How to Change User Passwords in Amazon Redshift

How do I change a user password in Amazon Redshift?

ALTER USER lets you reset, expire, or disable a user's password in Redshift.

Welcome to the Galaxy, Guardian!

Oops! Something went wrong while submitting the form.

Description

Why use ALTER USER to change a password?

ALTER USER is the only supported way to update, expire, or disable a Redshift user's password without recreating the account. It works for both local and federated users.

What is the full ALTER USER syntax?

The core clause is ALTER USER username WITH PASSWORD 'new_pw'. Optional keywords let you force rotation, disable login, or set an expiry date.

How do I change a password immediately?

Run ALTER USER analytics WITH PASSWORD 'Str0ng#2024'. The new password is effective on the next connection attempt.

How can I expire a password at end-of-day?

Use VALID UNTIL: ALTER USER analytics PASSWORD VALID UNTIL '2024-06-30 23:59';. The user keeps access until the timestamp.

How do I disable a forgotten account?

Disable login with PASSWORD DISABLE: ALTER USER temp_report PASSWORD DISABLE;. The user cannot authenticate until you set a new password.

Best practices for secure password changes

Rotate service-account passwords every 90 days, grant users minimal privileges, and audit PG_USER_INFO to ensure no expired accounts remain active.

What roles and privileges are required?

You must connect as a superuser or any user granted the ALTER USER privilege. Regular users can change only their own password with ALTER USER CURRENT_USER.

Can I change my own password?

Yes. Execute ALTER USER CURRENT_USER WITH PASSWORD 'NewM3!'. No extra privilege is needed.

How to verify the change?

Query PG_USER_INFO or reconnect using the new credentials. If the login succeeds, the change is confirmed.

Common mistakes and fixes

Wrong quoting: Redshift requires single quotes around the password. Double quotes throw a syntax error. Session reuse: An existing session keeps using the old password until reconnected.

Why How to Change User Passwords in Amazon Redshift is important

How to Change User Passwords in Amazon Redshift Example Usage


-- Change password for the read-only analytics role that accesses
-- Customers, Orders, and OrderItems for dashboards
ALTER USER analytics_ro WITH PASSWORD 'Read0nly#2024';

How to Change User Passwords in Amazon Redshift Syntax


ALTER USER <user_name>
    [ WITH ]
    [ PASSWORD { 'new_password' | DISABLE } ]
    [ VALID UNTIL 'timestamp' ];

-- Ecommerce example
-- Rotate the reporting user's password used by the BI tool that queries
-- Customers, Orders, and Products tables
ALTER USER reporting_app WITH PASSWORD 'B1@June2024' VALID UNTIL '2024-09-30';

Common Mistakes

Using double quotes around the new password ("BadPw"). Redshift treats double quotes as identifier delimiters, causing a syntax error. Always wrap passwords in single quotes.
Forgetting to reconnect active sessions. Existing connections keep the old password, so force users to reconnect or terminate sessions after the change.