For an RDS for SQL Server 2017 instance, you need to create an account from the RDS console, and then use the client or DMS to create and manage the database.

Note This topic is applicable only to RDS for SQL Server 2017 instances. For instances of other SQL Server versions, see Create accounts and databases (SQL Server 2012 or 2016) and Create database and account for SQL Server 2008 R2.


  • Databases within the same instance share all the resources of the instance. You can manage standard accounts and databases by using SQL statements.
  • When assigning permissions to database accounts, follow the principle of least privilege and create accounts based on the roles required. Assign the appropriate level of permissions to the accounts. When necessary, you can create multiple database accounts and allow each of them to access data relevant to their own business tasks. If an account does not need to write data to a database, assign read-only permissions to the account.
  • For database security, you must set strong account passwords and change the passwords regularly.


  1. Log on to the RDS console.
  2. Select the region where the instance is located.
    Select a region
  3. Find the instance and click its ID.
  4. In the left-side navigation pane, click Accounts.
  5. Click Create Initial Account.
  6. Enter the account information.

    Parameter description:

    • Database Account: the name of the initial account. It must be 2 to 16 characters in length, and can contain lowercase letters, digits, and underscores (_). It must start with a letter and end with a letter or digit.
      Note Reserved keywords such as test and root cannot be set as account names.
    • Password:
      • The password must be 8 to 32 characters in length.
      • The password must contain at least three of the following types of characters: uppercase letters, lowercase letters, digits, and special characters.
      • The allowed special characters are as follows:

        ! @ # $ % ^ & * ( ) _ + - =

    • Re-enter Password: Enter the password again to make sure you enter the correct password.
  7. Click OK.
  8. Click Log On to DB in the upper-right corner to go to the RDS Database Logon page of the Data Management Service console.
  9. Enter the correct IP address, port number, database username, and password.

    • Parameter description:

      • 1: The IP address and port information of the instance. You can view the IP address and port information on the Basic Information page or Database Connection page.

      • 2: The name of the account to access the database.
      • 3: The password of the account.
  10. Click Log On.
    Note If you want your browser to remember your account and password, you can select Remember Password before you click Log On.
  11. If the system displays a message, asking you to add the CIDR block of the DMS server to the IP address whitelist of the RDS instance, click Set a Whitelist. For more information, see Configure a whitelist.
  12. After the whitelist is configured, click Log On.
  13. After you have logged on to the RDS instance, choose SQL Operations > SQL Window in the top navigation bar.
  14. In the SQL window, run the following statement to create a database:
    create database <database name>;
  15. Click execute.
  16. In the SQL window, run the following statement to create a standard account:
    CREATE LOGIN <login name> WITH PASSWORD = '<password>';
  17. Click execute.
    Note Standard accounts that are created in DMS by using T-SQL do not appear in the account list in the console. However, you can use a standard account to log on to the database.
  18. In the SQL window, run the following statements to create a database user and associate the user to the standard account that you just created.
    USE <database name>;
    CREATE USER <user name> FOR LOGIN <login name>;
  19. Click execute. The standard account can access the corresponding database.


Can I manage the created account in the read-only instances?

The account created in the master instance is synchronized to the read-only instances. You cannot manage the account in the read-only instances. The account can only read data from the read-only instances.


API Description
CreateAccount Used to create an account.
CreateDatabase Used to create a database.