The Amazon RDS service allows you to reset your database instance master user password using their API. In this guide, I’ll walk you through the steps to reset RDS Master User Password. If you don’t remember your AWS RDS instance master username, it is possible to retrieve it using RDS web interface or AWS CLI Tools.
How to Reset RDS Master Password on AWS Console
Login to your AWS console and navigate to:
Amazon RDS > Databases > DBName > Modify
Under “Modify” section, scroll down until you see “New master password“.
Input the new RDS master password click “Continue” at the end of the page.
Select when to apply modifications – Choose “Apply Immediately” for instant changes application.
How to Reset RDS Master User Password on AWS from CLI
There are two pre-requisites for resetting RDS Master User Password on AWS:
- Configured and running RDS instance
- Installed AWS CLI tools
If you don’t have AWS CLI tools on your Workstation, install them using our guide below:
Once the tools are installed and configured, proceed to reset RDS Master User Password using steps given in the next sections.
Step 1: Get RDS DB instance details
If you don’t have RDS master user, you can pull the instance details to get the username. For this, you’ll use the
describe-db-instances returns information about provisioned RDS instances.
$ aws rds describe-db-instances --region awsregionname e.g $ aws rds describe-db-instances --region eu-west-1
The command above will list of DB instances in RDS. If you have the name of your DB instance, provide the name to filter your output.
aws rds describe-db-instances --db-instance-identifier instance-name
From the output, there is a section showing instance Master User, AZ, Endpoint e.t.c.
"DBInstances": [ "DBInstanceIdentifier": "instance-name", "DBInstanceClass": "db.t2.2xlarge", "Engine": "mysql", "DBInstanceStatus": "available", "MasterUsername": "dbadmin", "DBName": "AppsDB", "Endpoint": "Address": "instance-name.cyo4n0yz0isg.eu-west-1.rds.amazonaws.com", "Port": 3306, "HostedZoneId": "Z29XKXAKYMONMX" , ..... "AvailabilityZone": "eu-west-1a", ....... ]
Step 2: Reset RDS DB Master User Password
To reset/change RDS Master UserPassword, you’ll use the
modify-db-instance: This parameter is used to modify RDS DB instance settings. With this command, you can change one or more database configuration parameters by specifying these parameters and the new values in the request.
Supported Options are:
--db-instance-identifier (string): - The DB instance identifier. This value is stored as a lowercase string - Must match the identifier of an existing DBInstance. --master-user-password (string): - The new password for the master user. The password can include any printable ASCII character except "/", """, or "@". - Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible - Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response. --apply-immediately: - Specifies whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible.
See example below:
aws rds modify-db-instance --db-instance-identifier instancename \ --master-user-password NEWPASSWORD --apply-immediately
You should see
PendingModifiedValues of Password change on the output cleared after few minutes.
................... "PreferredMaintenanceWindow": "tue:04:34-tue:05:04", "PendingModifiedValues": , "LatestRestorableTime": "2018-11-29T08:05:00Z", ....................
$ mysql -u
-p -h Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5717 Server version: 5.6.40-log Source distribution Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
Now that we have confirmed the new master user password to be working, it means our RDS instance master user password reset was successful.