Skip Navigation
Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Working with Bundler
      • Rails Support
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with Spring Boot
      • Java Advanced Topics
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Data For Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
    • Single Sign-on (SSO)
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Databases & Data Management
  • Other Data Stores
  • Amazon RDS

Amazon RDS

English — 日本語に切り替える

Last updated February 08, 2023

Table of Contents

  • Authorizing Access to RDS instance
  • Configuring a Heroku Ruby App to Use a MySQL RDS Instance
  • Additional Resources

This article describes how to configure your Heroku app to use an Amazon RDS database.

Amazon RDS must be purchased and provisioned separately.

Authorizing Access to RDS instance

You must grant Heroku dynos access to your RDS instance. The recommended way to grant access is to configure the RDS instance to only accept SSL-encrypted connections from authorized users and configure the security group for your instance to permit ingress from the appropriate IP addresses.

Previously, Heroku published its AWS account ID and security group name as a way to grant access to an Amazon RDS instance. This is no longer recommended.

Configuring a Heroku Ruby App to Use a MySQL RDS Instance

Follow these steps to access a MySQL RDS instance from a Heroku Ruby app (adapted from Stackoverflow response):

First, download the Amazon RDS CA certificate:

$ curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem > ./config/amazon-rds-ca-cert.pem

You may also have to download and combine intermediate AWS certificates.

Add the certificate file to your app’s git repository and redeploy to Heroku.

Update the DATABASE_URL config var to include the sslca parameter pointing to the certificate file in your repository:

heroku config:set DATABASE_URL="mysql2://username:password@hostname/dbname?sslca=config/amazon-rds-ca-cert.pem" -a <app_id>

The relative path to the certificate file is important.

Require SSL

Configure MySQL to require SSL for all connections for the user:

GRANT USAGE ON *.* TO 'username'@'%' REQUIRE SSL;

That’s it! Your Ruby app is now able to access the RDS MySQL database over SSL.

Additional Resources

Refer to the relevant AWS and MySQL documentation for additional details on how to use SSL connections with your RDS database and how to authorize access for a DB security group:

  • AWS: Using SSL with a MySQL DB Instance
  • AWS: Require DB instance only accept encrypted connections
  • AWS: Using SSL with a SQL Server DB Instance
  • MySQL: Using Encrypted Connections
  • AWS: Authorizing Network Access to a DB Security Group from an IP Range

The ClearDB Dev Center article has additional details on how to use SSL certificates when connecting to a MySQL Database

Keep reading

  • Other Data Stores

Feedback

Log in to submit feedback.

Reference Architecture: Peering Amazon Redshift with Heroku Reference Architecture: Peering Amazon Redshift with Heroku

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

Your email address:

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Heroku Podcasts
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
  • YouTube
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies
  • Cookie Preferences