Read Only user for RDS to S3 feature

Read Only user for RDS to S3 feature

Info
Starting at version 4.x, N2WS now support exporting RDS MySQL database to S3 for long term cost saving, this is done using two steps:
  1. Using the existing AWS RDS export to S3 feature to copy the data to the S3 bucket
  2. Exporting the schema ( as this is not exported as part of the AWS RDS export to S3 feature)
For the second step of exporting the schema, N2WS only does read operations and requires the user to provide username/password for the database when configuring the backup policy,
This means provided user can be an Admin user with full access or a Read Only user which will allow us to read the schema, for example:

MySQL (4.0 and above):
CREATE USER 'testuser4'@'%' IDENTIFIED BY '12345678A';
GRANT SELECT, PROCESS, LOCK TABLES ON *.* TO 'testuser4'@'%';
FLUSH PRIVILEGES;
 
PostgreSQL ( 4.1 and above):
CREATE ROLE <role_name>;
GRANT CONNECT ON DATABASE <schema_name> TO <role_name>;
GRANT USAGE ON SCHEMA <schema_name> TO <role_name>;
GRANT SELECT ON ALL TABLES IN SCHEMA <schema_name> TO <role_name>;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA <schema_name> to <role_name>;
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema_name> GRANT SELECT ON TABLES TO <role_name>;
CREATE USER <username> WITH PASSWORD '<password>';
GRANT <role_name> TO <username>;

    • Related Articles

    • N2WS-22770 - MySQL 5.7 RDS export to S3 fails

      Issue: RDS MySQL 5.7 export to S3 fails with "Failed to get DB schema or users from eks-website-prod: mysqldump failed with error code 2" Solution: v4.2.2 - install attached patch and do below steps

    • Required minimal AWS permissions/roles for CPM operation

      You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...

    • How to create a read only user in CPM

      Often backup Administrators are being asked by management for auditing purposes to monitor backups but the administrator does not want to grant that user the ability to modify backups and other important settings in CPM. The way to do this is to ...

    • N2WS-20766 - RDS export fails due to error "RestoreDBInstanceFromDBSnapshot operation: No default subnet detected"

      Issue: When trying to export RDS instance to S3 bucket, it fails with the following error: Error Process reported error: Failed to create DB instance from snapshot cpm-policy-1-db1-2011-1-11-1-11: An error occurred (InvalidSubnet) when calling the ...

    • EBS/RDS DR & Recovery with KMS key

      When copying cross account an EBS/RDS Volume encrypted with custom KMS, a KMS key should also be available in the other account. There are 2 ways that CPM uses for checking KMS key - Alias & Tag KMS Tag When using custom tag, you are telling CPM to ...