Skip Navigation
Show nav
Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
    • .NET
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
Hide categories

Categories

  • Heroku Architecture
    • Compute (Dynos)
      • Dyno Management
      • Dyno Concepts
      • Dyno Behavior
      • Dyno Reference
      • Dyno Troubleshooting
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Developer Tools
    • Command Line
    • Heroku VS Code Extension
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery & Integration (Heroku Flow)
    • Continuous Integration
  • Language Support
    • Node.js
      • Working with Node.js
      • Troubleshooting Node.js Apps
      • Node.js Behavior in Heroku
    • Ruby
      • Rails Support
      • Working with Bundler
      • Working with Ruby
      • Ruby Behavior in Heroku
      • Troubleshooting Ruby Apps
    • Python
      • Working with Python
      • Background Jobs in Python
      • Python Behavior in Heroku
      • Working with Django
    • Java
      • Java Behavior in Heroku
      • Working with Java
      • Working with Maven
      • Working with Spring Boot
      • Troubleshooting Java Apps
    • PHP
      • PHP Behavior in Heroku
      • Working with PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
    • .NET
      • Working with .NET
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
      • Migrating to Heroku Postgres
    • Heroku Key-Value Store
    • Apache Kafka on Heroku
    • Other Data Stores
  • AI
    • Model Context Protocol
    • Vector Database
    • Heroku Inference
      • Inference API
      • Quick Start Guides
      • AI Models
      • Inference Essentials
    • Working with AI
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
      • Single Sign-on (SSO)
    • Private Spaces
      • Infrastructure Networking
    • Compliance
  • Heroku Enterprise
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Databases & Data Management
  • Other Data Stores
  • Amazon RDS

Amazon RDS

English — 日本語に切り替える

Last updated April 29, 2024

Table of Contents

  • Authorizing Access to RDS instance
  • Configuring a Heroku Ruby App to Use a MySQL RDS Instance
  • Additional Resources

This article describes how to configure your Heroku app to use an Amazon RDS database.

Amazon RDS must be purchased and provisioned separately.

Authorizing Access to RDS instance

You must grant Heroku dynos access to your RDS instance. The recommended way to grant access is to configure the RDS instance to only accept SSL-encrypted connections from authorized users and configure the security group for your instance to permit ingress from the appropriate IP addresses.

Previously, Heroku published its AWS account ID and security group name as a way to grant access to an Amazon RDS instance. This is no longer recommended.

Configuring a Heroku Ruby App to Use a MySQL RDS Instance

Follow these steps to access a MySQL RDS instance from a Heroku Ruby app (adapted from Stackoverflow response):

First, download the Amazon RDS CA certificate:

$ curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem > ./config/amazon-rds-ca-cert.pem

You may also have to download and combine intermediate AWS certificates.

Add the certificate file to your app’s git repository and redeploy to Heroku.

Update the DATABASE_URL config var to include the sslca parameter pointing to the certificate file in your repository:

heroku config:set DATABASE_URL="mysql2://username:password@hostname/dbname?sslca=config/amazon-rds-ca-cert.pem" -a <app_id>

The relative path to the certificate file is important.

Require SSL

Configure MySQL to require SSL for all connections for the user:

GRANT USAGE ON *.* TO 'username'@'%' REQUIRE SSL;

That’s it! Your Ruby app is now able to access the RDS MySQL database over SSL.

Additional Resources

Refer to the relevant AWS and MySQL documentation for additional details on how to use SSL connections with your RDS database and how to authorize access for a DB security group:

  • AWS: Using SSL with a MySQL DB Instance
  • AWS: Require DB instance only accept encrypted connections
  • AWS: Using SSL with a SQL Server DB Instance
  • MySQL: Using Encrypted Connections
  • AWS: Authorizing Network Access to a DB Security Group from an IP Range

The ClearDB Dev Center article has additional details on how to use SSL certificates when connecting to a MySQL Database

Keep reading

  • Other Data Stores

Feedback

Log in to submit feedback.

Reference Architecture: Peering Amazon Redshift with Heroku Reference Architecture: Peering Amazon Redshift with Heroku

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure
  • .NET

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing
  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Github
  • LinkedIn
  • © 2025 Salesforce, Inc. All rights reserved. Various trademarks held by their respective owners. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States
  • heroku.com
  • Legal
  • Terms of Service
  • Privacy Information
  • Responsible Disclosure
  • Trust
  • Contact
  • Cookie Preferences
  • Your Privacy Choices