Creating A New MySQL User In Amazon RDS Environment

amazon-web-services amazon-rds

I need to create a new MySQL user with limited permission on an existing Amazon RDS instance. After encountering a couple error messages I was sort of able to do this using the official MySQL Administrator tool and the user now appears in the list. However, I'm unable to assign any schema privileges as all the users are greyed out. I'm logged in as the "master user" created when the instance was launched. Not sure where to go from here. I do have the RDS command line tools installed but wasn't able to track down anything there either. Ideas


Solution 1:

Your best bet is probably to connect to the database with a mysql command line client and call the SQL commands to create a new user and assign him privileges.

For instance, you might run something like this:

mysql -u [your_master_username] -p -h YOURRDSENDPOINT.rds.amazonaws.com

CREATE USER 'jeffrey'@'%' IDENTIFIED BY 'somepassword';
GRANT SELECT ON [your_database].[some_table] TO 'jeffrey'@'%';

On windows you could use the mysql.exe client, wherever that is.

Useful Docs

AWS RDS security groups documentation (a common area of confusion): http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html

User creation documentation: http://dev.mysql.com/doc/refman/5.5/en/create-user.html

Privilege granting documentation: http://dev.mysql.com/doc/refman/5.5/en/grant.html

Solution 2:

I know this thread is a couple of years old and well I keep finding it so I wanted to get an update out about the AWS RDS and User Permissions.

You cannot use GRANT ALL for any user with an RDS. When you use the GRANT ALL statement you are also attempting to provide Global (as AWS Calls them Super Permissions) and with the way that the AWS RDS System is setup they do not allow assigning of Global Options to users.

You have to break out the Permissions to the following:

GRANT SELECT,INSERT,UPDATE,DELETE,DROP on

This will allow your user to be able to connect to the RDS once the security settings are setup to allow access from your EC2 Instances or from the Internet.

Hope this information helps anyone else that is running into the same issues that I was seeing with the AWS RDS Systems.

Waldo

Solution 3:

I created like this:

CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'somepassword';
GRANT SELECT ON mydatabase.* TO 'jeffrey'@'localhost';

But then, AWS rejected to login to that user. And I tried to change Admin privileges, but not success. And I change 'localhost' to '%' through mysql workbench. (or you can remove the user and recreate) like :

CREATE USER 'jeffrey'@'%' IDENTIFIED BY 'somepassword';
GRANT SELECT ON mydatabase.* TO 'jeffrey'@'%';

Then only I was able to loggin through this new user.

In addition: Once you done this change, then your database allowed to connect from any ip. If you need to improve the security and restrict the accessing ip (Ex: if this is a staging database), you can set the bind-address in my.cnf file in your server.

bind-address = your.ip.add.ress

enter link description here

Related

node.js, express.js - What is the easiest way to serve a single static file?
DDD - Persistence Model and Domain Model
Auto Layout (Constraints) Center 2 side by side views in a parent view
Is there an "upsert" option in the mongodb insert command?
How do I declare that a computed property 'throws' in Swift?
npm ERR! cb.apply is not a function
When should I use GCC's -pipe option?
casting non const to const in c++
HTTP protocol's PUT and DELETE and their usage in PHP
Check if any item in Python list is None (but include zero)
How to download a file in ASP.NET Core?
Calling a JavaScript function returned from an Ajax response