Why can't I create a superuser in AWS Postgresql instance?
Solution 1
RDS instances are managed by Amazon. As such, to prevent you from breaking things like replication, your users - even the root user you set up when you create the instance - will not have full superuser privileges.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html
When you create a DB instance, the master user system account that you create is assigned to the rds_superuser role. The rds_superuser role is a pre-defined Amazon RDS role similar to the PostgreSQL superuser role (customarily named postgres in local instances), but with some restrictions. As with the PostgreSQL superuser role, the rds_superuser role has the most privileges on your DB instance and you should not assign this role to users unless they need the most access to the DB instance.
Solution 2
If you list your current permissions with \du+
or \dg+
, you will notice you are not a superuser but only allowed permissions Create role, Create DB. As such you are not allowed to assign yourself permissions higher from the ones you are currently assigned with.
Normally you are not given root or superuser permissions in any hosted environment. I suggest you spin up a custom EC2 instance and install PostgreSQL locally for complete control.
Related videos on Youtube
Saqib Ali
Updated on September 18, 2022Comments
-
Saqib Ali over 1 year
I have an AWS EC2 instance connecting to an RDS instance (Postgresql). When I created the RDS instance, I told it the DB root's username was:
my_user1
and the password waspassword1
. Now I'm attempting to create a role and a super-user. But it fails:$ createuser -P -d -s -e my_user2 --host myhost.com -U my_user1 Enter password for new role: XXXYYYZZZ Enter it again: XXXYYYZZZ Password: password1 CREATE ROLE my_user2 PASSWORD 'md5999999c0101a1d64afd57575e06f999c' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN; createuser: creation of new role failed: ERROR: must be superuser to create superusers $
When I repeat the command without the
-s
flag, it works:$ createuser -P -d -e my_user2 --host myhost.com -U my_user1 Enter password for new role: Enter it again: Password: CREATE ROLE my_user2 PASSWORD 'md5999999c0101a1d64afd57575e06f888c' NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN; $
So clearly,
my_user1
doesn't have permissions to create a super-user. But this is the user I told RDS was my admin user! Ifmy_user1
doesn't have permissions to create a super-user, who does? And how do I get their username/password from AWS?-
Saqib Ali over 9 yearsDrookie, is this file on the RDS instance itself? I haven't even SSHed onto that machine yet.
-
ceejayoz over 9 years@SaqibAli You can't SSH into a RDS instance.
-
-
chovy over 5 yearsis there really no way to backup an amazon rds database with pg_dump otherwise?
-
Spike over 4 years@chovy, try
grant
ing the db owner role to your user.