Three database login roles are provided with the enterprise geodatabase in PostgreSQL on ArcGIS Enterprise on Amazon Web Services instances. Their passwords are hard coded and well known. To make your instance more secure, you must change the login role passwords.
To change passwords, you must be able to log in to the Amazon Web Services instance. If you create your site using the ArcGIS Server Cloud Builder on Amazon Web Services application, you must specify a key pair when you create the site, then open port 22 in your security group to allow you to connect to the instances. You can close port 22 after you change the passwords.
- Connect as ubuntu to the instance where PostgreSQL is installed.
- If you are connecting to your ArcGIS Server instance from a local Windows computer, make an SSH connection to the instance. See Administer your Amazon EC2 Ubuntu Linux instance with remote access from Windows for an example.
- If connecting to your ArcGIS Server instance from another Linux box, see Administer your Amazon EC2 Ubuntu Linux instance with remote access from Linux for an example.
- Switch to the root user.
sudo su -
- Log in to psql using the postgres database login role, connecting to the postgres database.
cd /data psql postgres postgres
- Issue the \password command to alter the passwords of the three login roles.
The syntax for the \password command is \password <username>.
For example, to change the sde password, type:
You will be prompted to type a new password. Repeat this for the owner and postgres user, giving each a strong, unique password.
- To exit psql, type \q.
- Connect to the GIS Server from the Catalog tree in your local installation of ArcGIS Desktop.
- Right-click the server and click Server Properties.
- Select a registered database in the list and click the Properties button.
The Edit Registered Database dialog box opens.
- Click Edit to change the connection information.
The Database Connection dialog box opens.
- Type the new password for the owner login in the Password field and click OK.
- Click OK on the Edit Registered Database dialog box.
- If you have registered the geodata or any other geodatabase on your ArcGIS Enterprise on Amazon Web Services instance, repeat steps 8 through 11 for each one to change the password of the owner login role.
After you change the password of the owner login, you must update the registered databases for your ArcGIS Enterprise on Amazon Web Services instance to use the new password.