This topic describes how to create databases and accounts for an ApsaraDB RDS for PPAS instance.

After you create an RDS instance, you must create databases and accounts for the RDS instance. If the RDS instance runs PPAS, you must create a privileged account in the ApsaraDB for RDS console. Then, you can create and manage databases by using a client. The pgAdmin 4 client is used in the example in this topic.

Precautions

  • Databases on the same instance share all of the resources that belong to the instance. Each ApsaraDB RDS for PPAS instance supports one privileged account, countless standard accounts, and countless databases. You can create and manage standard accounts and databases by using SQL statements.

  • To migrate an on-premises database to an RDS instance, you must create a database and an account with the same names on the RDS instance.

  • Use service roles to create accounts and follow the principle of least privilege to assign appropriate read-only and read/write permissions to the accounts. When necessary, you can create more than one account and allow each account to access only the data within its authorized workloads. If an account does not need to write data to a database, assign read-only permissions to the account.

  • For security purposes, we recommend that you configure strong passwords for the accounts that you created and change the passwords on a regular basis.

Procedure

  1. Log on to the ApsaraDB for RDS console.
  2. In the top navigation bar, select the region where the target RDS instance resides.Select a region
  3. Find the target RDS instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Initial Account.
  6. Enter the information of the account that you want to create.

    Parameter description:

    • Database Account: Enter the username of the account. The username must be 2 to 16 characters in length and can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or digit.

    • Password: Enter the password of the account.
      • The password must be 8 to 32 characters in length.
      • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
      • Special characters include ! @ # $ % ^ & * ( ) _ + - =
    • Confirm Password: Enter the password again to make sure that you enter the correct password.

  7. Click OK.
  8. Add the IP address that is used to access the RDS instance to the RDS whitelist. For more information, see Configure a whitelist for an ApsaraDB RDS for PPAS instance.
  9. Start the pgAdmin 4 client.
  10. Right-click Servers and select Create > Server.
  11. On the General tab of the Create - Server dialog box, enter the name of the server.
  12. Click the Connection tab and enter the information of your RDS instance.

    Parameter description:

    • Host name/address: Enter the endpoint of the RDS instance. If you connect to the RDS instance over the internal network, enter the internal endpoint of the RDS instance. If you connect to the RDS instance over the Internet, enter the public endpoint of the RDS instance. To view the internal and public endpoints and port numbers of the RDS instance, follow these steps:

      1. Log on to the ApsaraDB for RDS console.
      2. In the top navigation bar, select the region where your RDS instance resides.
      3. Find your RDS instance and click its ID.
      4. On the Basic Information page, find the internal and public endpoints and their port numbers.
    • Port: Enter the port number of your RDS instance. If you connect to your RDS instance over an internal network, enter the internal port number of your RDS instance. If you connect to your RDS instance over the Internet, enter the public port number of your RDS instance.

    • Username: Enter the username of the privileged account that is used to log on to your RDS instance.

    • Password: Enter the password of the account that is used to log on to your RDS instance.

  13. Click Save.
  14. If the connection information is correct, choose Servers > Server Name > Databases > postgres. The connection is successful if the following interface is displayed.
    Note postgres is the default system database of the RDS instance. Do not perform operations on this database.
  15. Click postgres and select Tools > Query Tool.
  16. On the Query-1 tab, enter the following command to create a database:
    create database <database name>;
  17. Click the Execute/Refresh icon.
  18. If the execution is successful, the database is created. Right-click Databases and select Refresh. Then you can find the new database.
  19. On the Query-1 tab, enter the following command to create an account:
    CREATE ROLE "username" CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'password';
  20. Click the Execute/Refresh icon.
  21. If the execution is successful, the account is created. Right-click Login/Group Roles and select Refresh. Then you can find the new account.

FAQ

Can I manage the accounts created on my primary RDS instance from its read-only instances?

No, although accounts created on the primary instance are replicated to its read-only instances, you cannot manage the accounts on the read-only instances. Read-only instances only allow accounts to read data.

Related operations

Operation Description
Create database account Creates an account on an ApsaraDB for RDS instance.