Bug #74839 Connection problem when monitoring AWS RDS MySQL
Submitted: 13 Nov 2014 16:01 Modified: 21 Jan 2021 11:45
Reporter: Eduardo Legatti Email Updates:
Status: Closed Impact on me:
Category:MySQL Enterprise Monitor Severity:S1 (Critical)
Version:3.0.15 OS:Linux
Assigned to: CPU Architecture:Any
Tags: aws, RDS

[13 Nov 2014 16:01] Eduardo Legatti
I’m trying to monitoring a MySQL RDS Instance (MySQL version is 5.5.40-log) on AWS using the MySQL Enterprise Monitor 3.0.15, but the the message below shows after finishing the configuration.

"Access denied; you need (at least one of) the SUPER privilege(s) for this operation"

I'm using the "root" user. I noticed that AWS RDS instance don't permit that we grant the "SUPER" privilege to anyone.

Below are my connection settings.

Connect Using: TCP/IP
Instance Address: xxxx.rds.amazonaws.com
Port: 3306
Admin User: root
Admin Password: ********
Auto-Create Less Privileged Users: No
General User: I let this field blank
General Password: I let this field blank
Limited User: I let this field blank
Limited Password: I let this field blank

In fact, I followed the steps provided by the page below:


 * Do not configure MySQL Enterprise Monitor to auto-create the less privileged Limited and General accounts, and instead use the Admin account for all monitoring.

 * This is set in the Connection Settings tab when adding (or editing) a MySQL instance to be monitored. This Auto-Create Less Privileged Users setting defaults to Yes, so toggle it to No.

 * Also under Connection Settings is the Instance Address parameter. Set this to your endpoint, which is the entry point for your MySQL Server web service.

 * Change the inventory table schema for MySQL Enterprise Monitor Agent from "mysql" to an alternative (and existing) schema.

Is it a bug?



How to repeat:
Connecting to a AWS RDS MySQL 5.5.40
[11 Feb 2015 10:49] MySQL Verification Team
SUPER privileges are required for some operations.

You may find just limited monitoring if SUPER is not available, but from your description it seems like there is no monitoring at all.

Amazon doesn't give SUPER privileges.

Changes to the documentation? or possible to get the required information in another way or allow some monitoring without even SUPER privileges?
[11 Feb 2015 12:37] Eduardo Legatti

Few weeks ago I upgraded de MySQL RDS from version 5.5.40-log to 5.6.19a-log and after the upgrade, MySQL Enterprise Monitor Connected without problem.


Eduardo Legatti
[22 Sep 2023 11:08] Stefan Heisl
Hey Legatti,

I've encountered a similar issue when monitoring AWS RDS MySQL instances with the MySQL Enterprise Monitor, and I can certainly relate to your frustration. The error message you're seeing, "Access denied; you need (at least one of) the SUPER privilege(s) for this operation," is indeed related to the privileges associated with the "root" user on RDS instances.

You're on the right track by not granting the "SUPER" privilege, as RDS doesn't allow it for security reasons. The problem here may not necessarily be a bug, but rather a configuration issue.

To resolve this, make sure you've configured the "Auto-Create Less Privileged Users" setting to "No" as you've mentioned. Also, double-check that the MySQL Enterprise Monitor Agent's schema is set to an existing schema, not "MySQL." You can find instructions on how to do this here: https://ink361.com/business/aws-vs-azure/

If you've followed all the steps in the documentation you linked to, it's worth checking if there are any IAM (Identity and Access Management) roles or policies restricting your access to RDS.

Lastly, make sure you've entered the correct endpoint (Instance Address) and port (3306). Sometimes, a simple typo can lead to access issues.

I hope this helps you troubleshoot your problem and get your MySQL monitoring up and running smoothly.