Back to All Checks
Medium RDS Regional

RDS Database Clusters should use a custom administrator username

NIST

Description

Checks if Amazon RDS database clusters have changed the admin username from default values such as 'admin', 'root', 'sa', 'oracle', or 'postgres'. Changing default usernames reduces the risk of unintended access.

Remediation

To change the admin username for an Amazon RDS database cluster, create a snapshot from the original cluster, then use it to create a new cluster with a custom admin username. Follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases' and select the original RDS database cluster.
  3. Choose 'Actions' and then 'Take snapshot' to create a snapshot of the current database cluster.
  4. Once the snapshot is created, go to 'Snapshots' in the RDS console and select the snapshot you just created.
  5. Choose 'Restore snapshot' and configure the new cluster settings.
  6. In the 'Settings' section, enter a unique custom admin username in the 'Master username' field, avoiding default values such as 'admin', 'root', 'sa', 'oracle', or 'postgres'.
  7. Complete the remaining configuration options as needed, and select 'Restore DB instance' to create a new RDS cluster with the restored data.
  8. Once the new cluster is ready, verify its configuration and functionality.
  9. Migrate any additional data if necessary and confirm the new cluster meets your requirements.
  10. Decommission the old RDS cluster with the default admin username once all data has been verified and migrated to the new instance.

Compliance

NIST
Start Your Free Security Check