This topic describes how to configure disk encryption for an ApsaraDB RDS for MySQL instance equipped with standard or enhanced SSDs. The disk encryption feature encrypts the data on each disk of your RDS instance by using block storage. This way, your data cannot be cracked even if it is leaked.

For more information about disk encryption in other database engines, see the following topics:

Prerequisites

  • Your RDS instance is being created. Disk encryption cannot be enabled after your RDS instance is created. For more information, see Create an ApsaraDB RDS MySQL instance.
  • The Standard SSD or Enhanced SSD storage type is selected for your RDS instance. For more information, see Storage types.
  • The High-availability Edition is selected for your RDS instance. For more information, see ApsaraDB for RDS edition overview.
  • Your RDS instance resides in one of the following regions:
    • China (Hangzhou)
    • China (Shanghai)
    • China (Hong Kong)
    • Malaysia (Kuala Lumpur)
    • Germany (Frankfurt)

Billing

The disk encryption feature is free of charge. You do not need to pay additional fees for the read or write operations you perform on encrypted disks.

Precautions

  • Disk encryption cannot be disabled after you enable it.
  • After you enable disk encryption for your RDS instance, both the snapshots generated by that RDS instance and the new RDS instances created from those snapshots are automatically encrypted.
  • Disk encryption does not interrupt your business and you do not need to modify your application.

Procedure

Create an ApsaraDB RDS MySQL instance with the Standard SSD or Enhanced SSD storage type and the Disk Encryption option selected. Then, select a key used for data encryption.

Note For more information, see Manage CMKs.