Data Management (DMS) provides the secure access proxy feature to better ensure data security when you access database instances. The secure access proxy feature generates proxy endpoints for database instances. You can use the proxy endpoints to access the database instances in a secure manner over the MySQL or HTTPS protocol. You can also use commands, an SQL client, or program code to access the database instances.
Prerequisites
DMS is deployed in the Singapore or Indonesia (Jakarta) region. For more information about how to view the region where DMS is deployed, see Switch regions.
The database instance is located in the region where DMS is deployed.
NoteTo view the region where a database instance resides, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home tab.
The database instance is of one of the following types:
MySQL: ApsaraDB RDS for MySQL, PolarDB for MySQL, ApsaraDB MyBase for MySQL, PolarDB for Xscale (PolarDB-X), AnalyticDB for MySQL, and MySQL databases from other sources
MariaDB: ApsaraDB RDS for MariaDB and MariaDB databases from other sources
You are a DMS administrator or database administrator (DBA). For more information about how to view the role of a user, see View system roles.
Overview
The secure access proxy feature reuses security rules, data permissions, and sensitive fields in DMS. This feature provides comprehensive security management, access control, data masking, and operation audit capabilities for enterprise databases.
Procedure
- Log on to the DMS console V5.0.
In the left-side instance list on the Home tab, right-click the instance that you want to manage and select Secure Access Proxy.
NoteIf you use the DMS console in simple mode, click Database Instances on the left side of the page. In the instance list that appears, right-click the instance that you want to manage, and select Secure Access Proxy.
On the Secure Access Proxy/Details page, click Enable Secure Access Proxy.
In the Enable Secure Access Proxy dialog box, configure the Database Account and Database Password parameters and click Next Step.
In the Secure Access Proxy - Authorize dialog box, specify the users to be authorized, whether to use a custom database account, and the security policy. Authorized users can use the credentials generated by the secure access proxy feature to access the database instance. For more information, see Authorize users to access a database instance by using proxy endpoints.
Click Confirm.
The following figure shows the Secure Access Proxy/Details page after the secure access proxy feature is enabled.
Related topics
After the secure access proxy feature is enabled for a database instance, you can perform the following operations on the database instance on the Secure Access Proxy/Details page:
Access the database instance. For more information, see Access a database instance over the MySQL protocol and Access a database instance over HTTPS.
Disable the secure access proxy feature for the database instance: In the upper-left corner of the Secure Access Proxy/Details page, click Disable Secure Access Proxy.
Enable access from the Internet: You may want to allow local programs or programs that do not reside in the same virtual private cloud (VPC) as the database instance to access the database instance. In this case, click Enable next to Public Endpoint in the Basic Information section of the Secure Access Proxy/Details page to obtain the public proxy endpoints.
Change the database account that is used to log on to the database instance: Click the Edit icon next to Database Account to change the database account.
You can also call API operations to enable or disable the secure access proxy feature for a database instance. For more information, see the following topics: