This topic describes how to access self-managed databases hosted on Elastic Compute Service (ECS) instances from Database Autonomy Service (DAS).
Prerequisites
- The following types of ECS-based self-managed databases can be accessed from DAS:
- MySQL
- PostgreSQL
- ApsaraDB for MongoDB
- RedisNote Only self-managed Redis databases that run Redis 6.0 or earlier versions can be accessed from DAS.
- The ECS instance on which the self-managed database you want to access is deployed belongs to the Alibaba Cloud account that you use to activate DAS.
Access methods
DAS allows you to access ECS-based self-managed databases by means of the following methods:
- Direct access: No DAS gateways (DBGateways) are deployed. You can access database instances after you enter your database account and password. This method is suitable for scenarios in which a small number of ECS instances are used and security groups need to be configured.
- Centralized-mode access: DAS gateways are deployed on at least one ECS instance to automatically discover database instances based on CIDR blocks. We recommend that you deploy DAS gateways on two or more ECS instances for disaster recovery. This method is suitable for scenarios in which the ECS instances are deployed in a virtual private cloud (VPC). If the ECS instances are deployed in the classic network, we recommend that you do not use this method.
- Host-mode access: DAS gateways are deployed on every ECS instance to automatically discover database instances. This method supports all DAS features, such as full SQL analysis, SQL response time, and security audit. For more information, see Features for three access methods.

Features for three access methods
The following table describes the DAS features that are supported by databases that are connected to DAS by using the preceding access methods. In this example, the features that DAS provides for MySQL databases are listed.
Feature | Direct access | Centralized-mode access | Host-mode access |
---|---|---|---|
Database monitoring metrics | Supported | Supported | Supported |
Real-time monitoring | Supported | Supported | Supported |
Real-time sessions | Supported | Supported | Supported |
Storage analysis | Supported | Supported | Supported |
SQL diagnostics | Supported | Supported | Supported |
Slow request analysis | Supported only when slow query logs are stored in tables | Supported only when slow query logs are stored in tables | Supported |
Host monitoring metrics | Not supported | Not supported | Supported |
Full request analysis | Not supported | Not supported | Supported |
SQL response time | Not supported | Not supported | Supported |
Security audit | Not supported | Not supported | Supported |
Direct access
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instances on ECS.
- Click Method 1: Direct Access.
- Select the region in which the ECS instances are deployed.
- Find a security group and select Private Network in the Add DAS access rules column. Then, click Save. Note
- DAS automatically adds the IP address of the DAS server in the specified region to the security rules of the ECS instance. For more information about the IP addresses of DAS servers in different regions, see IP addresses of DAS servers.
- You must add the IP address of a DAS server to the private network of at least one security group.
- Select the ECS instances that you want to access from DAS and then click Next.
- Configure the parameters described in the following table.
Parameter Description Select Engine Select the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis. Port Specify the port that is used to access the database. Database Account Enter an account used to log on to the database. Password Enter a password used to log on to the database. NoteThe database account must be granted the required permissions. For more information, see Permissions.- If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
- If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
- Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
- Unauthorized: No account or password is specified.
- Connection Failed: Errors such as network failure or instance downtime occur.
- Authentication Failed: The database account or password is invalid.
- Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
- Click OK.
Centralized-mode access
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instances on ECS.
- Click Method 2: DBGateway in Centralized Mode.
- Select an access method.
- If you have not deployed a DAS gateway in the corresponding VPC, select Deploy a new DAS DBGateway and search for instances.
- Select the region in which the ECS instances are deployed. Then, select an ECS instance on which you want to deploy a DAS gateway, and click Generate Deployment Command.
- Copy the deployment command. Then, log on to the ECS instance on which you want to deploy a DAS gateway and run the command.
If
successfully
is returned, the DAS gateway is deployed. If the DAS gateway is not deployed, you can refer to the Deployment issue troubleshooting section of the "Common issues about DBGateway" topic to identify the root cause of the failed deployment and then redeploy the DAS gateway. - DAS can automatically discover the deployed gateway. If the DAS gateway is in the Normal state, click Next.
- If you have deployed a DAS gateway in the corresponding VPC, select Use existing DAS DBGateway to scan for new instances.
- In the Select DBGateway step, select the DAS gateway.
- Click Discover Instance.
- If you have not deployed a DAS gateway in the corresponding VPC, select Deploy a new DAS DBGateway and search for instances.
- In the Discover Instance step, configure the DAS gateway to discover database instances.
You can use one of the following methods to discover database instances:
- Select Automatic Scan
- Enter the CIDR block that you want to scan in the Scanned Address field.
- Enter the port range in the Port Range field.
- Click Scan.
- Select Enter Instances
- Enter instances in the correct format in the Instances field.
- Click Scan.
- Select Automatic Scan
- After the information of the database that you want to access is displayed in the Scan Results section, click Next.
- Configure the parameters described in the following table.
Parameter Description Select Engine Select the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis. Database Account Enter an account used to log on to the database. Password Enter a password used to log on to the database. IP Address Select the IP address of the database server. NoteThe database account must be granted the required permissions. For more information, see Permissions.- If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
- If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
- Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
- Unauthorized: No account or password is specified.
- Connection Failed: Errors such as network failure or instance downtime occur.
- Authentication Failed: The database account or password is invalid.
- Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
- Click OK.
Host-mode access
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instances on ECS.
- Click Method 3: DBGateway in Host Mode.
- Select the region in which the ECS instances are deployed. Then, select an ECS instance on which you want to deploy a DAS gateway, and click Generate Deployment Command.
- Copy the deployment command. Then, log on to the ECS instance on which you want to deploy a DAS gateway and run the command.
If
successfully
is returned, the DAS gateway is deployed. If the DAS gateway is not deployed, you can refer to the Deployment issue troubleshooting section of the "Common issues about DBGateway" topic to identify the root cause of the failed deployment and then redeploy the DAS gateway. - DAS can automatically discover the deployed gateway. If the DAS gateway is in the Normal state, click Next.
- Configure the parameters described in the following table.
Parameter Description Select Engine Select the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis. Database Account Enter an account used to log on to the database. Password Enter a password used to log on to the database. IP Address Select the IP address of the database server. NoteThe database account must be granted the required permissions. For more information, see Permissions.- If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
- If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
- Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
- Unauthorized: No account or password is specified.
- Connection Failed: Errors such as network failure or instance downtime occur.
- Authentication Failed: The database account or password is invalid.
- Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
- Click OK.