Configure password policies for the accounts of an ApsaraDB RDS for SQL Server instance - ApsaraDB RDS

An account password policy is configured on your server running the Windows operating system to manage account passwords. ApsaraDB RDS for SQL Server allows you to configure a password policy for an account of your ApsaraDB RDS for SQL Server instance to manage the password age in a fine-grained manner. This helps improve the account security.

Prerequisites

The RDS instance meets the following requirements:

The RDS instance uses a general-purpose or dedicated instance type. Shared instance types are not supported. For more information, see Instance families.
The RDS instance uses the subscription or pay-as-you-go billing method. Serverless RDS instances are not supported. For more information, see Serverless ApsaraDB RDS for SQL Server instances.
The RDS instance does not run SQL Server 2008 R2.

Usage notes

When you create an account and apply the password policy that you configured for the account, the password cannot contain the username of the account. For example, if the username is Test240903, you cannot set the password to Test240903abc.

Step 1: Configure a password policy

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Accounts.

On the page that appears, click Account Password Policy. In the dialog box that appears, configure the parameters, select a policy, and then click OK.

You can configure one or both of the Maximum password age usage time and Minimum password usage time parameters.

Parameter	Description	Valid value (Unit: days)
Maximum password usage time	The period of time that a password can be used before the password must be changed.	0 to 999
Minimum password usage time	The period of time that a password must be used before the password can be changed. Note The value of this parameter cannot be greater than the value of the Maximum password usage time parameter.	0 to 998

Example

If you want to reset a password every 90 days and use a password for at least 30 days after password change, you can set the Maximum password usage time parameter to 90 and the Minimum password usage time parameter to 30.

Step 2: Apply a password policy

During the account creation

You can apply a password policy to a standard, privileged, or system admin account when you create the account. For more information, see Create a privileged account or a standard account and Create a system admin account.

After the account creation

After an account is created, you can choose Accounts > User Account to apply the password policy to the required account.

References

You can call an API operation to configure a password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountSecurityPolicy.
You can call an API operation to modify the password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountCheckPolicy.
You can call an API operation to create an account for an ApsaraDB RDS for SQL Server instance and apply a password policy to the account. For more information, see CreateAccount.