When you create an ArcGIS Server site using ArcGIS tools and you include a geodatabase in PostgreSQL on Amazon Web Services (AWS) or in Amazon Relational Database Service (RDS) for PostgreSQL, database login roles are created for you. Some of these login roles are created with hard coded, documented passwords. Therefore, to secure your instance, you must change these passwords. See Geodatabases in PostgreSQL used with ArcGIS on AWS for information on which login roles are created with hard coded passwords.
Change passwords for PostgreSQL databases on AWS
Follow these steps to change the default password for the login roles created for geodatabases in a PostgreSQL database on Amazon Web Services (AWS):
- To change passwords, you must be able to log in to the Amazon Web Services instance where PostgreSQL is installed. Connect as to the instance as ubuntu. Use one of the following methods:
- If you are connecting to your ArcGIS Server instance from a local Windows computer, make an SSH connection to the instance. See Administer your Amazon EC2 Ubuntu Linux instance with remote access from Windows for an example.
- If connecting to your ArcGIS Server instance from another Linux box, see Administer your Amazon EC2 Ubuntu Linux instance with remote access from Linux for an example.
- Switch to the root user.
sudo su -
- Log in to psql using the postgres database login role, connecting to the postgres database.
cd /data psql postgres postgres
- Issue the \password command to alter the passwords of the three login roles.
The syntax for the \password command is \password <username>.
For example, to change the sde password, type:
You will be prompted to type a new password. Repeat this for the owner and postgres user, giving each a strong, unique password.\password sde
- To exit psql, type \q.
- Connect to the GIS Server from the Catalog tree in your local installation of ArcGIS Desktop.
- Right-click the server and click Server Properties.
- Select a registered database in the list and click the Properties button.
The Edit Registered Database dialog box opens.
- Click Edit to change the connection information.
The Database Connection dialog box opens.
- Type the new password for the owner login in the Password field and click OK.
- Click OK on the Edit Registered Database dialog box.
- If you have registered any other geodatabase on your ArcGIS Enterprise on Amazon Web Services instance, repeat steps 8 through 11 for each one to change the password of the owner login role.
Note:
After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.
Once you've changed passwords, you can close port 22 if you no longer need to connect to the instance running PostgreSQL.
Change passwords for Amazon RDS for PostgreSQL
Follow these steps to change the default password for the login roles created in Amazon RDS for PostgreSQL:
- Connect to the database instance from a SQL client.
See AWS documentation for more information and connection troubleshooting tips.
- Use the ALTER ROLE SQL command or functionality within the SQL client you're using to change the password or passwords.
See PostgreSQL documentation for help with ALTER ROLE syntax.
- Follow the instructions in Register your data with ArcGIS Server using Manager to update the password for registered and managed databases.
Note:
After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.