How to Reset RDS Master User Password on AWS

Posted on 377 views

The Amazon RDS service allows you to reset your database instance master user password using their API. In this guide, I’ll walk you through the steps to reset RDS Master User Password. If you don’t remember your AWS RDS instance master username, it is possible to retrieve it using RDS web interface or AWS CLI Tools.

How to Reset RDS Master Password on AWS Console

Login to your AWS console and navigate to:

Amazon RDS > Databases > DBName > Modify


Under “Modify” section, scroll down until you see “New master password“.


Input the new RDS master password click “Continue” at the end of the page.

Select when to apply modifications – Choose “Apply Immediately” for instant changes application.


How to Reset RDS Master User Password on AWS from CLI

There are two pre-requisites for resetting RDS Master User Password on AWS:

  1. Configured and running RDS instance
  2. Installed AWS CLI tools

If you don’t have AWS CLI tools on your Workstation, install them using our guide below:

How to Install and Use AWS CLI on Linux – Ubuntu / Debian / CentOS

Once the tools are installed and configured, proceed to reset RDS Master User Password using steps given in the next sections.

Step 1: Get RDS DB instance details

If you don’t have RDS master user, you can pull the instance details to get the username. For this, you’ll use the aws modify-db-instancecommand.

The parameterdescribe-db-instances returns information about provisioned RDS instances.


$ aws rds describe-db-instances --region awsregionname
$ aws rds describe-db-instances --region eu-west-1

The command above will list of DB instances in RDS. If you have the name of your DB instance, provide the name to filter your output.

aws rds describe-db-instances --db-instance-identifier instance-name

From the output, there is a section showing instance Master User, AZ, Endpoint e.t.c.

    "DBInstances": [
            "DBInstanceIdentifier": "instance-name",
            "DBInstanceClass": "db.t2.2xlarge",
            "Engine": "mysql",
            "DBInstanceStatus": "available",
            "MasterUsername": "dbadmin",
            "DBName": "AppsDB",
                "Address": "",
                "Port": 3306,
                "HostedZoneId": "Z29XKXAKYMONMX"
            "AvailabilityZone": "eu-west-1a",

Step 2:  Reset RDS DB Master User Password

To reset/change RDS Master UserPassword, you’ll use the modify-db-instanceparameter.

modify-db-instance: This parameter is used to modify RDS DB instance settings. With this command, you can change one or more database configuration parameters by specifying these parameters and the new values in the request.

Supported Options are:

--db-instance-identifier (string):
   - The DB instance identifier. This value is stored as a lowercase string
   - Must match the identifier of an existing DBInstance.

--master-user-password (string):
  - The new password for the master user. The password can include any printable ASCII character except "/", """, or "@".
  - Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible
  - Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

- Specifies whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible.

See example below:

aws rds modify-db-instance --db-instance-identifier instancename \
--master-user-password NEWPASSWORD --apply-immediately

You should see PendingModifiedValues of Password change on the output cleared after few minutes.

"PreferredMaintenanceWindow": "tue:04:34-tue:05:04",
            "PendingModifiedValues": ,
            "LatestRestorableTime": "2018-11-29T08:05:00Z",

Test connection:

$ mysql -u   -p  -h 
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5717
Server version: 5.6.40-log Source distribution

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


Now that we have confirmed the new master user password to be working, it means our RDS instance master user password reset was successful.


Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.