Is it possible/advisable to create users that only have access to a RDS MySQL Read Replica and not to the main database server? I have a number of power users I'd like to grant access so they can run slow running queries, but don't want to give them access to the main production database itself. Trying to do this directly on the server, I get ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement
, so guessing I have to do it in the db parameter group or somewhere like that. Anyway, ideas?
Amazon RDS for MySQL, MariaDB and PostgreSQL allow you to add up to 15 read replicas to each DB Instance.
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/ . In the navigation pane, choose Databases. Choose the DB instance that you want to use as the source for a read replica. For Actions, choose Create read replica.
You should not create a user only in the read replica.
It is vital for RDS to have an identical data set for both master and replica instance, so it is not possible to have a user only in the RR and not on the master (or at least inadvisable).
A reason, besides how works the replica in RDS, is that in case of a fail-over a replica can become a master and the roles will be changed
You can add or delete users in a read replica. This is possible by the usual way of CREATE USER . But this is not advisable as the read replica & master should be in sync always so if master goes-down read replica can be promoted as Master.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With