This topic describes how to create databases and accounts for an RDS for SQL Server 2017 instance. You must create a premier account in the RDS console, and then use a database client or DMS to create and manage databases.

Note This topic is applicable only to RDS for SQL Server 2017 instances. For instances of other SQL Server versions, see Create databases and accounts for an RDS for SQL Server 2012 or 2016 instance and Create databases and accounts for an RDS for SQL Server 2008 R2 instance.

Precautions

  • Databases within the same instance share all the resources of the instance. You can manage standard accounts and databases by using SQL statements.
  • When assigning permissions to database accounts, follow the principle of least privilege and create accounts based on the roles required. Assign the appropriate level of permissions to the accounts. When necessary, you can create multiple database accounts and allow each of them to access data relevant to their own business tasks. If an account does not need to write data to a database, assign read-only permissions to the account.
  • For database security, you must set strong account passwords and change the passwords regularly.

Procedure

  1. Log on to the RDS console.
  2. In the upper-left corner, select the region where the target RDS instance is located.
    Select a region
  3. Find the target RDS instance and click the instance ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Initial Account.
  6. Enter the account information.
    Accounts page

    Parameter description:

    • Database Account: the name of the initial account. It must be 2 to 16 characters in length, and can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or digit.
      Note Reserved keywords such as test and root cannot be set as account names.
    • Password:
      • The password must be 8 to 32 characters in length.
      • The password must contain at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters.
      • The allowed special characters are as follows:

        ! @ # $ % ^ & * ( ) _ + - =

    • Re-enter Password: Enter the password again to make sure you enter the correct password.
  7. Click OK.
  8. Click Log On to DB in the upper-right corner to go to the RDS Database Logon page of the Data Management Service console.
  9. Enter the correct IP address, port number, database username, and password.

    Parameter description:

    • 1: The IP address and port information of the instance. You can view the IP address and port information on the Basic Information page or Database Connection page.
      Basic Information
    • 2: The name of the account to access the database.
    • 3: The password of the account.
  10. Click Log On.
    Note If you want your browser to remember your account and password, you can select Remember Password before you click Log On.
  11. If the system displays a message, asking you to add the CIDR block of the DMS server to the IP address whitelist of the RDS instance, click Set a Whitelist. For more information, see Configure a whitelist for an RDS for SQL Server instance.
  12. After the whitelist is configured, click Log On.
  13. After you have logged on to the RDS instance, choose SQL Operations > SQL Window in the top navigation bar.
  14. In the SQL window, run the following statement to create a database:
    create database <database name>;
  15. Click execute.
  16. In the SQL window, run the following statement to create a standard account:
    CREATE LOGIN <login name> WITH PASSWORD = '<password>';
  17. Click execute.
    Note Standard accounts that are created in DMS by using T-SQL do not appear in the account list in the console. However, you can use a standard account to log on to the database.
  18. In the SQL window, run the following statements to create a database user and associate the user to the standard account that you have created.
    USE <database name>;
    CREATE USER <user name> FOR LOGIN <login name>;
  19. Click execute. The standard account can access the corresponding database.

FAQ

Can I manage the created account in the read-only instances?

The account created in the master instance is synchronized to the read-only instances. You cannot manage the account in the read-only instances. The account can only read data from the read-only instances.

APIs

API Description
CreateAccount Used to create an account.
CreateDatabase Used to create a database.