Create a MySQL TCP target

TCP targets provide a generic way to connect to any service Boundary has access to, including MySQL databases.

The following examples use a direct target address for simplicity, but HashiCorp recommends that you configure host catalogs and host sets for scaled production deployments.

Complete the following steps to create a TCP target to connect to a MySQL server.

Log in to Boundary.
Select an org, and then select the project where you want to create a target.
Select Targets under Project Actions.
Click New Target.
Complete the following fields:
- Name: (Required) A name for identification purposes, such as mysql-dev-server. The name must be unique.
- Description: (Optional) An optional description of the target for identification purposes.
- Type: (Required) Select TCP to create a TCP target.
- Target Address (Optional) If you are not using host catalogs and host sets, you can enter a target address instead to map the target to a single address. This must be a valid IP address or DNS name.
- Default Port (Required) The default port on which to connect, such as 3306.
- Aliases (Optional) A unique identifier for the target, which makes the target easier to connect to using the CLI or transparent sessions. To create an alias, complete the following fields, and then click Add:
  - Select scope: Select the scope in which to create the alias. You must create org and project suffixes before you can create an alias in the target's project scope. Otherwise, you can only create the alias in the global scope. Refer to Create a suffix for a scope for more information.
  - Alias value: Enter the string that you want to use as the alias to represent the target. An alias's value can be a hostname or a DNS-like string.
Click Save.

Log in to Boundary.
Set the BOUNDARY_PROJECT_ID environment variable, or provide the scope ID (such as p_1234567890) in the next step.
Use the following command to create an SSH target named mysql-dev-server with an alias mysql, with a direct target address of 10.0.0.10 and a default connection port of 3306:
```
$ boundary targets create tcp \
  -scope-id $BOUNDARY_PROJECT_ID \
  -name "mysql-dev-server" \
  -with-alias-value "mysql" \
  -address "10.0.0.10" \
  -default-port 3306
```
You must provide the scope-id field when you create a target.
You can use any of the following attributes when you create a TCP target:
- -description=<string> - Specifies the optional description of the target that you want to use for identification purposes.
- -name=<string> - Specifies the optional name you want to use to describe the target for identification purposes.
- -scope-id=<string> - Scope in which to create the target. The default is global. You can also specify the scope using the BOUNDARY_SCOPE_ID environment variable.
- -address=<string> - An optional valid network address for the target to connect to. You cannot use an address alongside host sources.
- -default-client-port=<string> - The default client port on the target.
- -default-port=<string> - The default port on the target. If you do not specify a default port, Boundary uses port 22.
- -egress-worker-filter=<string> - A Boolean expression that filters which egress workers can process sessions for the target.
- -ingress-worker-filter=<string> - A Boolean expression that filters which ingress workers can process sessions for the target.
- -session-connection-limit=<string> - The maximum number of connections allowed for a session. A value of -1 means the connections are unlimited.
- -session-max-seconds=<string> - The maximum lifetime of the session, including all connections. You can specify an integer number of seconds or a duration string. If you do not specify a maximum duration, Boundary uses the default value of 8 hours (28800 seconds).
- -with-alias-authorize-session-host-id=<string> - The host ID that an alias uses to authorize sessions for the target.
- -with-alias-scope-id=<string> - The scope ID that you want to create the alias in at target creation time. The default is global. You can create aliases in the global and project scopes.
  You must create org and project suffixes before you can create an alias in the target's project scope. Otherwise, you can only create the alias in the global scope. Refer to Create a suffix for a scope for more information.
- -with-alias-value=<string> - The value of the alias that you want to use to represent the target. Use this parameter to create the alias and target, and associate them with each other, at the same time.
  If you are creating an alias for a target that resides in a project scope, you must append the org and project suffixes to the value using the format alias.projectsuffix.orgsuffix. The value must comply with DNS naming rules.

You can define a target and target alias using the Boundary Terraform provider:

resource "boundary_target" "mysql" {
  name         = "mysql-dev-server"
  description  = "MySQL dev server on Ubuntu"
  type         = "tcp"
  address      = "10.0.0.10"
  default_port = "3306"
  scope_id     = boundary_scope.project.id
}

resource "boundary_alias_target" "mysql" {
  name                      = "mysql"
  description               = "Target alias for mysql-dev-server"
  scope_id                  = "global"
  value                     = "mysql"
  destination_id            = boundary_target.mysql.id
}

Configure a brokered application credential

You can configure a brokered application credential for end users to connect to the target. Brokered credentials are exposed to the end user to allow them to authenticate to a target manually, or using connect helpers.

You can configure credentials for the TCP target using:

Static credentials (username_password or ssh_private_key)
Vault generic credential library

Refer to the Configure targets with credential brokering page to learn how to configure a target with credential brokering.

Next steps

To learn how to connect to a target, refer to Connection workflows.

To use target aliases to connect to targets:

Create a target alias
Connect to a target using an alias
After you set up a target alias, you can optionally Configure transparent sessions for end users.