Relational Database ServiceRelational Database Service

Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Cloud Certificate Manager
Anti-DDoS Service
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain Service
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Cloud Communications
Message & SMS
Cloud Ecosystem
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
Intelligent EdgeFabric
SDK Developer Guide
API Request Signing Guide
Koo Command Line Interface
Updated at: Apr 02, 2022 GMT+08:00

Database Account Security

Setting the Account Password Complexity

For information about the database password strength requirements on the RDS console, see the database configuration table in Buying a DB Instance.

RDS has a password security policy for user-created database accounts. Passwords must:
  • Consist of at least eight characters.
  • Contain at least one uppercase letter, one lowercase letter, one digit, and one special character.

When you are creating a DB instance, the password strength is checked. You can modify the password strength as user root. For security reasons, you are advised to use a password that is at least as strong as the default password.

Account Description

To provide O&M services, the system automatically creates system accounts when you create RDS for MySQL DB instances. These system accounts are unavailable to you.

Attempting to delete, rename, and change passwords or permissions for these accounts will result in an error. Exercise caution when performing these operations.

  • rdsAdmin: the management account, which has the superuser permissions and is used to query and modify DB instance information, rectify faults, migrate data, and restore data.
  • rdsRepl: the replication account, which is used to synchronize data from primary DB instances to standby DB instances or read replicas.
  • rdsBackup: the backup account, which is used for backend backup.
  • rdsMetric: the metric monitoring account, which is used by watchdog to collect database status data.
  • rdsProxy: the proxy account, which is automatically created when read/write splitting is enabled and is used for authentication when a database is connected through a read/write splitting address.

Setting Password Complexity

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click in the upper left corner of the page and choose Database > Relational Database Service. The RDS console is displayed.
  4. On the Instance Management page, click the DB instance to navigate to the Basic Information page.

    Passwords must:

    • Consist of at least eight characters.
    • Contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
    • Must be different from the user name.

  5. In the navigation pane on the left, choose Parameters. On the displayed page, modify parameters as required.

    • validate_password_length: Set this parameter to 8.
    • validate_password_mixed_case_count: Set this parameter to 1.
    • validate_password_number_count: Set this parameter to 1.
    • validate_password_special_char_count: Set this parameter to 1.
    • validate_password_policy: Set this parameter to MEDIUM.
    Check the value in the Effective upon Reboot column.
    • If the value is Yes and the DB instance status on the Instance Management page is Parameter change. Pending reboot, a reboot is required for the modifications to take effect.
      • If you have modified parameters of a primary DB instance, you need to reboot the primary DB instance for the modifications to take effect. (For primary/standby DB instances, the parameter modifications are also applied to the standby DB instance.)
      • If you have modified parameters of a read replica, you need to reboot the read replica for the modifications to take effect.
    • If the value is No, the modifications take effect immediately.
    • To save the modifications, click Save.
    • To cancel the modifications, click Cancel.
    • To preview the modifications, click Preview.

    After parameters are modified, you can click Change History to view parameter modification details.

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel