Data Management (DMS) provides the secure access proxy feature to better ensure data security when you access databases. The secure access proxy feature generates proxy endpoints for database instances. You can use the proxy endpoints to access database instances in a secure manner over the MySQL or HTTPS protocol. This topic describes how to enable the secure access proxy feature for a database instance.
Prerequisites
DMS is deployed in Singapore or Indonesia (Jakarta). For more information about how to view DMS deployment regions, seeSwitch regions.
The database and DMS are located in the same region.
The database instance uses MySQL or MariaDB as the database engine. One of the following types of databases is used:
MySQL: ApsaraDB RDS for MySQL, PolarDB for MySQL, MyBase for MySQL, PolarDB for Xscale, AnalyticDB for MySQL, and third-party MySQL databases
MariaDB: ApsaraDB for MariaDB and third-party MariaDB databases
NoteTo view the database engine used by a database instance, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home tab.
You are a DMS administrator, or a database administrator (DBA). For more information about how to view system roles, see View system roles.
Feature description
The secure access proxy feature reuses security rules, data permissions, and sensitive fields in DMS. This feature provides comprehensive security management, access control, data masking, and operation audit capabilities for enterprise databases.
Procedure
- Log on to the DMS console V5.0.
In the left-side instance list on the Home tab, right-click the database instance for which you want to enable the secure access proxy feature and select Secure Access Proxy.
NoteIf you are a DMS administrator or DBA, you can also enable the secure access proxy feature by using the following methods:
In the top navigation bar of the DMS console, click
. In the left-side navigation pane, click Secure Access Proxy. On the Disabled tab, find the database instance for which you want to enable the secure access proxy feature and click Enable in the Actions column.In the top navigation bar of the DMS console, click
. In the left-side navigation pane, click Instances. On the Instance List tab, find the database instance for which you want to enable the secure access proxy feature and choose in the Actions column.
On the Secure Access Proxy/Details page, click Enable Secure Access Proxy.
In the Enable Secure Access Proxy dialog box, specify Database Account and Database password, and click Next Step.
In the Secure Access Proxy - Authorize dialog box, specify the users to be authorized, whether to use a custom database account, and the security policy. Authorized users can use the credentials generated by the secure access proxy feature to access the database instance. For more information, see Authorize users to access a database instance by using proxy endpoints.
Click OK.
The following figure shows the Secure Access Proxy/Details page after the secure access proxy feature is enabled.
Supported operations
After the secure access proxy feature is enabled for the database instance, you can perform the following operations on the database instance on the Secure Access Proxy/Details page:
Disable the secure access proxy feature for the database instance: In the upper-left corner of the Secure Access Proxy/Details page, click Disable Secure Access Proxy.
Enable access from the Internet: You may want to allow local programs or programs that do not reside in the same virtual private cloud (VPC) as the database instance to access the database instance. In this case, click Enable next to Public Endpoint in the Basic Information section of the Secure Access Proxy/Details page to obtain the public proxy endpoints.
Change the database account that is used to log on to the database instance: Click the Edit icon next to Database Account to change the database account.
Related API operations
API | Description |
Enables the secure access proxy feature for a database instance. | |
Disables the secure access proxy feature for a database instance. | |
Queries the proxy endpoints that are generated by the secure access proxy feature. | |
Queries the details of a proxy endpoint that is generated by the secure access proxy feature. |