You can call this operation to check whether KMS keys are authorized to ApsaraDB for MongoDB instances.

Before enabling Transparent Data Encryption (TDE) by calling the ModifyDBInstanceTDE operation, you can call this operation to check whether KMS keys are authorized to ApsaraDB for MongoDB instances.

Note TDE cannot be enabled if KMS keys are not authorized to ApsaraDB for MongoDB instances. You can submit a ticket to modify the authorization information.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
DBInstanceId String Yes dds-bpxxxxxxxx

The ID of the instance.
TargetRegionId String Yes cn-hangzhou

The region ID of the instance. You can call the DescribeDBInstanceAttribute operation to query the region ID of the instance.

Action String No CheckCloudResourceAuthorized

The operation that you want to perform. Set the value to CheckCloudResourceAuthorized.

AccessKeyId String No LTAIgbTGpxxxxxx

The AccessKey ID provided to you by Alibaba Cloud.

Response parameters

Parameter Type Example Description
RequestId String A0181AC4-F186-46ED-87CA-100C70B86729

The ID of the request.
AuthorizationState Integer 1

Indicates whether KMS keys are authorized to ApsaraDB for MongoDB instances. Valid values:

  • 0: not authorized
  • 1: authorized
  • 2: KMS not enabled
RoleArn String acs:ram::140xxxxxxxx:role/aliyunrdsinstanceencryptiondefaultrole

The role information of the authorized Alibaba Resource Name (ARN).

Note This parameter is returned only when the return value of the AuthorizationState parameter is 1.

Examples

Sample requests


http(s)://mongodb.aliyuncs.com/? Action=CheckCloudResourceAuthorized
&DBInstanceId=dds-bpxxxxxxxx
&TargetRegionId=cn-hangzhou
&<Common request parameters>

Sample success responses

XML format 

<RequestId>A0181AC4-F186-46ED-87CA-100C70B86729</RequestId>
<AuthorizationState>1</AuthorizationState>
<RoleArn>acs:ram::140xxxxxxxx:role/aliyunrdsinstanceencryptiondefaultrole</RoleArn>

JSON format 

{
	"RequestId":"A0181AC4-F186-46ED-87CA-100C70B86729",
	"AuthorizationState":1,
	"RoleArn":"acs:ram::140xxxxxxxx:role/aliyunrdsinstanceencryptiondefaultrole"
}

Error codes

For a list of error codes, visit the API Error Center.