By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Sudden RDS "[Note] Access denied for user 'root'@'xxx.xxx.xxx.xxx' (using password: YES)"

0

2022-09-07T03:13:15.528272Z 4105348 [Note] Access denied for user 'root'@'xxx' (using password: YES) 2022-09-07T03:13:15.555529Z 4105349 [Note] Access denied for user 'root'@'xxx' (using password: YES) 2022-09-07T03:13:15.559440Z 4105350 [Note] Access denied for user 'root'@'xxx' (using password: YES)

Suddenly, the password of the RDS was wrong as above, so access was not possible.

  • Was not in AWS maintenance
  • We're not working on anything
  • We didn't change the password
  • Monitoring figures were not unusual

Access is possible after resetting the maste* password. I've never experienced anything like this before. I'm worried that this will happen again in the future. I wonder why the password was deleted.

I'd appreciate it if you could tell me the cause and prevention method.

Topics
Security, Identity, & ComplianceMigration & ModernizationAnalyticsDatabase
Tags
AWS Identity and Access ManagementAmazon Relational Database Service
Language
English
rePost-User-6654545
asked 2 years ago287 views
1 Answer
1

AWS never changes/deletes any of the passwords on the customers' databases. If you have enabled CloudTrail and auditing on the databse, then you can check if anyone was accidentally change the password. This should be the best place to start the root cause analysis.

AWS
D-Rao
answered 2 years ago
profile pictureAWS
EXPERT
Chris_G
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content