Sudden RDS "[Note] Access denied for user 'root'@'xxx.xxx.xxx.xxx' (using password: YES)"

Question

2022-09-07T03:13:15.528272Z 4105348 [Note] Access denied for user 'root'@'xxx' (using password: YES)
2022-09-07T03:13:15.555529Z 4105349 [Note] Access denied for user 'root'@'xxx' (using password: YES)
2022-09-07T03:13:15.559440Z 4105350 [Note] Access denied for user 'root'@'xxx' (using password: YES)

Suddenly, the password of the RDS was wrong as above, so access was not possible.

- Was not in AWS maintenance
- We're not working on anything
- We didn't change the password
- Monitoring figures were not unusual

Access is possible after resetting the maste* password.
I've never experienced anything like this before.
I'm worried that this will happen again in the future. I wonder why the password was deleted.

I'd appreciate it if you could tell me the cause and prevention method.

Answer

AWS never changes/deletes any of the passwords on the customers' databases. If you have enabled CloudTrail and auditing on the databse, then you can check if anyone was accidentally change the password. This should be the best place to start the root cause analysis.

Sudden RDS "[Note] Access denied for user 'root'@'xxx.xxx.xxx.xxx' (using password: YES)"

関連するコンテンツ