How to Migrate MySQL to Amazon RDS Without SUPER Privileges: Resolving Common Import Errors


2 views

When migrating from self-managed MySQL on EC2 to Amazon RDS, one of the most frequent roadblocks is the SUPER privilege requirement during import. The fundamental issue stems from RDS's managed service model where certain administrative privileges are intentionally restricted for security reasons.

The mysqldump output typically contains several elements that require SUPER privileges:

1. CHANGE MASTER TO statements (for replication setup)
2. DEFINER clauses in views/routines
3. SQL SECURITY DEFINER declarations
4. Specific storage engine requirements

Instead of manually editing the dump file, you can generate a more RDS-compatible dump from the start:

mysqldump --routines --triggers --single-transaction \
--set-gtid-purged=OFF \
--ignore-table=mysql.rds_replication_status \
--ignore-table=mysql.rds_history \
--skip-triggers \
--master-data=2 \
--databases db1 db2 | \
sed -e 's/DEFINER[ ]*=[ ]*[^*]*\*/\*/' \
-e 's/DEFINER[ ]*=[ ]*[^*]*PROCEDURE/PROCEDURE/' \
-e 's/DEFINER[ ]*=[ ]*[^*]*FUNCTION/FUNCTION/' \
> rds_clean_dump.sql

For large databases, consider these automated approaches:

# Remove DEFINER clauses systematically
perl -pe 's/\sDEFINER=[^]+@[^]+//' original_dump.sql > clean_dump.sql

# Alternative using awk for view definitions
awk '{
  if ($0 ~ /CREATE.*VIEW/) {
    gsub(/DEFINER=[^]*@[^]*/, "", $0);
    gsub(/SQL SECURITY DEFINER/, "", $0);
  }
  print
}' original_dump.sql > views_clean.sql

After importing the cleaned dump, you'll need to set up replication separately using RDS-specific commands:

CALL mysql.rds_set_external_master (
  'source-ec2-instance',
  3306,
  'repl_user',
  'repl_password',
  'mysql-bin.000002',
  106,
  0
);

CALL mysql.rds_start_replication;

For complex migrations, consider these AWS-native solutions:

1. AWS Database Migration Service (DMS)
2. AWS Schema Conversion Tool
3. AWS Backup service for point-in-time recovery

# Example DMS task configuration
{
  "TargetMetadata": {
    "TargetSchema": "",
    "SupportLobs": true,
    "FullLobMode": false,
    "LobChunkSize": 64,
    "LimitedSizeLobMode": true,
    "LobMaxSize": 32,
    "InlineLobMaxSize": 0
  }
}

When dealing with routines that require special privileges, you may need to:

DELIMITER //
CREATE PROCEDURE admin_operation()
BEGIN
  -- Procedure body without privileged operations
END //
DELIMITER ;

-- After creation, grant execute to specific roles
GRANT EXECUTE ON PROCEDURE db.admin_operation TO 'app_user'@'%';

When migrating from self-managed MySQL servers to Amazon RDS, one of the first roadblocks developers encounter is the lack of SUPER privileges. RDS intentionally restricts this powerful permission for security reasons, which causes problems during database imports.

The migration process typically fails on two specific types of operations:

1. CHANGE MASTER commands in binary log positions
2. DEFINER clauses in views and stored procedures

Instead of manually editing dump files, use these mysqldump parameters to generate RDS-ready exports:

mysqldump \
--skip-lock-tables \
--single-transaction \
--routines \
--triggers \
--no-tablespaces \
--set-gtid-purged=OFF \
--master-data=2 \
--skip-definer \
--databases your_database \
> rds_ready_dump.sql

--skip-definer: Removes DEFINER clauses from stored procedures and views
--master-data=2: Comments out the CHANGE MASTER statement rather than including it as executable code
--set-gtid-purged=OFF: Avoids GTID-related privileges issues

After importing your sanitized dump, you'll need to set up replication separately using RDS-specific procedures:

CALL mysql.rds_set_external_master (
  'source_host',
  3306,
  'repl_user',
  'password',
  'mysql-bin.000002',
  106,
  0
);

CALL mysql.rds_start_replication;

For large databases with many views and procedures, consider this sed command to batch process your dump file:

sed -e 's/DEFINER[ ]*=[ ]*[^*]*\*/\*/' \
    -e 's/ALTER DEFINER.*//' \
    -e 's/CREATE ALGORITHM=UNDEFINED/CREATE/' \
    original_dump.sql > cleaned_dump.sql

For complex migrations, consider using AWS Database Migration Service (DMS) which handles these privilege issues automatically, or Percona XtraBackup for physical backups that can be restored to RDS for MySQL.

When views fail to import due to DEFINER issues, here's how to reconstruct them:

-- Original failing view definition
/*!50001 CREATE ALGORITHM=UNDEFINED */
/*!50013 DEFINER=dev@localhost SQL SECURITY DEFINER */
/*!50001 VIEW example_view AS select * from table */

-- RDS-compatible version
CREATE VIEW example_view AS 
SELECT * FROM table;