Logging in to your RDS Custom for Oracle database as SYS (original) (raw)

After you create your RDS Custom DB instance, you can log in to your Oracle database as userSYS, which gives you SYSDBA privileges. You have the following login options:

Finding the SYS password for your RDS Custom for Oracle database

Your can log in to your Oracle database as SYS or SYSTEM or by specifying the master user name in an API call. The password for SYS andSYSTEM is stored in Secrets Manager.

The secret uses the naming formatdo-not-delete-rds-custom-`resource_id`-`uuid` orrds-custom!oracle-do-not-delete-`resource_id`-`uuid`. You can find the password using the AWS Management Console.

To find the SYS password for your database in Secrets Manager
  1. Sign in to the AWS Management Console and open the Amazon RDS console athttps://console.aws.amazon.com/rds/.
  2. In the RDS console, complete the following steps:
    1. In the navigation pane, chooseDatabases.
    2. Choose the name of your RDS Custom for Oracle DB instance.
    3. Choose Configuration.
    4. Copy the value underneath Resource ID. For example, you resource ID might bedb-ABC12CDE3FGH4I5JKLMNO6PQR7.
  3. Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.
  4. In the Secrets Manager console, complete the following steps:
    1. In the left navigation pane, chooseSecrets.
    2. Filter the secrets by the resource ID that you copied in step 2.d.
    3. Choose the secret that uses the naming formatdo-not-delete-rds-custom-resource_id-uuid orrds-custom!oracle-do-not-delete-resource_id-uuid. The resource_id is the resource ID that you copied in step 2.d.
      For example, if your resource ID isdb-ABC12CDE3FGH4I5JKLMNO6PQR7 and your UUID is 1234ab, your secret is nameddo-not-delete-rds-custom-db-ABC12CDE3FGH4I5JKLMNO6PQR7-1234ab orrds-custom!oracle-do-not-delete-db-ABC12CDE3FGH4I5JKLMNO6PQR7-1234ab.
    4. In Secret value, chooseRetrieve secret value.
    5. In Key/value, copy the value forpassword.
  5. Install SQL*Plus on your DB instance and log in to your database asSYS. For more information, see Step 3: Connect your SQL client to an Oracle DB instance.

Logging in to your RDS Custom for Oracle database using OS authentication

The OS user rdsdb owns the Oracle database binaries. You can switch to the rdsdb user and log in to your RDS Custom for Oracle database without a password.

  1. Connect to your DB instance with AWS Systems Manager. For more information, see Connecting to your RDS Custom DB instance using Session Manager.
  2. In a web browser, go to https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html.
  3. For the latest database version that appears on the web page, copy the .rpm links (not the .zip links) for the Instant Client Basic Package and SQL*Plus Package. For example, the following links are for Oracle Database version 21.9:
  4. In your SSH session, run the wget command to the download the .rpm files from the links that you obtained in the previous step. The following example downloads the .rpm files for Oracle Database version 21.9:
wget https://download.oracle.com/otn_software/linux/instantclient/219000/oracle-instantclient-basic-21.9.0.0.0-1.el8.x86_64.rpm  
wget https://download.oracle.com/otn_software/linux/instantclient/219000/oracle-instantclient-sqlplus-21.9.0.0.0-1.el8.x86_64.rpm
  1. Install the packages by running the yum command as follows:
sudo yum install oracle-instantclient-*.rpm
  1. Switch to the rdsdb user.
sudo su - rdsdb
  1. Log in to your database using OS authentication.
$ sqlplus / as sysdba  
SQL*Plus: Release 21.0.0.0.0 - Production on Wed Apr 12 20:11:08 2023  
Version 21.9.0.0.0  
Copyright (c) 1982, 2020, Oracle.  All rights reserved.  
Connected to:  
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production  
Version 19.10.0.0.0