MySQL RDS snapshot

A high-level look at Stitch's MySQL RDS integration, including release status, useful links, and the features supported in Stitch.

Release Status


Supported By


Stitch Plan


Supported Versions


SSH Connections


SSL Connections


Anchor Scheduling


Table-level Reset


Configurable Replication Methods


Log-based Replication


Key-based Replication


Full Table Replication


Table Selection


Column Selection


View Replication


Extraction Logs


Loading Reports


Connecting MySQL RDS

MySQL RDS setup requirements

To set up MySQL RDS in Stitch, you need:

  • Permissions in Amazon Web Services (AWS) that allow you to:

    • Create/manage Security Groups, which is required to whitelist Stitch’s IP addresses.
    • View database details, which is required for retrieving the database’s connection details.
  • The CREATE USER or INSERT privilege (for the mysql database). The CREATE USER privilege is required to create a database user for Stitch.

  • The GRANT OPTION privilege in MySQL RDS. The GRANT OPTION privilege is required to grant the necessary privileges to the Stitch database user.

Step 1: Whitelist Stitch's IP addresses

For Stitch to successfully connect with your RDS instance, you’ll need to add our IP addresses to the appropriate database security group via the AWS management console. To do this, an inbound security rule must be created for each of our IP addresses.

The IP addresses can be added to an existing group or you can create a new one. The important thing is that the group is authorized to access the instance you want to connect to Stitch.

  1. Log into your AWS account.
  2. Navigate to the Security Group Management page, typically Services > Compute > EC2.
  3. Click the Security Groups option, under Network & Security in the menu on the left side of the page.
  4. Click Create Security Group.
  5. In the window that displays, fill in the fields as follows:
    • Security group name: Enter a unique name for the security group. For example: Stitch
    • Description: Enter a description for the security group.
    • VPC: Verify that the selected VPC is the same VPC your database is in.
  6. In the Inbound tab, click Add Rule.
  7. Fill in the fields as follows:
    • Type: Select Custom TCP Rule
    • Port Range: Enter the port your database uses. (3306 by default)
    • CIDR, IP or Security Group, enter one of the IP addresses listed below:





  8. Add another rule by clicking the Add Rule button.
  9. Repeat steps 6-8 until all the IP addresses above have been added:

  10. When finished, click Create.

Step 2: Retrieve your Stitch public key

The Stitch Public Key

The Public Key is used to authorize the Stitch Linux user. If the key isn’t properly installed, Stitch will be unable to access your database.

To retrieve the key:

  1. Sign into your Stitch account.

  2. On the Stitch Dashboard page, click the Add Integration button.

  3. Click the MySQL icon.

  4. When the credentials page displays, click the Encryption Type menu and select the SSH Tunnel option.

  5. The Public Key will display, along with the other SSH fields.

Leave this page open for now - you’ll need it to wrap things up at the end.

Step 3: Create a Stitch Linux user

  1. Run the following commands as root on your Linux server to create a user named stitch:

    adduser --disabled-password stitch
    mkdir /home/stitch/.ssh
  2. Next, import the Public Key into authorized_keys, replacing [PASTE KEY HERE] with the Stitch Public Key:

    echo "[PASTE KEY HERE]" >> /home/[stitch_username]/.ssh/authorized_keys
  3. Alter the permissions on the /home/stitch directory to allow access via SSH:

    chown -R [stitch_username]:stitch /home/stitch
    chmod -R 700 /home/stitch/.ssh

Step 4: Configure database server settings

Next, you’ll configure your server to use Log-based Incremental Replication, or binlog replication.

Note: While Log-based Incremental Replication is the most accurate and efficient method of replication, using this replication method may, at times, require manual intervention or impact the source database’s performance. Refer to the Log-based Incremental Replication documentation for more info.

You can also use one of Stitch’s other Replication Methods, which don’t require any database configuration. Replication Methods can be changed at any time.

Step 4.1: Configure the database parameter group

  1. From the RDS Dashboard, click Databases on the left side of the page.
  2. Click the MySQL RDS instance you want to connect to Stitch. This will open the database’s details page.
  3. Scroll down to the Details section.
  4. In the Configurations column, locate the Parameter group field.
  5. Click the parameter group. This will open the settings page for the parameter group.
  6. Click the Edit parameters button.
  7. Locate the parameters in the list below, and enter the required values into the Values column:

    • binlog_format: ROW

    • binlog_row_image: FULL

    • log_slave_updates: 1

    Note: log_slave_updates is applicable only if you are connecting a read replica to Stitch. If you aren’t connecting a read replica, you don’t have to define this parameter.

    RDS MySQL parameter group page with binlog_format and binlog_row_image parameters highlighted

  8. When finished, click the Save changes button.

In the table below are the names, required values, and descriptions of the server settings you must define.

Setting Value Description
binlog_format ROW

Note: This setting is available on MySQL RDS databases running version 5.6.2 or greater.

Defines the binary logging format. A ROW value enables “event-based” capture, which describes what happens to records in the database. This is necessary to use binlog.

Stitch supports the following event types:

binlog_row_image FULL

Note: This setting is available on MySQL RDS databases running version 5.6.2 or greater.

Defines how row images are written to the binary log. A FULL value ensures that all columns in a row are logged in the before and after images of a change, enabling Stitch to accurately capture all changes made to a record.

log_slave_updates 1

Indicates whether updates received by a read replica from a master server should be logged to the replica’s own binary log.

Note: This is applicable when using a read replica.

Step 4.2: Define the backup retention period

The backup retention period setting defines the number of days for which automated backups are retained. This ensures that data can still be replicated even if a job is interrupted, there’s database or Stitch downtime, etc.

  1. Navigate back to the Databases page by using the menu on the left side of the page.

  2. Select the instance you’re connecting to Stitch.
  3. Click the Modify button.
  4. On the Modify DB Instance page, scroll down to the Backup section.

  5. Set Backup retention period to anything greater than 1 day:

    A backup retention period setting of 1 day for an RDS instance in the AWS console

Step 4.3: Apply parameter changes and reboot the database

  1. Scroll to the bottom of the page and click Continue.
  2. The next page will display a summary of the modifications made to the database.

    In the Scheduling of Modifications section, select the Apply Immediately option.

  3. Click Modify DB Instance to apply the changes.
  4. Navigate to the Instance Details page and locate the Parameter group. Initially, the Parameter group should say applying.

    When it changes to pending-reboot, you can reboot the database and apply the changes.

  5. Scroll up to the top of the page and locate the Instance actions menu.
  6. In this menu, click Reboot.
  7. On the next page, click Reboot to confirm you want to reboot the instance.

Rebooting the instance will take a few minutes. When the status of the parameter group changes to in-sync and the DB instance status (located at the top of the Instance Details page) changes to available, the reboot will be complete:

An "Available" DB instance status for an RDS instance in the AWS console

Step 5: Create a Stitch database user

Next, you’ll create a dedicated database user for Stitch. This will ensure Stitch is visible in any logs or audits, and allow you to maintain your privilege hierarchy.

  1. Log into your database as a user with CREATE USER and GRANT OPTION privileges.
  2. Run the following command to create the Stitch database user:

    CREATE USER '[stitch_username]'@'localhost' IDENTIFIED BY '[password]';

    Replace [password] with a secure password. If using SSH, this can be different than the SSH password.

  3. Grant the Stitch user SELECT privileges on the database:

    GRANT SELECT ON *.* TO '[stitch_username]';

    To restrict the Stitch user from accessing data in specific objects, you can instead run GRANT commands that only allow access to the data you permit. Note: Column-level permissions are not supported for use with Log-based Incremental Replication. Restricting access to columns will cause replication issues.

  4. If using Log-based Incremental Replication, you’ll also need to grant the Stitch user replication privileges:


See the Privileges list tab for an explanation of why these permissions are required by Stitch.

In the table below are the database user privileges Stitch requires to connect to and replicate data from a MySQL RDS database.

Privilege name Reason for requirement

Required to select rows from tables in a database.


Required for binlog replication. Required to use SHOW BINARY LOGS, which determines that a binary log exists.


Required for binlog replication. Required to use SHOW MASTER STATUS, which fetches the current binlog file and position on the server.

Step 6: Retrieve server IDs

When Stitch connects to your database and uses Log-based Replication, a unique server ID will be required. This ID ensures that the integration - or integrations, if you’re connecting multiple databases - will not encounter conflicts during the replication process.

To avoid conflicts, you’ll check which server IDs are currently in use and then define a new, unqiue ID in Stitch.

  1. Log into the MySQL server that acts as the replication master.
  2. Run the following statement:

    mysql> SHOW SLAVE HOSTS;
  3. The SHOW SLAVE HOSTS statement will return information about servers that are or have been connected as replication slaves:

    | Server_id  | Host        | Port | Master_id | Slave_UUID |
    | 192168010  | stitch_prod | 3306 | 192168011 | <UUID>     |
    | 1921680101 | stitch_dev  | 3306 | 192168011 | <UUID>     |

When you complete the setup in Stitch, you’ll define a unique server ID for your Stitch MySQL RDS integration to use.

Step 7: Define the binlong retention setting

In addition to the backup retention period, you also need to define the binlog retention hours setting. This parameter specifies the number of hours to the database server should retain binary logs.

To specify the number of hours, use the mysql.rds_set_configuration procedure when logged into the MySQL RDS master instance.

In this example, the logs will be retained for seven days (24 x 7 = 168):

call mysql.rds_set_configuration('binlog retention hours', 168);

Stitch recommends a minimum of three days for the retention period, but strongly recommend seven. Note: The maximum binlog retention hours value for MySQL RDS databases is 168 hours (seven days).

Step 8: Locate RDS connection details in AWS

Next, you’ll retrieve the connection details required to complete the setup in Stitch. This info can be found on the Instance Details page in AWS.

If you don’t still have this page open, click RDS > Databases and then the instance you’re connecting to Stitch.

  1. On the Instance Details page, click the Connectivity & security tab if it’s not already open.
  2. Locate the Endpoint and Port fields, which are highlighted in the image below:

    Amazon RDS Instance Details page with the Endport and Port fields highlighted

Leave this page open for now - you’ll need it to complete the setup.

Step 9: Connect Stitch

In this step, you’ll complete the setup by entering the database’s connection details and defining replication settings in Stitch.

Step 9.1: Define the database connection details

  1. Sign into your Stitch account, if you haven’t already.
  2. On the Stitch Dashboard page, click the Add Integration button.
  3. Click the MySQL icon.
  4. Fill in the fields as follows:

    • Integration Name: Enter a name for the integration. This is the name that will display on the Stitch Dashboard for the integration; it’ll also be used to create the schema in your data warehouse.

      For example, the name “Stitch MySQL RDS” would create a schema called stitch_mysql_rds in the data warehouse. Note: The schema name cannot be changed after the integration is saved.

    • Host (Endpoint): Paste the Endpoint address from the MySQL RDS Details page in AWS into this field. Don’t include the port number, which is appended to the end of the endpoint string - this will cause errors.

    • Port: Enter the port used by the MySQL RDS instance. The default is 3306.

    • Username: Enter the Stitch MySQL RDS database user’s username.

    • Password: Enter the password for the Stitch database user.

    • Database: Optional: Enter the name of the default database Stitch will connect to. Stitch will ‘find’ all databases you give the Stitch user access to - a default database is only used to test and complete the connection.

    • Server ID: Optional: Enter the unique server ID of instance you’re connecting to Stitch.

      This can be any numeric value within MySQL’s accepted server ID range, as long as it’s unique to the instance. For example: If in the Retrieve Server IDs step there are servers with the IDs 192168010 and 1921680101, you can enter any other numbers in this field.

Step 9.2: Define the SSH connection details

If you’re using an SSH tunnel to connect your MySQL RDS database to Stitch, you’ll also need to complete the following:

  1. Click the Encryption Type menu.
  2. Select SSH Tunnel to display the SSH fields.

  3. Fill in the fields as follows:

    • Remote Address: Enter the IP address or hostname of the server Stitch will SSH into.

    • SSH Port: Enter the SSH port on your server. (22 by default)

    • SSH User: Enter the Stitch Linux (SSH) user’s username.

Step 9.3: Define the SSL connection details

  1. Check the Connect using SSL checkbox. Note: The database must support and allow SSL connections for this setting to work correctly.

  2. Fill in the fields as follows:

    • SSL Certificate: The certificate (typically a CA or server certificate) Stitch should verify the SSL connection against. The connection will succeed only if the server’s certifcate verifies against the certificate provided.

      Note: Providing a certifcate via this property isn’t required to use SSL. This is only if Stitch should verify the connection against a specific certificate.

    • Use an SSL client key: If SSL client authentication should be used, check this box. This will display the Client Certificate and Client Key fields, which are both required when using client authentication.

    • Client Certificate: If using SSL client authentication, paste the client certificate Stitch should use into this field. Note: You must also provide a Client Key for the connection to be successful.

    • Client Key: If using SSL client authentication, paste the client key Stitch should use into this field. Note: You must also provide a Client Certificate for the connection to be successful.

Step 9.4: Define Log-based Replication setting

In the Log-based Replication section, you can set this as the integration’s default Replication Method.

When enabled, tables that are set to replicate will use Log-based Incremental Replication by default. If you don’t want a table to use Log-based Incremental Replication, you can change it in the Table Settings page for that table.

If this setting isn’t enabled, you’ll have to select a Replication Method for each table you set to replicate.

Step 9.5: Create a replication schedule

In the Replication Frequency section, you’ll create the integration’s replication schedule. An integration’s replication schedule determines how often Stitch runs a replication job, and the time that job begins.

Stitch offers two methods of creating a replication schedule:

  • Replication Frequency: This method requires selecting the interval you want replication to run for the integration. Start times of replication jobs are based on the start time and duration of the previous job. Refer to the Replication Frequency documentation for more information and examples.
  • Anchor scheduling: Based on the Replication Frequency, or interval, you select, this method “anchors” the start times of this integration’s replication jobs to a time you select to create a predictable schedule. Anchor scheduling is a combination of the Anchor Time and Replication Frequency settings, which must both be defined to use this method. Additionally, note that:

    • A Replication Frequency of at least one hour is required to use anchor scheduling.
    • An initial replication job may not begin immediately after saving the integration, depending on the selected Replication Frequency and Anchor Time. Refer to the Anchor Scheduling documentation for more information.

To keep your row usage low, consider setting the integration to replicate less frequently. See the Understanding and Reducing Your Row Usage guide for tips on reducing your usage.

Step 10: Select data to replicate

The last step is to select select the tables and columns you want to replicate.

When you track a table, you’ll also need to define its Replication Method and, if using Key-based Incremental Replication, its Replication Key.

You can select tables and columns by:

  1. In the Integration Details page, click the Tables to Replicate tab.
  2. Locate a table you want to replicate.
  3. Click the checkbox next to the object’s name. A green checkmark means the object is set to replicate.
  4. If there are child objects, they’ll automatically display and you’ll be prompted to select some.
  5. After you set a table to replicate, the Settings page will display. Note: When you track a table, by default all columns will also be tracked.

  6. In the Settings page, define the table’s Replication Method and, if using Key-based Incremental Replication, its Replication Key.

  7. Repeat this process for every table you want to replicate.

Initial and historical replication jobs

After you finish setting up MySQL RDS, its Sync Status may show as Pending on either the Stitch Dashboard or in the Integration Details page.

For a new integration, a Pending status indicates that Stitch is in the process of scheduling the initial replication job for the integration. This may take some time to complete.

Free historical data loads

The first seven days of replication, beginning when data is first replicated, are free. Rows replicated from the new integration during this time won’t count towards your quota. Stitch offers this as a way of testing new integrations, measuring usage, and ensuring historical data volumes don’t quickly consume your quota.

Questions? Feedback?

Did this article help? If you have questions or feedback, feel free to submit a pull request with your suggestions, open an issue on GitHub, or reach out to us.