The Amazon RDS service allows you to reset your database instance master user password using their API. In this guide, I’ll walk you through the steps to reset RDS Master User Password. If you don’t remember your AWS RDS instance master username, it is possible to retrieve it using RDS web interface or AWS CLI Tools.

How to Reset RDS Master Password on AWS Console

Login to your AWS console and navigate to:

Amazon RDS > Databases > DBName > Modify
Reset RDS Master Password console

Under “Modify” section, scroll down until you see “New master password“.

Reset RDS Master Password console 02

Input the new RDS master password click “Continue” at the end of the page.

Reset RDS Master Password console 03

Select when to apply modifications – Choose “Apply Immediately” for instant changes application.

Reset RDS Master Password console 04

How to Reset RDS Master User Password on AWS from CLI

There are two pre-requisites for resetting RDS Master User Password on AWS:

  1. Configured and running RDS instance
  2. Installed AWS CLI tools

If you don’t have AWS CLI tools on your Workstation, install them using our guide below:

How to Install and Use AWS CLI on Linux – Ubuntu / Debian / CentOS

Once the tools are installed and configured, proceed to reset RDS Master User Password using steps given in the next sections.

Step 1: Get RDS DB instance details

If you don’t have RDS master user, you can pull the instance details to get the username. For this, you’ll use the aws modify-db-instancecommand.

The parameterdescribe-db-instances returns information about provisioned RDS instances.


$ aws rds describe-db-instances --region awsregionname
$ aws rds describe-db-instances --region eu-west-1

The command above will list of DB instances in RDS. If you have the name of your DB instance, provide the name to filter your output.

aws rds describe-db-instances --db-instance-identifier instance-name

From the output, there is a section showing instance Master User, AZ, Endpoint e.t.c.

    "DBInstances": [
            "DBInstanceIdentifier": "instance-name",
            "DBInstanceClass": "db.t2.2xlarge",
            "Engine": "mysql",
            "DBInstanceStatus": "available",
            "MasterUsername": "dbadmin",
            "DBName": "AppsDB",
            "Endpoint": {
                "Address": "",
                "Port": 3306,
                "HostedZoneId": "Z29XKXAKYMONMX"
            "AvailabilityZone": "eu-west-1a",

Step 2:  Reset RDS DB Master User Password

To reset/change RDS Master UserPassword, you’ll use the modify-db-instanceparameter.

modify-db-instance: This parameter is used to modify RDS DB instance settings. With this command, you can change one or more database configuration parameters by specifying these parameters and the new values in the request.

Supported Options are:

--db-instance-identifier (string):
   - The DB instance identifier. This value is stored as a lowercase string
   - Must match the identifier of an existing DBInstance.

--master-user-password (string):
  - The new password for the master user. The password can include any printable ASCII character except "/", """, or "@".
  - Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible
  - Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

- Specifies whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible.

See example below:

aws rds modify-db-instance --db-instance-identifier instancename \
--master-user-password NEWPASSWORD --apply-immediately

You should see PendingModifiedValues of Password change on the output cleared after few minutes.

"PreferredMaintenanceWindow": "tue:04:34-tue:05:04",
            "PendingModifiedValues": {},
            "LatestRestorableTime": "2018-11-29T08:05:00Z",

Test connection:

$ mysql -u <MasterUsername>  -p  -h <EndpointAddress>
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5717
Server version: 5.6.40-log Source distribution

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


Now that we have confirmed the new master user password to be working, it means our RDS instance master user password reset was successful.

AWS Recommended courses:

Other AWS articles available in our blog are:

How to reset / change IAM user password on AWS

How to extend EBS boot disk on AWS without an instance reboot

Create AWS S3 Upload and List Objects Policy without Delete Action

How to Configure Cpanel Backups to S3 Object Store

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here