Skip to main content

Setup MySQL Integration

Learn how to integrate your MySQL database instance with Axiom

Updated over 2 months ago

Overview

Request, approve, and manage access to MySQL DBs, Schema, and tables using Axiom Security.

Prerequisites

Requirement

Details

Axiom Tenant Admin Access

Administrative privileges within your Axiom Security tenant are required.

MySQL Database Instance

A running MySQL database instance accessible for integration.

MySQL Administrator Credentials

Credentials for a MySQL user with administrative privileges on the target database.

Note: If your DBs are in private subnets, please make sure to complete the self-hosted runner first.

Integration Setup

  1. Create an Administrative MySQL User

-- Create a dedicated user for Axiom integration with administrative privileges
CREATE USER 'axiom_integration'@'%' IDENTIFIED BY 'your_secure_password';

-- Grant extensive permissions to the user for comprehensive monitoring
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER,
SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT,
CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER
ON *.* TO 'axiom_integration'@'%' WITH GRANT OPTION;

Explanation:

  • Create a new user named axiom-integration with a wildcard (%) hostname to allow access from any host (adjust if necessary).

  • Assign a strong password (your_secure_password). Replace this with a secure password of your choice and store it safely.

  • Grants comprehensive permissions necessary for Axiom to monitor and manage the database effectively.

Axiom Side

  1. In the Axiom platform - open the Integration Page from the left-side navigation menu.
    ​

  2. In the right-up corner, click Add Integration.
    ​

  3. General details screen - provide the following:

    1. Name (integration name - e.g., "Production MySQL Database").

    2. Host name
      ​

  4. Axiom Runner screen - Choose how you want to run your integration:

    • Option 1 - Use Axiom-managed runner

    • Option 2 - Use self-hosted Axiom runner
      ​

  5. Click on Integrate to finalize the setup.

FAQs & Troubleshooting

Q: What needs to be done to connect MySQL RDS instances from an AWS account other than the one integrated with Axiom?

A: You can set the AWS_SECRETS_MANAGER_ROLE_ARN environment variable (and optionally AWS_SECRETS_MANAGER_ROLE_EXTERNAL_ID) with the proxy role ARN and optional external ID to allow access.

---

Q: What if the connection test fails?

A: Verify that the MySQL server is accessible from the Axiom platform and that the credentials are correct. Ensure that network configurations (e.g., firewalls) allow connections from Axiom's IP addresses.

---

Q: Can I restrict the permissions granted to the axiom_integration user?

A: While it's possible to grant more limited permissions, doing so may restrict Axiom's ability to fully monitor and manage the database. Ensure that any permission adjustments still allow necessary operations.

Best Practices

  • Secure Passwords: Use strong, unique passwords for the axiom_integration user and store them securely.

  • Network Security: Restrict access to the MySQL server to trusted IP addresses, including those used by Axiom.

  • Regular Audits: Periodically review user permissions and access logs to detect and respond to unauthorized activities.

Related Articles
Setup MongoDB Atlas Integration
Axiom Runner - Setup and Secret Configuration
Setup PostgreSQL Integration
GitHub integration using GitHub App
Integrations Overview
Did this answer your question?