Hi I think it is possible to rest Amazon rds password, I mean db password. Is it called master password. I mean RDS-PASAWORD. But any way to see current rds password. I searched internet for a long time and can't find a way to do it?
Asked
Active
Viewed 7.1k times
10
-
I typed your question into Google and found [this article](https://aws.amazon.com/premiumsupport/knowledge-center/reset-master-user-password-rds/) on the AWS website. Does it help? – Tim Jan 27 '19 at 08:17
2 Answers
11
With a standard RDS, you can't. For security reasons they set it up so that, if you lose the password, the only way to recover is to either guess what it was or to reset it. If this is done properly there is no way for anybody, even if they work for AWS, to know what password you had. This is normal for such systems.
N.B See the other answer for the exception in the case of Elastic Beanstalk.
-
1Then how I'm supposed to know the password if I select auto generate password when creating RDS? – Vedmant Jan 26 '23 at 22:20
-
@Vedmant normally AWS auto generated passwords turn up on screen just after they've been generated. You click a button to show and then you can copy the password from there. – Michael Mar 10 '23 at 23:22
1
In reality you can. Works in beanstalk environments.
<?php
echo $_SERVER["RDS_PASSWORD"];
die();
Of course you can always just email it to yourself instead of echoing it out on the page.
user596657
- 11
- 1
-
4This is only valid for special use cases where you're using an RDS instance directly configured from EB. In this case, RDS will automatically set some environment variables in the EB environment. – Xen_mar Feb 12 '21 at 08:47
-
BTW, validated from here - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html - that this is the actual database master password. I find that "surprising" and slightly in opposition to Amazons standard ways of doing security (I won't call it a "vulnerability" without clear further evidence) – Michael Dec 08 '22 at 22:31