I have an AWS EC2 instance connecting to an RDS instance (Postgresql). When I created the RDS instance, I told it the DB root's username was: my_user1 and the password was password1. Now I'm attempting to create a role and a super-user. But it fails:
$ createuser -P -d -s -e my_user2 --host myhost.com -U my_user1
Enter password for new role: XXXYYYZZZ
Enter it again: XXXYYYZZZ
Password: password1
CREATE ROLE my_user2 PASSWORD 'md5999999c0101a1d64afd57575e06f999c' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
createuser: creation of new role failed: ERROR: must be superuser to create superusers
$
When I repeat the command without the -s flag, it works:
$ createuser -P -d -e my_user2 --host myhost.com -U my_user1
Enter password for new role:
Enter it again:
Password:
CREATE ROLE my_user2 PASSWORD 'md5999999c0101a1d64afd57575e06f888c' NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN;
$
So clearly, my_user1 doesn't have permissions to create a super-user. But this is the user I told RDS was my admin user! If my_user1 doesn't have permissions to create a super-user, who does? And how do I get their username/password from AWS?
Best Answer
RDS instances are managed by Amazon. As such, to prevent you from breaking things like replication, your users - even the root user you set up when you create the instance - will not have full superuser privileges.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html