Database Account Security
Setting the Account Password Complexity
RDS has a password security policy for user-created database accounts. Passwords must:
- Consist of at least eight characters.
- Contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
When you are creating a DB instance, the password strength is checked. You can modify the password strength as user root. For security reasons, you are advised to use a password that is at least as strong as the default password.
Account Description
To provide O&M services, the system automatically creates system accounts when you create RDS for MySQL DB instances. These system accounts are unavailable to you.
Notice
Attempting to delete, rename, and change passwords or permissions for these accounts will result in an error. Exercise caution when performing these operations.
- rdsAdmin: the management account, which has the superuser permissions and is used to query and modify DB instance information, rectify faults, migrate data, and restore data.
- rdsRepl: the replication account, which is used to synchronize data from primary DB instances to standby DB instances or read replicas.
- rdsBackup: the backup account, which is used for backend backup.
- rdsMetric: the metric monitoring account, which is used by watchdog to collect database status data.
- rdsProxy: the proxy account, which is automatically created when read/write splitting is enabled and is used for authentication when a database is connected through a read/write splitting address.
Parent topic: Security and Encryption
- Setting the Account Password Complexity
- Account Description