Reputation: 33
How can the admin add RDS MySQL db instance only reading permission to a user?
Unfortunately I'm not the admin, so I can't see the buttons, links in the AWS of him, but I need to help him doing this, because this needs for me. I have a user "A", it can login perfectly into the RDS Mysql db instance through MySQL Workbench. But I also have a user "B", which can't login into the same RDS MySQL db instance through MySQL Workbench (the problem is not with the workbench, it also doesn't work from a c# console app. The security group of the RDS db instance contains the ip I'm trying to login, and as I mentioned, it perfectly works for the other user.
We attached the AmazonRDSFullAccess to the "B" user, but it doesn't have the rds-db JSON line which would provide the reading. I don't know which menu points did the admin choose, but after we realized this, he created a policy attached to the RDS service and he clicked to the Read checkbox, which enabled 4-5 policies or permissions (I think this automatically generated the correct policy document), and he attached this policy the "B" user. But it still doesn't work. Can somebody provide a step-by-step tutorial with images about what should he do?
P.S.: Sorry, if the question or the description is not well-detailed, but I can't detail that more right now. I will update later based on comments.
Upvotes: 2
Views: 517
Answers (1)
Reputation: 4491
There are several levels of permissions here with AWS RDS MySQL database.
- AWS API
- Network
- Database
First, AWS RDS only provisions the master account, from there you can create other users to allow Database level access to the database on the RDS instance.
You mentioned you had network level access by opening the security group of the Database to the IP you logging in from. And the AWS API access by adding the AmazonRDSFullAccess to the IAM user, this would give him access to manipulate the instance itself but NOT login to the database.
I think you'll need to get someone with DBA or the AWS admin privileges to create a user for this person so they can then log into the database.
Upvotes: 2
Related Questions
- Creating A New MySQL User In Amazon RDS Environment
- What are the minimum privileges required to create MySQL databases, users, and grant permissions?
- How to get phpmyadmin access on Amazon RDS Database
- AWS RDS - Access denied to admin user when using GRANT ALL PRIVILEGES ON the_db.* TO 'the_user'@'%'
- grant access to user on amazon RDS server
- RDS MySQL ERROR 1045 (28000): Access denied for user when connecting to db from EC2
- AWS RDS MySql - how to allow access after setting 'Publicly available'
- Using IAM Role to allow access to MySQL database on RDS
- MySQL and Amazon RDS DBA user
- AWS RDS MySQL How to restrict db access to a single EC2 instance