Jon Simpson
Recovering lost Amazon RDS master user login details
The management console for Amazon RDS allows you to reset the master user password for your database instance1 , but there are no options at present to discover or reset the username of the master user.
Since this is a configurable parameter when initialising the instance, rather than using MySQL’s default value of root
, it’s likely to be a custom value.
The RDS command line tools allow you to discover the username as part of listing the parameters for your DB instances. The easiest way to get access to them is via a started Amazon Linux instance, which contains all of the tools required. You will need to have the X509 cert and private key files for your account (and for simplicity, export the paths to them on your instance into your shell environment as EC2_CERT
and EC2_PRIVATE_KEY
respectively).
The command rds-describe-db-instances
will then allow you to list all of your RDS instances, although the tool defaults to the us-east-1
region. If your RDS instance is in another region, you need to supply a --region
parameter - in this example, I’m looking at my instances in the eu-west-1 region:
rds-describe-db-instances --region eu-west-1
The output of the command will contain the master user name, along with other parameters of your instance.
DBINSTANCE instance-name 2011-03-18T02:42:42.663Z db.m1.small mysql
5 master_user_name available instance-name.eu-west-1.rds.amazonaws.com
3306 eu-west-1a 8 n 5.1.57
SECGROUP backend active
PARAMGRP default.mysql5.1 in-sync
With Amazon’s pace of development, I have no doubt the Management Console will probably grow this capability before long, but for now it’s helpful to be able to recover the information.
-
Via the AWS Management Console, choose the instance you need to reset the password for, click ‘Modify’ then choose a new master password. If you don’t want to use the AWS Console, you can use the
rds-modify-db-instance
command (as per Amazon’s documentation for RDS) to reset it directly, given the AWS command line tools:
rds-modify-db-instance instance-name --master-user-password examplepassword
↩