Enables Transparent Data Encryption (TDE) or modifies the TDE settings for a PolarDB for MySQL cluster.
- To perform this operation, you must activate KMS first. For more information, see Purchase a dedicated KMS instance.
- After TDE is enabled, you cannot disable TDE.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | ModifyDBClusterTDE |
The operation that you want to perform. Set the value to ModifyDBClusterTDE. |
| DBClusterId | String | Yes | pc-************ |
The ID of the cluster. |
| TDEStatus | String | Yes | Enable |
Modifies the TDE status. Set the value to Enable. |
| RoleArn | String | No | acs:ram::1406926*****:role/aliyunrdsinstanceencryptiondefaultrole |
The Alibaba Cloud Resource Name (ARN) of the RAM role. A RAM role is a virtual identity that you can create within your Alibaba Cloud account. For more information, see RAM role overview. |
| EncryptionKey | String | No | 749c1df7-****-****-****-********* |
The ID of the custom key. |
| EncryptNewTables | String | No | ON |
Specifies whether to enable automatic encryption for new tables. Valid values:
|
Response parameters
| Element | Type | Example | Description |
|---|---|---|---|
| RequestId | String | 5F859238-2A36-4A8D-BD0F-732112****** |
The ID of the request. |
Examples
Sample requests
http(s)://polardb.aliyuncs.com/?Action=ModifyDBClusterTDE
&DBClusterId=pc-************
&TDEStatus=Enable
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<ModifyDBClusterTDEResponse>
<requestId>5F859238-2A36-4A8D-BD0F-732112******</requestId>
</ModifyDBClusterTDEResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"requestId" : "5F859238-2A36-4A8D-BD0F-732112******"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | InvalidTDEStatus.AlreadyEnabled | TDE has already enabled in the this cluster. | The error message returned because TDE is enabled for the cluster. |
| 400 | InvalidDBType.Malformed | The Specified DBType is not valid. | The error message returned because the specified database type is invalid. |
| 403 | UnsupportedKmsService.NotEnabled | KMS service is not enabled. | The error message returned because KMS is not activated. |
| 403 | OperationDenied.DBNodeType | The operation is not permitted due to type of node. | The error message returned because the operation is not supported by the current node type. |
| 404 | InvalidDBCluster.NotFound | The DBClusterId provided does not exist in our records. | The error message returned because the specified cluster ID does not exist in the current record. |
For a list of error codes, visit the Error Center.