This topic describes how to create accounts and databases for an RDS PostgreSQL instance.
Before an RDS instance can be used, you must create databases and accounts for it.
RDS PostgreSQL support two types of accounts: premier accounts and standard accounts.
- Databases under a single instance share all the resources of this instance. Each RDS PostgreSQL instance supports one premier account, countless standard accounts, and countless databases. You must create and manage standard accounts and databases through SQL statements.
- To migrate your on-premises database to an RDS instance, you must create the same databases and accounts for the RDS instance as your on-premises database.
- When assigning account permissions for each database, follow the minimum permission' principle and consider service roles to create accounts. Alternatively, rationally assign read-only and read/write permissions. When necessary, you can split accounts and databases into smaller units so that each account can only access data for its own services. If the account does not need to write data to a database, assign the read-only permission for the account.
- For database security, set strong passwords for the accounts and change the passwords regularly.
- Log on to the RDS console.
- Select the target region.
- Find the target RDS instance and click the instance ID.
- In the left-side navigation pane, click Accounts.
- Click Create Account.
- Set the following parameters.
Parameter Description Database Account The name of the account.
- The account name can contain 2 to 16 characters.
- The account name can contain lowercase letters, numbers, and underscores (_).
- The account name must start with a lowercase letter and end with a lowercase letter or number.
Password The password of the account.
- The account password must contain 8 to 32 characters in length.
- The account password must contain at least three of the following types of characters: uppercase letters , lowercase letters, numbers, and special characters.
- The allowed special characters are as follows:
! @ # $ % ^ & * ( ) _ + - =
Re-enter Password Enter the password again.
- Click OK.
- In the upper-right corner, click Log On to DB.
You are directed to the RDS Database Logon page in the Data Management Service console.
- Examine the endpoint and port information. If the information is correct, enter the
username and password, as shown in the following figure.
No. Description 1 The endpoint and port information for the RDS instance. 2 The name of the account to access the database. 3 The password of the account to access the database
- Click Log On.
Note If you want the browser to remember the password for this account, you can select Remember Password before you click Log On.
- Optional. If the system prompts you to add the CIDR block where the DMS server is located to the whitelist of the RDS instance, see Configure a whitelist.
- Optional. After the whitelist is properly configured, click Log On.
- After you log on to the RDS instance, choose from the main menu.
- In the SQL window, enter the following command to create a database:
CREATE DATABASE name [ [ WITH ] [ OWNER [=] user_name ] [ TEMPLATE [=] template ] [ ENCODING [=] encoding ] [ LC_COLLATE [=] lc_collate ] [ LC_CTYPE [=] lc_ctype ] [ TABLESPACE [=] tablespace_name ] [ CONNECTION LIMIT [=] connlimit ] ]
For example, if you want to create a database named test, then run the following command:
Create database test;
- Click execute to create the database.
- In the SQL window, enter the following command to create a standard account:
CREATE USER name [ [ WITH ] option [ ... ] ] where option can be: SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB | CREATEROLE | NOCREATEROLE | CREATEUSER | NOCREATEUSER | INHERIT | NOINHERIT | LOGIN | NOLOGIN | REPLICATION | NOREPLICATION | CONNECTION LIMIT connlimit | [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password' | VALID UNTIL 'timestamp' | IN ROLE role_name [, ...] | IN GROUP role_name [, ...] | ROLE role_name [, ...] | ADMIN role_name [, ...] | USER role_name [, ...] | SYSID uid
For example, if you want to create a standard account named test2 with a password of 123456, then run the following command:
create user test2 password '123456';
- Click execute to create the standard account.
Can I use the accounts created in a master RDS instance to access the read-only instances attached with this master RDS instance?
Yes, the accounts created in a master RDS instance are synchronized to the read-only instances attached with this master RDS instance. However, you cannot manage these accounts in the read-only instances. Additionally, these accounts only have the permissions to read data in the read-only instances.
|CreateAccount||Used to create an account for an RDS instance.|