Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I get roles/users/groups on a restored Amazon Aurora for PostgreSQL cluster snapshot

0

We are migrating an Amazon Aurora for PostgreSQL cluster from one aws account to another aws account. We did the migration successfully and the cluster is up and accessible on the new aws account. We achieve this at a high level by:

Source account:

  1. Took a manual snapshot of the cluster.
  2. Made a copy of the snapshot taken above.
  3. Shared the copy of the snapshot with the target account.

Target account:

  1. Copied the shared snapshot.
  2. Restored the shared snapshot

The roles roles/users/groups are missing on the new cluster did not copy over. How do I get these over to the new server? Is this how snapshot restore behave? I can go back to the old cluster and get the roles/users/groups to copy manually in to new cluster but that will involve lot of work and I was under the impression (I didn't read this anywhere :)) that a snapshot will include roles/users/groups.

PS:- I tried to use pg_dumpall utility but that requires superuser permission and Amazon Aurora does not expose this role.

Topics
AnalyticsDatabase
Tags
Aurora PostgreSQLPostgreSQLAmazon Aurora
Language
English
asked 2 years ago878 views
1 Answer
-1
Accepted Answer

You're right, snapshots typically don't include roles and users by default. Here's how to handle roles and users in your Aurora PostgreSQL cluster migration:

Understanding Snapshot Behavior:

Snapshots capture the state of your database schema and data at a specific point in time. They don't include user-defined objects like roles, users, groups, or permissions.

Approaches to Transfer Roles and Users:

1/ Manual Scripting:

a) Source Account: Use the pg_dump utility (with appropriate permissions) to dump the roles and users along with their privileges into a script file. This script will contain CREATE ROLE, GRANT, etc. statements.

b) Target Account: Connect to the new cluster and execute the script generated from the source to recreate roles, users, and permissions.

2/ AWS Database Migration Service (DMS):

While not ideal for just roles and users, DMS can be used for a more comprehensive migration (if needed). It allows selective migration of specific schema objects, potentially including roles and users. However, it can be more complex to configure than manual scripting.

3/ AWS Resource Access Manager (RAM):

If migrating identities (users and roles) is a frequent need, consider using AWS RAM. It allows you to create IAM users or roles in one account and share them securely with other accounts for access to resources like Aurora clusters.

As of now For your current situation, manual scripting seems like the most straightforward approach. It's relatively simple and doesn't require setting up additional services like DMS.

AWS
answered 2 years ago
EXPERT
reviewed a year ago
  • bcarlson
    4 months ago

    This does not address the role passwords if aim is to maintain the same.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content