This guide walks you through how to install MySQL on an EC2 Ubuntu 22.04 instance, secure it, and configure remote access. Ubuntu 22.04 ships with MySQL 8.0 in its default repositories, so no extra repos are needed.
Prerequisites
- An EC2 instance running Ubuntu 22.04 — follow How to Deploy EC2 Ubuntu 22.04 LTS on AWS if you need one
- SSH access to the instance
- EC2 security group with port 22 (SSH) open
Step 1: Install MySQL Server
sudo apt update && sudo apt install mysql-server -yAfter installation, MySQL starts automatically. Verify it’s running:
sudo systemctl status mysqlCheck the installed version:
mysql --versionStep 2: Secure the Installation
Run the MySQL security script. This removes test databases, disables anonymous users, and prevents remote root login:
sudo mysql_secure_installationThe script will ask you several questions. Recommended answers:
- VALIDATE PASSWORD component — press
yto enable password strength validation - Password validation policy — select
1(MEDIUM) or higher - Remove anonymous users —
y - Disallow root login remotely —
y - Remove test database —
y - Reload privilege tables —
y
Step 3: Create a Database and User
On Ubuntu 22.04, the MySQL root user authenticates via the auth_socket plugin by default. This means you connect as root using sudo without a password:
sudo mysqlCreate a database and a dedicated user for your application:
CREATE DATABASE myapp_db;
CREATE USER 'myapp_user'@'%' IDENTIFIED BY 'YourStrongPassword123!';
GRANT ALL PRIVILEGES ON myapp_db.* TO 'myapp_user'@'%';
FLUSH PRIVILEGES;
EXIT;'myapp_user'@'%'— the%means this user can connect from any host. To restrict to a specific IP, replace%with the IP address (e.g.,'myapp_user'@'203.0.113.10')GRANT ALL PRIVILEGES ON myapp_db.*— grants full access tomyapp_dbonly, not the entire server. Never grantON *.*to application users
Step 4: Enable Remote Access
Skip this step if your application runs on the same EC2 instance as MySQL.
By default, MySQL only listens on 127.0.0.1 (localhost). To accept remote connections, edit the MySQL config:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnfFind the bind-address line and change it:
bind-address = 0.0.0.0This makes MySQL listen on all network interfaces. If you only need connections from a specific IP, use that IP instead of 0.0.0.0.
Restart MySQL to apply the change:
sudo systemctl restart mysqlOpen port 3306 in the EC2 security group
In the AWS Console, go to your EC2 instance’s security group and add an inbound rule:
- Type: MySQL/Aurora
- Port: 3306
- Source: the IP address or CIDR range of the client that needs access (do not use
0.0.0.0/0— restrict it to known IPs)
Step 5: Test the Connection
From your local machine or another server, test the remote connection:
mysql -h 203.0.113.10 -u myapp_user -pReplace 203.0.113.10 with your EC2 instance’s public IP. If the connection succeeds, you’ll see the MySQL prompt.
Useful MySQL Service Commands
| Action | Command |
|---|---|
| Start MySQL | sudo systemctl start mysql |
| Stop MySQL | sudo systemctl stop mysql |
| Restart MySQL | sudo systemctl restart mysql |
| Enable on boot | sudo systemctl enable mysql |
| Check status | sudo systemctl status mysql |
Conclusion
You now have MySQL 8.0 installed and secured on EC2 Ubuntu 22.04 with a dedicated database user and remote access configured. Next, you might want to automate MySQL backups to Amazon S3. If you ever need to start fresh, see How to Completely Remove (Purge) MySQL Database from Ubuntu 22.04.
