Skip to main content

Aurora MySQL

Amazon Aurora MySQL is a fully managed MySQL-compatible database service. The Aurora MySQL connector enables you to run SQL statements and transactions against Aurora MySQL clusters using the AWS RDS Data API, allowing you to execute queries, perform batch operations, and manage transactions without managing database connections.

Aurora MySQL icon

Power end-to-end data operations for your Aurora MySQL API with Nexla. Our bi-directional Aurora MySQL connector is purpose-built for Aurora MySQL, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Aurora MySQL or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Aurora MySQL workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

Before creating an Aurora MySQL credential, you'll need to obtain AWS credentials and ensure your Aurora MySQL cluster has the Data API enabled. The AWS RDS Data API uses AWS Signature Version 4 for authentication.

AWS Account Setup

To obtain the required AWS credentials for Aurora MySQL Data API:

  1. Sign in to AWS Console: Navigate to https://aws.amazon.com/console/ and sign in to your AWS account. If you don't have an account, you can create one by clicking Create an AWS Account and following the registration process.

  2. Access IAM Console: Once signed in, navigate to the AWS Identity and Access Management (IAM) console. You can find this by searching for "IAM" in the AWS services search bar.

  3. Create or Use Existing IAM User:

    • If you don't have an IAM user with programmatic access, create one:
      • Click Users in the IAM console
      • Click Add users or Create user
      • Provide a username and select Programmatic access as the access type
      • Attach policies that grant permissions for RDS Data API access (e.g., AmazonRDSDataFullAccess or custom policies with RDS Data API permissions)
    • If you already have an IAM user, ensure it has the necessary permissions for RDS Data API
  4. Create Access Keys: For your IAM user:

    • Click on the user name in the IAM console
    • Go to the Security credentials tab
    • Click Create access key
    • Select the use case (e.g., "Application running outside AWS")
    • Click Create access key
    • Important: Copy both the Access key ID and Secret access key immediately. The secret access key is only shown once and cannot be retrieved later.
  5. Note AWS Region: Identify the AWS region where your Aurora MySQL cluster is located (e.g., us-east-1, us-west-2, eu-west-1). This region will be used in the credential configuration.

AWS access keys are sensitive credentials that provide programmatic access to your AWS resources. Keep these credentials secure and never share them publicly or commit them to version control systems. The access keys are used with AWS Signature Version 4 to authenticate requests to the RDS Data API. For complete information about AWS RDS Data API authentication, see the AWS RDS Data API Documentation.

Aurora MySQL Cluster Configuration

Before using the RDS Data API, ensure your Aurora MySQL cluster has the Data API enabled:

  1. Enable Data API: In the AWS RDS console, select your Aurora MySQL cluster and ensure the Data API is enabled. This can be configured during cluster creation or modified in the cluster settings.

  2. Obtain Cluster ARN: Note the Amazon Resource Name (ARN) of your Aurora MySQL cluster. This will be needed when configuring data sources.

  3. Configure Secrets Manager: The RDS Data API requires database credentials to be stored in AWS Secrets Manager. Ensure you have:

    • A secret in AWS Secrets Manager containing your database username and password
    • The ARN of the secret (Secret ARN)

API Access Requirements

AWS RDS Data API access requires:

  • Valid AWS Account: You must have an active AWS account
  • IAM User with Programmatic Access: An IAM user with access keys and appropriate permissions
  • AWS Access Key ID: Your IAM user's access key ID
  • AWS Secret Access Key: Your IAM user's secret access key
  • AWS Region: The region where your Aurora MySQL cluster is located
  • Aurora MySQL Cluster: A cluster with the Data API enabled
  • Secrets Manager Secret: Database credentials stored in AWS Secrets Manager

The AWS RDS Data API uses AWS Signature Version 4 for authentication. All API requests must use HTTPS and include AWS signature headers.

For complete information about AWS RDS Data API authentication and getting started, see the AWS RDS Data API Documentation.

Authenticate

Credentials required

Authenticate using AWS Signature Version 4.

FieldRequiredSecretDescription
AWS RegionYesNoRegion for RDS Data API
AWS Access Key IDYesYesAWS access key
AWS Secret Access KeyYesYesAWS secret key
AWS Session TokenNoYesTemporary session token (optional)

Create a credential in Nexla

  1. After selecting the data source type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Aurora MySQL Data API

AuroraCred.png
  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  2. Enter the AWS region for your RDS Data API requests in the AWS Region field. The default value is us-east-1. This should match the region where your Aurora MySQL cluster is located (e.g., us-east-1, us-west-2, eu-west-1).

  3. Enter your AWS Access Key ID in the AWS Access Key ID field. This is the access key ID from your IAM user's security credentials.

  4. Enter your AWS Secret Access Key in the AWS Secret Access Key field. This is the secret access key from your IAM user's security credentials.

  5. If you're using temporary credentials (e.g., from AWS STS), enter the session token in the AWS Session Token field. For permanent IAM user credentials, you can leave this field empty.

    The AWS credentials are sensitive information that should be kept secure. Nexla will store these credentials securely and use them only for API authentication purposes. The credentials are used with AWS Signature Version 4 to authenticate requests to the RDS Data API. Ensure your IAM user has the necessary permissions to access the RDS Data API and Secrets Manager.

  6. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source creation and can be selected for use with a new data source.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Aurora MySQL connector tile, then select the credential that will be used to connect to the Aurora MySQL instance, and click Next; or, create a new Aurora MySQL credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to execute SQL statements via the AWS RDS Data API. Each template is designed specifically for the corresponding RDS Data API operation, making data source setup easy and efficient. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.

ExecuteStatement

This endpoint runs a single SQL statement via the RDS Data API. Use this endpoint when you need to execute SELECT queries, retrieve data from tables, or run single SQL statements against your Aurora MySQL cluster.

  • Enter the Cluster ARN in the Cluster ARN field. This is the Amazon Resource Name (ARN) of your Aurora MySQL cluster. You can find this in the AWS RDS console under your cluster's details.
  • Enter the Secret ARN in the Secret ARN field. This is the ARN of the secret in AWS Secrets Manager that contains your database credentials (username and password).
  • Enter the SQL statement in the SQL field. This should be a valid MySQL SELECT statement (e.g., SELECT * FROM users WHERE status = 'active').
  • Enter the database name in the Database field. This should be the name of the database you want to query (e.g., mydb).
  • Enter a schedule in the Schedule field to specify when this data source should run. The schedule uses cron expression format.
  • The endpoint executes the SQL statement and returns the query results as records.

The ExecuteStatement operation is designed for single SQL statements. For batch operations or transactions, use the BatchExecuteStatement or Transaction endpoints. The SQL statement must be a valid MySQL query. For complete information about ExecuteStatement, see the AWS RDS Data API ExecuteStatement Documentation.

BatchExecuteStatement

This endpoint runs batch SQL statements via the RDS Data API. Use this endpoint when you need to execute multiple SQL statements with different parameter sets, perform bulk operations, or run parameterized queries efficiently.

  • Enter the Cluster ARN in the Cluster ARN field. This is the Amazon Resource Name (ARN) of your Aurora MySQL cluster.
  • Enter the Secret ARN in the Secret ARN field. This is the ARN of the secret in AWS Secrets Manager that contains your database credentials.
  • Enter the SQL statement in the SQL field. This should be a valid MySQL statement with parameter placeholders (e.g., INSERT INTO users (name, email) VALUES (:name, :email)).
  • Enter the parameter sets in the Parameter Sets field as a JSON array. Each element should be an array of parameter values (e.g., [["John", "john@example.com"], ["Jane", "jane@example.com"]]).
  • Enter the database name in the Database field. This should be the name of the database you want to query.
  • Enter a schedule in the Schedule field to specify when this data source should run. The schedule uses cron expression format.
  • The endpoint executes the SQL statement with each parameter set and returns the results for each execution.

BatchExecuteStatement is efficient for executing the same SQL statement multiple times with different parameter values. The parameter sets must match the parameter placeholders in the SQL statement. For complete information about BatchExecuteStatement, see the AWS RDS Data API BatchExecuteStatement Documentation.

TransactionalExecute

This endpoint begins a transaction, executes a statement, and commits the transaction via the RDS Data API. Use this endpoint when you need to execute SQL statements within a transaction, ensure data consistency, or perform atomic operations.

  • Enter the Cluster ARN in the Cluster ARN field. This is the Amazon Resource Name (ARN) of your Aurora MySQL cluster.
  • Enter the Secret ARN in the Secret ARN field. This is the ARN of the secret in AWS Secrets Manager that contains your database credentials.
  • Enter the SQL statement in the SQL field. This should be a valid MySQL statement to execute within the transaction.
  • Enter the database name in the Database field. This should be the name of the database you want to query.
  • Enter a schedule in the Schedule field to specify when this data source should run. The schedule uses cron expression format.
  • The endpoint automatically begins a transaction, executes the SQL statement, and commits the transaction. If an error occurs, the transaction is rolled back.

TransactionalExecute ensures that SQL operations are executed atomically. If any part of the operation fails, the entire transaction is rolled back. This is useful for maintaining data consistency. For complete information about transaction control, see the AWS RDS Data API Transaction Control Documentation.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

Aurora MySQL data sources can also be manually configured to execute custom SQL statements via the AWS RDS Data API, including chained API calls or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, request headers, request body, and response data path.

All RDS Data API operations use the POST method against the endpoint https://rds-data.{region}.amazonaws.com/, where {region} is your AWS region (e.g., us-east-1). The specific operation is selected via the X-Amz-Target request header. AWS Signature Version 4 authentication headers are added automatically from your credentials, but each request must include:

  • Content-Type: application/x-amz-json-1.1
  • X-Amz-Target: RDSDataService.ExecuteStatement (or the appropriate target for your operation, such as RDSDataService.BatchExecuteStatement or RDSDataService.BeginTransaction)

The JSON request body includes resourceArn (cluster ARN), secretArn (AWS Secrets Manager ARN), sql, and database; add parameterSets for BatchExecuteStatement or transactionId for transaction operations. Set the Response Data Path to $.records[*] for query results, or $.updateResults[*] for batch operations.

Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Aurora MySQL data source. Nexla will now begin executing the configured SQL statement and will organize any data that it finds into one or more Nexsets.