ApsaraDB RDS for MySQL creates and maintains a set of internal system accounts to manage each instance. These accounts are reserved — attempting to drop, rename, change the password for, or modify the privileges of any system account returns an error. To manage your database, create a privileged account instead.
System accounts
| Account | Purpose |
|---|---|
root (aliyun_root in MySQL 5.7 and later versions) | Manages the RDS instance locally. Used to reconfigure parameters related to the minor engine version and query instance status. |
aurora | Manages the RDS instance remotely. If the instance is faulty, an Alibaba Cloud engineer can use this account to log on to the instance, perform a primary/secondary switchover, and monitor instance health. |
rds_service | Manages the RDS instance remotely. Functions the same as aurora. |
aurora_proxy | Forwards connections when the database proxy feature is enabled. |
replicator | Replicates data from the RDS instance to its secondary instance. Available only when the instance runs in high availability mode. |
Note
All system account connections use internal IP addresses. To check the current logon account and its IP address, run SELECT user();. Example output:
'aurora_proxy'@'%';
'replicator'@'11.195.XXX.XX';
'replicator'@'11.196.XXX.XXX';
'replicator'@'11.195.XXX.XX';
'replicator'@'11.199.XX.XXX';
'aliyun_root'@'127.0.0.1';The CIDR block starting with 11 (for the replicator account) is a private CIDR block used by Alibaba Cloud.