Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Connecting to a MySQL® cluster from applications

Written by
Updated at May 27, 2026

This section provides settings for connection to Managed Service for MySQL® cluster hosts with the help of command line tools, graphical IDEs, Yandex WebSQL, or a Docker container. To learn how to connect from your application code, see Code examples.

Command line tools

To see code examples with the host FQDN filled in, open the cluster page in the management console and click Connect.

Linux (Bash)/macOS (Zsh)

Before connecting, install the mysql utility:

sudo apt update && sudo apt install --yes mysql-client

mysql --host=<MySQL®_host_name>.mdb.yandexcloud.net \
      --port=3306 \
      --ssl-ca=~/.mysql/root.crt \
      --ssl-mode=VERIFY_IDENTITY \
      --user=<username> \
      --password \
      <DB_name>

mysql --host=<FQDN_of_any_MySQL®_host> \
      --port=3306 \
      --ssl-mode=DISABLED \
      --user=<username> \
      --password \
      <DB_name>

To learn how to get a host FQDN, see this guide.

When running any command, enter the database user password.

Once connected to the DBMS, run the SELECT version(); command.

If your cluster connection and test query are successful, you will see the MySQL® version.

Windows (PowerShell)

Before connecting, download and install MySQL Shell.

mysqlsh --host=<FQDN_of_any_MySQL®_host> `
        --port=3306 `
        --ssl-ca=<absolute_path_to_certificate_file> `
        --ssl-mode=VERIFY_IDENTITY `
        --user=<username> `
        --password `
        --database=<DB_name> `
        --sql

mysqlsh --host=<FQDN_of_any_MySQL®_host> `
        --port=3306 `
        --ssl-mode=DISABLED `
        --user=<username> `
        --password `
        --database=<DB_name>

To learn how to get a host FQDN, see this guide.

When running any command, enter the database user password.

Once connected to the DBMS, run the SELECT version(); command.

If your cluster connection and test query are successful, you will see the MySQL® version.

Connecting with IAM authentication

You can connect to a Managed Service for MySQL® database via the Yandex Cloud CLI using IAM authentication. This method is available to Yandex accounts, federated accounts, and local users. When connecting with IAM authentication, you do not need to obtain an SSL certificate or specify the cluster hosts’ FQDNs.

Before connecting:

  1. If you do not have the Yandex Cloud CLI yet, install and initialize it.

    The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  2. Install the MySQL® client:

    sudo apt update && sudo apt install --yes mysql-client

Set up your Managed Service for MySQL® cluster for connection:

  1. Navigate to Managed Service for MySQL.
  2. Click the cluster name.
  3. Enable public access for the cluster hosts:
    1. Select the Hosts tab.
    2. Click in the first host's row and select Edit.
    3. Enable Public access.
    4. Repeat the same for the remaining hosts in the cluster.
  4. Assign the managed-mysql.clusters.connector role to the user account that will connect to the database:
    1. Select the Access bindings tab and click Assign roles.
    2. Enter the user account’s email.
    3. Click Add role and select the managed-mysql.clusters.connector role.
    4. Click Save.
  5. Create a user named MySQL®:
    1. Select the Users tab.
    2. Click Create user.
    3. Select IAM as the authentication method.
    4. Select the account with the managed-mysql.clusters.connector role.
    5. Click Add database and select the database from the drop-down list.
    6. Click in the Roles column and select privileges from the drop-down list.
    7. Click Create.

To connect to the Managed Service for MySQL® database, run this command:

yc managed-mysql connect <cluster_name_or_ID> --db <DB_name>

You can get the cluster name and ID with the list of clusters in the folder.

Connecting from graphical IDEs

Connections were tested in the following environment:

  • Ubuntu 20.04, DBeaver: 22.2.4
  • MacOS Monterey 12.7:
    • JetBrains DataGrip: 2023.3.4
    • DBeaver Community: 24.0.0

From graphical IDEs, you can only connect to public cluster hosts using an SSL certificate.

To avoid connection errors, save the certificate to a local folder that does not require administrator rights to access.

  1. Create a data source:
    1. Select FileNewData SourceMySQL®.
    2. On the General tab:
      1. Configure the connection as follows:
      2. Click Download to download the connection driver.
    3. On the SSH/SSL tab:
      1. Enable Use SSL.
      2. In the CA file field, specify the path to the SSL certificate file for your connection.
  2. Click Test Connection. If the connection is successful, you will see the connection status, DBMS information, and driver details.
  3. Click OK to save the data source.
  1. Create a new DB connection:
    1. In the Database menu, select New connection.
    2. Select MySQL® from the DB list.
    3. Click Next.
    4. Specify the connection settings on the Main tab:
    5. On the SSL tab:
      1. Enable Use SSL.
      2. In the CA certificate field, specify the path to the SSL certificate file you previously saved.
      3. Under Advanced:
        1. Enable Require SSL.
        2. Enable Verify server certificate.
  2. Click Test Connection .... If the connection is successful, you will see the connection status, DBMS information, and driver details.
  3. Click Done to save the database connection settings.

Connecting with IAM authentication

To connect to a Managed Service for MySQL® database from graphical IDEs with Yandex Identity and Access Management authentication, run the Yandex Cloud CLI in listening proxy server mode.

This type of connection is available to Yandex accounts, federated accounts, and local users. When connecting this way, you do not need to get an SSL certificate or specify the cluster hosts' FQDNs.

You can only use graphical IDEs to connect to publicly accessible cluster hosts.

To connect to a Managed Service for MySQL® database:

  1. Assign the managed-mysql.clusters.connector role to the user account that will connect to the database:

    1. Navigate to Managed Service for MySQL.
    2. Click the cluster name.
    3. Select the Access bindings tab and click Assign roles.
    4. Enter the user account’s email.
    5. Click Add role and select the managed-mysql.clusters.connector role.
    6. Click Save.

  2. Create a user named MySQL®:

    1. Select the Users tab.
    2. Click Create user.
    3. Select IAM as the authentication method.
    4. Select the account with the managed-mysql.clusters.connector role.
    5. Click Add database and select the database from the drop-down list.
    6. Click in the Roles column and select privileges from the drop-down list.
    7. Click Create.

  3. Start the Yandex Cloud CLI in proxy server mode:

    1. If you do not have the Yandex Cloud CLI yet, install and initialize it.

      The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

    2. Run this command:

      yc managed-mysql connect <cluster_name_or_ID> --db <DB_name> --daemon

      This will start a proxy server on port 3306. To select a different port, specify --port <port_number> in the command.

      You can get the cluster name and ID with the list of clusters in the folder.

  4. Connect to the Managed Service for MySQL® cluster:

    1. Create a new DB connection:
      1. In the Database menu, select New connection.
      2. Select MySQL® from the DB list.
      3. Click Next.
      4. Specify the connection settings on the Main tab:
        • Server: localhost.
        • Port: 3306 or any other port you specified when starting the proxy server.
        • Database: DB to connect to.
        • Username: Your account's login or email address.
        • Password: Leave this field empty.
    2. Click Test Connection .... If the connection is successful, you will see the connection status, DBMS information, and driver details.
    3. Click Done to save the database connection settings.
    1. Create a new database connection:
      1. In the Database menu, select Manage connections....
      2. Click New.
      3. Specify the following connection settings on the Connection tab:
        • Hostname: 127.0.0.1.
        • Port: 3306 or any other port you specified when starting the proxy server.
        • Username: Your account's login or email address.
        • Default schema: Name of the database to connect to.
        • SSLUse SSL: No.
    2. Click Test Connection. If the connection is successful, you will see its details.

Connecting from Yandex WebSQL

You can use Yandex WebSQL to send SQL queries to Managed Service for MySQL® cluster databases.

WebSQL is a Yandex Cloud service that enables you to connect to managed database clusters, work with databases, tables, and schemas, and run queries. It is a web-based tool that requires no additional authorization and simplifies working with SQL commands by prompting the user.

To connect from WebSQL, activate the WebSQL access option in the cluster settings. You can enable it when creating or updating a cluster.

In the Managed Service for MySQL® cluster, a Connection Manager connection is automatically created for each database user, which you can use to connect to the database from WebSQL. If required, you can also create a new connection.

To connect to the database from WebSQL:

  1. In the management console, select the folder with the cluster you need.

  2. Go to Managed Service for MySQL.

  3. Click the cluster name and go to the WebSQL tab.

  4. Select the required connection.

    The connection will open in WebSQL. To go to the query editor, select the required database.

    Check this MySQL® reference for supported queries.

For more information on how to work with WebSQL, see these guides.

Before you connect from a Docker container

To connect to a Managed Service for MySQL® cluster from a Docker container, add the following lines to the Dockerfile:

RUN apt-get update && \
    apt-get install mysql-client --yes

RUN apt-get update && \
    apt-get install wget mysql-client --yes && \
    mkdir --parents ~/.mysql && \
    wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
         --output-document ~/.mysql/root.crt && \
    chmod 0600 ~/.mysql/root.crt
Previous
FQDNs of hosts
Next
Code examples