Data Management (DMS) provides the secure access proxy feature to ensure comprehensive data security when you access databases. The secure access proxy feature generates proxy endpoints for a database instance. You can use the proxy endpoints to access databases in the instance in a secure manner over the MySQL or HTTPS protocol. This topic describes how to enable the secure access proxy feature for a database instance.

Prerequisites

  • The database instance uses MySQL or MariaDB as the database engine. The following types of MySQL or MariaDB databases are supported:
    • MySQL: , , , , , and other types of MySQL databases
    • MariaDB: and other types of MariaDB databases
    Note To view the database engine that a database instance uses, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home page.
  • The database instance resides in one of the following regions: China (Hangzhou), China (Shanghai), China (Beijing), and China (Shenzhen).
    Note To view the region where a database instance resides, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home page.

    If you want to enable the secure access proxy feature for a database instance that resides in other regions, submit a ticket or contact Alibaba Cloud customer service.

  • You are a DMS administrator, a database administrator (DBA), or the owner of the database instance. For more information about how to view user roles, see View owned system roles and View resource roles.

Feature description

The secure access proxy feature reuses security rules, data permissions, and sensitive fields in DMS. This feature provides comprehensive security management, access control, data masking, and operation audit capabilities for enterprise databases.

dataprotect

Procedure

  1. Log on to the DMS console V5.0.
    Note To switch to the previous version of the DMS console, click the 5租户头像 icon in the lower-right corner of the page. For more information, see Switch to the previous version of the DMS console.
  2. In the left-side instance list on the Home page, right-click the database instance for which you want to enable the secure access proxy feature and select Secure Access Proxy.
    Note If you are a DMS administrator or DBA, you can also enable the secure access proxy feature by using the following methods:
    • In the top navigation bar of the DMS console, click Security and Specifications. In the left-side navigation pane, click Secure Access Proxy. On the Disabled tab, find the database instance for which you want to enable the secure access proxy feature and click Enabled in the Operation column.
    • In the top navigation bar of the DMS console, click Data Assets. In the left-side navigation pane, click Instance. On the Instance List tab, find the database instance for which you want to enable the secure access proxy feature and choose More > Secure Access Proxy in the Actions column.
  3. On the Secure Access Proxy/Details page, click Enable Secure Access Proxy.
  4. In the Enable Secure Access Proxy dialog box, enter the database account and password and click OK.
    The following figure shows the Secure Access Proxy/Details page after the secure access proxy feature is enabled.Enable Secure Access Proxy

Supported operations

After the secure access proxy feature is enabled for the database instance, you can perform the following operations on the database instance on the Secure Access Proxy/Details page:
  • Disable the secure access proxy feature for the database instance: In the upper-left corner of the Secure Access Proxy/Details page, click Disable Secure Access Proxy.
  • Enable access from the Internet: You may want to allow local programs or programs that do not reside in the same virtual private cloud (VPC) as the database instance to access the database instance. In this case, click Open next to Public Endpoint in the Basic Information section of the Secure Access Proxy/Details page to obtain the public proxy endpoints.
  • Change the database account that is used to log on to the database instance: click the Edit icon next to Database Account to change the database account.
  • Grant permissions to users: Authorized users can use the AccessKey pair that is generated by the secure access proxy feature to access the database instance. For more information, see Authorize users to access a database instance by using proxy endpoints.

Related API operations

API operation Description
CreateProxy Enables the secure access proxy feature for a database instance.
DeleteProxy Disables the secure access proxy feature for a database instance.
ListProxies Queries the proxy endpoints that are generated by the secure access proxy feature.
GetProxy Queries the details of a proxy endpoint that is generated by the secure access proxy feature.