Jon Simpson

Recovering lost Amazon RDS master user login details

18 Aug 2011 — aws, rds, masteruser, mysql

The management console for Amazon RDS allows you to reset the master user password for your database instance1 , but there are no options at present to discover or reset the username of the master user. Since this is a configurable parameter when initialising the instance, rather than using MySQL’s default value of root, it’s likely to be a custom value.

The RDS command line tools allow you to discover the username as part of listing the parameters for your DB instances. The easiest way to get access to them is via a started Amazon Linux instance, which contains all of the tools required. You will need to have the X509 cert and private key files for your account (and for simplicity, export the paths to them on your instance into your shell environment as EC2_CERT and EC2_PRIVATE_KEY respectively).

The command rds-describe-db-instances will then allow you to list all of your RDS instances, although the tool defaults to the us-east-1 region. If your RDS instance is in another region, you need to supply a --region parameter - in this example, I’m looking at my instances in the eu-west-1 region:

rds-describe-db-instances --region eu-west-1

The output of the command will contain the master user name, along with other parameters of your instance.

DBINSTANCE  instance-name   2011-03-18T02:42:42.663Z  db.m1.small  mysql
  5  master_user_name  available
  3306  eu-west-1a  8  n  5.1.57
  SECGROUP  backend  active
  PARAMGRP  default.mysql5.1  in-sync

With Amazon’s pace of development, I have no doubt the Management Console will probably grow this capability before long, but for now it’s helpful to be able to recover the information.

  1. Via the AWS Management Console, choose the instance you need to reset the password for, click ‘Modify’ then choose a new master password. If you don’t want to use the AWS Console, you can use the rds-modify-db-instance command (as per Amazon’s documentation for RDS) to reset it directly, given the AWS command line tools:
    rds-modify-db-instance instance-name --master-user-password examplepassword