3
votes

I am in the process of migrating my current production applications to Amazon Web Services Cloud.

I am migrating my MySQL database to MySQL RDS DB service for my production applications. In order to save cost, I am planning to use shared RDS db for some of the applications that are not that much critical.

I have certain queries:

  1. If I create an RDS instance to be shared among 4 applications, than will there be any possibility that some other user of one database can n check out the other databases.

  2. what are the security issues that I need to take care while doing this.

  3. Can I create and grant admin rights (import/export/create) to other user using the user/password that I created while creating RDS DB.

Any lead is highly appreciated.

1

1 Answers

2
votes
  1. This entirely depends on your permissions granted and is completely within your control.

  2. If you're looking for complete separations between your applications, you just need to make sure you:

    1. Create as many users as you have applications.
    2. Create as many databases as you have applications.
    3. Grant permission to each user only on the database corresponding to that particular application. You can do this by using your root account to issue a command in the console as follows -

GRANT ALL PRIVILEGES ON applicationdb1.* TO 'appuser1'@'%' WITH GRANT OPTION;

GRANT ALL PRIVILEGES ON applicationdb2.* TO 'appuser2'@'%' WITH GRANT OPTION;

GRANT ALL PRIVILEGES ON applicationdb3.* TO 'appuser3'@'%' WITH GRANT OPTION;

GRANT ALL PRIVILEGES ON applicationdb4.* TO 'appuser4'@'%' WITH GRANT OPTION;

This makes sure appuer1 can only access the tables in applicationdb1 and so on.

Lastly, as a root user, you can grant similar permissions to your individual users as you see fit.