首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6dd8e59864
Branches Tags
Materialize
/
doc
/
user
/
content
/
ingest-data
/
mysql
/
amazon-rds.md

amazon-rds.md 15 KB
History Raw

title: "Ingest data from Amazon RDS" description: "How to stream data from Amazon RDS for MySQL to Materialize" menu: main:

parent: "mysql"
name: "Amazon RDS"
identifier: "mysql-amazon-rds"

This page shows you how to stream data from Amazon RDS for MySQL to Materialize using the MySQL source.

{{< tip >}} {{< guided-tour-blurb-for-ingest-data >}} {{< /tip >}}

Before you begin

{{% mysql-direct/before-you-begin %}}

A. Configure Amazon RDS

1. Enable GTID-based binlog replication

Before creating a source in Materialize, you must configure Amazon RDS for GTID-based binlog replication. For guidance on enabling GTID-based binlog replication in RDS, see the Amazon RDS for MySQL documentation.

  1. Enable automated backups in your RDS instance by setting the backup retention period to a value greater than 0 to enable binary logging.

  2. Create a custom RDS parameter group.

    • Set Parameter group family to your MySQL version.
    • Set Type to DB Parameter Group.

  3. Edit the new parameter group to set the configuration parameters to the following values:

| Configuration parameter | Value | Details | |----------------------------------|-------|---------| | log_bin_use_v1_row_events | ON | AWS Management Console equivalent to MySQL's log_bin configuration parameter. | | binlog_format | ROW | This configuration is deprecated as of MySQL 8.0.34. Newer versions of MySQL default to row-based logging. | | binlog_row_image | FULL| | | gtid-mode | ON | AWS Management Console equivalent to MySQL's gtid_mode configuration parameter. | | enforce_gtid_consistency | ON | | | replica_preserve_commit_order | ON | Only required when connecting Materialize to a read-replica for replication, rather than the primary server. |

  1. Associate the RDS parameter group to your database.

    Use the Apply Immediately option. The database must be rebooted in order for the parameter group association to take effect. Keep in mind that rebooting the RDS instance can affect database performance.

    Do not move on to the next step until the database Status is Available in the RDS Console.

  2. In addition to the step above, you must also ensure that binlog retention is set to a reasonable value. To check the current value of the binlog retention hours configuration parameter, connect to your RDS instance and run:

    CALL mysql.rds_show_configuration;

If the value returned is NULL, or less than 168 (i.e. 7 days), run:

   CALL mysql.rds_set_configuration('binlog retention hours', 168);

Although 7 days is a reasonable retention period, we recommend using the default MySQL retention period (30 days) in order to not compromise Materialize’s ability to resume replication in case of failures or restarts.

  1. To validate that all configuration parameters are set to the expected values after the above configuration changes, run:

    -- Validate "binlog retention hours" configuration parameter
CALL mysql.rds_show_configuration;

    -- Validate parameter group configuration parameters
SHOW VARIABLES WHERE variable_name IN (
  'log_bin',
  'binlog_format',
  'binlog_row_image',
  'gtid_mode',
  'enforce_gtid_consistency',
  'replica_preserve_commit_order'
);

2. Create a user for replication

{{% mysql-direct/create-a-user-for-replication %}}

B. (Optional) Configure network security

{{< note >}} If you are prototyping and your RDS instance is publicly accessible, you can skip this step. For production scenarios, we recommend configuring one of the network security options below. {{< /note >}}

There are various ways to configure your database's network to allow Materialize to connect:

  • Allow Materialize IPs: If your database is publicly accessible, you can configure your database's security group to allow connections from a set of static Materialize IP addresses.

  • Use AWS PrivateLink: If your database is running in a private network, you can use AWS PrivateLink to connect Materialize to the database. For details, see AWS PrivateLink.

  • Use an SSH tunnel: If your database is running in a private network, you can use an SSH tunnel to connect Materialize to the database.

{{< tabs >}}

{{< tab "Allow Materialize IPs">}}

  1. In the SQL Shell, or your preferred SQL client connected to Materialize, find the static egress IP addresses for the Materialize region you are running in:

    SELECT * FROM mz_egress_ips;

  2. In the RDS Console, add an inbound rule to your RDS security group for each IP address from the previous step.

    In each rule:

    • Set Type to MySQL.
    • Set Source to the IP address in CIDR notation.

{{< /tab >}}

{{< tab "Use AWS PrivateLink">}}

AWS PrivateLink lets you connect Materialize to your RDS instance without exposing traffic to the public internet. To use AWS PrivateLink, you create a network load balancer in the same VPC as your RDS instance and a VPC endpoint service that Materialize connects to. The VPC endpoint service then routes requests from Materialize to RDS via the network load balancer.

{{< note >}} Materialize provides a Terraform module that automates the creation and configuration of AWS resources for a PrivateLink connection. For more details, see the Terraform module repository. {{</ note >}}

  1. Get the IP address of your RDS instance. You'll need this address to register your RDS instance as the target for the network load balancer in the next step.

    To get the IP address of your RDS instance:

    1. Select your database in the RDS Console.

    2. Find your RDS endpoint under Connectivity & security.

    3. Use the dig or nslooklup command to find the IP address that the endpoint resolves to:

      dig +short <RDS_ENDPOINT>

  2. Create a dedicated target group for your RDS instance.

    • Choose the IP addresses type.

    • Set the protocol and port to TCP and 3306.

    • Choose the same VPC as your RDS instance.

    • Use the IP address from the previous step to register your RDS instance as the target.

    Warning: The IP address of your RDS instance can change without notice. For this reason, it's best to set up automation to regularly check the IP of the instance and update your target group accordingly. You can use a lambda function to automate this process - see Materialize's Terraform module for AWS PrivateLink for an example. Another approach is to configure an EC2 instance as an RDS router for your network load balancer.

  3. Create a network load balancer.

    • For Network mapping, choose the same VPC as your RDS instance and select all of the availability zones and subnets that you RDS instance is in.

    • For Listeners and routing, set the protocol and port to TCP and 3306 and select the target group you created in the previous step.

  4. In the security group of your RDS instance, allow traffic from the network load balancer.

    If client IP preservation is disabled, the easiest approach is to add an inbound rule with the VPC CIDR of the network load balancer. If you don't want to grant access to the entire VPC CIDR, you can add inbound rules for the private IP addresses of the load balancer subnets.

    • To find the VPC CIDR, go to your network load balancer and look under Network mapping.
    • To find the private IP addresses of the load balancer subnets, go to Network Interfaces, search for the name of the network load balancer, and look on the Details tab for each matching network interface.

  5. Create a VPC endpoint service.

    • For Load balancer type, choose Network and then select the network load balancer you created in the previous step.

    • After creating the VPC endpoint service, note its Service name. You'll use this service name when connecting Materialize later.

    Remarks: By disabling Acceptance Required, while still strictly managing who can view your endpoint via IAM, Materialze will be able to seamlessly recreate and migrate endpoints as we work to stabilize this feature.

  6. Go back to the target group you created for the network load balancer and make sure that the health checks are reporting the targets as healthy.

{{< /tab >}}

{{< tab "Use an SSH tunnel">}}

To create an SSH tunnel from Materialize to your database, you launch an instance to serve as an SSH bastion host, configure the bastion host to allow traffic only from Materialize, and then configure your database's private network to allow traffic from the bastion host.

{{< note >}} Materialize provides a Terraform module that automates the creation and configuration of resources for an SSH tunnel. For more details, see the Terraform module repository. {{</ note >}}

  1. Launch an EC2 instance to serve as your SSH bastion host.

    • Make sure the instance is publicly accessible and in the same VPC as your RDS instance.
    • Add a key pair and note the username. You'll use this username when connecting Materialize to your bastion host.

    Warning: Auto-assigned public IP addresses can change in certain cases.

    For this reason, it's best to associate an elastic IP address to your bastion host.

  2. Configure the SSH bastion host to allow traffic only from Materialize.

    1. In the SQL Shell, or your preferred SQL client connected to Materialize, get the static egress IP addresses for the Materialize region you are running in:

      SELECT * FROM mz_egress_ips;

    2. For each static egress IP, add an inbound rule to your SSH bastion host's security group.

      In each rule:

      • Set Type to MySQL.
      • Set Source to the IP address in CIDR notation.

  3. In the security group of your RDS instance, add an inbound rule to allow traffic from the SSH bastion host.

    • Set Type to All TCP.
    • Set Source to Custom and select the bastion host's security group.

{{< /tab >}}

{{< /tabs >}}

C. Ingest data in Materialize

1. (Optional) Create a cluster

{{< note >}} If you are prototyping and already have a cluster to host your MySQL source (e.g. quickstart), you can skip this step. For production scenarios, we recommend separating your workloads into multiple clusters for resource isolation. {{< /note >}}

{{% mysql-direct/create-a-cluster %}}

2. Start ingesting data

[//]: # "TODO(morsapaes) MySQL connections support multiple SSL modes. We should adapt to that, rather than just state SSL MODE REQUIRED."

Now that you've configured your database network and created an ingestion cluster, you can connect Materialize to your MySQL database and start ingesting data. The exact steps depend on your networking configuration, so start by selecting the relevant option.

{{< tabs >}}

{{< tab "Allow Materialize IPs">}} {{% mysql-direct/ingesting-data/allow-materialize-ips %}} {{< /tab >}}

{{< tab "Use AWS PrivateLink">}} {{% mysql-direct/ingesting-data/use-aws-privatelink %}} {{< /tab >}}

{{< tab "Use an SSH tunnel">}} {{% mysql-direct/ingesting-data/use-ssh-tunnel %}} {{< /tab >}}

{{< /tabs >}}

[//]: # "TODO(morsapaes) Replace these Step 6. and 7. with guidance using the new progress metrics in mz_source_statistics + console monitoring, when available (also for PostgreSQL)."

3. Monitor the ingestion status

{{% mysql-direct/check-the-ingestion-status %}}

4. Right-size the cluster

{{% mysql-direct/right-size-the-cluster %}}

D. Explore your data

{{% mysql-direct/next-steps %}}

Considerations

{{% include-md file="shared-content/mysql-considerations.md" %}}