All Products
Search

This Product

    ApsaraDB RDS:The cloud disk encryption feature of ApsaraDB RDS is adjusted from January 15, 2024.

    Document Center

    ApsaraDB RDS:The cloud disk encryption feature of ApsaraDB RDS is adjusted from January 15, 2024.

    Last Updated:Mar 20, 2024

    Starting January 15, 2024, the customer master key (CMK) that is used for cloud disk encryption is no longer provided when you create an ApsaraDB RDS instance that runs MySQL, SQL Server, or PostgreSQL with cloud disks and uses the general-purpose instance type.

    Effective date

    January 15, 2024

    Involved instances

    RDS instances that run MySQL, SQL Server, and PostgreSQL

    Description

    The cloud disk encryption feature is adjusted for RDS instances that run MySQL, SQL Server, and PostgreSQL with cloud disks.

    • If you create an RDS instance that uses the general-purpose instance type and cloud disks, you can select only Default Service CMK to enable the cloud disk encryption feature for the RDS instance.

    • If you create an RDS instance that uses the dedicated instance type and cloud disks, you can select Default Service CMK or a CMK to enable the cloud disk encryption feature for the RDS instance.

    Note

    The default service CMK is a service key managed by ApsaraDB RDS and is permanently valid.

    Impacts

    • If an existing RDS instance uses the general-purpose instance type and uses a CMK for cloud disk encryption, the connections to the RDS instance and the read and write operations on the RDS instance are not affected. However, if you want to change the specifications of the RDS instance, you must upgrade the instance type of the RDS instance to a dedicated instance type. If you want to clone the RDS instance or create read-only RDS instances, we recommend that you upgrade the instance type of the primary RDS instance to a dedicated instance type.

    • If an existing RDS instance uses the dedicated instance type and a CMK for cloud disk encryption and you want to change the instance specifications, clone the RDS instance, or create read-only RDS instances, the new instance type of the instance can only be the dedicated instance type.

    • If you call the CreateDBInstance operation to create an RDS instance that uses the general-purpose instance type and cloud disks, you can set the EncryptionKey parameter only to a service key ID. You can also create an instance that uses a service key for cloud disk encryption by specifying the RoleARN parameter.

    References