Aurora utilizes a variety of proxy accounts to interact with storage, IIS, and Directory Services. These accounts' passwords are lengthy, randomly-generated, and secured by Aurora's configuration utilities, and are automatically regenerated each time the Engine's configuration utility is run.
As such, it's important that any password policy applied to these service accounts adhere to the following guidelines:
- No minimum password age. The Engine password might be changed several times in a short period if the Engine configuration utility is run several times (as might happen during initial setup or when troubleshooting an issue.) Minimum password ages will cause errors in that scenario.
- Strong complexity requirements. Aurora's proxy account passwords are generated in such a way that strict password complexity accounts should always be met.