All Products
Search

This Product

    ApsaraDB RDS:Create and use a host account for logons

    Document Center

    ApsaraDB RDS:Create and use a host account for logons

    Last Updated:Dec 29, 2023

    ApsaraDB RDS for SQL Server allows you to create a host account for your ApsaraDB RDS for SQL Server instance. You can use the host account to log on to the host on which the RDS instance is deployed. This facilitates the management of the RDS instance.

    Prerequisites

    • The RDS instance meets the following requirements:

      • The RDS instance resides in a region other than the China (Zhangjiakou) region.

      • The RDS instance runs RDS Basic Edition, RDS High-availability Edition, or RDS Cluster Edition. If your RDS instance runs RDS High-availability Edition, make sure that the instance runs SQL Server 2012 or later.

      • The RDS instance belongs to a general-purpose or dedicated instance family. The shared instance family is not supported.

      • The RDS instance resides in a virtual private cloud (VPC). For more information about how to change the network type of an RDS instance, see Change the network type of an ApsaraDB RDS for SQL Server instance.

      • The creation time of the RDS instance meets the following requirements:

        • If the RDS instance runs RDS High-availability Edition or RDS Cluster Edition, the instance is created on or after January 01, 2021.

        • If the RDS instance runs RDS Basic Edition, the instance is created on or after September 02, 2022.

        Note

        You can view the Creation Time parameter of an RDS instance in the Status section of the Basic Information page in the ApsaraDB RDS console.

    • An Alibaba Cloud account is used to log on to the RDS instance.

    • If you want to create a system admin account, make sure that the required permissions are granted to your Alibaba Cloud account. This way, the System Admin Account option is displayed on the Create Host Account page.

      By default, Alibaba Cloud accounts do not have the permissions to create a system admin account. If this is the first time you create a system admin account, you must perform the following operations to grant the permissions to your Alibaba Cloud account: Log on to the ApsaraDB RDS console and go to the details page of your RDS instance. In the left-side navigation pane of the page that appears, click Accounts. In the upper-right corner of the page that appears, click Enable System Admin Role, read the usage notes, and then click OK.

      Warning

      • After the permissions to create a system admin account are granted to your Alibaba Cloud account, you can create system admin accounts for all RDS instances that belong to your Alibaba Cloud account. The permissions to create the system admin account cannot be disabled or revoked.

      • The system admin account has permissions that are beyond the management scope of ApsaraDB RDS. If you create the system admin account for your RDS instance, the system does not provide the service availability that is specified in Alibaba Cloud service level agreement (SLA) for the RDS instance. RDS instances for which no system admin accounts are created are not affected.

    Usage notes

    • RDS instances in CloudTmall system do not support host accounts.

    • You can create only one host account that has the permissions of a system admin account for each RDS instance.

    • The following usernames cannot be used for host accounts:

      root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds
    Warning

    The host account of an RDS instance has the permissions that are beyond the management scope of ApsaraDB RDS. After you create a host account for an RDS instance, the system does not provide the service availability that is specified in Alibaba Cloud service level agreement (SLA) for the RDS instance.

    Procedure

    Step 1: Create a host account

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Accounts.

    3. On the Host Account tab, click Create Account and configure the following parameters.

      Parameter

      Description

      Host Account Name

      Enter a name for the host account. The name must be 2 to 64 characters in length and can contain lowercase letters, digits, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or a digit.

      Account Type

      • Standard Account: Create a host account that has the permissions of a standard account.

      • System Admin Account: Create a host account that has the permissions of a system admin account. You can create only one host account that has the permissions of a system admin account for each RDS instance. For more information about system admin accounts, see Create a system admin account.

        Note

        The System Admin Account parameter is displayed only after the permissions to create a system admin account are granted. For more information about how to grant the permissions, see Prerequisites.

      New Password

      Enter a password for the account. The password must meet the following requirements:

      • The password is 8 to 32 characters in length.

      • The password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

      • Special characters include ! @ # $ % ^ & * ( ) _ + - =

      Confirm Password

      Enter the password of the account again.

      Description

      Enter a description that can help identify the account. The description can be up to 256 characters in length.

    4. Read and select I have read and agree to the changes to the RDS Service Level Agreement caused by the creation of a host account.

    5. Click OK.

    6. Optional. Reset the password of the host account or delete the host account.

      You can click Reset Password or Delete in the Actions column to reset the password of the host account or delete the host account.

      image..png

    Step 2: Use the host account to log on to the host on which the RDS instance runs

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Accounts.

    3. On the Host Account tab, find the required account and click Remote Connection (Primary) in the Actions column.

    4. In the Remote Connection dialog box, enter the password of the host account.

      image..png

    5. After the modification, click OK.

      The system generates a webshell URL and automatically connects to the host on which the RDS instance runs by using the URL. The system displays a webshell page in a pop-up window. The page may be blocked by the browser. If the page is blocked, you can configure the browser to allow the appearance of the page. The following figure provides an example.

      image..png

    FAQ

    Can I call operations to obtain the hostname of my RDS instance and the webshell URL to connect to the host of my RDS instance?

    Yes, you can call the DescribeDBInstanceIpHostname operation to obtain the hostname of your RDS instance, and then the DescribeHostWebShell operation to obtain the webshell URL to connect to the host of your RDS instance. The hostname is specified by the IpHostnameInfos parameter, and the webshell URL is specified by the LoginUrl parameter.

    Note

    • The webshell URL is valid for 2 minutes. You must use the URL at the earliest opportunity. If the URL is invalid, you cannot connect to the host of your RDS instance.

    • In this case, you can call the required operation to obtain the most recent URL.

    Related operations

    Operation

    Description

    DescribeHostWebShell

    Queries the webshell URL that can be used to connect to the host of the ApsaraDB RDS for SQL Server instance.

    DescribeDBInstanceIpHostname

    Queries the hostname of the Elastic Compute Service (ECS) instance to which the ApsaraDB RDS for SQL Server instance is connected.

    References

    You can use SQL Server Reporting Services (SSRS) to manage an instance after you log on to the host on which the RDS instance resides. For more information, see Use a webshell to log on to the host on which an ApsaraDB RDS for SQL Server instance resides and use SSRS on the host.