All Products
Search
Document Center

ApsaraDB RDS:The cloud disk encryption feature of ApsaraDB RDS is adjusted from January 15, 2024.

Last Updated:Jul 03, 2024

Starting January 15, 2024, user-defined customer master keys (CMKs) that are used for cloud disk encryption are no longer provided when you create ApsaraDB RDS instances that run MySQL or PostgreSQL with cloud disks and use the general-purpose instance type.

Effective date

January 15, 2024

Involved instances

RDS instances that run MySQL and PostgreSQL

Description

The cloud disk encryption feature is adjusted for RDS instances that run MySQL and PostgreSQL with cloud disks.

  • If you create an RDS instance that uses the general-purpose instance type and cloud disks, you can select only the default service CMK to enable the cloud disk encryption feature for the RDS instance.

  • If you create an RDS instance that uses the dedicated instance type and cloud disks, you can select the default service CMK or a CMK to enable the cloud disk encryption feature for the RDS instance.

Note

The default service CMK is a service key managed by ApsaraDB RDS and is permanently valid.

Impacts

  • If an existing RDS instance uses the general-purpose instance type and uses a user-defined CMK for cloud disk encryption, the connections to the RDS instance and the operations such as data reads and writes, data migration, and storage capacity expansion on the RDS instance are not affected. However, if you want to change the specifications of the RDS instance, clone the RDS instance, or create read-only RDS instances for the RDS instance, you must upgrade the instance type of the RDS instance to a dedicated instance type. When you change the specifications of an RDS instance, you can change the storage type or instance type or reduce the storage capacity of the RDS instance.

  • If an existing RDS instance uses the dedicated instance type and a CMK for cloud disk encryption and you want to change the instance specifications, clone the RDS instance, or create read-only RDS instances, the new instance type of the instance can only be the dedicated instance type.

  • If you call the CreateDBInstance operation to create an RDS instance that uses the general-purpose instance type and cloud disks, you can set the EncryptionKey parameter only to a service key ID. You can also create an instance that uses a service key for cloud disk encryption by specifying the RoleARN parameter.

References