amazon rds – What Strategies are most advisable for managing users and their privileges in an AWS RDS Database?

Whenever a new database is created, best practices dictate that we should deploy alongside with it several users for several different activities. For example, a typical (at least to me) arrangement would sport at least these 6 database users:

  • an administrative super-user (traditionally, root) will be automatically created by RDS;
  • between one and three users should be created for the application:
    • a read-write,
    • a read-only,
    • a schema-owner user with grants to run DDL statements;
  • a user for monitoring data collection;
  • a role-user that will be used by developers when authenticating through IAM credentials into the database.

As you can see, there is a fair amount of database users that have to be present and managed in the database.

What strategies and best practices would you recommend I use to address user management of my databases across a relatively large fleet of database servers?