All Products
Search
Document Center

PolarDB:ModifyDBClusterTDE

Last Updated:Mar 01, 2024

Enables the TDE feature or changes the encryption method for a specified PolarDB for MySQL cluster.

Operation description

Note
  • To perform this operation, you must activate KMS first. For more information, see Purchase a dedicated KMS instance.
  • After TDE is enabled, you cannot disable TDE.
  • Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

    Authorization information

    The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

    • Operation: the value that you can use in the Action element to specify the operation on a resource.
    • Access level: the access level of each operation. The levels are read, write, and list.
    • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
      • The required resource types are displayed in bold characters.
      • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
    • Condition Key: the condition key that is defined by the cloud service.
    • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
    OperationAccess levelResource typeCondition keyAssociated operation
    polardb:ModifyDBClusterTDEWRITE
    • DBCluster
      acs:polardb:{#regionId}:{#accountId}:dbcluster/{#DbClusterId}
      none
    none

    Request parameters

    ParameterTypeRequiredDescriptionExample
    DBClusterIdstringYes

    The ID of the cluster.

    pc-************
    TDEStatusstringYes

    Modifies the TDE status. Set the value to Enable.

    Enable
    RoleArnstringNo

    The Alibaba Cloud Resource Name (ARN) of the RAM role. A RAM role is a virtual identity that you can create within your Alibaba Cloud account. For more information, see RAM role overview.

    acs:ram::1406926*****:role/aliyunrdsinstanceencryptiondefaultrole
    EncryptionKeystringNo

    The ID of the custom key.

    749c1df7-****-****-****-*********
    EncryptNewTablesstringNo

    Specifies whether to enable automatic encryption for new tables. Valid values:

    • ON
    • OFF
    ON

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The ID of the request.

    5F859238-2A36-4A8D-BD0F-732112******

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "5F859238-2A36-4A8D-BD0F-732112******"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidTDEStatus.AlreadyEnabledTDE has already enabled in the this cluster.TDE is already enabled for the cluster.
    400InvalidDBType.MalformedThe Specified DBType is not valid.The specified database type is invalid.
    403UnsupportedKmsService.NotEnabledKMS service is not enabled.Key Management Service is not enabled.
    403OperationDenied.DBNodeTypeThe operation is not permitted due to type of node.The specified node type does not support this operation.
    403IncorrectGdnStatedb instance %s status is not available:%s.The %s status is invalid: %s.
    404InvalidDBCluster.NotFoundThe DBClusterId provided does not exist in our records.The specified DBClusterId parameter does not exist in the current record.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2023-09-12The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 400 change
      Error Codes 404 change
      delete Error Codes: 403
    2022-09-28The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 403 change
      delete Error Codes: 400
      delete Error Codes: 404
    2021-06-15The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 400 change
      delete Error Codes: 403
      delete Error Codes: 404