Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I reset the master user password for my Amazon RDS DB instance?
I want to reset the master user password for my Amazon Relational Database Service (Amazon RDS) DB instance.
Resolution
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
To change the master user password for your RDS DB instance, use the Amazon Aurora and RDS console, the AWS CLI, or the Amazon RDS API. You can use a previous password or a new password.
For Amazon Aurora DB clusters, reset the password for any DB instance in the cluster with a Writer or Reader role.
Note: When you reset the password, Amazon RDS doesn't drop existing connections. However, when you reconnect, you must provide the updated password.
During the password reset your DB instance Status changes to resetting-master-credentials on the Aurora and RDS console. When the modification completes, the Status changes to Available.
Aurora and RDS console
To modify the master user password of your DB instance, complete the following steps:
- Open the Aurora and RDS console.
- In the navigation pane, choose Databases.
- Select your RDS DB instance, and then choose Modify.
Note: For Aurora DB clusters, expand the cluster, and then select the instance that you want to modify. Then, choose Modify. - For Master password, enter the new password that you want to use.
- For Confirm master password, enter the new password.
- Choose Continue, and then choose Modify DB instance.
Note: The password change is asynchronous and applies as soon as possible. This change ignores the Apply immediately setting.
AWS CLI
To modify the password, run the modify-db-instance command:
aws rds modify-db-instance --db-instance-identifier example-db-id --apply-immediately --master-user-password example-new-password
Note: Replace example-db-id with your DB instance ID and example-new-password with the new password.
For an Aurora DB cluster, run the modify-db-cluster command:
aws rds modify-db-cluster --db-cluster-identifier example-cluster-id --apply-immediately --master-user-password example-new-password
Note: Replace example-cluster-id with your Aurora cluster ID and example-new-password with the new password.
Amazon RDS API
You can also use the Amazon RDS API to change the master user password. For RDS DB instances, use the ModifyDBInstance API call. For Aurora DB cluster instances, use the ModifyDBCluster API call.
Note: When you reset the master password, you also reset the master user permissions to default. If the master user loses their permissions, then sign in with the new password and restore any revoked permissions.
Related information
Parameter groups for Amazon RDS
Resetting the db_owner role membership for master user for Amazon RDS for SQL Server
- Language
- English
What about if I forgot the name of the root user as well?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Something to note is if you are managing secretes in Secret Manager, you will need to select the checkbox that states Rotate Secret Immediately.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Hi AWS Offcial, I have an issue about change rds admin password.
When I restored a database from different rds server use s3 bucket (rds_restore_database), everything is fine,
but I didn't have privileges to connect the database has restored, so I modified the rds instance admin's password,
and now I can connect in to the restored database, but when I need to restore the new database using origin restored database's bak,
something wrong happened, the restore goes to 100 percent processed, and the task throw error:
Cannot remap user to login 'admin', because the login is already mapped to a user in the database. Changed database context to 'master'.
So I checked my sys.database_principals table, there is a new 'admin1' users has been created.
Is there any solution can suggest me ?
Thanks.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Thank you for the documentation. Please could you elaborate on the note: "In some cases, your RDS admin user might lose their privileges." When and why would the privileges be lost? This has happened to our resources without doing any modification on the database and I worry it may happen again if we don't understand the cause of the change to prevent it. Resetting the password did solve it, but it does not seem enough to have a robust DB provision. We are using Aurora Serverless, in case that helps.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I think aurora serverless does drop existing connections. Can you verify "Amazon RDS doesn't drop existing connections" part?
Relevant content
- asked 3 years ago
- asked 2 years ago
- asked 2 years ago
