Back to All Checks
Medium RDS Regional

RDS database instances should use a custom administrator username

NIST

Description

Checks if Amazon RDS database instances have changed the admin username from default values such as 'admin', 'root', 'sa', 'oracle', or 'postgres'. Changing default usernames reduces the risk of unintended access.

Remediation

To change the admin username for an Amazon RDS database instance, create a snapshot from the original instance, then use it to create a new instance with a custom admin username. Follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon RDS console.
  2. In the navigation pane, choose 'Databases' and select the original RDS database instance.
  3. Choose 'Actions' and then 'Take snapshot' to create a snapshot of the current database instance.
  4. Once the snapshot is created, go to 'Snapshots' in the RDS console and select the snapshot you just created.
  5. Choose 'Restore snapshot' and configure the new instance settings.
  6. In the 'Settings' section, enter a unique custom admin username in the 'Master username' field, avoiding default values such as 'admin', 'root', 'sa', 'oracle', or 'postgres'.
  7. Complete the remaining configuration options as needed, and select 'Restore DB instance' to create a new RDS instance with the restored data.
  8. Once the new instance is ready, verify its configuration and functionality.
  9. Migrate any additional data if necessary and confirm the new instance meets your requirements.
  10. Decommission the old RDS instance with the default admin username once all data has been verified and migrated to the new instance.

Compliance

NIST
Start Your Free Security Check