All Products
Search
Document Center

ApsaraDB RDS:ModifyDBInstanceTDE

Last Updated:May 22, 2024

Enables the Transparent Data Encryption (TDE) feature for an ApsaraDB RDS instance and modifies the TDE status for the instance.

Operation description

Supported database engines

  • MySQL
  • PostgreSQL
  • SQL Server

References

Note Before you call this operation, read the following documentation and make sure that you fully understand the prerequisites and impacts of this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:ModifyDBInstanceTDEWrite
  • DBInstance
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
  • rds:TDEStatus
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The instance ID. You can call the DescribeDBInstances operation to query the instance ID.

rm-uf6wjk5****
TDEStatusstringYes

The status of TDE. Valid values:

  • Enabled
  • Disabled
Enabled
DBNamestringNo

The name of the database for which you want to enable TDE. You can specify up to 50 database names in a single request. If you specify multiple database names, separate the database names with commas (,).

Note This parameter is available and must be specified only when the instance runs SQL Server 2019 SE or an Enterprise Edition of SQL Server.
testDB
EncryptionKeystringNo

The ID of the custom key.

Note This parameter is available when the instance runs MySQL or PostgreSQL.
749c1df7-****-****-****-****
RoleArnstringNo

The Alibaba Cloud Resource Name (ARN) of the RAM role. A RAM role is a virtual identity that you can create within your Alibaba Cloud account. For more information, see RAM role overview.

Note This parameter is available when the instance runs MySQL or PostgreSQL.
acs:ram::1406926****:role/aliyunrdsinstanceencryptiondefaultrole
CertificatestringNo

The file that contains the certificate.
Format:

  • Public endpoint: oss-<The ID of the region>.aliyuncs.com:<The name of the bucket>:<The name of the certificate file> (The file name contains the extension.)
  • Internal endpoint: oss-<The ID of the region>-internal.aliyuncs.com:<The name of the bucket>:<The name of the certificate file> (The file name contains the extension.)
Note
  • This parameter is available when the instance runs SQL Server 2019 SE or an Enterprise Edition of SQL Server.
  • You can call the DescribeRegions operation to query the most recent region list.
  • oss-ap-southeast-1.aliyuncs.com:****:key.cer
    PrivateKeystringNo

    The file that contains the private key of the certificate.
    Format:

    • Public endpoint: oss-<The ID of the region>.aliyuncs.com:<The name of the bucket>:<The name of the file that contains the private key> (The file name contains the extension.)
    • Internal endpoint: oss-<The ID of the region>-internal.aliyuncs.com:<The name of the bucket>:<The name of the file that contains the private key> (The file name contains the extension.)
    Note
  • This parameter is available when the instance runs SQL Server 2019 SE or an Enterprise Edition of SQL Server.
  • You can call the DescribeRegions operation to query the most recent region list.
  • oss-ap-southeast-1.aliyuncs.com:****:key.pvk
    PassWordstringNo

    The password of the certificate.

    Note This parameter is available when the instance runs SQL Server 2019 SE or an Enterprise Edition of SQL Server.
    1qaz@WSX
    IsRotatebooleanNo

    Specifies whether to replace the key. Valid values:

    • true: replaces the key.
    • false: does not replace the key.

    Default value: false

    Note This parameter is available only when the instance runs PostgreSQL.
    false

    Response parameters

    ParameterTypeDescriptionExample
    object

    The response parameters.

    RequestIdstring

    The ID of the request.

    777C4593-8053-427B-99E2-105593277CAB

    Examples

    Sample success responses

    JSONformat

    {
      "RequestId": "777C4593-8053-427B-99E2-105593277CAB"
    }

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidTDEstatusSpecified TDEStatus has already configed in the This instance.-
    400MissingDBNameThe request is missing a DBName parameter.-
    400InvalidTDEstatus.FormatThe Specified TDEStatus is not valid.The status of TDE is invalid.
    400Invalid.PrivateKeyThe requested privateKey parameter is invalid.The private key in the request is invalid.
    400Invalid.CertificateThe requested certificate parameter is invalid.The certificate in the request is invalid.
    400CertOrPrivateKeyOrPasswordNotMatchedThe public certificate, private key, and password do not match.The password of the private key in the certificate failed the verification check.
    400InvalidTDEstatusSpecified TDEStatus is not configured on the This custins.-
    403IncorrectDBInstanceTypeCurrent DB instance type does not support this operation.The operation failed. The RDS instance is not in a ready state.
    403IncorrectEngineVersionCurrent engine version does not support operations.The operation failed. The operation is not supported for the version of the database engine that is run on the RDS instance.
    403IncorrectDBInstanceLockModeCurrent DB instance lock mode does not support this operation.The operation failed. The RDS instance is locked.
    403IncorrectDBInstanceStateCurrent DB instance state does not support this operation.-
    403DBSizeExceededExceeding the allowed DB size of DB instance.The size of the database exceeds the maximum size that is allowed.
    403IncorrectMinorVersionCurrent engine minor version does not support operations.This operation is not supported for the current minor engine version.
    403ByokRoleArnNotFoundThe roleArn can not be null.-
    403InvalidKmsKeyKms key is disabled.-
    404InvalidClusterKmsthis cluster not kms service.-
    404InsufficientResourceCapacityThere is insufficient capacity available for the requested instance.-
    404InvalidDBName.NotFoundSpecified one or more DB name does not exist or DB status does not support.The operation failed. The instance name cannot be found.

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2023-09-08The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 403 change
      delete Error Codes: 400
      delete Error Codes: 404
    2022-11-16The Error code has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 403 change
      delete Error Codes: 400
      delete Error Codes: 404
    2022-11-16The Error code has changed. The request parameters of the API has changedsee changesets
    Change itemChange content
    Error CodesThe Error code has changed.
      Error Codes 403 change
      delete Error Codes: 400
      delete Error Codes: 404
    Input ParametersThe request parameters of the API has changed.
      Added Input Parameters: IsRotate
    2022-06-23API Description Update. The Error code has changedsee changesets
    Change itemChange content
    API DescriptionAPI Description Update.
    Error CodesThe Error code has changed.
      delete Error Codes: 400
      delete Error Codes: 403
      delete Error Codes: 404