RDS supports the classic mode and the master mode. For instances of MySQL 5.7 High-availability Edition, MySQL 5.6, and MySQL 5.5, you can create a master account to upgrade the account management mode from classic to master. The following figure shows how to switch from the classic mode to the master mode, and their differences in creating and managing databases and accounts.
Compared with the classic mode, the master mode enables more permissions to meet the personalized and sophisticated permission management needs. You can also use SQL statements to directly manage databases and accounts. Therefore, we recommend that you use the master mode.
This document describes how to upgrade the account management mode, namely to create a master account, for MySQL 5.7 High-availability Edition, MySQL 5.6, and MySQL 5.5 instances. For details about the usage, supported engines, functions, and permissions of accounts in the classic mode and master mode, see Create an account.
- After a master account is created for a master instance, the account is synchronized to the read-only instances and disaster tolerance instances.
- In the master mode:
- You can manage databases and common accounts only by using Commonly used SQL commands for MySQL.
- However, you can reset the permissions and password of the master account on the RDS console or through APIs, without affecting other accounts in the instance.
- The following changes occur after an instance switches to the master account mode: After the master account is created, the Databases page and Create Account on the Accounts page disappear. However, this change only affects the single instance and has nothing to do with other instances.
- For MySQL 5.5/5.6 instances:
- You can only upgrade from the classic mode to the master mode and cannot roll back.
- You cannot directly access the mysql.user and mysql.db tables, but you can view the existing account and permissions through mysql.user_view and mysql.db_view.
- You cannot use the master account to modify passwords of other common accounts. To modify passwords of other common accounts, you must delete the master account and create a new account.
- MySQL 5.7 instances support only the master mode.
- When the master account is created, an instance restart cause a transient network disconnection of 30s. Make sure that you create an account at proper time and the application supports auto-reconnection to prevent disconnections.
- Log on to the RDS console.
- Select the region where the target instance is located.
- Click the ID of the instance to visit the Basic Information page.
- Select Accounts in the left-side navigation pane to visit the Accounts page.
- Click Create Master Account, as shown in the following figure.
- Select I understand the above warnings and want to proceed with creating a master account and click Next.
- Set the related fields.
- Database Account: The account is a string of 2 to 16 characters. It must contain lowercase letters, numbers, and underscores (_). The account must start with a letter and end with a letter or a number.
- Password: refers to the password of the account. The password is a string of 8 to 32 characters. It must contain any three of letters, numbers, hyphens (-), and underscores (_).
- Re-enter Password: Re-enter the password to verify that the password is entered correctly.
- Click Create.
Note After a master account is created, the account name cannot be modified, but the password can be modified later on the RDS console.