How do I install the CONNECTION_CONTROL and CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugins in Amazon RDS for MySQL?

3 minute read
1

I want to install the CONNECTION_CONTROL and CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugins for my Amazon Relational Database Service (Amazon RDS) for MySQL database.

Resolution

Note: The following steps apply only to Amazon RDS for MySQL. They don't apply to Amazon Aurora MySQL-Compatible Edition.

The CONNECTION_CONTROL plugin

CONNECTION_CONTROL (from the MySQL website) checks incoming connection attempts and adds a delay to server responses as necessary. This plugin also reveals system variables that allow for its configuration and a status variable that provides rudimentary monitoring information.

CONNECTION_CONTROL doesn't come with default MySQL configurations. Therefore, you must configure the plugin after you install it.

Install CONNECTION_CONTROL

To install the CONNECTION_CONTROL plugin in MySQL, run the following commands in the MySQL Command-Line Client:

mysql
    
INSTALL PLUGIN CONNECTION_CONTROL

SONAME 'connection_control.so';

This returns an output that's similar to the following message:

Query OK, 0 rows affected (0.01 sec)

For more information, see Installing connection control plugins on the MySQL website.

Check the plugin's variables

You can now verify the following variables that relate to the plugin:

  • connection_control_failed_connections_threshold
  • connection_control_max_connection_delay
  • connection_control_min_connection_delay

To check these variables, run the following commands:

mysql
         
SHOW VARIABLES LIKE 'connection_control%';

This returns an output that's similar to the following message:

+-------------------------------------------------+------------+
| Variable_name | Value | 
+-------------------------------------------------+------------+
| connection_control_failed_connections_threshold | 3 |
| connection_control_max_connection_delay | 2147483647 |
| connection_control_min_connection_delay | 1000 |
+-------------------------------------------------+------------+

You can't modify the values of these variables, and you must use these values by default. For more information, see Connection-control system and status variables on the MySQL website.

The CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugin

CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS implements an INFORMATION_SCHEMA table that reveals more detailed monitoring information for failed connection attempts.

Install CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS

To install the CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugin in MySQL, run the following commands:

mysql

INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS

SONAME 'connection_control.so';

This returns an output that's similar to the following message:

Query OK, 0 rows affected (0.00 sec)

View the plugins' status

To view the status of these plugins, run the following commands:

mysql
    
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'connection%'; command.

This returns an output that's similar to the following message:

+------------------------------------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+------------------------------------------+---------------+
| CONNECTION_CONTROL | ACTIVE |
| CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS | ACTIVE |
+------------------------------------------+---------------+

This confirms that the status of the plugins is ACTIVE. You can now learn about any failed login attempts, compare those failures with your third-party assessment tools, and post the assessment.

Related information

UNINSTALL PLUGIN statement (MySQL website)

AWS OFFICIAL
AWS OFFICIALUpdated a year ago