Create an account for an RDS PPAS instance

Precautions

• The databases in an RDS instance share all resources provided by the instance. You can create and manage one premier account and more than one standard account by using SQL statements.
• If you want to migrate an on-premises database to an RDS instance, you must create the same accounts and databases in the RDS instance as those in the on-premises database.
• When assigning account permissions for each database, follow the minimum permission' principle and consider service roles to create accounts. Alternatively, rationally assign read-only and read/write permissions. When necessary, you can split accounts and databases into smaller units so that each account can only access data for its own services. If the account does not need to write data to a database, assign the read-only permission for the account.
• For database security purposes, set strong passwords for the accounts and change the passwords regularly.
• The premier account cannot be deleted after it is created.

Procedure

1. Log on to the RDS console
2. In the upper-left corner, select the region where the target RDS instance is located.
3. Find the target RDS instance and click its ID.
4. In the left-side navigation pane, click Accounts.
5. Click Create Initial Account.
6. Enter the account information.
   

   Parameter description:

   • Database Account: The name of the premier account. It contains 2 to 16 characters including the lowercase letters, digits, and underscores (_). It must begin with a letter and end with a letter or digit.
   • Password: The password of the premier account. It contains 8 to 32 characters including at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters. The allowed special characters are as follows:

     ! @ # $ % ^ & * ( ) _ + - =

   • Re-enter Password: Re-enter the password to make sure that the password is entered correctly.
7. Click OK.
8. Add the IP address that is allowed to access the RDS instance to the RDS whitelist. For more information, see Configure a whitelist for an RDS PPAS instance.
9. Start the pgAdmin 4 client.
10. Right-click Servers and choose Create > Server from the shortcut menu.
    
11. In the Create Server dialog box, click the General tab and enter the server name.
    
12. Click the Connection tab and enter the information about the instance to be connected.
    

    Parameter description:

    • Host name/address: The internal or public endpoint of the RDS instance. To obtain the internal and public endpoints and ports of the RDS instance, follow these steps:
      1. Log on to the RDS console.
      2. In the upper-left corner, select the region where the target RDS instance is located.
      3. Find the target RDS instance and click the instance ID.
      4. On the Basic Information page, find the Basic Information section, where you can obtain the internal and public endpoints and ports of the RDS instance.
    • Port: The internal or public port numbr of the RDS instance.
    • Username: The username of the premier account for the RDS instance.
    • Password The password of the premier account for the RDS instance.
13. Click Save.
14. Choose Servers > Server name > Databases > postgres. If the connection information is correct, the page shown in the following figure is displayed, indicating that a connection is established.
    Note postgres is the default database of the RDS instance. Do not perform any operation in this database.
    
15. Select postgres and choose Tools > Query Tool.
    
16. On the Query-1 tab, enter the following command to create an account:

    CREATE ROLE "username" CREATEDB CREATEROLE LOGIN ENCRYPTED PASSWORD 'password';

    
17. Click the execute or refresh button.
    
18. When the command is executed successfully, indicating that the account is created, right-click Login/Group Roles and choose the refresh button to view the new account.
    

APIs