This tutorial walks you through creating an ApsaraDB RDS for SQL Server instance, setting up a database and account, and connecting to it — all from scratch. By the end, you'll have a running SQL Server instance you can query.
Before diving in, review the limits of ApsaraDB RDS for SQL Server if you're new to the service.
Prerequisites
Before you begin, ensure that you have:
An Alibaba Cloud account
(RAM users only) The AliyunRDSFullAccess and AliyunBSSOrderAccess policies attached to your Resource Access Management (RAM) user — see Use RAM for resource authorization
Billing
Creating an instance charges you for the instance type and storage. Fees depend on the billing method, edition, instance type, storage class, and storage capacity.
To avoid unexpected charges after completing this tutorial, release pay-as-you-go instances you no longer need.
Step 1: Create an instance
Go to the ApsaraDB RDS instance creation page.
Select a Billing Method. > Tip: Start with Pay-as-you-go and convert to subscription once your requirements are finalized.
Billing method Best for Key benefit Pay-as-you-go Testing, short-term, or unpredictable workloads Billed hourly; release the instance at any time Subscription Long-term, stable workloads Lower cost; significant discounts for longer durations Select a Region.
ImportantThe region cannot be changed after the instance is created. Select the same region as your ECS instances to enable internal network connectivity and minimize latency.
- Internal network access requires the RDS instance and ECS instance to be in the same region and VPC. - To connect from an on-premises device, select the region geographically closest to you. Add a public endpoint later.
Select the Database Engine, Edition, and Storage Type. Database engine: Select Microsoft SQL Server. Supported versions: 2012, 2016, 2017, 2019, and 2022. Edition: Choose based on your availability and scalability needs. > Tip: Not sure which edition to pick? Use the High-availability Edition for production and the Basic Edition for development or testing. Storage type: Use Enterprise SSDs (ESSDs) for high performance — see Storage types. Enable Cloud Disk Encryption for enhanced data security — see Disk encryption.
Edition Architecture Best for Basic Edition Single-node; compute decoupled from storage; no read-only instances Dev/test or non-critical workloads. Longer recovery time during failures. High-availability Edition (Recommended) Primary + secondary with automatic failover; secondary is standby-only Production environments requiring HA. Covers ~80% of use cases. Cluster Edition (Recommended) Primary + readable secondary with automatic failover; supports 1–7 read-only instances Workloads requiring HA and read scaling. Configure network settings. The Network Type defaults to VPC.
VPC: Select the VPC where your application (ECS) resides. > Note: Instances must be in the same VPC to communicate over the internal network. They can reside in different vSwitches within that VPC.
Add to whitelist: Select Yes (recommended) to automatically add the VPC CIDR block to the RDS whitelist, enabling internal access from ECS instances in this VPC. > Note: If you select No, set the whitelist manually after the instance is created.
Select the zone, vSwitch, and Deployment Method.
Zone: A physical location within a region. Performance differences between zones in the same region are negligible. Placing your ECS and RDS instances in the same zone minimizes network latency, though cross-zone latency is negligible for most workloads.
vSwitch: A logical subnet within a VPC. Select an existing vSwitch or click Create vSwitch — see Create and manage a vSwitch.
Deployment method:
Multi-zone deployment (Recommended): Primary and secondary nodes in different zones. Configure zone and network settings for both nodes separately. Provides cross-zone disaster recovery.
Single-zone deployment: Both nodes in the same zone. Lower replication latency, but no cross-zone redundancy. Basic Edition supports single-zone deployment only.
If a zone is sold out, select a different zone.
Select an Instance Type.
Category: Availability varies by region and edition; the console shows only options available for your configuration.
Category Resources Best for General-purpose Dedicated memory and I/O; shared CPU and storage Balanced workloads requiring cost efficiency Dedicated CPU, memory, storage, and I/O all dedicated Production workloads requiring consistent, predictable performance. Not available for the Basic Edition. Shared Dedicated memory and storage; shared CPU Entry-level applications or development environments Instance type: Select a specific type by CPU cores, memory, maximum connections, and other specifications. For a full list, see Primary instance types.
Select a Storage Capacity in increments of 5 GB. This capacity covers data, system files, transaction logs, and temporary files.
Local SSD capacity is tied to the instance type. ESSDs and standard SSDs support independent capacity scaling.
(Subscription only) Set the Subscription Duration in the upper-right corner. Longer durations offer lower prices — hover over View Details next to Price for a breakdown.
(Optional) Configure additional parameters.
Parameter Description Port Custom database port. Default: 1433. Range: 1000–5999. Release Protection Pay-as-you-go only. Prevents accidental instance termination — see Enable or disable release protection. Resource Group Logical grouping for permission management and billing. Instance Name Custom name to identify the instance. Character Set Collation Rule Default: Chinese_PRC_CI_AS. Can be modified after creation. Tags Add tags for categorized management — see Filter instances by tag. Privileged Account The superuser account. Configure now or create it later. Each instance supports only one privileged account, and it cannot be deleted. In the upper-right corner, set the Quantity. The default is 1; you can purchase up to 20 instances at a time.
Review the order and click Confirm Order to complete the payment.
For subscription instances, check Enable Auto-renewal to prevent service interruptions at expiration. The auto-renewal cycle matches your purchase cycle — monthly or yearly. For details, see Renew an expired resource. To configure auto-renewal settings, see Auto-renewal.
Go to the Instances list and select the region you created the instance in. Provisioning typically takes 1–10 minutes. Refresh the page to check the status.
1. Quickly create an RDS SQL Server instance
This tutorial describes how to use the Quick Creation method to create an RDS SQL Server instance in the console. Unlike the Standard Creation method, the Quick Creation method lets you create an instance by configuring only the key parameters. This method is designed to help you get started quickly. For more information about how to configure other parameters when you create an instance, see Create an RDS SQL Server instance.
Go to the RDS Management Console and click Create Instance. The RDS instance purchase page opens.
At the top of the purchase page, select Quick Creation.
Select Billing Method. RDS for SQL Server offers two billing methods. The scenarios and features of each method are as follows:
Billing Method
Scenario
Benefits
Subscription
Long-term use of an ApsaraDB RDS for SQL Server instance.
The subscription billing method is more cost-effective than the pay-as-you-go billing method. The longer the subscription duration, the higher the discount.
Pay-as-you-go
Short-term use of an ApsaraDB RDS for SQL Server instance.
You can release the instance at any time to stop billing.
Alternatively, you can create a Pay-as-you-go instance. After you confirm that the instance meets your requirements, you can change the billing method from pay-as-you-go to subscription.
Select the Region in which to create the RDS instance.
ImportantYou cannot change the region after you purchase an RDS instance. Choose the region carefully.
If you have purchased an Elastic Compute Service (ECS) instance and want the ECS instance to connect to the RDS instance over an internal network, select the same region as the ECS instance. Otherwise, the ECS instance can access the RDS instance only over the public network, which prevents optimal performance.
If you want to connect to the RDS instance from a device other than an ECS instance, such as a local server or computer, create the RDS instance in a region close to that device to reduce network latency. You can then connect to the RDS instance using its public endpoint.
Select Engine. This tutorial demonstrates the steps using a SQL Server database.
Select an Instance Type.
RDS SQL Server offers a variety of instance types that you can select as needed. If an instance type does not meet your needs, you can change the configuration after the instance is created or select Standard Creation at the top of the page to create a custom instance. For more information, see Create an RDS SQL Server instance.
(Optional) If you set Billing Method to Subscription, specify a Subscription Duration in the upper-right corner of the page.
Alibaba Cloud provides lower prices for longer subscription durations. Move your pointer over View Details next to the Price field to see pricing details.
Set the network and vSwitch. The network type is set to Virtual Private Cloud (VPC) by default.
ImportantIf the VPC is the same but the vSwitch is different, the ECS instance and the RDS instance can still communicate over the internal network.
You cannot change the VPC after the instance is created. To connect to the RDS instance from an ECS instance over an internal network, make sure they are in the same region and use the same VPC.
(Optional) View additional configuration items. In Quick Creation mode, Alibaba Cloud automatically configures other parameters by default. You can click More Configurations (Optional) to view these settings.
Select the Quantity of instances. The Quick Creation feature lets you purchase up to 10 instances at a time. For this tutorial, the default value is 1.
(Optional) If you set the Billing Method to Subscription, you must also set the Duration.
You can also select Enable Auto-renewal to prevent service interruptions due to expiration.
Click Confirm Order and proceed to payment.
To view the instance, go to the Instance List page. At the top of the page, select the region where the instance is located and find the instance by its Creation Time.
Step 2: Create a database
Go to the ApsaraDB RDS instances list. Select the region, then click the instance ID.
In the left navigation pane, click Database Management, then click Create Database.
Set the database parameters. For this tutorial, set Database Name to
dbtestand Supported Character Set toChinese_PRC_CI_AS. Click Create.
The new database appears on the Database Management page, and is also visible after connecting to the instance.
Step 3: Create an account
On the instance details page, click Accounts in the left navigation pane.
Click Password Policy to set the password validity period and strengthen account security.
Shared instances do not support custom password policies. This restriction also applies to Serverless instances. Skip this step for those instance types.
Click Create Account. In the panel, fill in the account details.
Database Account: Enter
testuserfor this tutorial.Account Type: RDS for SQL Server supports Privileged Account, Standard Account, and Super Privileged Account. This tutorial uses a Privileged Account. For other types, see Account types and permissions. > Important: The first account on an instance must be a privileged account, and each instance supports only one. This account has read and write permissions for all databases on the instance. If creation fails, a privileged account may already exist — see Modify account permissions.
New Password and Confirm Password: Enter your password.
Apply the password policy from step 2 to this account.
An error occurs if the account name is a duplicate, or if you create accounts faster than the previous creation completes. Check for duplicate names or wait before retrying.
Click OK.
Refresh the Accounts page to confirm the privileged account appears.
Step 4: Configure secure access
Skip this step if you plan to connect using DMS — DMS does not require whitelist configuration. If you plan to connect using SSMS or a Java application, complete this step first.
Set an IP whitelist
On the instance details page, click Whitelist and SecGroup in the left navigation pane.
Click Create Whitelist, enter a Group Name, and add your application server's IP address.
Scenario IP to add How to obtain ACK cluster with Flannel plugin Node IP of the application pod View on the pod page of the target ACK cluster ACK cluster with Terway plugin Pod IP of the application View on the pod page of the target ACK cluster ECS instance (internal network access) Private IP of the ECS instance Go to the ECS console, select the region, and view the private IP address. 
ECS instance (no internal network access) Public IP of the ECS instance Go to the ECS console, select the region, and view the public IP address. On-premises device Public IP of the device Search for your IP using a search engine. > NoteThis method may return an inaccurate result. See other methods.
Click OK.
Refresh the Whitelist and SecGroup page to confirm the whitelist entry.
Get the connection endpoint
Depending on your setup, use the internal or public endpoint.
Internal network access requires both of the following conditions:
Your server is on Alibaba Cloud and is in the same region and same network type as the RDS instance.
If the network type is VPC, the server and RDS instance must share the same VPC ID.
| Scenario | Endpoint to use | How to obtain |
|---|---|---|
| Meets internal network access conditions | Internal endpoint | On the instance details page, click Database Connection in the left navigation pane to view the internal address and port.  > Note The public endpoint appears only after you click Enable Public Endpoint. |
| ECS instance without internal access, or on-premises device | Public endpoint | Click Enable Public Endpoint on the Database Connection page to generate a public endpoint. |
Step 5: Connect to the instance
Choose the connection method that fits your setup. If you're evaluating the service, DMS is the fastest way to get started — no whitelist setup required.
Method 1: Connect using DMS
Data Management (DMS) is Alibaba Cloud's one-stop data management platform. It provides database design, development, data integration, and governance features. DMS connects to an RDS instance without requiring an IP whitelist or a specific connection endpoint.
Go to the Instances page. Select the region, then click the instance ID.
Click Log On to Database to open the DMS login page.
In the Log on to Instance dialog, fill in the login details and click Log on.
Access Mode: Select Account and Password Logon.
Database Account: Enter
testuser.Database Password: Enter the password you set in step 3.
Control Mode: Select Flexible Management for this tutorial.
Flexible Management is free. Stable Change and Security Collaboration incur fees but offer more features and tighter database control — see Control modes.
After logging in, the
dbtestdatabase appears in the Logged-in Instances list on the left. Double-click another database to switch to it.If the database doesn't appear: - Missing permissions: Go to Accounts on the instance details page, find the account, and click Change Permissions to grant access. - Metadata not synced: Hover over the instance name and click the
refresh button to reload the database list.
Use the SQL Console to create tables, run queries, and manage your data. To verify the connection is working, run:
SELECT @@VERSION;The query returns the SQL Server version string, confirming a successful connection.
Method 2: Connect using SSMS
Microsoft SQL Server Management Studio (SSMS) is a graphical tool for managing SQL Server databases. This tutorial uses SSMS 19.0 as an example.
Download the latest SSMS version to support all SQL Server versions.
Complete step 4 before proceeding — SSMS requires an IP whitelist entry and a connection endpoint.
Open SSMS.
Click Connect > Database Engine.
Enter the connection details in the Connect to Server dialog.
Parameter Value for this tutorial Description Server name rm-2ze****.rds.aliyuncs.com,1433The instance endpoint and port, separated by a comma. Use the public or internal endpoint obtained in step 4. Authentication SQL Server Authentication Login name testuserPassword Your account password Click Connect. After a successful connection, the instance and its databases appear in the Object Explorer on the left. To verify the connection, run the following query in a new query window:
SELECT @@VERSION;The query returns the SQL Server version string, confirming a successful connection.
Method 3: Connect using Java (JDBC)
All examples use the Microsoft JDBC driver to connect from a Java application to an ApsaraDB RDS for SQL Server instance.
Complete step 4 before proceeding — add the IP address of your application's runtime environment (ECS instance or on-premises device) to the whitelist. See Set a whitelist.
1. Add the Microsoft JDBC driver.
Option A: Maven dependency (recommended)
Add the following to your pom.xml:
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>12.2.0.jre8</version> <!-- Check for the latest version -->
</dependency>Match the driver version to your Java version — for example, mssql-jdbc-12.2.0.jre8.jar requires Java 8 or later. For version history, see the Maven Central repository.After adding the dependency, sync your Maven project to download it automatically.
Option B: Manual JAR
Download the driver that matches your Java version from Microsoft JDBC Driver for SQL Server.
After downloading and extracting the archive, add the JAR file (such as
sqljdbc4.jarorsqljdbc.jar) to your project's classpath. The following screenshots use IntelliJ IDEA as an example:
2. Connect to the database.
Replace the placeholder values with your actual endpoint and database name. Store credentials in environment variables rather than hardcoding them. For how to find the endpoint, see View or change the endpoint and port number.
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class SqlServerConnection {
public static void main(String[] args) {
// Use the internal endpoint if the application runs on ECS in the same VPC.
// Use the public endpoint for on-premises or external environments.
String url = "jdbc:sqlserver://rm-2vc367d081200******.mssql.cn-chengdu.rds.aliyuncs.com:1433;"
+ "database=<your-database-name>;"
+ "encrypt=true;"
+ "trustServerCertificate=true;"
+ "loginTimeout=30;";
// Read credentials from environment variables to avoid hardcoding sensitive values.
String username = System.getenv("RDS_USERNAME");
String password = System.getenv("RDS_PASSWORD");
Connection connection = null;
try {
// Load the JDBC driver.
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
// Connect to the instance.
connection = DriverManager.getConnection(url, username, password);
System.out.println("Connection successful!");
// Run a test query to verify the connection.
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery("SELECT @@VERSION");
if (resultSet.next()) {
System.out.println("SQL Server version: " + resultSet.getString(1));
}
resultSet.close();
statement.close();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}3. Run the code.
Before running, set the environment variables:
export RDS_USERNAME=testuser
export RDS_PASSWORD=<your-password>Save the file as SqlServerConnection.java, then compile and run it from the command line or your IDE. A successful connection produces output similar to:
What's next
Appendix: Quick start video guide
FAQ
How do I view the total number of RDS instances in my account?
Log in to the ApsaraDB RDS console and go to the Overview page. It shows the total instance count by database engine, the regions where your instances are deployed, and how many are running in each region.
After creating an instance, why can't I find it in the console?
The most common reason is that you're looking in the wrong region — check the region selector in the top navigation bar and switch to the region where you created the instance.
If the region is correct, the instance may have failed to provision. This usually happens when the selected zone lacks sufficient resources. Go to the Orders page in the Billing Management console to check if a refund was issued, then try again in a different zone.
Another possibility: if your account uses a RAM policy that blocks unencrypted instance creation, the instance cannot be created if you use local disks (which don't support cloud disk encryption) or if you use cloud disks without enabling encryption. To resolve this, select a standard SSD or ESSD storage type, enable Cloud Disk Encryption, configure the key, and try again — see Use RAM policies to manage RDS permissions.