Creating Users on RDS MySQL Read Replicas

Question

Is it possible/advisable to create users that only have access to a RDS MySQL Read Replica and not to the main database server? I have a number of power users I'd like to grant access so they can run slow running queries, but don't want to give them access to the main production database itself. Trying to do this directly on the server, I get ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement , so guessing I have to do it in the db parameter group or somewhere like that. Anyway, ideas?

Answer 1

You should not create a user only in the read replica.

It is vital for RDS to have an identical data set for both master and replica instance, so it is not possible to have a user only in the RR and not on the master (or at least inadvisable).

A reason, besides how works the replica in RDS, is that in case of a fail-over a replica can become a master and the roles will be changed

Answer 2

You can configure an Amazon RDS DB instance read replica to be read/write by setting the read_only parameter to false for the DB parameter group that you create for your DB instance(s).

You cannot modify the parameter settings of a default DB parameter group; you must create your own DB parameter group to change parameter settings from their default value.

https://aws.amazon.com/premiumsupport/knowledge-center/rds-read-replica/

Use caution when doing this, and after you've created the users, put it back to read_only immediately. If you ever create a user on the master with the same username/host pair on the master, replication will likely stop because this creates a conflict.

Answer 3

You can add or delete users in a read replica. This is possible by the usual way of CREATE USER . But this is not advisable as the read replica & master should be in sync always so if master goes-down read replica can be promoted as Master.