I use AWS Aurora rds service for postgresql.
Aurora has 2 DB instances (host addresses) for the same db; 1 for RW and 1 RO.
In Vault I create role&connection for RW instance and don’t have any issues. I use dynamic credentials config.
The RO DB Instance doesn’t let Vault’s use “creation_statements” because of its nature.
/ $ vault read database/creds/backend-finance-readonly Error reading database/creds/backend-finance-readonly: Error making API request. URL: GET https://127.0.0.1:8200/v1/database/creds/backend-finance-readonly Code: 500. Errors: * 1 error occurred: * failed to execute query: ERROR: cannot execute CREATE ROLE in a read-only transaction (SQLSTATE 25006) / $
How can I use dynamically created credentials by RW connection with RO Instance connection?
Thanks & Regards