Fix AWS RDS Error 1045 Access Denied For User (2025)

Updated: 11/29/2025

You spin up an AWS RDS instance, plug the endpoint into your app or client, and instead of a successful connection you see ERROR 1045 Access denied for user. It is extra frustrating because the database is clearly running, but refuses to let you in. This error nearly always comes down to a mismatch between the username, password, host, or privileges you think you created and what the database actually has stored.

Table of Contents

Method 1: Verify Master User Credentials And Endpoint Details

Copy the Endpoint value from the RDS detail page and confirm the port number, such as 3306 for MySQL. In your connection string or client enter that endpoint without extra spaces or protocols, for example mydb.xxxxxx.region.rds.amazonaws.com, and make sure the port matches the instance settings exactly.

Method 2: Fix Host Based Access And Security Group Rules

For MySQL, the user definition includes both name and host, for example appuser@'%' or appuser@'10.%'. Log in as the master user and run a SHOW GRANTS style query to confirm that the user you are trying to use is allowed from your IP range, and adjust or recreate the user so its host parameter matches where your app actually runs.

Warning: Avoid using overly broad host patterns like '%' in production without additional network restrictions, they can make accidental exposure or misuse much more likely.

Method 3: Correct Privileges, SSL, And Parameter Group Settings

For newer MySQL and MariaDB versions, ensure that the user’s authentication plugin, such as caching_sha2_password or mysql_native_password, is supported by your client library. If your driver is older, you may need to configure the user to use a more compatible plugin so that the login handshake completes successfully instead of returning 1045.