Reputation: 3380
Aurora is allowing writes to read only endpoint
I recently set up an Aurora RDS database and the default Writer roles shows two endpoints:
1) Writer 2) Reader
However when I access with the Reader endpoint I am still able to update records on the database.
Can someone explain why this is behaving this way?
Upvotes: 6
Views: 3936
Answers (2)
Reputation: 169
The accepted answer declares that the bug is a feature. But it is a bug. At least it is a UX bug. Providing a url named RO while it is not read-only is insane. They argue that it prepares you for upscaling. But what about downscaling? If one decides that the replica is no longer needed, that read-only url will start to behave differently. Possibly another team is using it for analytics for example. And suddenly they will have the possibility to write there... It is indeed a bug.
Upvotes: 2
Reputation: 179124
This is the expected behavior in an Aurora cluster with only one instance.
An Aurora cluster is a set of one or more instances, all accessing the same data, stored on the Aurora Cluster Volume. One of the instances is the "writer" (can modify data) and if there is more than one, then any additional instances are "readers" (can't modify data).
The cluster endpoint DNS entries are automatically managed so that they always point to the correct instance(s).
A single-master Aurora cluster's endpoints -- for compatibility -- work the same from the application's perspective, whether you have 1 instance or multiple instance -- there is the writer endpoint that the application can use where it needs writes, and the read-only endpoint that the application can use in cases where the application knows it does not need to write.
With only one instance in a cluster, the RO endpoint points to the writer so that an application designed to do read/write splitting can still work without modification. If this endpoint didn't provide a usable destination in a single-instance cluster, scaling an Aurora-backed application in or out at the database layer would require application changes, but as implemented, this isn't needed... but at the same time, the "endpoints" are fundamentally just logical endpoints -- DNS entries. The instance accepting the connection has no knowledge of how the connection arrived.
When there is more than one instance, connections to the RO endpoint are balanced among the readers using short-TTL DNS.
Upvotes: 11
Related Questions
- AWS Aurora: The MySQL server is running with the --read-only option so it cannot execute this statement
- Cannot connect to aurora, checked security group & publicly accesible
- Is there a way to set an Aurora writer instance read-only?
- AWS Aurora Serverless unexplained write IOPS
- How to make AWS aurora Mysql into a writable instance
- How can I change write and read endpoint to read-only in Aurora MySQL database in AWS?
- MySQL Aurora DB Instance Turned read-only on by itself on AWS RDS
- AWS Aurora cluster endpoint usage
- AWS: what action in policy for making Lambda write to Aurora?
- Aurora replica readonly converted to writer now working as multimaster