Constraints

The following tables list the constraints designed to ensure the stability and security of RDS for PostgreSQL.

Specifications and Performance

**Table 1** Specifications
Item	Constraints	Description
Storage space	Cloud SSD: 40 GB to 4,000 GB Extreme SSD: 40 GB to 4,000 GB	-
Maximum connections	It depends on the value of max_connections.	For more information, see What Is the Maximum Number of Connections to an RDS DB Instance?
IOPS	Cloud SSD: a maximum of 50,000 Extreme SSD: a maximum of 128,000	The input/output operations per second (IOPS) supported depends on the I/O performance of Elastic Volume Service (EVS) disks. For details, see the description about ultra-high I/O and extreme SSDs in Disk Types and Performance of Elastic Volume Service Service Overview.

Quotas

**Table 2** Quotas
Item	Constraints	Description
Read replica	A maximum of five read replicas can be created for a DB instance.	For more information, see Introduction to Read Replicas.
Tags	A maximum of 20 tags can be added for a DB instance.	For more information, see Managing Tags.
Free backup space	RDS provides free backup space of the same size as your purchased storage space.	After you pay for the storage space of your DB instance, you will get a backup space of the same size for free. For more information, see How Is RDS Backup Data Billed?
Retention period of automated backups	The default value is 7 days. The value ranges from 1 to 732 days.	For more information, see Configuring a Same-Region Backup Policy.
Log query	Error log records: 2,000 Slow query log records: 2,000	For more information, see Log Management.

Naming

**Table 3** Naming
Item	Constraints
Instance name	4 to 64 characters long Must start with a letter. Only letters (case sensitive), digits, hyphens (-), and underscores (_) are allowed.
Database name	1 to 63 characters long Only letters, digits, and underscores (_) are allowed. It cannot start with pg or a digit, and must be different from RDS for PostgreSQL template database names. RDS for PostgreSQL template databases include postgres, template0, and template1.
Account name	1 to 63 characters long Only letters, digits, and underscores (_) are allowed. It cannot start with pg or a digit, and must be different from system usernames. System users include rdsAdmin, rdsMetric, rdsBackup, rdsRepl, rdsProxy, rdsDdm, and rdsDisaster. rdsAdmin: a management account with the highest permissions. It is used to query and modify instance information, rectify faults, migrate data, and restore data. rdsRepl: a replication account, used to synchronize data from the primary instance to the standby instance or read replicas. rdsBackup: a backup account, used for backend backup. rdsMetric: a metric monitoring account used by watchdog to collect database status data. rdsProxy: the proxy account, which is automatically created when read/write splitting is enabled and is used for authentication when a database is connected through a read/write splitting address. rdsDdm: a DDM account. rdsDisaster: a DR account, used to set up cross-region DR.
Backup name	4 to 64 characters long Must start with a letter. Only letters (case sensitive), digits, hyphens (-), and underscores (_) are allowed.
Parameter template name	1 to 64 characters long Only letters (case sensitive), digits, hyphens (-), underscores (_), and periods (.) are allowed.

Security

**Table 4** Security
Item	Constraints
root permissions	Only the root user is available on the instance creation page. RDS for PostgreSQL supports root privilege escalation in specific scenarios. For details, see Privileges of the Root User.
root password	8 to 32 characters long Must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters (~!@#%^*-_=+?,). For more information, see Resetting the Administrator Password to Restore Root Access.
Database port	2100 to 9500 For more information, see Changing a Database Port.
Disk encryption	If you enable disk encryption during instance creation, the disk encryption status and the key cannot be changed later. For more information, see Performing a Server-Side Encryption.
VPC	The VPC where a DB instance is located cannot be changed after the instance is created.
Security group	By default, you can create a maximum of 100 security groups in your cloud account. By default, you can add up to 50 security group rules to a security group. One RDS DB instance can be associated with multiple security groups, and one security group can be associated with multiple RDS DB instances. When creating a DB instance, you can select multiple security groups. For better network performance, you are advised to select no more than five security groups. For more information, see Changing a Security Group.
System account	To provide O&M services, the system automatically creates system accounts when you create RDS for PostgreSQL DB instances. These system accounts are unavailable to you. rdsAdmin: a management account with the highest permission. It is used to query and modify instance information, rectify faults, migrate data, and restore data. pg_execute_server_program: an account that allows executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program. pg_read_all_settings: an account that reads all configuration variables. pg_read_all_stats: an account that reads all pg_stat_* views and uses various extension-related statistics. pg_stat_scan_tables: an account that executes monitoring functions that may take ACCESS SHARE locks on tables, potentially for a long time. pg_signal_backend: an account that signals another backend to cancel a query or terminate its session. pg_read_server_files: an account that allows reading files from any location the database can access on the server with COPY and other file-access functions. pg_write_server_files: an account that allows writing to files in any location the database can access on the server with COPY and other file-access functions. pg_monitor: an account that reads and executes various monitoring views and functions. This role is a member of pg_read_all_settings, pg_read_all_stats, and pg_stat_scan_tables. rdsRepl: a replication account, used to synchronize data from the primary instance to the standby instance or read replicas. rdsBackup: a backup account, used for backend backup. rdsMetric: a metric monitoring account used by watchdog to collect database status data.
Instance parameter	To ensure the optimal performance of RDS, you can modify parameters in the parameter template you created as needed. For more information, see Suggestions on RDS for PostgreSQL Parameter Tuning.

Instance Operations

**Table 5** Instance operations
Item	Constraints
Instance deployment	ECSs where DB instances are deployed are not directly visible to you. You can only access the DB instances through IP addresses and database ports.
Data migration	You can migrate data from self-managed PostgreSQL databases, PostgreSQL databases built on other clouds, self-managed Oracle databases, RDS for MySQL, self-managed MySQL databases, or MySQL databases built on other clouds to RDS for PostgreSQL, or from one RDS for PostgreSQL instance to another RDS for PostgreSQL instance. Data migration tools include Data Replication Service (DRS), pg_dump, and Data Admin Service (DAS). You are advised to use DRS because it is easy to use and can complete a migration task in minutes. DRS facilitates data transfer between databases, helping you reduce DBA labor costs and hardware costs. For more information, see Migration Solution Overview.
Primary/Standby replication	RDS for PostgreSQL uses a primary/standby dual-node replication cluster. You do not need to set up replication additionally. The standby DB instance is not visible to you and therefore you cannot access it directly.
High CPU usage	If the CPU usage is high or close to 100%, data read/write and database access will become slow, and an error will be reported during data deletion. For details, see High CPU Usage of RDS for PostgreSQL DB Instances.
Rebooting a DB instance	DB instances cannot be rebooted through commands. They must be rebooted through the RDS console.
Stopping or starting a DB instance	You can temporarily stop pay-per-use instances to save money. For more information, see Stopping an Instance. After stopping your instance, you can restart it to begin using it again.
Viewing backups	You can download automated and manual backups for local storage. To download a backup, you can use OBS Browser+, the current browser, or the download URL. For more information, see Downloading a Full Backup File.
Log management	RDS for PostgreSQL logging is enabled by default and cannot be disabled.
Recycle bin	RDS allows you to move unsubscribed yearly/monthly DB instances and deleted pay-per-use DB instances to the recycle bin. You can rebuild a DB instance that was deleted up to 7 days ago from the recycle bin.

Privileges of the Root User

RDS for PostgreSQL provides permissions for the root user. To create objects on an RDS for PostgreSQL database without operation risks, escalate your account to root privileges when necessary.

The following table describes root privilege escalation in different versions.