Default users (i.e. rdsadmin, rdsrepladmin etc) created by RDS PostgreSQL and their roles and functionalities
A customer is using RDS PostgreSQL to store their data for a regulated business. The customer is now being asked by the regulator
1) For AWS RDS db roles, are rdsadmin, rdsrepladmin, root DEFAULT roles created by AWS and what are the purposes of these roles?
2) Running \du in psql shows “Cannot login” in the Attributes column for those user rds_ad,rds_iam,rds_password,rds_replication,rds_superuser, what does it mean?
Highly appreciated if anyone could shed us some light how to answer these questions? Are we supposed to disclose these details with regulator/customer? Thanks a lot!
If the customer is new to PostgreSQL, here is a good starter on the concept of roles and users: https://rdspg.workshop.aws/lab9-postgres-introduction/task6.html
1) RDS does create some roles to be able to provide the automation/management that it provides. "rdsadmin" is a role with login permissions (also known as a user) that is used by our internal automation mechanisms. "rdsrepladmin" is a role related to configuring logical replication. "root" appears to be name of the master user that you specified when you created the database. You could have called it something other than "root" if you wanted.
2) Those are roles without login permissions. RDS creates these roles to allow you to grant certain types of permissions to any new users you decide to create. For instance, you could create new users for each of your dbas and grant them the rds_superuser role which would give them capabilities equivalent to the original master user ("root" in your example).
Relevant questions
Use PostgreSQL LIKE % wildcards with RDS Data API?
Accepted Answerasked 5 months agoRDS Postgresql migrate to Aurora Postgresql. Not showing "Aurora read replica" & "Migrate snapshot" options.
Accepted Answerasked 5 months agoChoosing RDS PostgreSQL over Aurora PostgreSQL
asked 2 months agoRDS PostgreSQL snapshot and restore to a different account
Accepted Answerasked 2 years agoAmazon RDS for PostgreSQL: Configuration differences with PostgreSQL on EC2
Accepted Answerasked 2 years agoMigrating RDS PostgreSQL to Aurora PostgreSQL in a different account
Accepted AnswerDefault users (i.e. rdsadmin, rdsrepladmin etc) created by RDS PostgreSQL and their roles and functionalities
Accepted Answerasked 2 years agoMove RDS postgresql database to Aurora Serverless
Accepted Answerasked 3 years agoHow to restrict database users for RDS Postgres using AWS Managed AD trusted with customer on-prem AD
Accepted Answerasked 2 years agoDoes AWS DMS support ARRAY data type for RDS for PostgreSQL on EC2 to Aurora PostgreSQL migration?
Accepted Answerasked 2 years ago