You can call this operation to modify the TDE status of an MongoDB instance.

Transparent data encryption (TDE) can be used to perform real-time I/O encryption and decryption on data files. Data is encrypted before being written to disks, and decrypted before being read from disks to the memory. For more information, see Configure TDE.

Note After TDE is enabled, it cannot be disabled.

Before you call this operation, make sure that the following requirements are met:

  • A replica set or sharded cluster instance is used.
  • The storage engine of the instance is WiredTiger.
  • The database version of the instance is 4.0 or 4.2. If the database version of the instance is earlier than 4.0, you can call UpgradeDBInstanceEngineVersion to upgrade the database engine.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String No ModifyDBInstanceTDE

The operation that you want to perform. Set the value to ModifyDBInstanceTDE.

DBInstanceId String Yes dds-bpxxxxxxxx

The ID of the instance.

TDEStatus String Yes enabled

The TDE status. Set the value to Enabled.

Note Exercise caution when enabling TDE. After TDE is enabled, it cannot be disabled.
EncryptorName String No aes-256-cbc

The encryption method. Valid values: aes-256-cbc.

Note This parameter is valid only when you specify the TEDStatus parameter to enabled.
EncryptionKey String No 749 c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The ID of the custom key.

RoleARN String No acs:ram::123456789012****:role/adminrole

The Alibaba Cloud Resource Name (ARN) of the RAM role. Format: acs:ram::$accountID:role/$roleName.

  • $accountID: your cloud account ID. To view the account ID, log on to the Alibaba Cloud Console, move your pointer over your profile picture in the upper-right corner, and then click security settings.
  • $roleName: the name of the RAM role. To view the role name, log on to the RAM console, and click RAM roles in the left-side navigation pane.

Response parameters

Parameter Type Example Description
RequestId String 434D7127-6229-4355-BA50-7A3685A725DF

The ID of the request.


Sample requests

http(s):// Action=ModifyDBInstanceTDE
&<Common request parameters>

Sample success responses

XML format


JSON format

    "RequestId": "434D7127-6229-4355-BA50-7A3685A725DF"

Error codes

HTTP status code Error code Error message Description
403 IncorrectDBInstanceState Current DB instance state does not support this operation. The error message returned because the operation is not supported while the instance is in its current state. Check whether the specified parameters are correct.
403 IncorrectDBInstanceLockMode Current DB instance lock mode does not support this operation. The error message returned because the instance is locked.

For more information about error codes, visit API Error Center.