relational Database Service (RDS) services (IAM authentication only).

  • Foundational IP addresses added to the allowlist, see the article Allowing IP access to Foundational.

Access permissions

The permissions you assign to Foundational enable it to:

  • Read metadata

  • Select data across all schemas

  • Show views

  • Execute stored procedures

Connect Foundational to MySQL

Use one of these connection methods. For most setups, User and Password is the simpler option. Use AWS IAM if your organization requires IAM-based authentication for Aurora instances.

Option A: Connect with User and Password

In Foundational, open the Connectors & Integrations page.

  1. In Data Stores, select the MySQL card and click Connect.

  2. Click Add Account.

  3. The initial setup screen opens. Click Start Setup.

    4. The Set Up New Connection screen opens.


    Enter the details:

    • Host: The hostname or IP address of the MySQL database server

    • Port: The port number of the MySQL database server (default: 3306)

    • Database Name: The name of the MySQL database to extract metadata from

    • User Name: Your MySQL username

    • Authentication Method: Select User and Password

    • Password: Your MySQL password

  4. Click Next.

  5. The final setup screen opens. To complete the connection, click Save.

Option B: Connect with AWS IAM (Aurora)


Get the Foundational external ID

  1. In Foundational, open the Connectors & Integrations page.

  2. In Data Stores, select the MySQL card and click Connect.

  3. Click Add Account.

  4. The initial setup screen opens. Click Start Setup.

  5. The Set Up New Connection screen opens.


    Enter the details:

    Host: The hostname or IP address of the MySQL database server

    Port: The port number of the MySQL database server (default: 3306)

    Database Name: The name of the MySQL database to extract metadata from

    User Name: foundational_mysql_app_access

    Authentication Method: Select AWS IAM (Aurora)

    Client ID: Your 12-digit AWS account ID

    External ID: Auto-generated (already populated). Copy and save this value. You need it to set up IAM access below.

    Role Name: FoundationalMysqlAccess (default)

    Region Name: The AWS region where your Aurora cluster runs (e.g., us-east-1)

  6. Once all fields are complete, click Download YAML File.

  7. Leave the Foundational screen open and do not click Next. Return to this screen after completing the AWS steps below.

Configure MySQL

  1. Enable IAM authentication on your MySQL cluster.

  2. Run the following SQL statements to create an IAM-mapped MySQL user with the required permissions:

CREATE USER 'foundational_mysql_app_access'@'%' IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS'; GRANT SELECT ON *.* TO 'foundational_mysql_app_access'@'%'; GRANT SHOW VIEW ON *.* TO 'foundational_mysql_app_access'@'%'; GRANT EXECUTE ON *.* TO 'foundational_mysql_app_access'@'%'; FLUSH PRIVILEGES;

Set up IAM access

Use one of these methods to create the required IAM policy and role. CloudFormation automates the process and reduces the risk of configuration errors.

Option 1: Deploy with CloudFormation (recommended)

  1. In AWS, go to the CloudFormation Stacks page.

  2. In Specify template, select Upload a template file and upload the YAML file you downloaded.

  3. Click Next.

  4. In Provide a stack name, enter a stack name of your choice (e.g., FoundationalAppAccess).

  5. Click Next.

  6. In Capabilities, select: I acknowledge that AWS CloudFormation might create IAM resources with custom names.

  7. Click Next.

  8. At the bottom of the page, click Submit. Stack creation takes about a minute. Track the status on the CloudFormation Stacks page.

Option 2: Create manually

  1. To find your <cluster-resource-id>, open the AWS RDS console, select your cluster, click the Configuration tab, and copy the value from Resource ID.

  2. In AWS IAM, create a policy using the following JSON, replacing <region>, <aws-account-id>, and <cluster-resource-id> with your values:

    {   "Version": "2012-10-17",   "Statement": [     {       "Effect": "Allow",       "Action": "rds-db:connect",       "Resource": "arn:aws:rds-db:<region>:<aws-account-id>:dbuser:<cluster-resource-id>/foundational_mysql_app_access"     }   ] }

  3. Create an IAM role FoundationalMysqlAccess.

  4. Attach the policy from step 2 to the role.

  5. Add a trust relationship to the role using Foundational's account and the External ID you copied above.

Complete the connection in Foundational

  1. Return to the Set Up New Connection screen in Foundational.

  2. Click Next.

  3. The final setup screen opens. To complete the connection, click Save.

That's it. Foundational is now connected to MySQL.

Related Articles
How to set up BigQuery
How to set up Google Datastream
How to set up Foundational On-Premise Agent in Your AWS
How to set up AWS Athena
How to Set Up Collibra
Did this answer your question?