Enables transparent data encryption (TDE) for an ApsaraDB for Redis instance. You can specify a custom key.

Note For more information about TDE and the impact of TDE, see Enable TDE.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyInstanceTDE

The operation that you want to perform. Set the value to ModifyInstanceTDE.

InstanceId String Yes r-bp1zxszhcgatnx****

The ID of the ApsaraDB for Redis instance. You can call the DescribeInstances operation to query instance IDs.

TDEStatus String Yes Enabled

Specifies whether to enable TDE. Set the value to Enabled.

Note TDE cannot be disabled after it is enabled. Before you enable it, evaluate whether this feature affects your business. For more information, see Enable TDE.
RegionId String No cn-hangzhou

The region ID of the instance. You can call the DescribeInstanceAttribute operation to query the region ID of the instance.

EncryptionName String No AES-CTR-256

The encryption algorithm. Default value: AES-CTR-256.

Note This parameter takes effect only if the TDEStatus parameter is set to Enabled.
EncryptionKey String No ad463061-992d-4195-8a94-ed63********

The ID of the custom key. You can call the DescribeEncryptionKeyList operation to query key IDs.

Note
RoleArn String No acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole

The Alibaba Cloud Resource Name (ARN) of the RAM role that you want to attach to your ApsaraDB for Redis instance. The ARN must be in the format of acs:ram::$accountID:role/$roleName. After the role is attached, your ApsaraDB for Redis instance can use KMS.

Note
  • $accountID: the ID of the Alibaba Cloud account. To view the account ID, log on to the Alibaba Cloud console, move the pointer over your profile picture in the upper-right corner of the page, and then click Security Settings.
  • $roleName: the name of the RAM role. Replace $roleName with AliyunRdsInstanceEncryptionDefaultRole.

Response parameters

Parameter Type Example Description
RequestId String 5D622714-AEDD-4609-9167-F5DDD3D1****

The ID of the request.

Examples

Sample requests

http(s)://r-kvstore.aliyuncs.com/?Action=ModifyInstanceTDE
&InstanceId=r-bp1zxszhcgatnx****
&TDEStatus=Enabled
&<Common request parameters>

Sample success responses

XML format

<ModifyInstanceTDEResponse>
      <RequestId>5D622714-AEDD-4609-9167-F5DDD3D1****</RequestId>
</ModifyInstanceTDEResponse>

JSON format

null

Error codes

For a list of error codes, visit the API Error Center.