This topic describes how to access self-managed databases hosted on Elastic Compute Service (ECS) instances from Database Autonomy Service (DAS).

Prerequisites

  • The following types of ECS-based self-managed databases can be accessed from DAS:
    • MySQL
    • PostgreSQL
    • ApsaraDB for MongoDB
    • Redis
      Note Only self-managed Redis databases that run Redis 6.0 or earlier versions can be accessed from DAS.
  • The ECS instance on which the self-managed database you want to access is deployed belongs to the Alibaba Cloud account that you use to activate DAS.

Access methods

DAS allows you to access ECS-based self-managed databases by means of the following methods:

  • Direct access: No DAS gateways (DBGateways) are deployed. You can access database instances after you enter your database account and password. This method is suitable for scenarios in which a small number of ECS instances are used and security groups need to be configured.
  • Centralized-mode access: DAS gateways are deployed on at least one ECS instance to automatically discover database instances based on CIDR blocks. We recommend that you deploy DAS gateways on two or more ECS instances for disaster recovery. This method is suitable for scenarios in which the ECS instances are deployed in a virtual private cloud (VPC). If the ECS instances are deployed in the classic network, we recommend that you do not use this method.
  • Host-mode access: DAS gateways are deployed on every ECS instance to automatically discover database instances. This method supports all DAS features, such as full SQL analysis, SQL response time, and security audit. For more information, see Features for three access methods.
Important DAS gateways can be deployed only on Linux.

Features for three access methods

The following table describes the DAS features that are supported by databases that are connected to DAS by using the preceding access methods. In this example, the features that DAS provides for MySQL databases are listed.

FeatureDirect accessCentralized-mode accessHost-mode access
Database monitoring metricsSupportedSupportedSupported
Real-time monitoringSupportedSupportedSupported
Real-time sessionsSupportedSupportedSupported
Storage analysisSupportedSupportedSupported
SQL diagnosticsSupportedSupportedSupported
Slow request analysisSupported only when slow query logs are stored in tablesSupported only when slow query logs are stored in tablesSupported
Host monitoring metricsNot supportedNot supportedSupported
Full request analysisNot supportedNot supportedSupported
SQL response timeNot supportedNot supportedSupported
Security auditNot supportedNot supportedSupported

Direct access

  1. Log on to the DAS console.
  2. In the Recommended Features section of the Overview page, click Access Instance.
  3. On the page that appears, click DB Instances on ECS.
  4. Click Method 1: Direct Access.
  5. Select the region in which the ECS instances are deployed.
  6. Find a security group and select Private Network in the Add DAS access rules column. Then, click Save.
    Note
    • DAS automatically adds the IP address of the DAS server in the specified region to the security rules of the ECS instance. For more information about the IP addresses of DAS servers in different regions, see IP addresses of DAS servers.
    • You must add the IP address of a DAS server to the private network of at least one security group.
  7. Select the ECS instances that you want to access from DAS and then click Next.
  8. Configure the parameters described in the following table.
    ParameterDescription
    Select EngineSelect the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis.
    PortSpecify the port that is used to access the database.
    Database AccountEnter an account used to log on to the database.
    PasswordEnter a password used to log on to the database.
    Note
    The database account must be granted the required permissions. For more information, see Permissions.
    • If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
    • If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
  9. Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
    • Unauthorized: No account or password is specified.
    • Connection Failed: Errors such as network failure or instance downtime occur.
    • Authentication Failed: The database account or password is invalid.
    • Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
  10. Click OK.

Centralized-mode access

  1. Log on to the DAS console.
  2. In the Recommended Features section of the Overview page, click Access Instance.
  3. On the page that appears, click DB Instances on ECS.
  4. Click Method 2: DBGateway in Centralized Mode.
  5. Select an access method.
    • If you have not deployed a DAS gateway in the corresponding VPC, select Deploy a new DAS DBGateway and search for instances.
      1. Select the region in which the ECS instances are deployed. Then, select an ECS instance on which you want to deploy a DAS gateway, and click Generate Deployment Command.
      2. Copy the deployment command. Then, log on to the ECS instance on which you want to deploy a DAS gateway and run the command.

        If successfully is returned, the DAS gateway is deployed. If the DAS gateway is not deployed, you can refer to the Deployment issue troubleshooting section of the "Common issues about DBGateway" topic to identify the root cause of the failed deployment and then redeploy the DAS gateway.

      3. DAS can automatically discover the deployed gateway. If the DAS gateway is in the Normal state, click Next.
    • If you have deployed a DAS gateway in the corresponding VPC, select Use existing DAS DBGateway to scan for new instances.
      1. In the Select DBGateway step, select the DAS gateway.
      2. Click Discover Instance.
  6. In the Discover Instance step, configure the DAS gateway to discover database instances.
    1. You can use one of the following methods to discover database instances:

      • Select Automatic Scan
        1. Enter the CIDR block that you want to scan in the Scanned Address field.
        2. Enter the port range in the Port Range field.
        3. Click Scan.
      • Select Enter Instances
        1. Enter instances in the correct format in the Instances field.
        2. Click Scan.
    2. After the information of the database that you want to access is displayed in the Scan Results section, click Next.
  7. Configure the parameters described in the following table.
    ParameterDescription
    Select EngineSelect the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis.
    Database AccountEnter an account used to log on to the database.
    PasswordEnter a password used to log on to the database.
    IP AddressSelect the IP address of the database server.
    Note
    The database account must be granted the required permissions. For more information, see Permissions.
    • If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
    • If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
  8. Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
    • Unauthorized: No account or password is specified.
    • Connection Failed: Errors such as network failure or instance downtime occur.
    • Authentication Failed: The database account or password is invalid.
    • Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
  9. Click OK.

Host-mode access

  1. Log on to the DAS console.
  2. In the Recommended Features section of the Overview page, click Access Instance.
  3. On the page that appears, click DB Instances on ECS.
  4. Click Method 3: DBGateway in Host Mode.
  5. Select the region in which the ECS instances are deployed. Then, select an ECS instance on which you want to deploy a DAS gateway, and click Generate Deployment Command.
  6. Copy the deployment command. Then, log on to the ECS instance on which you want to deploy a DAS gateway and run the command.

    If successfully is returned, the DAS gateway is deployed. If the DAS gateway is not deployed, you can refer to the Deployment issue troubleshooting section of the "Common issues about DBGateway" topic to identify the root cause of the failed deployment and then redeploy the DAS gateway.

  7. DAS can automatically discover the deployed gateway. If the DAS gateway is in the Normal state, click Next.
  8. Configure the parameters described in the following table.
    ParameterDescription
    Select EngineSelect the type of the database. Valid values: MySQL, PostgreSQL, MongoDB, and Redis.
    Database AccountEnter an account used to log on to the database.
    PasswordEnter a password used to log on to the database.
    IP AddressSelect the IP address of the database server.
    Note
    The database account must be granted the required permissions. For more information, see Permissions.
    • If the database has an existing account with required permissions, you can enter the account and password and then click Authorize.
    • If the database does not have an existing account with required permissions, you can enter a new database account and password and then click Generate Authorization Command. After you copy and run the authorization command on the database, click Authorize.
  9. Click Authorize. If Accessed is displayed after you click Authorize, the connection is successful. The following common errors may also be displayed:
    • Unauthorized: No account or password is specified.
    • Connection Failed: Errors such as network failure or instance downtime occur.
    • Authentication Failed: The database account or password is invalid.
    • Insufficient Permissions: The instance can be connected normally, but the permissions are insufficient. For more information, see Permissions.
  10. Click OK.