This topic describes how to connect a self-managed database whose nodes are deployed
on Elastic Compute Service (ECS) instances to Database Autonomy Service (DAS).
Prerequisites
A database is created and the nodes of the database are deployed on ECS instances.
Make sure that the database runs one of the following database engines:
- MySQL
- PostgreSQL
- MongoDB
- Redis
Access methods
You can use one of the following methods to connect the database to DAS:
- Use the username and password of the database. You use the username and password of
the account that is used to access the database to connect the database to DAS. If
you use this method, you do not need to deploy a DAS gateway. You must specify one
or more security groups for the ECS instances on which the database nodes are deployed.
This method is suitable for scenarios in which a small number of ECS instances are
used to deploy database nodes.
- Use DAS gateways that are deployed on ECS instances. You must deploy at least one
DAS gateway on an ECS instance on which a node of the database is deployed. We recommend
that you deploy DAS gateways on two or more ECS instances for disaster recovery. DAS
can detect databases based on the CIDR block of the ECS instances on which the database
nodes are deployed. This method is suitable for scenarios in which the ECS instances
are deployed in a virtual private cloud (VPC). If the ECS instances are deployed in
the classic network, we recommend that you do not use this method.
- Use DAS gateways that are deployed on hosts of database nodes. You deploy a DAS gateway
on the host of each database node. DAS gateways can automatically detect the database
nodes. If a database is connected to DAS in this method, the database supports all
features that are provided by DAS, such as full SQL analysis, slow query log analysis,
and security audit. For more information, see Feature comparison.

Feature comparison
The following table describes the DAS features that are supported by databases that
are connected to DAS by using different methods. In this example, the features that
DAS provides for databases that run the MySQL database engine are listed.
Feature |
Use the username and password of the database |
Use DAS gateways that are deployed on ECS instances |
Use DAS gateways that are deployed on hosts of database nodes |
Performance trend |
Supported |
Supported |
Supported |
Real-time monitoring |
Supported |
Supported |
Supported |
Session management |
Supported |
Supported |
Supported |
Storage analysis |
Supported |
Supported |
Supported |
SQL diagnostics |
Supported |
Supported |
Supported |
Slow request analysis |
Supported only when slow query logs are stored in tables |
Supported only when slow query logs are stored in tables |
Supported |
Host monitoring |
Not supported |
Not supported |
Supported |
Full request analysis |
Not supported |
Not supported |
Supported |
Slow query log analysis |
Not supported |
Not supported |
Supported |
Security audit |
Not supported |
Not supported |
Supported |
Use the username and password of the database
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instance on ECS.
- Click Method 1: Direct Access.
- Select the region where the ECS instances are deployed.
- Find the security groups to which you want to add the ECS instances, select Private
Network in the Add DAS access rules column, and then click Save.
- Select the ECS instances on which the database nodes are deployed and click Next.
Note You must select one or more security groups for the ECS instances.
- Configure the parameters that are described in the following table to connect the
database to DAS.
Parameter |
Description |
Select Engine |
The engine that the database runs. Valid values: MySQL, PostgreSQL, MongoDB, and
Redis.
|
Port |
The port that is used to access the database. |
Database Account |
The username of the account that is used to access the database. |
Password |
The password of the account that is used to access the database. |
Note
- If an account that is granted the required permissions on the database is already
created, you can enter the username and password of the account and then click Authorize.
- If no accounts that are granted the required permissions on the database exist, you
can enter a username and a password, and then click Generate Authorization Command. The system generates commands that can be used to create an account. Copy the commands
and run them on the database to create the account. Then, click Authorize on this page.
- Click Authorize. After you click Authorize, the connection result is displayed. The Accessed state indicates that the database is connected to DAS. The following states indicate
that errors occurred:
- Unauthorized: You do not have permissions to access the database that corresponds to the specified
username and password.
- Connection Failed: The database is not connected to DAS due to errors such as network connection failures
or ECS instance breakdown.
- Authentication Failed: The username or password that you specified is incorrect.
- Insufficient Permissions: The database is connected to DAS, but the account that you use is not granted sufficient
permissions. For more information, see Permissions.
- Click Complete.
Use DAS gateways that are deployed on ECS instances
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instance on ECS.
- Click Method 2: DBGateway in Centralized Mode.
- Select an access method:
- If no DAS gateways are deployed in the VPC in which the ECS instances are deployed,
select Deploy New DAS Gateway (DBGateway) to Scan Instances.
- Select the region where the ECS instances are deployed, select an ECS instance on
which you want to deploy a DAS gateway, and then click Generate Deployment Command.
- Copy the command that DAS generates for gateway deployment and then run the command
on the ECS instance on which you want to deploy a DAS gateway.
If successful
is returned in the command line window, the DAS gateway is deployed. If the DAS gateway
is not deployed, you can submit a ticket to contact Alibaba Cloud Technical Support.
- DAS can automatically detect the deployed gateway. If the DAS gateway is in the Normal state, click Next.
- If DAS gateways are deployed in the VPC in which the ECS instances are deployed, select
Use Existing DAS Gateway (DBGateway) to Scan New Instances.
- On the Select DBGateway page, select the DAS gateway.
- Click Discover Instance.
- In the Discover Instance step, configure the DAS gateway to scan for databases.
-
You can configure one of the following methods for the DAS gateway to scan for databases:
- Select Automatic Scan (Search by IP Range and Port).
- Enter a CIDR block in the Scanned Address field. The DAS gateway can scan for databases based on the specified CIDR block.
- Enter a range of ports in the Port Range field. The DAS gateway can scan for databases based on the specified port range.
- Click Scan.
- Select Enter Instances.
- Specify the database that you want the DAS gateway to scan. The value must be in the
IP address:Port number format.
- Click Scan.
- After the information of the database that you want to connect to DAS is displayed
in the Scan Results section, click Next.
- Configure the parameters that are described in the following table to connect the
database to DAS.
Parameter |
Description |
Select Engine |
The engine that the database runs. Valid values: MySQL, PostgreSQL, MongoDB, and
Redis.
|
Database Account |
The username of the account that is used to access the database. |
Password |
The password of the account that is used to access the database. |
IP Address |
The IP address of the database. |
Note
- If an account that is granted the required permissions on the database is already
created, you can enter the username and password of the account and then click Authorize.
- If no accounts that are granted the required permissions on the database exist, you
can enter a username and a password, and then click Generate Authorization Command. The system generates commands that can be used to create an account. Copy the commands
and run them on the database to create the account. Then, click Authorize on this page.
- Click Authorize. After you click Authorize, the connection result is displayed. The Accessed state indicates that the database is connected to DAS. The following states indicate
that errors occurred:
- Unauthorized: You do not have permissions to access the database that corresponds to the specified
username and password.
- Connection Failed: The database is not connected to DAS due to errors such as network connection failures
or ECS instance breakdown.
- Authentication Failed: The username or password that you specified is incorrect.
- Insufficient Permissions: The database is connected to DAS, but the account that you use is not granted sufficient
permissions. For more information, see Permissions.
- Click Complete.
Use DAS gateways that are deployed on hosts of database nodes
- Log on to the DAS console.
- In the Recommended Features section of the Overview page, click Access Instance.
- On the page that appears, click DB Instance on ECS.
- Click Method 3: DBGateway in Host Mode.
- Select the region where the ECS instances are deployed, select an ECS instance on
which you want to deploy a DAS gateway, and then click Generate Deployment Command.
- Copy the command that DAS generates for gateway deployment and then run the command
on the ECS instance on which you want to deploy the DAS gateway.
If successful
is returned in the command line window, the DAS gateway is deployed. If the DAS gateway
is not deployed, you can submit a ticket to contact Alibaba Cloud Technical Support.
- DAS can automatically detect the deployed gateway. If the DAS gateway is in the Normal state, click Next.
- Configure the parameters that are described in the following table to connect the
database to DAS.
Parameter |
Description |
Select Engine |
The engine that the database runs. Valid values: MySQL, PostgreSQL, MongoDB, and
Redis.
|
Database Account |
The username of the account that is used to access the database. |
Password |
The password of the account that is used to access the database. |
IP Address |
The IP address of the database. |
Note
- If an account that is granted the required permissions on the database is already
created, you can enter the username and password of the account and then click Authorize.
- If no accounts that are granted the required permissions on the database exist, you
can enter a username and a password, and then click Generate Authorization Command. The system generates commands that can be used to create an account. Copy the commands
and run them on the database to create the account. Then, click Authorize on this page.
- Click Authorize. After you click Authorize, the connection result is displayed. The Accessed state indicates that the database is connected to DAS. The following states indicate
that errors occurred:
- Unauthorized: You do not have permissions to access the database that corresponds to the specified
username and password.
- Connection Failed: The database is not connected to DAS due to errors such as network connection failures
or ECS instance breakdown.
- Authentication Failed: The username or password that you specified is incorrect.
- Insufficient Permissions: The database is connected to DAS, but the account that you use is not granted sufficient
permissions. For more information, see Permissions.
- Click Complete.