Default users (i.e. rdsadmin, rdsrepladmin etc) created by RDS PostgreSQL and their roles and functionalities
A customer is using RDS PostgreSQL to store their data for a regulated business. The customer is now being asked by the regulator
1) For AWS RDS db roles, are rdsadmin, rdsrepladmin, root DEFAULT roles created by AWS and what are the purposes of these roles?
psql shows “Cannot login” in the
Attributes column for those user
rds_superuser, what does it mean?
Highly appreciated if anyone could shed us some light how to answer these questions? Are we supposed to disclose these details with regulator/customer? Thanks a lot!
If the customer is new to PostgreSQL, here is a good starter on the concept of roles and users: https://rdspg.workshop.aws/lab9-postgres-introduction/task6.html
1) RDS does create some roles to be able to provide the automation/management that it provides. "rdsadmin" is a role with login permissions (also known as a user) that is used by our internal automation mechanisms. "rdsrepladmin" is a role related to configuring logical replication. "root" appears to be name of the master user that you specified when you created the database. You could have called it something other than "root" if you wanted.
2) Those are roles without login permissions. RDS creates these roles to allow you to grant certain types of permissions to any new users you decide to create. For instance, you could create new users for each of your dbas and grant them the rds_superuser role which would give them capabilities equivalent to the original master user ("root" in your example).
Use PostgreSQL LIKE % wildcards with RDS Data API?Accepted Answerasked 5 months ago
RDS Postgresql migrate to Aurora Postgresql. Not showing "Aurora read replica" & "Migrate snapshot" options.Accepted Answerasked 5 months ago
Choosing RDS PostgreSQL over Aurora PostgreSQLasked 2 months ago
RDS PostgreSQL snapshot and restore to a different accountAccepted Answerasked 2 years ago
Amazon RDS for PostgreSQL: Configuration differences with PostgreSQL on EC2Accepted Answerasked 2 years ago
Migrating RDS PostgreSQL to Aurora PostgreSQL in a different accountAccepted AnswerEXPERTasked a year ago
Default users (i.e. rdsadmin, rdsrepladmin etc) created by RDS PostgreSQL and their roles and functionalitiesAccepted Answerasked 2 years ago
Move RDS postgresql database to Aurora ServerlessAccepted Answerasked 3 years ago
How to restrict database users for RDS Postgres using AWS Managed AD trusted with customer on-prem ADAccepted Answerasked 2 years ago
Does AWS DMS support ARRAY data type for RDS for PostgreSQL on EC2 to Aurora PostgreSQL migration?Accepted Answerasked 2 years ago