All Products
Search
Document Center

PolarDB:ModifyDBClusterTDE

更新時間:Oct 17, 2024

Enables the transparent data encryption (TDE) feature for a PolarDB cluster.

Operation description

Note
  • To perform this operation, you must activate KMS first. For more information, see Purchase a dedicated KMS instance.
  • After TDE is enabled, you cannot disable TDE.
  • Debugging

    You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

    Authorization information

    The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

    • Operation: the value that you can use in the Action element to specify the operation on a resource.
    • Access level: the access level of each operation. The levels are read, write, and list.
    • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
      • The required resource types are displayed in bold characters.
      • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
    • Condition Key: the condition key that is defined by the cloud service.
    • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
    OperationAccess levelResource typeCondition keyAssociated operation
    polardb:ModifyDBClusterTDEupdate
    • DBCluster
      acs:polardb:{#regionId}:{#accountId}:dbcluster/{#DbClusterId}
      none
    none

    Request parameters

    ParameterTypeRequiredDescriptionExample
    DBClusterIdstringYes

    The ID of the cluster.

    pc-************
    TDEStatusstringYes

    Modifies the TDE status. Set the value to Enable.

    Enable
    RoleArnstringNo

    The Alibaba Cloud Resource Name (ARN) of the RAM role. A RAM role is a virtual identity that you can create within your Alibaba Cloud account. For more information, see RAM role overview.

    acs:ram::1406926*****:role/aliyunrdsinstanceencryptiondefaultrole
    EncryptionKeystringNo

    The ID of the custom key.

    749c1df7-****-****-****-*********
    EncryptNewTablesstringNo

    Specifies whether to enable automatic encryption for new tables. Valid values:

    • ON
    • OFF
    Note This parameter takes effect only for a PolarDB for MySQL cluster.
    ON
    EnableAutomaticRotationstringNo

    Specifies whether to allow the TDE key of the cluster to be automatically rotated within the next maintenance window after a lapse of the rotation period when a change in the KMS key version is detected. This parameter is supported only for custom keys. Valid values:

    • true
    • false
    Note This parameter is supported only for a PolarDB for PostgreSQL or PolarDB for PostgreSQL (Compatible with Oracle) cluster.
    false

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The ID of the request.

    5F859238-2A36-4A8D-BD0F-732112******

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "5F859238-2A36-4A8D-BD0F-732112******"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidTDEStatus.AlreadyEnabledTDE has already enabled in the this cluster.TDE is already enabled for the cluster.
    400InvalidDBType.MalformedThe Specified DBType is not valid.The specified database type is invalid.
    400InvalidTDEEnabledType.MalformedThe specified parameter TDEStatus is not valid.The specified TDEStatus parameter is invalid.
    400InvalidAutoTableTransparentEncryption.MalformedThe specified AutoTableTransparentEncryption is not valid.The specified AutoTableTransparentEncryption parameter is invalid.
    403UnsupportedKmsService.NotEnabledKMS service is not enabled.Key Management Service is not enabled.
    403OperationDenied.DBNodeTypeThe operation is not permitted due to type of node.The specified node type does not support this operation.
    403IncorrectGdnStatedb instance %s status is not available:%s.The %s status is invalid: %s.
    404InvalidDBCluster.NotFoundThe DBClusterId provided does not exist in our records.The specified DBClusterId parameter does not exist in the current record.
    404InvalidDBClusterId.MalformedThe specified parameter DBClusterId is not valid.The specified DBClusterId parameter is invalid.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2023-09-12The Error code has changedView Change Details
    2022-09-28The Error code has changedView Change Details
    2021-06-15The Error code has changedView Change Details