• Relational Database Service

  1. Help Center
  2. Relational Database Service
  3. User Guide
  4. Working with RDS for PostgreSQL
  5. Configuring Database Security

Configuring Database Security

Password Strength Requirements

  • For strength requirements for the RDS console database password, see the database configuration table in Table 4.
  • RDS has a password security policy for newly created database users. Passwords must:
    • Consist of at least eight characters.
    • Contain letters, digits, and special characters.
    • Not contain the username.

Strengthening Security During User Creation

When you run CREATE USER or CREATE ROLE, you are advised to specify a password expiration time with the VALID UNTIL 'timestamp' parameter (timestamp indicates the expiration time).

Account Description

To provide management services for PostgreSQL DB instances, the following accounts are created when you create PostgreSQL DB instances.

Attempting to delete, rename, and change passwords or permissions for these accounts will result in an error.

  • rdsAdmin: indicates the management account, which has the highest superuser permission and is used to query and modify DB instance information, rectify faults, migrate data, and restore data.
  • rdsRepl: indicates the replication account, which is used to synchronize data from primary DB instances to standby DB instances or read replicas.
  • rdsBackup: indicates the backup account, which is used for background backup.
  • rdsMetric: indicates the metering account, which is used by watchdog to collect database status data.