# Connecting to your Db2 DB instance
After Amazon RDS provisions your Amazon RDS for Db2 DB instance, you can use any standard SQL client application to connect to the DB instance. Because Amazon RDS is a managed service, you can't sign in as `SYSADM`, `SYSCTRL`, `SECADM`, or `SYSMAINT`.
You can connect to a DB instance that is running the IBM Db2 database engine by using IBM Db2 CLP, IBM CLPPlus, DBeaver, or IBM Db2 Data Management Console.
**Note**
Connecting to a Db2 database can fail if your RDS for Db2 DB instance doesn't have sufficient memory. For more information, see [Database connection error](db2-troubleshooting.md#db2-database-connection-error).
**Topics**
+ [Finding the endpoint of your Amazon RDS for Db2 DB instance](db2-finding-instance-endpoint.md)
+ [Connecting to your Amazon RDS for Db2 DB instance with IBM Db2 CLP](db2-connecting-with-clp-client.md)
+ [Connecting to your Amazon RDS for Db2 DB instance with IBM CLPPlus](db2-connecting-with-ibm-clpplus-client.md)
+ [Connecting to your Amazon RDS for Db2 DB instance with DBeaver](db2-connecting-with-dbeaver.md)
+ [Connecting to your Amazon RDS for Db2 DB instance with IBM Db2 Data Management Console](db2-connecting-with-ibm-data-management-console.md)
+ [Considerations for security groups with Amazon RDS for Db2](db2-security-groups-considerations.md)
# Finding the endpoint of your Amazon RDS for Db2 DB instance
Each Amazon RDS DB instance has an endpoint, and each endpoint has the DNS name and port number for the DB instance. To connect to your Amazon RDS for Db2 DB instance with a SQL client application, you need the DNS name and port number for your DB instance.
You can find the endpoint for a DB instance by using the AWS Management Console or the AWS CLI.
## Console
**To find the endpoint of an RDS for Db2 DB instance**
1. Sign in to the AWS Management Console and open the Amazon RDS console at [https://console.aws.amazon.com/rds/](https://console.aws.amazon.com/rds/).
1. In the upper-right corner of the console, choose the AWS Region of your DB instance.
1. Find the DNS name and port number for your RDS for Db2 DB Instance.
1. Choose **Databases** to display a list of your DB instances.
1. Choose the RDS for Db2 DB instance name to display the instance details.
1. On the **Connectivity & security** tab, copy the endpoint. Also, note the port number. You need both the endpoint and the port number to connect to the DB instance.
![\[The Connectivity and security tab for a DB instance that shows the endpoint and port.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/db2-connectivity-security.png)
## AWS CLI
To find the endpoint of an RDS for Db2 DB instance, run the [https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-instances.html) command. In the following example, replace *database-1* with the name of your DB instance.
For Linux, macOS, or Unix:
```
aws rds describe-db-instances \
--db-instance-identifier database-1 \
--query 'DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier,DBName:DBName,Endpoint:Endpoint}' \
--output json
```
For Windows:
```
aws rds describe-db-instances ^
--db-instance-identifier database-1 ^
--query 'DBInstances[].{DBInstanceIdentifier:DBInstanceIdentifier,DBName:DBName,Endpoint:Endpoint}' ^
--output json
```
This command produces output similar to the following example. The `Address` line in the output contains the DNS name.
```
[
{
"DBInstanceIdentifier": "database-1",
"DBName": "DB2DB",
"Endpoint": {
"Address": "database-1.123456789012.us-east-2.amazonaws.com",
"Port": 50000,
"HostedZoneId": "Z2OC4A7DETW6VH"
}
}
]
```
# Connecting to your Amazon RDS for Db2 DB instance with IBM Db2 CLP
You can use a command line utility such as IBM Db2 CLP to connect to Amazon RDS for Db2 DB instances. This utility is part of IBM Data Server Runtime Client. To download the client** **from IBM Fix Central, see [IBM Data Server Client Packages Version 11.5 Mod 8 Fix Pack 0](https://www.ibm.com/support/pages/node/6830885) in IBM Support.
**Topics**
+ [Terminology](#db2-connecting-ibm-clp-terms)
+ [Installing the client](#db2-connecting-ibm-clp-install-client)
+ [Connecting to a DB instance](#db2-connecting-ibm-clp-connect-db-instance)
+ [Troubleshooting connections to your RDS for Db2 DB instance](#db2-troubleshooting-connections-clp)
## Terminology
The following terms help explain commands used when [connecting to your RDS for Db2 DB instance](#db2-connecting-ibm-clp-connect-db-instance).
**catalog tcpip node**
This command registers a remote database node with a local Db2 client, which makes the node accessible to the client application. To catalog a node, you provide information such as the server's host name, port number, and communication protocol. The cataloged node then represents a target server where one or more remote databases reside. For more information, see [CATALOG TCPIP/TCPIP4/TCPIP6 NODE command](https://www.ibm.com/docs/en/db2/11.5?topic=commands-catalog-tcpip-node) in the IBM Db2 documentation.
**catalog database**
This command registers a remote database with a local Db2 client, which makes the database accessible to the client application. To catalog a database, you provide information such as the database's alias, the node on which it resides, and the authentication type needed to connect to the database. For more information, see [CATALOG DATABASE command](https://www.ibm.com/docs/en/db2/11.5?topic=commands-catalog-database) in the IBM Db2 documentation.
## Installing the client
After [downloading the package for Linux](#db2-downloading-package), install the client using root or administrator privileges.
**Note**
To install the client on AIX or Windows, follow the same procedure but modify the commands for your operating system.
**To install the client on Linux**
1. Run **`./db2_install -f sysreq`** and choose **`yes`** to accept the license.
1. Choose the location to install the client.
1. Run **`clientInstallDir/instance/db2icrt -s client` *instance\$1name***. Replace *instance\$1name* with a valid operating system user on Linux. In Linux, the Db2 DB instance name is tied to the operating system username.
This command creates a **`sqllib`** directory in the home directory of the designated user on Linux.
## Connecting to a DB instance
To connect to your RDS for Db2 DB instance, you need its DNS name and port number. For information about finding them, see [Finding the endpoint](db2-finding-instance-endpoint.md). You also need to know the database name, master username, and master password that you defined when you created your RDS for Db2 DB instance. For more information about finding them, see [Creating a DB instance](USER_CreateDBInstance.md#USER_CreateDBInstance.Creating).
**To connect to an RDS for Db2 DB instance with IBM Db2 CLP**
1. Sign in with the username that you specified during the IBM Db2 CLP client installation.
1. Catalog your RDS for Db2 DB instance. In the following example, replace *node\$1name*, *dns\$1name*, and *port* with a name for the node in the local catalog, the DNS name for your DB instance, and the port number.
```
1. db2 catalog TCPIP node node_name remote dns_name server port
```
**Example**
```
db2 catalog TCPIP node remnode remote database-1.123456789012.us-east-1.amazonaws.com server 50000
```
1. Catalog the `rdsadmin` database and your database. This will allow you to connect to the `rdsadmin` database to perform some administrative tasks using Amazon RDS stored procedures. For more information, see [Administering your RDS for Db2 DB instance](db2-administering-db-instance.md).
In the following example, replace *database\$1alias*, *node\$1name*, and *database\$1name* with aliases for this database, the name of the node defined in the previous step, and the name of your database. `server_encrypt` encrypts your username and password over the network.
```
db2 catalog database rdsadmin [ as database_alias ] at node node_name authentication server_encrypt
db2 catalog database database_name [ as database_alias ] at node node_name authentication server_encrypt
```
**Example**
```
db2 catalog database rdsadmin at node remnode authentication server_encrypt
db2 catalog database testdb as rdsdb2 at node remnode authentication server_encrypt
```
1. Connect to your RDS for Db2 database. In the following example, replace *rds\$1database\$1alias*, *master\$1username*, and *master\$1password* with the name of your database, the master username, and master password of your RDS for Db2 DB instance.
```
db2 connect to rds_database_alias user master_username using master_password
```
This command produces output similar to the following example:
```
Database Connection Information
Database server = DB2/LINUXX8664 11.5.9.0
SQL authorization ID = ADMIN
Local database alias = TESTDB
```
1. Run queries and view results. The following example shows a SQL statement that selects the database you created.
```
db2 "select current server from sysibm.dual"
```
This command produces output similar to the following example:
```
1
------------------
TESTDB
1 record(s) selected.
```
## Troubleshooting connections to your RDS for Db2 DB instance
If you receive the following `NULLID` error, it usually indicates that your client and RDS for Db2 server versions don't match. For supported Db2 client versions, see [Supported combinations of clients, drivers and server levels](https://www.ibm.com/docs/en/db2/11.5?topic=communications-supported-combinations-clients-drivers-server-levels) in the IBM Db2 documentation.
```
db2 "select * from syscat.tables"
SQL0805N Package "NULLID.SQLC2O29 0X4141414141454A69" was not found.
SQLSTATE=51002
```
After you receive this error, you must bind packages from your older Db2 client to a Db2 server version supported by RDS for Db2.
**To bind packages from an older Db2 client to a newer Db2 server**
1. Locate the bind files on the client machine. Typically, these files are located in the **bnd** directory of the Db2 client's installation path and have the extension **.bnd**.
1. Connect to the Db2 server. In the following example, replace *database\$1name* with the name of your Db2 server. Replace *master\$1username* and *master\$1password* with your information. This user has `DBADM` authority.
```
db2 connect to database_name user master_username using master_password
```
1. Run the `bind` command to bind the packages.
1. Navigate to the directory where the bind files exist on the client machine.
1. Run the `bind` command for each file.
The following options are required:
+ `blocking all` – Binds all packages in the bind file in a single database request.
+ `grant public` – Grants permission to `public` to execute the package.
+ `sqlerror continue` – Specifies that the `bind` process continues even if errors occur.
For more information about the `bind` command see [BIND command](https://www.ibm.com/docs/en/db2/11.5?topic=commands-bind) in the IBM Db2 documentation.
1. Verify that the bind was successful by either querying the `syscat.package` catalog view or checking the message returned after the `bind` command.
For more information, see [DB2 v11.5 Bind File and Package Name List](https://www.ibm.com/support/pages/node/6190455) in IBM Support.
# Connecting to your Amazon RDS for Db2 DB instance with IBM CLPPlus
You can use a utility such as IBM CLPPlus to connect to an Amazon RDS for Db2 DB instance. This utility is part of IBM Data Server Runtime Client. To download the client** **from IBM Fix Central, see [IBM Data Server Client Packages Version 11.5 Mod 8 Fix Pack 0](https://www.ibm.com/support/pages/node/6830885) in IBM Support.
**Important**
We recommend that you run IBM CLPPlus on an operating system that supports graphical user interfaces such as macOS, Windows, or Linux with Desktop. If running headless Linux, use switch **-nw** with CLPPlus commands.
**Topics**
+ [Installing the client](#db2-connecting-ibm-clpplus-install-client)
+ [Connecting to a DB instance](#db2-connecting-ibm-clpplus-connect-db-instance)
+ [Retrieving CLOB Data from DB2 Stored Procedures](#db2-connecting-ibm-clpplus-retrieve-clob-data)
## Installing the client
After downloading the package for Linux, install the client.
**Note**
To install the client on AIX or Windows, follow the same procedure but modify the commands for your operating system.
**To install the client on Linux**
1. Run **`./db2_install`**.
1. Run **`clientInstallDir/instance/db2icrt -s client` *instance\$1name***. Replace *instance\$1name* with a valid operating system user on Linux. In Linux, the Db2 DB instance name is tied to the operating system username.
This command creates a **`sqllib`** directory in the home directory of the designated user on Linux.
## Connecting to a DB instance
To connect to your RDS for Db2 DB instance, you need its DNS name and port number. For information about finding them, see [Finding the endpoint](db2-finding-instance-endpoint.md). You also need to know the database name, master username, and master password that you defined when you created your RDS for Db2 DB instance. For more information about finding them, see [Creating a DB instance](USER_CreateDBInstance.md#USER_CreateDBInstance.Creating).
**To connect to an RDS for Db2 DB instance with IBM CLPPlus**
1. Review the command syntax. In the following example, replace *clientDir* with the location where the client is installed.
```
cd clientDir/bin
./clpplus -h
```
1. Configure your Db2 server. In the following example, replace *dsn\$1name*, *database\$1name*, *endpoint*, and *port* with the DSN name, database name, endpoint, and port for your RDS for Db2 DB instance. For more information, see [Finding the endpoint of your Amazon RDS for Db2 DB instance](db2-finding-instance-endpoint.md).
```
db2cli writecfg add -dsn dsn_name -database database_name -host endpoint -port port -parameter "Authentication=SERVER_ENCRYPT"
```
1. Connect to your RDS for Db2 DB instance. In the following example, replace *master\$1username* and *dsn\$1name* with the master username and DSN name.
```
./clpplus -nw master_username@dsn_name
```
1. A Java Shell window opens. Enter the master password for your RDS for Db2 DB instance.
**Note**
If a Java Shell window doesn't open, run `./clpplus -nw` to use the same command line window.
```
Enter password: *********
```
A connection is made and produces output similar to the following example:
```
Database Connection Information :
---------------------------------
Hostname = database-1.abcdefghij.us-east-1.rds.amazonaws.com
Database server = DB2/LINUXX8664 SQL110590
SQL authorization ID = admin
Local database alias = DB2DB
Port = 50000
```
1. Run queries and view results. The following example shows a SQL statement that selects the database you created.
```
SQL > select current server from sysibm.dual;
```
This command produces output similar to the following example:
```
1
--------------------
DB2DB
SQL>
```
## Retrieving CLOB Data from DB2 Stored Procedures
Stored procedures like rdsadmin.db2pd\$1command return results in CLOB columns, which support up to 2 GB of data. However, DB2 CLP limits CLOB output to 8 KB (8192 bytes), truncating any data beyond this threshold. To retrieve the complete output, use CLPPLUS instead.
1. Get Task ID (task\$1id)
```
db2 "select task_id, task_type, database_name, lifecycle, varchar(bson_to_json(task_input_params), 500) as task_params,
cast(task_output as varchar(500)) as task_output, CREATED_AT, LAST_UPDATED_AT from table(rdsadmin.get_task_status(null,null,null))"
```
1. Execute CLPPLUS Command
After obtaining the task\$1id, execute the following command from the Unix prompt (replace TASK\$1ID with the actual numeric task ID):
```
$ (echo "select task_output from table(rdsadmin.get_task_status(task_id,null,null));" ; echo "disconnect;" ; echo "exit;") | clpplus -nw -silent masteruser/MasterUserPassword@hostname:port_num/rdsadmin
```
# Connecting to your Amazon RDS for Db2 DB instance with DBeaver
You can use third-party tools such as DBeaver to connect to Amazon RDS for Db2 DB instances. To download this utility, see [DBeaver Community](https://dbeaver.io/).
To connect to your RDS for Db2 DB instance, you need its DNS name and port number. For information about finding them, see [Finding the endpoint](db2-finding-instance-endpoint.md). You also need to know the database name, master username, and master password that you defined when you created your RDS for Db2 DB instance. For more information about finding them, see [Creating a DB instance](USER_CreateDBInstance.md#USER_CreateDBInstance.Creating).
**To connect to an RDS for Db2 DB instance with DBeaver**
1. Start **DBeaver**.
1. Choose the **New Connection** icon in the toolbar and then choose **Db2 for LUW**.
![\[The menu that lists engine types in DBeaver.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/dbeaver-add-connection.png)
1. In the **Connect to a database** window, provide information for your RDS for Db2 DB instance.
1. Enter the following information:
+ For **Host**, enter the DNS name of the DB instance.
+ For **Port**, enter the port number for the DB instance.
+ For **Database**, enter the name of the database.
+ For **Username**, enter the name of the database administrator for the DB instance.
+ For **Password**, enter the password of the database administrator for the DB instance.
1. Select **Save password**.
1. Choose **Driver Settings**.
![\[The Connect to a database window with various connection settings populated in DBeaver.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/dbeaver-connect-database.png)
1. In the **Edit Driver** window, specify additional security properties.
1. Choose the **Driver properties** tab.
1. Add two **User Properties**.
1. Open the context (right-click) menu, and then choose **Add new property**.
1. For **Property Name**, add **encryptionAlgorithm**, and then choose **OK**.
1. With the **encryptionAlgorithm** row selected, choose the **Value** column and add **2**.
1. Open the context (right-click) menu, and then choose **Add new property**.
1. For **Property Name**, add **securityMechanism**, and then choose **OK**.
1. With the **securityMechanism** row selected, choose the **Value** column and add **7**.
1. Choose **OK**.
![\[The Driver properties tab in the Edit Driver window in DBeaver.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/dbeaver-driver-properties-tab.png)
1. In the **Connect to a database** window, choose **Test Connection**. If you don't have a DB2 JBDC driver installed on your computer, then the driver automatically downloads.
1. Choose **OK**.
1. Choose **Finish**.
1. In the **Database Navigation** tab, choose the name of the database. You can now explore objects.
You are now ready to run SQL commands.
**To run SQL commands and view the results**
1. In the top menu, choose **SQL**. This opens a SQL script panel.
1. In the **Script** panel, enter a SQL command.
1. To run the command, choose the **Execute SQL query** button.
1. In the SQL results panel, view the results of your SQL queries.
![\[Window showing how to run a SQL command and view the results in DBeaver.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/dbeaver-sql-run-example.png)
# Connecting to your Amazon RDS for Db2 DB instance with IBM Db2 Data Management Console
You can connect to your Amazon RDS for Db2 DB instance with IBM Db2 Data Management Console. IBM Db2 Data Management Console can administer and monitor several RDS for Db2 DB instances.
**Note**
You must have an Amazon EC2 Linux or Windows machine that is on the same VPC and security group as your RDS for Db2 DB instance. The VPC and security group controls the connection to your DB instance through the internal network.
IBM Db2 Data Management Console requires a repository Db2 database to store metadata and performance metrics but can't automatically create a repository database for RDS for Db2. Instead, you must first create a repository database to monitor one or more RDS for Db2 DB instances. Then you can install IBM Db2 Data Management Console and connect to your RDS for Db2 DB instance with IBM Db2 Data Management Console.
**Topics**
+ [Step 1: Creating a repository database to monitor DB instances](#db2-creating-repo-db-monitoring-dmc)
+ [Step 2: Installing and setting up IBM Db2 Data Management Console](#db2-install-setup-dmc)
+ [Step 3: Configuring the repository database and connecting to RDS for Db2 DB instances](#db2-connecting-db-instances-with-dmc)
+ [Using IBM Db2 Data Management Console](#db2-using-dmc)
## Step 1: Creating a repository database to monitor DB instances
You can use an existing properly sized RDS for Db2 DB instance as a repository for IBM Db2 Data Management Console to monitor other RDS for Db2 DB instances. However, because the admin user doesn't have `SYSCTRL` authority to create buffer pools and tablespaces, using IBM Db2 Data Management Console repository creation to create a repository database fails. Instead, you must create a repository database. This repository database monitors your RDS for Db2 DB instances.
You can create a repository database in two different ways. You can create an RDS for Db2 database and then manually create a buffer pool, a user tablespace, and a system temporary tablespace. Or, you can create a separate Amazon EC2 instance to host an IBM Db2 Data Management Console repository database.
**Topics**
+ [Manually creating a buffer pool, a user tablespace, and a system temporary tablespace](#db2-manually-creating-dmc)
+ [Creating an Amazon EC2 instance to host an IBM Db2 Data Management Console repository](#db2-creating-ec2-dmc)
### Manually creating a buffer pool, a user tablespace, and a system temporary tablespace
**To create a buffer pool, a user tablespace, and a system temporary tablespace**
1. Connect to the `rdsadmin` database. In the following example, replace *master\$1username* and *master\$1password* with your own information.
```
db2 connect to rdsadmin user master_username using master_password
```
1. Create a buffer pool for IBM Db2 Data Management Console. In the following example, replace *database\$1name* with the name of the repository you created for IBM Db2 Data Management Console to monitor your RDS for Db2 DB instances.
```
db2 "call rdsadmin.create_bufferpool('database_name',
'BP4CONSOLE', 1000, 'Y', 'Y', 32768)"
```
1. Create a user tablespace for IBM Db2 Data Management Console. In the following example, replace *database\$1name* with the name of the repository you created for IBM Db2 Data Management Console to monitor your RDS for Db2 DB instances.
```
db2 "call rdsadmin.create_tablespace('database_name',
'TS4CONSOLE', 'BP4CONSOLE', 32768)"
```
1. Create a system temporary tablespace for IBM Db2 Data Management Console. In the following example, replace *database\$1name* with the name of the repository you created for IBM Db2 Data Management Console to monitor your RDS for Db2 DB instances.
```
db2 "call rdsadmin.create_tablespace('database_name',
'TS4CONSOLE_TEMP', 'BP4CONSOLE', 32768, 0, 0, 'S')"
```
You are now ready to install IBM Db2 Data Management Console. For more information about installation and setup, see [Step 2: Installing and setting up IBM Db2 Data Management Console](#db2-install-setup-dmc).
### Creating an Amazon EC2 instance to host an IBM Db2 Data Management Console repository
You can create a separate Amazon Elastic Compute Cloud (Amazon EC2) instance to host an IBM Db2 Data Management Console repository. For information about creating an Amazon EC2 instance, see [Tutorial: Get started with Amazon EC2 Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html) in the *Amazon EC2 User Guide*.
## Step 2: Installing and setting up IBM Db2 Data Management Console
After you create a buffer pool, a user tablespace, and a system temporary tablespace, you are ready to install and set up IBM Db2 Data Management Console.
**Important**
You must have an Amazon EC2 Linux or Windows machine that is on the same VPC and security group as your RDS for Db2 DB instance. The VPC and security group controls the connection to your DB instance through the internal network. Also, you must have already [created a repository database](#db2-creating-repo-db-monitoring-dmc) for IBM Db2 Data Management Console.
**To install and set up IBM Db2 Data Management Console**
1. Download IBM Db2 Data Management Console from [IBM Db2 Data Management Console Version 3.1x releases](https://www.ibm.com/support/pages/ibm-db2-data-management-console-version-31x-releases-new-features-and-enhancements) on the IBM Support website.
1. Install IBM Db2 Data Management Console.
1. Open IBM Db2 Data Management Console and use the IP address of your Amazon EC2 machine and the port number you used for the HTTP or HTTPS connection to your Amazon EC2 instance. For example, use `http://xx.xx.xx.xx:11080` or `https://xx.xx.xx.xx.11081`. Replace `xx.xx.xx.xx` with the IP address of your Amazon EC2 machine. `11080` and `11081` are the default ports for HTTP and HTTPS connections.
1. (Optional) If you want to use port 80 or 443 on your Amazon EC2 instance, you can use either Apache httpd or a Nginx HTTP server to proxy the IBM Db2 Data Management Console port to either port 80 or 443. For more information, see [Apache HTTP Server Project](https://httpd.apache.org) and [the nginx website](https://nginx.org/en/).
To allow connection to IBM Db2 Data Management Console, you must edit the inbound rules in your security group. If you use a proxy, change the TCP/IP port 80 or 443 to redirect to the IBM Db2 Data Management Console ports. If you aren't using a proxy, change the TCP/IP port 80 or 443 to the default ports 11080 (HTTP) or 11081 (HTTPS).
You are now ready to log in to IBM Db2 Data Management Console to configure the repository database and to connect to your RDS for Db2 DB instances. For more information, see [Configuring the repository database and connecting to DB instances](#db2-connecting-db-instances-with-dmc).
## Step 3: Configuring the repository database and connecting to RDS for Db2 DB instances
When you connect to the repository database for the first time, IBM Db2 Data Management Console automatically configures the repository. After the repository database is configured, you can add database connections to IBM Db2 Data Management Console.
To connect to your RDS for Db2 DB instance, you need its DNS name and port number. For information about finding them, see [Finding the endpoint](db2-finding-instance-endpoint.md). You also need to know the database name, master username, and master password that you defined when you created your RDS for Db2 DB instance. For more information about finding them, see [Creating a DB instance](USER_CreateDBInstance.md#USER_CreateDBInstance.Creating). If you are connecting over the internet, allow traffic to the database port. For more information, see [Creating a DB instance](USER_CreateDBInstance.md#USER_CreateDBInstance.Creating).
**To connect to RDS for Db2 DB instances with IBM Db2 Data Management Console**
1. Log in to IBM Db2 Data Management Console with the credentials you set during installation.
1. Configure the repository.
1. In the **Connection and database** section, enter the following information for your RDS for Db2 DB instance:
+ For **Host**, enter the DNS name of the DB instance.
+ For **Port**, enter the port number for the DB instance.
+ For **Database**, enter the name of the database.
![\[The Connection and database section in IBM Db2 Data Management Console with Host, Port, and Database fields.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-connection-database.png)
1. In the **Security and credential **section, enter the following information for your RDS for Db2 DB instance:
+ For **Security type**, choose **Encrypted user and password**.
+ For **Username**, enter the name of the database administrator for the DB instance.
+ For **Password**, enter the password of the database administrator for the DB instance.
1. Choose **Test connection**.
**Note**
If the connection is unsuccessful, confirm that the database port is open through the inbound rules in your security group. For more information, see [Considerations for security groups with Amazon RDS for Db2](db2-security-groups-considerations.md).
If you didn't [manually create a buffer pool, a user tablespace, and a system temporary tablespace](#db2-manually-creating-dmc) in RDS for Db2, you might see the following error message:
![\[Error message about not having permissions to perform operations.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-error-message.png)
Make sure that you created a buffer table, a tablespace, and objects for an IBM Db2 Data Management Console repository to monitor your RDS for Db2 DB instance. Or, you can use an Amazon EC2 Db2 DB instance to host an IBM Db2 Data Management Console repository to monitor your RDS for Db2 DB instance. For more information, see [Step 1: Creating a repository database to monitor DB instances](#db2-creating-repo-db-monitoring-dmc).
1. After you successfully test your connection, choose **Next**.
![\[The Security and credential section in IBM Db2 Data Management Console.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-security-credential.png)
If IBM Db2 Data Management Console finds the buffer pool, the user tablespace, and the system temporary tablespace in the RDS for Db2 DB instance, then IBM Db2 Data Management Console automatically configures the repository database. If you use your Db2 instance on your Amazon EC2 instance as the repository database, then IBM Db2 Data Management Console automatically creates the buffer pool and other objects.
1. In the **Set statistics event monitor opt-in** window, choose **Next**.
1. (Optional) Add new connection. If you want to use a different RDS for Db2 DB instance for administration and monitoring, then add a connection to a non-repository RDS for Db2 DB instance.
1. In the **Connection and database** section, enter the following information for the RDS for Db2 DB instance to use for administration and monitoring:
+ For **Connection name**, enter the Db2 database identifier.
+ For **Host**, enter the DNS name of the DB instance.
+ For **Port**, enter the port number for the DB instance.
+ For **Database**, enter the name of the database.
![\[The Connection and database section for a new connection in IBM Db2 Data Management Console with Host, Port, and Database fields.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-new-connection-database.png)
1. In the **Security and credential**** **section, select **Enable monitoring data collection**.
1. Enter the following information for your RDS for Db2 DB instance:
+ For **Username**, enter the name of the database administrator for the DB instance.
+ For **Password**, enter the password of the database administrator for the DB instance.
1. Choose **Test connection**.
1. After you successfully test your connection, choose **Save**.
![\[The Security and credential section for a new connection in IBM Db2 Data Management Console.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-new-security-credential.png)
After the connection is added, a window similar to the following appears. This window indicates that your database was successfully configured.
![\[The window indicating that the database was successfully configured in IBM Db2 Data Management Console.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-configuration-success.png)
1. Choose **Go to Databases**. A Databases window similar to the following appears. This window is a dashboard that shows metrics, statuses, and connections.
![\[The Databases overview window in IBM Db2 Data Management Console.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-database-view.png)
You can now start using IBM Db2 Data Management Console.
## Using IBM Db2 Data Management Console
You can use IBM Db2 Data Management Console to do the following types of tasks:
+ Manage multiple RDS for Db2 DB instances.
+ Run SQL commands.
+ Explore, create, or change data and database objects.
+ Create `EXPLAIN PLAN` statements in SQL.
+ Tune queries.
**To run SQL commands and view the results**
1. In the left navigation bar, choose **SQL**.
1. Enter a SQL command.
1. Choose **Run all**.
1. To view the results, choose the **Results** tab.
![\[The Database window showing how to run a SQL command and view the results in IBM Db2 Data Management Console.\]](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/images/ibm-dmc-sql-run-example.png)
# Considerations for security groups with Amazon RDS for Db2
For you to connect to your Amazon RDS for Db2 DB instance, it must be associated with a security group that contains the necessary IP addresses and network configuration. Your RDS for Db2 DB instance might use the default security group. If you assigned a default nonconfigured security group when you created the RDS for Db2 DB instance, then the firewall prevents internet connections. For information about creating a new security group, see [Controlling access with security groups](Overview.RDSSecurityGroups.md).
After you create the new security group, you modify your DB instance to associate it with the security group. For more information, see [Modifying an Amazon RDS DB instance](Overview.DBInstance.Modifying.md).
You can enhance security by using SSL to encrypt connections to your DB instance. For more information, see [Using SSL/TLS with an Amazon RDS for Db2 DB instance](Db2.Concepts.SSL.md).