Discovering MySQL Database Service – Episode 6 – Update the Private Subnet Security List

September 7, 2021
Tags: , ,

MySQL, the world’s most popular open source database, is available as a managed cloud service in Oracle Cloud Infrastructure (OCI) under the name of MySQL Database Service (MDS).

MySQL Database Service is a fully managed cloud service, 100% Developed, Managed and Supported by the MySQL Team.

This is the sixth episode of “Discovering MySQL Database Service“, a series of tutorials where I will show you, step by step, how to use MySQL Database Service and some other Oracle Cloud Infrastructure services.

Please also note that you can run this tutorial and thus try MySQL Database Service & the other Oracle Cloud Infrastructure services for free by starting your 30-day trial.

MySQL Database Service

Episode 6 – Update the Private Subnet Security List

In the previous episode we’ve seen how to create a MySQL DB system from a MySQL Shell dump stored into an Oracle Cloud Infrastructure object storage bucket. One more step to our Discovering MySQL Database Service journey.

In this episode, we’ll introduce the concept of Security Lists a virtual firewall to control traffic at the network packet level.

Security Lists

A security list acts as a virtual firewall for an instance, with ingress and egress rules that specify the types of traffic allowed in and out.
Each security list is enforced at the VNIC level. However, you configure your security lists at the subnet level, which means that all VNICs in a given subnet are subject to the same set of security lists.
The security lists apply to a given VNIC whether it’s communicating with another instance in the VCN or a host outside the VCN.

The default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets relevant to the region that homes that VCN or subnet.

Your OCI user must be part of a group that has the right privileges in order to work with Security Lists.
At least the following rules:
Allow group SecListAdmins to manage security-lists in tenancy
Allow group SecListAdmins to manage vcns in tenancy

Please see: Working with Security Lists

Update the Security List

Go to the OCI console, in the menu, go to: Networking / Virtual Cloud Networks
And select (click on) your VCN ( Demo_VCN in this example), and please check that you are in the right compartment.

Select (click on) the private subnet (Private Subnet-Demo_VCN in this example):

Select the Security List for the Private Subnet (Security List for Private Subnet-Demo_VCN in this example):

Click on Add Ingress Rules:

Now we are adding our ingress rules in order to be able to connect to the MDS instance from the VCN on ports 3306 (MySQL classic protocol) and 33060 (MySQL X protocol).

The information to provide are (please adapt to your context):
+ Source type: CIDR
+ Source CIDR:
+ IP protocol: TCP
+ Source port range: All
+ Destination port range: 3306,33060

Then click on Add Ingress Rules.

You should end up with something like:

Well, that’s all for today!
In this episode, we have seen how to allow traffic from the VCN to the MySQL Database Service instance on ports 3306 & 33060.
We are now able to connect to our MySQL instance…

Next episode is:

Use a Bastion SSH port forwarding session


Follow me on twitter

Watch my videos on my YouTube channel and subscribe.

My Slideshare account.

My Speaker Deck account.

Thanks for using MySQL!

2 Responses to “Discovering MySQL Database Service – Episode 6 – Update the Private Subnet Security List”

  1. […] Update the Private Subnet Security List […]

  2. […] Update the Private Subnet Security List […]

Leave a Reply