Skip To Content

Change default PostgreSQL passwords

Three database login roles are provided with the enterprise geodatabase in PostgreSQL on ArcGIS Enterprise on Amazon Web Services instances that you create with the ArcGIS Server Cloud Builder on Amazon Web Services app. Two database login roles are provided with enterprise geodatabases in Amazon Relational Database Service (RDS) for PostgreSQL. These passwords are hard coded and well known. To make your instance more secure, you must change the login role passwords.

Note:

ArcGIS 10.6.1 is the final release of ArcGIS Server Cloud Builder on Amazon Web Services.

Change passwords for PostgreSQL databases on AWS

Follow these steps to change the default password for the login roles created when you use ArcGIS Server Cloud Builder on Amazon Web Services to create a geodatabase in a PostgreSQL database on AWS:

  1. To change passwords, you must be able to log in to the Amazon Web Services instance where PostgreSQL is installed. Connect as to the instance as ubuntu. Use one of the following methods:
  2. Switch to the root user.
    sudo su -
  3. Log in to psql using the postgres database login role, connecting to the postgres database.
    cd /data
    
    psql postgres postgres
  4. Issue the \password command to alter the passwords of the three login roles.

    The syntax for the \password command is \password <username>.

    For example, to change the sde password, type:

    \password sde
    You will be prompted to type a new password. Repeat this for the owner and postgres user, giving each a strong, unique password.

  5. To exit psql, type \q.
  6. Note:

    After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.

  7. Connect to the GIS Server from the Catalog tree in your local installation of ArcGIS Desktop.
  8. Right-click the server and click Server Properties.
  9. Select a registered database in the list and click the Properties button.

    The Edit Registered Database dialog box opens.

  10. Click Edit to change the connection information.

    The Database Connection dialog box opens.

  11. Type the new password for the owner login in the Password field and click OK.
  12. Click OK on the Edit Registered Database dialog box.
  13. If you have registered any other geodatabase on your ArcGIS Enterprise on Amazon Web Services instance, repeat steps 8 through 11 for each one to change the password of the owner login role.

Once you've changed passwords, you can close port 22 if you no longer need to connect to the instance running PostgreSQL.

Change passwords for Amazon RDS for PostgreSQL

Follow these steps to change the default password for the login roles created when you use the CloudFormation templates provided by Esri to create ArcGIS Server sites that include a registered database in Amazon RDS for PostgreSQL:

  1. Connect to the database instance from a SQL client.

    See AWS documentation for more information and connection troubleshooting tips.

  2. Use the ALTER ROLE SQL command or functionality within the SQL client you're using to change the password for the sde and owner users.

    See PostgreSQL documentation for help with ALTER ROLE syntax.

  3. Note:

    After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.

  4. Follow the instructions in Register your data with ArcGIS Server using Manager to update the password for registered and managed databases.