Help! I am locked out of Turbot

By default, Turbot will expire local directory user passwords after 90 days. This article is for the rare event where all passwords expire and no one is able to log into Turbot. In order to complete these steps, someone MUST have access to the AWS console in the Turbot Master account, with the ability to edit DynamoDB and restart elasticache nodes.

  1. Log into the AWS console and navigate to DynamoDB.
  2. Click on Tables on the left side, then select the table TurbotOptionSettings.
  3. Use the filter to search the name key for the value Turbot:Directory:PasswordExpirationPeriodInHours.
  4. If it does not populate, the entry can be created. Using the format key value -
    • resourceUrn urn:turbot
    • name Turbot:Directory:PasswordExpirationPeriodInHours
    • requirement MUST
    • value5000
  5. For the value entry, this number defaults to 2160 hours (90 days). It is recommended to set the value high enough to ensure login is successful, such as 5000.
  6. Navigate to Elasticache and reboot the redis nodes. Turbot might run slower than usual during the reboot time.
  7. Attempt to login to Turbot using the expired password. Ensure to either update the password expiration time, as well as consider the use of an alternative directory system. 

If any issues arise, please reach out to

Was this article helpful?
0 out of 0 found this helpful