View a markdown version of this page

Comparing Aurora MySQL version 8.4 and MySQL 8.4 Community Edition - Amazon Aurora
AuthenticationReserved usersrds_superuser_rolePassword validation component support in Aurora MySQL version 8.4Parameter default changes

Comparing Aurora MySQL version 8.4 and MySQL 8.4 Community Edition

This topic describes the differences between Aurora MySQL version 8.4 and MySQL 8.4 Community Edition.

Authentication

Aurora MySQL version 8.4 only supports the following values for the authentication_policy parameter:

  • *:caching_sha2_password (Default value. Allows any single factor authentication plugin, using caching_sha2_password if none is specified)

  • *:mysql_native_password (Allows any single factor authentication plugin, using mysql_native_password if none is specified)

Note

Multi-factor authentication configurations are not supported in Aurora MySQL.

Reserved users

Aurora MySQL reserves certain usernames for internal features. These usernames cannot be used for your database user accounts. For more information, see Reserved users in Aurora MySQL.

Starting in Aurora MySQL version 8.4.7, the engine protects rdsproxyadmin because it is the monitoring user for RDS Proxy. Aurora creates the rdsproxyadmin account automatically when you register a proxy target. For details about the rejected operations and error output, see Reserved users in Aurora MySQL.

rds_superuser_role

Aurora MySQL version 8.4 includes a special role that has all the following privileges. This role is named rds_superuser_role. The master user for each cluster already has this role granted. The rds_superuser_role role includes the following privileges for all database objects:

  • ALTER

  • ALLOW_NONEXISTENT_DEFINER

  • APPLICATION_PASSWORD_ADMIN

  • ALTER ROUTINE

  • CONNECTION_ADMIN

  • CREATE

  • CREATE ROLE

  • CREATE ROUTINE

  • CREATE TEMPORARY TABLES

  • CREATE USER

  • CREATE VIEW

  • DELETE

  • DROP

  • DROP ROLE

  • EVENT

  • EXECUTE

  • FLUSH_OPTIMIZER_COSTS

  • FLUSH_PRIVILEGES

  • FLUSH_STATUS

  • FLUSH_TABLES

  • FLUSH_USER_RESOURCES

  • INDEX

  • INSERT

  • LOCK TABLES

  • OPTIMIZE_LOCAL_TABLE

  • PROCESS

  • REFERENCES

  • RELOAD

  • REPLICATION CLIENT

  • REPLICATION SLAVE

  • ROLE_ADMIN

  • SELECT

  • SET_ANY_DEFINER

  • SHOW DATABASES

  • SHOW_ROUTINE

  • SHOW VIEW

  • TRIGGER

  • UPDATE

  • XA_RECOVER_ADMIN

Password validation component support in Aurora MySQL version 8.4

  • The validate_password component is supported, including its customizations. The component is managed through the database parameter aurora_enable_validate_password_component instead of INSTALL COMPONENT and UNINSTALL COMPONENT commands.

  • The validate_password plugin is partially supported to allow migration to the component.

For more information, see Password policies and Password validation in Aurora MySQL.

Parameter default changes

temptable_max_mmap

In MySQL 8.4 Community Edition, the default value of temptable_max_mmap is 0, which disables memory-mapped temporary tables.

Aurora MySQL version 8.4.7 and higher overrides this default. Aurora sets temptable_max_mmap to a value calculated from the cluster's allocated storage, using the following formula:

LEAST(4294967296, {AllocatedStorage*3/100})

This sets the default to 3% of allocated storage, capped at a maximum of 4 GiB. Memory-mapped temporary tables remain enabled by default in Aurora MySQL version 8.4.7 and higher, in contrast to community MySQL 8.4.

For the parameter reference entry, see Aurora MySQL configuration parameters.