All Products
Search

This Product

    ApsaraDB for MongoDB:DescribeDBInstanceTDEInfo

    Document Center

    ApsaraDB for MongoDB:DescribeDBInstanceTDEInfo

    Last Updated:Nov 17, 2023

    Queries whether transparent data encryption (TDE) is enabled for an ApsaraDB for MongoDB instance.

    Operation Description

    Note For more information about this function, see Configure TDE.

    Before you call this operation, make sure that the ApsaraDB for MongoDB instance meets the following requirements:

    • A replica set or sharded cluster instance is used.
    • The storage engine of the instance is WiredTiger.
    • The database engine version of the instance is 4.0 or 4.2. If the database engine version is earlier than 4.0, you can call the UpgradeDBInstanceEngineVersion operation to upgrade the database engine.

    debugging

    You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

    debugging

    Authorization information

    The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

    • Operation: the value that you can use in the Action element to specify the operation on a resource.
    • Access level: the access level of each operation. The levels are read, write, and list.
    • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
      • The required resource types are displayed in bold characters.
      • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
    • Condition Key: the condition key that is defined by the cloud service.
    • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
    OperationAccess levelResource typeCondition keyAssociated operation
    dds:DescribeDBInstanceTDEInfoREAD
    • dbinstance
      acs:dds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
      none
    		none

    Request parameters

    ParameterTypeRequiredDescriptionExample
    DBInstanceIdstringYes

    The instance ID.

    		dds-bpxxxxxxxx

    Response parameters

    ParameterTypeDescriptionExample
    object
    TDEStatusstring

    The TDE status. Valid values:

    • enabled
    • disabled
    		enabled
    RequestIdstring

    The request ID.

    		F4DD0E29-361B-42F2-9301-B0048CCCE5D6
    RoleARNstring

    The Alibaba Cloud Resource Name (ARN) of the Resource Access Management (RAM) role to which you want to grant permissions.

    		acs:ram::123456789012****:role/aliyunrdsinstanceencryptiondefaultrole
    EncryptionKeystring

    The custom key of the instance.

    The Bring Your Own Key (BYOK) feature allows you to manage and obtain your own encryption key. This feature is supported only in the following regions:

    • cn-hangzhou
    • cn-shanghai
    • cn-beijing
    • cn-shenzhen
    • cn-hongkong
    • ap-southeast-1
    • ap-southeast-3
    		If the BYOK feature is supported, you can manage and obtain your own encryption key, and a custom key in the following format is returned: 2axxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx If the BYOK feature is not supported, you cannot obtain or manage your own encryption key, and the following string is returned: If not, you cannot manage and ontain the encryption key, and the system returns the NoActiveBYOK string.
    EncryptorNamestring

    The encryption algorithm.

    		aes-256-cbc

    Examples

    Sample success responses

    JSONformat

    {
  "TDEStatus": "enabled",
  "RequestId": "F4DD0E29-361B-42F2-9301-B0048CCCE5D6",
  "RoleARN": "acs:ram::123456789012****:role/aliyunrdsinstanceencryptiondefaultrole",
  "EncryptionKey": "If the BYOK feature is supported, you can manage and obtain your own encryption key, and a custom key in the following format is returned: 2axxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx If the BYOK feature is not supported, you cannot obtain or manage your own encryption key, and the following string is returned: If not, you cannot manage and ontain the encryption key, and the system returns the NoActiveBYOK string.\n",
  "EncryptorName": "aes-256-cbc"
}

    Error codes

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2023-10-19The response structure of the API operation changes.see changesets
    Change itemChange content
    Output ParametersThe response structure of the API operation changes.