Queries whether your Alibaba Cloud account is authorized to use Key Management Service (KMS) for a PolarDB-X instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CheckCloudResourceAuthorized

The operation that you want to perform. Set the value to CheckCloudResourceAuthorized.

RegionId String Yes cn-hangzhou

The region ID of the instance.

DBInstanceName String Yes pxc-********

The ID of the instance.

RoleArn String Yes acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole

The Alibaba Cloud Resource Name (ARN) of the Resource Access Management (RAM) role that you want to assign to your account. Specify the ARN in the format of acs:ram::$accountID:role/$roleName. After the RAM role is assigned, you can use KMS for your PolarDB-X instance.

  • $accountID: the ID of the Alibaba Cloud account. To view the account ID, you can log on to the Alibaba Cloud Management Console, move the pointer over your profile picture in the upper-right corner of the page, and then click Security Settings.
  • $roleName: the name of the RAM role. Set the value to AliyunRdsInstanceEncryptionDefaultRole.

Response parameters

Parameter Type Example Description
RequestId String A501A191-BD70-5E50-98A9-C2A486A82****

The ID of the request.

Data Object

The returned data.

AuthorizationState String 0

The authorization state of your account. Valid values:

  • 0: Your account is not authorized to use KMS.
  • 1: Your account is authorized to use KMS.
  • 2: KMS is not activated for your account.
RoleArn String acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole

The ARN of the RAM role that is assigned to your account. The ARN is in the format of acs:ram::$accountID:role/$roleName. After the RAM role is assigned, you can use KMS for the PolarDB-X instance.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CheckCloudResourceAuthorized
&RegionId=cn-hangzhou
&DBInstanceName=pxc-********
&RoleArn=acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CheckCloudResourceAuthorizedResponse>
    <RequestId>A501A191-BD70-5E50-98A9-C2A486A82****</RequestId>
    <Data>
        <AuthorizationState>0</AuthorizationState>
        <RoleArn>acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole</RoleArn>
    </Data>
</CheckCloudResourceAuthorizedResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "A501A191-BD70-5E50-98A9-C2A486A82****",
  "Data" : {
    "AuthorizationState" : "0",
    "RoleArn" : "acs:ram::123456789012****:role/AliyunRdsInstanceEncryptionDefaultRole"
  }
}

Error codes

HttpCode Error code Error message Description
403 IncorrectEngineVersion The current engine version does not support the operation. The error message returned because the engine version of the specified PolarDB-X instance does not support this operation.

For a list of error codes, visit the API Error Center.