Guarded Public Access

Important
This only allows access to actors approved in your security group policies, not all public actors. We will configure the security group policy in the next section.
Modify your database instance to be publicly accessible by approved actors:
- 1.
- 2.Select Modify.
- 3.Scroll down to the Connectivity section and reveal Additional configuration.
- 4.Select Publicly accessible.
- 5.Scroll down to the bottom of the page and select Continue.
- 6.Select Apply immediately.
- 7.Select Modify DB instance.
Modify your database instance's security group to allow OtterTune traffic:
- 1.
- 2.Select the Connectivity & security tab.
- 3.Select the hyperlink under VPC security groups.
- 4.Select Actions -> Edit inbound rules.
- 5.Select Add rule.
- 6.Input the following information:
- 1.Type:
MySQL/Aurora
orPostgreSQL
- 2.Source:
Custom
- 3.[OtterTune's Elastic IP address]:
3.18.139.24/32
- 4.Description:
Elastic IP for OtterTune
- 7.Select Save rules.

Choose a method for OtterTune to authenticate your database.
- Method #1: AWS IAM Database Authentication: Use OtterTune's AWS IAM Role to perform authentication. See the AWS RDS documentation for details.
- 1.
- 2.Select Modify.
- 3.Scroll down to the Database authentication section and select Password and IAM database authentication.
- 4.Scroll down to the bottom of the page and select Continue.
- 5.Select Apply immediately.
- 6.Select Modify DB instance.
Note that the database username should start with ottertune, otherwise we will not have permission to connect to your database.
MySQL
PostgreSQL
CREATE USER 'ottertune' IDENTIFIED WITH AWSAuthenticationPlugin as 'RDS';
GRANT PROCESS ON *.* TO 'ottertune';
GRANT SHOW VIEW ON *.* TO 'ottertune';
GRANT REPLICATION CLIENT ON *.* TO 'ottertune';
GRANT SELECT ON performance_schema.events_statements_summary_by_digest TO 'ottertune';
-- if mysql version >= 8.0
GRANT SELECT ON performance_schema.events_statements_histogram_global TO 'ottertune';
CREATE USER ottertune;
GRANT rds_iam TO ottertune;
GRANT pg_monitor TO ottertune;
Important
For PostgreSQL, entering a database username without quotes is case-insensitive. To make it case-sensitive, you can wrap it in quotes.
For example:
create user ottertuneUser;
will result in the username
ottertuneuser
, whereascreate user 'ottertuneUser';
will result in the username
ottertuneUser
.
MySQL
PostgreSQL
CREATE USER 'ottertune' IDENTIFIED BY '<password>';
GRANT PROCESS ON *.* TO 'ottertune';
GRANT SHOW VIEW ON *.* TO 'ottertune';
GRANT REPLICATION CLIENT ON *.* TO 'ottertune';
GRANT SELECT ON performance_schema.events_statements_summary_by_digest TO 'ottertune';
-- if mysql version >= 8.0
GRANT SELECT ON performance_schema.events_statements_histogram_global TO 'ottertune';
CREATE USER ottertune WITH PASSWORD '<password>';
GRANT pg_monitor TO ottertune;
Important
For PostgreSQL, entering a database username without quotes is case-insensitive. To make it case-sensitive, you can wrap it in quotes.
For example:
create user ottertuneUser;
will result in the username
ottertuneuser
, whereascreate user 'ottertuneUser';
will result in the username
ottertuneUser
.
Last modified 9mo ago