Connect to Your TiDB Cluster
After your TiDB cluster is created on TiDB Cloud, you can use one of the following methods to connect to your TiDB cluster. You can access your cluster via a SQL client, or quickly via SQL Shell in the TiDB Cloud Console.
Connect via a SQL client
- Connect via standard connection: The standard connection exposes a public endpoint with traffic filters, so you can connect to your TiDB cluster from your laptop. For Dedicated Tier, you can connect to your TiDB cluster using TLS, which ensures the security of data transmission from your applications to TiDB clusters.
- Connect via private endpoint: Private endpoint connection provides a private endpoint to allow clients in your VPC to securely access services over AWS PrivateLink, which provides highly secure and one-way access to database services with simplified network management. Note that you cannot connect to Developer Tier clusters using the private endpoint.
- Connect via VPC peering: If you want lower latency and more security, set up VPC peering and connect via a private endpoint using a VM instance on the corresponding cloud provider in your cloud account. Note that you cannot connect to Developer Tier clusters using VPC peering.
- Connect via SQL shell: to try TiDB SQL and test out TiDB's compatibility with MySQL quickly, or administer user privileges
Connect via standard connection
- Developer Tier
- Dedicated Tier
To connect to a Developer Tier cluster via standard connection, perform the following steps:
Navigate to the Clusters page.
Locate your cluster, and click Connect in the upper-right corner of the cluster area. A connection dialog box is displayed.
Create a traffic filter for the cluster. Traffic filter is a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client.
If the traffic filter is already set, skip the following sub-steps. If the traffic filter is empty, take the following sub-steps to add one.
Click one of the buttons to add some rules quickly.
- Add My Current IP Address
- Allow Access from Anywhere
Provide an optional description for the newly added IP address or CIDR range.
Click Create Filter to confirm the changes.
Under Step 2: Connect with a SQL client in the dialog, click the tab of your preferred connection method, and then connect to your cluster with the connection string.
To connect to a Dedicated Tier cluster via standard connection, perform the following steps:
Navigate to the Clusters page.
Locate your cluster, and click Connect in the upper-right corner of the cluster area. A connection dialog box is displayed.
Create a traffic filter for the cluster. Traffic filter is a list of IPs and CIDR addresses that are allowed to access TiDB Cloud via a SQL client.
If the traffic filter is already set, skip the following sub-steps. If the traffic filter is empty, take the following sub-steps to add one.
Click one of the buttons to add some rules quickly.
- Add My Current IP Address
- Allow Access from Anywhere
Provide an optional description for the newly added IP address or CIDR range.
Click Create Filter to confirm the changes.
Under Step 2: Download TiDB cluster CA in the dialog, click Download TiDB cluster CA for TLS connection to TiDB clusters. The TiDB cluster CA supports TLS 1.2 version by default.
Under Step 3: Connect with a SQL client in the dialog, click the tab of your preferred connection method, and then refer to the connection string and sample code on the tab to connect to your cluster.
Note that you need to use the path of the downloaded CA file as the argument of the
--ssl-ca
option in the connection string.
Connect via private endpoint (recommended)
To connect to your TiDB cluster via private endpoint, perform the following steps:
In the TiDB Cloud console, navigate to the Clusters page.
Locate your cluster, and click Connect in the upper-right corner of the cluster area. A connection dialog box is displayed.
Select the Private Endpoint tab.
Set up a private endpoint. See Set Up Private Endpoint Connections.
If you have created a private endpoint, it is displayed under Step 1: Create Private Endpoint.
Under Step 2: Connect your application, click the tab of your preferred connection method, and then connect to your cluster with the connection string. The placeholders
<cluster_endpoint_name>:<port>
in the connection string are automatically replaced with the real values.
Connect via VPC peering
To connect to your TiDB cluster via VPC peering, perform the following steps:
Navigate to the Clusters page.
Locate your cluster, click Connect in the upper-right corner of the cluster area, and select the VPC Peering tab in the connection dialog.
Set up VPC peering. See Set up VPC Peering for details.
Click Get Endpoint and wait for a few minutes. Then the connection command displays in the dialog.
Under Step 2: Connect with a SQL client in the dialog box, click the tab of your preferred connection method, and then connect to your cluster with the connection string.
Connect via SQL Shell
To connect to your TiDB cluster using SQL shell, perform the following steps:
Navigate to the Clusters page.
Locate your cluster, click Connect in the upper-right corner of the cluster area, and select the Web SQL Shell tab in the connection dialog.
Click Open SQL Shell.
On the prompted TiDB password line, enter the root password of the current cluster. Then your application is connected to the TiDB cluster.
What's next
After you have successfully connected to your TiDB cluster, you can explore SQL statements with TiDB.