Friday, December 27, 2024
Google search engine
HomeData Modelling & AIHow to Reset RDS Master User Password on AWS

How to Reset RDS Master User Password on AWS

The Amazon RDS service allows you to reset your database instance master user password using their API. In this guide, I’ll walk you through the steps to reset RDS Master User Password. If you don’t remember your AWS RDS instance master username, it is possible to retrieve it using RDS web interface or AWS CLI Tools.

How to Reset RDS Master Password on AWS Console

Login to your AWS console and navigate to:

Amazon RDS > Databases > DBName > Modify
Reset RDS Master Password console

Under “Modify” section, scroll down until you see “New master password“.

Reset RDS Master Password console 02

Input the new RDS master password click “Continue” at the end of the page.

Reset RDS Master Password console 03

Select when to apply modifications – Choose “Apply Immediately” for instant changes application.

Reset RDS Master Password console 04

How to Reset RDS Master User Password on AWS from CLI

There are two pre-requisites for resetting RDS Master User Password on AWS:

  1. Configured and running RDS instance
  2. Installed AWS CLI tools

If you don’t have AWS CLI tools on your Workstation, install them using our guide below:

Once the tools are installed and configured, proceed to reset RDS Master User Password using steps given in the next sections.

Step 1: Get RDS DB instance details

If you don’t have RDS master user, you can pull the instance details to get the username. For this, you’ll use the aws modify-db-instancecommand.

The parameterdescribe-db-instances returns information about provisioned RDS instances.

Usage:

$ aws rds describe-db-instances --region awsregionname
e.g
$ aws rds describe-db-instances --region eu-west-1

The command above will list of DB instances in RDS. If you have the name of your DB instance, provide the name to filter your output.

aws rds describe-db-instances --db-instance-identifier instance-name

From the output, there is a section showing instance Master User, AZ, Endpoint e.t.c.

{
    "DBInstances": [
        {
            "DBInstanceIdentifier": "instance-name",
            "DBInstanceClass": "db.t2.2xlarge",
            "Engine": "mysql",
            "DBInstanceStatus": "available",
            "MasterUsername": "dbadmin",
            "DBName": "AppsDB",
            "Endpoint": {
                "Address": "instance-name.cyo4n0yz0isg.eu-west-1.rds.amazonaws.com",
                "Port": 3306,
                "HostedZoneId": "Z29XKXAKYMONMX"
            },
            .....
            "AvailabilityZone": "eu-west-1a",
            .......
        }
    ]
}

Step 2:  Reset RDS DB Master User Password

To reset/change RDS Master UserPassword, you’ll use the modify-db-instanceparameter.

modify-db-instance: This parameter is used to modify RDS DB instance settings. With this command, you can change one or more database configuration parameters by specifying these parameters and the new values in the request.

Supported Options are:

--db-instance-identifier (string):
   - The DB instance identifier. This value is stored as a lowercase string
   - Must match the identifier of an existing DBInstance.

--master-user-password (string):
  - The new password for the master user. The password can include any printable ASCII character except "/", """, or "@".
  - Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible
  - Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

--apply-immediately:
- Specifies whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible.

See example below:

aws rds modify-db-instance --db-instance-identifier instancename \
--master-user-password NEWPASSWORD --apply-immediately

You should see PendingModifiedValues of Password change on the output cleared after few minutes.

...................
"PreferredMaintenanceWindow": "tue:04:34-tue:05:04",
            "PendingModifiedValues": {},
            "LatestRestorableTime": "2018-11-29T08:05:00Z",
....................

Test connection:

$ mysql -u <MasterUsername>  -p  -h <EndpointAddress>
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5717
Server version: 5.6.40-log Source distribution

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Recommended books:

Now that we have confirmed the new master user password to be working, it means our RDS instance master user password reset was successful.

Other AWS articles available in our blog are:

RELATED ARTICLES

Most Popular

Recent Comments