Alibaba Cloud - Manually Enable MySQL TDE

KevKev
1 min read

In Alibaba Cloud, there is option to support TDE. However if you wish to use your custom KMS key (BYOK), there is a bug which doesn’t allow you to select the custom KMS Key. To solve this

To address this issue, we are going to use Alicloud CLI to enable this

Prerequisite

1. OpenAPI setup for the desired account with full RDS permission

2. Your KMS key ID eg key-sgj658xxx0687vdpo801k-abcuxxxxt1

Steps

Steps 1: Copy the MySQL Instance ID and open terminal

Step 2: Check your MySQL TDE status

 aliyun rds DescribeDBInstanceTDE --DBInstanceId <MYSQL-ID>

Example

 aliyun rds DescribeDBInstanceTDE --DBInstanceId rm-xxxxxxxxxxxxxvxxx
 {
     "Databases": {
         "Database": []
      },
     "RequestId": "5AC003C4-XXXX-XXXX-XXXX-2B1B82390333"
     "TDEMode": "Unknown",
     "TDEStatus": "Disabled"
}

Step 3: Enable your MySQL TDE

 aliyun rds ModifyDBInstanceTDE --DBInstanceId <MYSQL-ID> --TDEStatus Enabled --EncryptionKey <KEY-ID>

eg
aliyun rds ModifyDBInstanceTDE --DBInstanceId rm-xxxxxxxxxxxxxvxxx --TDEStatus Enabled --EncryptionKey key-myj
{
     "RequestId": "7B3B51FF-XXXX-XXXX-XXXX-ABA2DC0B1915"
}

Run Step 2 again to check your MySQL TDE, it should be enabled

0
Subscribe to my newsletter

Read articles from Kev directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#alibabacloudalibaba cloudMySQL

Written by

Kev
Kev