Default users (i.e. rdsadmin, rdsrepladmin etc) created by RDS PostgreSQL and their roles and functionalities
A customer is using RDS PostgreSQL to store their data for a regulated business. The customer is now being asked by the regulator
-
For AWS RDS db roles, are rdsadmin, rdsrepladmin, root DEFAULT roles created by AWS and what are the purposes of these roles?
-
Running
\duinpsqlshows “Cannot login” in theAttributescolumn for those userrds_ad,rds_iam,rds_password,rds_replication,rds_superuser, what does it mean?
Highly appreciated if anyone could shed us some light how to answer these questions? Are we supposed to disclose these details with regulator/customer? Thanks a lot!
- Newest
- Most votes
- Most comments
If the customer is new to PostgreSQL, here is a good starter on the concept of roles and users: https://rdspg.workshop.aws/lab9-postgres-introduction/task6.html
-
RDS does create some roles to be able to provide the automation/management that it provides. "rdsadmin" is a role with login permissions (also known as a user) that is used by our internal automation mechanisms. "rdsrepladmin" is a role related to configuring logical replication. "root" appears to be name of the master user that you specified when you created the database. You could have called it something other than "root" if you wanted.
-
Those are roles without login permissions. RDS creates these roles to allow you to grant certain types of permissions to any new users you decide to create. For instance, you could create new users for each of your dbas and grant them the rds_superuser role which would give them capabilities equivalent to the original master user ("root" in your example).
Relevant content
- Accepted Answerasked 4 years ago
- Accepted Answerasked 4 years ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 7 months ago
