3

I'm trying to set up a MySQL read replica on AWS RDS.

The user for the slave (rdsrepladmin) has the REQUIRE SSL flag set.

This causes the read replica server to enter a perpetual 'read replication: connecting' state.


So, I'm read that I need to (on the slave) issue the commands:

STOP SLAVE; CHANGE MASTER TO MASTER_SSL=1, START SLAVE;

But, the CHANGE MASTER TO ... command fails, because I do not have the super privilege.
There is no way around this (that I know of), because with a MySQL instance at AWS RDS, only AWS's internal server management accounts have the super privilege.

Yet, I fail to believe (yet) that AWS RDS does not support REQUIRE SSL for replication connections.


So, my question is

How to get the read replica to connect, using SSL/TLS on MySQL instance at AWS RDS?

Improve this question

1 Answer 1

Reset to default
2

We contacted AWS Support about this issue. They made clear that AWS RDS does not (yet) support SSL for read replicas:

Unfortunately, RDS as of now does not support ssl_encryption for setting up external replication. There is a feature request in place for this, but we don't have an ETA for when this will be implemented: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/mysql_rds_set_external_master.html

Unfortunately, As of now the only option is to have VPN between your source and RDS to have an encrypted tunnel between the instances.

Improve this answer
2
  • 1
    for those encountering this page as a result of a google search in 2021... the mysql_rds_set_external_master procedure now supports a parameter for SSL that when set seems to be documented as being equivalent to "MASTER_SSL=1, MASTER_SSL_VERIFY_SERVER_CERT=0" Commented Jul 16, 2021 at 13:09
  • 1
    and now having tried this in real life, it does work. :) Commented Aug 13, 2021 at 16:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.