Changing the default passwords of the PostgreSQL login roles

Three database login roles are provided with the enterprise geodatabase in PostgreSQL on ArcGIS Server on Amazon Web Services instances. Their passwords are hard coded and well known. To make your instance more secure, you must change the login role passwords.

To change passwords, you must be able to log in to the Amazon Web Services instance. If you create your site using the ArcGIS Server Cloud Builder on Amazon Web Services application, you must specify a key pair when you create the site, then open port 22 in your security group to allow you to connect to the instances. You can close port 22 after you change the passwords.

Steps:
  1. Connect as ubuntu to the instance where PostgreSQL is installed.
  2. Switch to the root user.
    sudo su -
    
  3. Log in to psql using the postgres database login role, connecting to the postgres database.
    cd /data
    
    psql postgres postgres
    
  4. Issue the \password command to alter the passwords of the three login roles.

    The syntax for the \password command is \password <username>.

    For example, to change the sde password, type:

    \password sde
    
    You will be prompted to type a new password. Repeat this for the owner and postgres user, giving each a strong, unique password.

  5. To exit psql, type \q.
  6. NoteNote:

    After you change the password of the owner login, you must update the data store for your ArcGIS Server on Amazon Web Services instance to use the new password.

  7. Connect to the GIS Server from the Catalog tree in your local installation of ArcGIS for Desktop.
  8. Right-click the server and click Server Properties.
  9. Select a registered database in the list and click the Properties Properties button.

    The Edit Registered Database dialog box opens.

  10. Click Edit to change the connection information.

    The Database Connection dialog box opens.

  11. Type the new password for the owner login in the Password field and click OK.
  12. Click OK on the Edit Registered Database dialog box.
  13. If you have registered the geodata or any other geodatabase on your ArcGIS Server on Amazon Web Services instance, repeat steps 8 through 11 for each one to change the password of the owner login role.
12/29/2014