• Relational Database Service

  1. Help Center
  2. Relational Database Service
  3. User Guide
  4. Working with RDS for Microsoft SQL Server
  5. Configuring Database Security

Configuring Database Security

Password Strength Requirements

Microsoft SQL Server supports disabling of the database password complexity check. However, to ensure database security, you are advised not to disable it.

  • For strength requirements for the RDS console database password, see the database configuration table in Table 4.
  • RDS has a password security policy for database users. You are advised to enable this policy. Passwords must:
    • Consist of 8 to 128 characters.
    • Contain at least three types of the following: uppercase letters, lowercase letters, digits, and special characters.
    • Not contain the username.

When you create DB instances, your password strength is checked. You can modify the password strength as user rdsuser. For security reasons, you are advised to use a password that is at least as strong as the default one.

Account Description

To provide management services for Microsoft DB instances, the following system accounts are created when you create Microsoft DB instances.

Attempting to delete, rename, change passwords for, or change privileges for these accounts will result in an error.

  • rdsadmin: indicates the super administrator of DB instances. The account has the sysadmin service role and is used to query and modify DB instance information, rectify faults, migrate data, and restore data.
  • rdsmirror: indicates the primary/standby replication account, which is used to create mirroring endpoints.
  • rdsbackup: indicates the backup account, which is used for background backup.
  • Mike: indicates the Windows system account of SQL Server. It is used to initialize SQL statements during the DB instance initialization, including creating the rdsadmin database and related accounts.