Adding a new database user when using RDS Proxy
In some cases, you might add a new database user to an Aurora cluster that's associated with a proxy. If so, add or repurpose a Secrets Manager secret to store the credentials for that user. To do this, run through the following steps:
-
Create a new Secrets Manager secret, using the procedure described in Setting up database credentials in AWS Secrets Manager for RDS Proxy.
-
Update the IAM role to give RDS Proxy access to the new Secrets Manager secret. To do so, update the resources section of the IAM role policy.
-
Modify the RDS Proxy to add the new Secrets Manager secret under Secrets Manager secrets.
-
If the new user takes the place of an existing one, update the credentials stored in the proxy's Secrets Manager secret for the existing user.
Adding a new database user to a PostgreSQL database when using RDS Proxy
When adding a new user to your PostgreSQL database, if you have run the following command:
REVOKE CONNECT ON DATABASE postgres FROM PUBLIC;
Grant the rdsproxyadmin
user the CONNECT
privilege so the user
can monitor connections on the target database.
GRANT CONNECT ON DATABASE postgres TO rdsproxyadmin;
You can also allow other target database users to perform health checks by changing
rdsproxyadmin
to the database user in the command above.
Changing the password for a database user when using RDS Proxy
In some cases, you might change the password for a database user in an Aurora cluster that's associated with a proxy. If so, update the corresponding Secrets Manager secret with the new password.