MySQL Shell 8.0

4.7 Cloud Service Configuration

MySQL Shell supports exporting of MySQL data to cloud service storage and import of that data from cloud storage to a MySQL instance. The following cloud services are supported:

For information on exporting MySQL data to cloud storage, see Section 11.5, “Instance Dump Utility, Schema Dump Utility, and Table Dump Utility”. For information on importing MySQL data from cloud storage, see Section 11.6, “Dump Loading Utility”.

For information on using MySQL Shell with MySQL Database Service, see MySQL Database Service Documentation.

Oracle Cloud Infrastructure Object Storage

MySQL Shell uses the parameters defined in the OCI CLI configuration file, config, to connect to the Object Storage service. For more information on this file, see SDK and CLI Configuration

MySQL Shell requires the following parameters in the configuration file:

  • user: OCID of the user.

  • fingerprint: generated fingerprint of the user's public key.

  • tenancy: OCID of the user's tenancy.

  • region: An Oracle Cloud Infrastructure region.

  • key_file: Full path and filename of the user's public key.

The following is an example of a configuration file:

        
        [default]
        user=ocid1.user.oc1..alphanumericstring
        fingerprint=08:23:60:....:ff:22:dd:55:20
        tenancy=ocid1.tenancy.oc1..alphanumericstring
        region=us-ashburn-1
        key_file=/home/Username/.oci/oci_api_key.pem
        
      

If you have installed and configured the OCI CLI, MySQL Shell reads the connection parameters from the default location, .oci/, automatically. To use an alternate configuration, do so from the command line, using the relevant override options.

S3-compatible Storage

MySQL Shell S3 support has been tested against the following S3-compatible storage services:

MySQL Shell supports configuring AWS credentials in environment variables and in configuration files.

Configuration parameters are used in order of precedence:

  1. Option. For example, s3Profile takes precedence over the environment variable AWS_PROFILE, and the default profile in the configuration file.

  2. Environment variable. For example, the environment variable AWS_SHARED_CREDENTIALS_FILE takes precedence over the default location of the credentials file, ~/.aws/credentials.

  3. DEFAULT environment variable, if it exists. For example, the environment variable AWS_REGION and the environment variable AWS_DEFAULT_REGION.

  4. Parameter defined in a configuration file.

  5. AWS default values.

For example, for the AWS region, in order of precedence:

  1. s3Region option.

  2. AWS_REGION environment variable.

  3. AWS_DEFAULT_REGION environment variable.

  4. Region defined in the configuration file.

  5. The default value of us-east-1.

AWS credentials are read in the following order of precedence:

  1. Environment variables, if the s3Profile option is not defined.

  2. Credentials file, for the specified profile.

  3. Config file, for the specified profile.

For more information, see the following:

Environment Variables

For information on AWS environment variables, see Environment variables to configure the AWS CLI

You can define the following AWS S3-specific environment variables:

  • AWS_PROFILE: Specifies the name of the profile to use. This can be the name of a profile in a credentials or config file, or the value default to use the default profile. This environment variable overrides the [default] profile named in the configuration file. You can override this environment variable with the --s3Profile option.

  • AWS_SHARED_CREDENTIALS_FILE: The location of the file used to store access keys. Such as ~/.aws/credentials.

  • AWS_CONFIG_FILE: The location of the file used to store configuration profiles. Such as ~/.aws/config.

  • AWS_REGION: Specifies the AWS Region to send the request to. This value overrides the AWS_DEFAULT_REGION environment variable and the profile defined in the configuration file.

  • AWS_DEFAULT_REGION: Specifies the AWS Region to send the request to. This value is overridden by the --s3Region option and the AWS_REGION environment variable, if specified.

  • AWS_ACCESS_KEY_ID: Specifies an AWS access key associated with an IAM user or role.

  • AWS_SECRET_ACCESS_KEY: Specifies the secret key associated with the access key. This variable overrides the aws_secret_access_key defined in the profile.

  • AWS_SESSION_TOKEN: Specifies the session token value required if you are using temporary security credentials. This variable overrides the aws_session_token defined in the profile.

Configuration Files

MySQL Shell requires the following parameters in one or more configuration files:

  • aws_access_key_id: specifies the access key associated with the user. If not present, an exception is thrown.

  • aws_secret_access_key: specifies the secret key associated with the access key. If not present, an exception is thrown.

  • aws_session_token: specifies the session token required if you are using temporary security credentials. If not present, it is not used to authenticate the user.

  • region: specifies the cloud service region. If not present, the default value of us-east-1 is used.

If you have installed and configured the AWS CLI, MySQL Shell reads the connection parameters from the default location, .aws/, automatically. To use an alternate configuration, do so from the command line, using the relevant override options.

If you are using Oracle Cloud Infrastructure's S3 compatibility API, see Creating a Customer Secret Key for information on creating the credentials required.

Note

By default, the AWS CLI creates two configuration files, config, which stores parameters such as region and output format, and credentials, which stores access keys and session tokens. It is also possible to place all configuration parameters in a single file, config. For more information, see AWS Configuration and authentication settings . However, if you have defined access key and secret access keys in both files, those defined in the credentials file take precedence.

The following example shows a default pair of AWS CLI configuration files:

        
        /home/.aws/credentials
        
        [default]
        aws_access_key_id = AKIA6AV......
        aws_secret_access_key = XHRY579I.....
        
        /home/.aws/config
        
        [default]
        region = us-west-1
        output = json
        
      

Azure Blob Storage

The Azure configuration values are evaluated in the following order of precedence:

Note

If you intend to use SAS Tokens, they must provide the following:

  • Access to the target container.

  • Read, Write, and List permissions for dump and export operations.

  • Read and List permissions for load and import operations.

Environment Variables

Azure connection settings can be read from the following environment variables:

  • AZURE_STORAGE_ACCOUNT: The default storage account name.

  • AZURE_STORAGE_KEY: The default storage key.

  • AZURE_STORAGE_CONNECTION_STRING: The default connection string. If this is defined, AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY are ignored.

  • AZURE_STORAGE_SAS_TOKEN: The default SAS token.

If an SAS token is defined, it is used for the authentication, any defined account key is ignored.

Configuration Files

If you use the Azure config file, you must add one or more of the following parameters to the [storage] section of the file:

  • connection_string: The default connection string. If this is defined, account and key are ignored.

  • account: The default storage account name.

  • key: The default access key.

  • sas_token: The default SAS token.

If an SAS token is defined, it is used for the authentication, any defined account key is ignored.

For more information, see Microsoft Azure CLI configuration values and environment variables.