Starting January 15, 2024, user-defined customer master keys (CMKs) are no longer available for cloud disk encryption when creating general-purpose RDS instances that run MySQL or PostgreSQL with cloud disks. Only the default service CMK is supported for this instance type.
Effective date
January 15, 2024
Involved instances
ApsaraDB RDS for MySQL and ApsaraDB RDS for PostgreSQL
What changed
The cloud disk encryption policy now differs by instance type:
| Instance type | Supported CMK options |
|---|---|
| General-purpose | Default service CMK only |
| Dedicated | Default service CMK or a user-defined CMK |
The default service CMK is a service key managed by ApsaraDB RDS and is permanently valid.
The two key types differ in ownership:
| Key type | Managed by |
|---|---|
| Default service CMK | ApsaraDB RDS |
| User-defined CMK | You, via Key Management Service (KMS) |
Potential impacts
Existing general-purpose instances with a user-defined CMK
The following operations are not affected:
-
Database connections
-
Data reads and writes
-
Data migration
-
Storage capacity expansion
The following operations require upgrading the instance to the dedicated type first:
-
Changing instance specifications
-
Cloning the instance
-
Creating read-only instances
When changing instance specifications, you can change the storage type, instance type, or reduce the storage capacity.
Existing dedicated instances with a user-defined CMK
When changing instance specifications, cloning the instance, or creating read-only instances, the new instance type can only be the dedicated type.
API impact (CreateDBInstance)
When creating a general-purpose instance with cloud disks using the CreateDBInstance operation, the EncryptionKey parameter accepts only a service key ID. To use a service key for cloud disk encryption, specify the RoleARN parameter instead.
What's next
-
For general-purpose and dedicated instance type specifications, see Primary ApsaraDB RDS instance types.
-
For more information about managing encryption keys, see What is KMS?