Skip To Content

Change default PostgreSQL passwords

When you create an ArcGIS Server site using ArcGIS tools and you include a geodatabase in PostgreSQL on Amazon Web Services (AWS) or in Amazon Relational Database Service (RDS) for PostgreSQL, database login roles are created for you. Some of these login roles are created with hard coded, documented passwords. Therefore, to secure your instance, you must change these passwords. See Geodatabases in PostgreSQL used with ArcGIS on AWS for information on which login roles are created with hard coded passwords.

Change passwords for PostgreSQL databases on AWS

Follow these steps to change the default password for the login roles created for geodatabases in a PostgreSQL database on Amazon Web Services (AWS):

  1. To change passwords, you must be able to log in to the Amazon Web Services instance where PostgreSQL is installed. Connect as to the instance as ubuntu. Use one of the following methods:
  2. Switch to the root user.
    sudo su -
  3. Log in to psql using the postgres database login role, connecting to the postgres database.
    cd /data
    
    psql postgres postgres
  4. Issue the \password command to alter the passwords of the three login roles.

    The syntax for the \password command is \password <username>.

    For example, to change the sde password, type:

    \password sde
    You will be prompted to type a new password. Repeat this for the owner and postgres user, giving each a strong, unique password.

  5. To exit psql, type \q.
  6. Note:

    After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.

  7. Connect to the GIS Server from the Catalog tree in your local installation of ArcGIS Desktop.
  8. Right-click the server and click Server Properties.
  9. Select a registered database in the list and click the Properties button.

    The Edit Registered Database dialog box opens.

  10. Click Edit to change the connection information.

    The Database Connection dialog box opens.

  11. Type the new password for the owner login in the Password field and click OK.
  12. Click OK on the Edit Registered Database dialog box.
  13. If you have registered any other geodatabase on your ArcGIS Enterprise on Amazon Web Services instance, repeat steps 8 through 11 for each one to change the password of the owner login role.

Once you've changed passwords, you can close port 22 if you no longer need to connect to the instance running PostgreSQL.

Change passwords for Amazon RDS for PostgreSQL

Follow these steps to change the default password for the login roles created in Amazon RDS for PostgreSQL:

  1. Connect to the database instance from a SQL client.

    See AWS documentation for more information and connection troubleshooting tips.

  2. Use the ALTER ROLE SQL command or functionality within the SQL client you're using to change the password or passwords.

    See PostgreSQL documentation for help with ALTER ROLE syntax.

  3. Note:

    After you change the password of the owner login, you must update the registered databases for your ArcGIS Server site on AWS to use the new password.

  4. Follow the instructions in Register your data with ArcGIS Server using Manager to update the password for registered and managed databases.