Bug #74839 Connection problem when monitoring AWS RDS MySQL
Submitted: 13 Nov 2014 16:01 Modified: 11 Feb 2015 12:37
Reporter: Eduardo Legatti Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Enterprise Monitor Severity:S1 (Critical)
Version:3.0.15 OS:Linux
Assigned to: CPU Architecture:Any
Tags: aws, RDS

[13 Nov 2014 16:01] Eduardo Legatti
Description:
I’m trying to monitoring a MySQL RDS Instance (MySQL version is 5.5.40-log) on AWS using the MySQL Enterprise Monitor 3.0.15, but the the message below shows after finishing the configuration.

"Access denied; you need (at least one of) the SUPER privilege(s) for this operation"

I'm using the "root" user. I noticed that AWS RDS instance don't permit that we grant the "SUPER" privilege to anyone.

Below are my connection settings.

Connect Using: TCP/IP
Instance Address: xxxx.rds.amazonaws.com
Port: 3306
Admin User: root
Admin Password: ********
Auto-Create Less Privileged Users: No
General User: I let this field blank
General Password: I let this field blank
Limited User: I let this field blank
Limited Password: I let this field blank

In fact, I followed the steps provided by the page below:

http://dev.mysql.com/doc/mysql-monitor/3.0/en/mem-install-agent-cloud.html

 * Do not configure MySQL Enterprise Monitor to auto-create the less privileged Limited and General accounts, and instead use the Admin account for all monitoring.

 * This is set in the Connection Settings tab when adding (or editing) a MySQL instance to be monitored. This Auto-Create Less Privileged Users setting defaults to Yes, so toggle it to No.

 * Also under Connection Settings is the Instance Address parameter. Set this to your endpoint, which is the entry point for your MySQL Server web service.

 * Change the inventory table schema for MySQL Enterprise Monitor Agent from "mysql" to an alternative (and existing) schema.

Is it a bug?

Thanks

Legatti

How to repeat:
Connecting to a AWS RDS MySQL 5.5.40
[11 Feb 2015 10:49] Roger Nay
SUPER privileges are required for some operations.
http://dev.mysql.com/doc/mysql-monitor/3.0/en/mem-agent-rights.html

You may find just limited monitoring if SUPER is not available, but from your description it seems like there is no monitoring at all.

Amazon doesn't give SUPER privileges.
https://forums.aws.amazon.com/message.jspa?messageID=150283

Changes to the documentation? or possible to get the required information in another way or allow some monitoring without even SUPER privileges?
[11 Feb 2015 12:37] Eduardo Legatti
Hello,

Few weeks ago I upgraded de MySQL RDS from version 5.5.40-log to 5.6.19a-log and after the upgrade, MySQL Enterprise Monitor Connected without problem.

Thanks

Eduardo Legatti