Hello,
I use AWS Aurora rds service for postgresql.
Aurora has 2 DB instances (host addresses) for the same db; 1 for RW and 1 RO.
In Vault I create role&connection for RW instance and don’t have any issues. I use dynamic credentials config.
The RO DB Instance doesn’t let Vault’s use “creation_statements” because of its nature.
/ $ vault read database/creds/backend-finance-readonly
Error reading database/creds/backend-finance-readonly: Error making API request.
URL: GET https://127.0.0.1:8200/v1/database/creds/backend-finance-readonly
Code: 500. Errors:
* 1 error occurred:
* failed to execute query: ERROR: cannot execute CREATE ROLE in a read-only transaction (SQLSTATE 25006)
/ $
How can I use dynamically created credentials by RW connection with RO Instance connection?
Thanks & Regards