Register a cloud database instance

Precautions

• To manage an instance with DMS, we recommend creating a dedicated database account instead of using a shared one. The permission requirements for the database account are as follows:

  • To manage all databases in the instance, grant the account permissions on the entire instance.

  • To manage one or more specific databases, grant the account permissions on only those databases.

  • The account must have sufficient DML permissions to create, delete, and modify data; query tables; and modify the table schema.

  • To perform operations on objects such as views, stored procedures, triggers, and functions, the account must have sufficient permissions.

• To avoid errors, do not add leading or trailing spaces or other special characters to the information you enter.

• Typically, when you register a cloud database in DMS, you are prompted to add IP addresses to a whitelist. If this prompt does not appear and you cannot manage the database, you must manually add the DMS IP address ranges to the database's security settings.

Register an instance

This section uses an ApsaraDB RDS for MySQL instance as an example.

1. Log in to DMS 5.0.

2. On the left side of the console homepage, in the Database Instances section, click the Add Instance icon.

   Note

   You can also enter Instances in the search box on the homepage, click Instances in the search results, and then click New.

3. On the Add Instance page, enter the instance information.

   Category	Parameter	Description
   Data source	-	Alibaba Cloud-MySQL is selected by default. You can select another database type.
   Basic information	Database type	Select the type of the database instance. Note After you select a database type, the parameters in the Basic Information section are automatically refreshed.
   	Instance region	Select the region where the database instance is located.
   	Other primary accounts	Note This parameter appears if you select Cross-Alibaba Cloud account instance. Enter the ARN of the RAM role that belongs to the Alibaba Cloud account that owns the instance. For more information about the required permissions for the RAM role, see Authorization.
   	Registration method	Select the method to register the database instance. You can register by Instance ID or Connection String.
   	Instance ID or Connection String	Enter the Instance ID or connection string. Note A connection string consists of an internal network address and a port. Example for ApsaraDB RDS for MySQL: rm-XXXXXXX.mysql.rds.aliyuncs.com:3306.
   	Access mode	Select whether to enable security hosting for the instance and the logon method. When security hosting is enabled, users are not directly exposed to credentials, which allows for fine-grained permission control. Security Hosting - Automatic (Recommended): DMS automatically enables security hosting for the instance and creates a database account and password for logging on to DMS. Note This parameter is available only when you register an ApsaraDB RDS instance. The automatically created account can be viewed in the ApsaraDB RDS console. Do not modify or delete this account to ensure that DMS features function as expected. Accounts automatically created by DMS for ApsaraDB RDS instances, except for PostgreSQL, do not have permissions to create databases or database accounts. Security Hosting - Manual: DMS automatically enables security hosting for the instance, but you must manually enter the credentials of an existing database account. Security Hosting - KMS: DMS automatically enables security hosting for the instance, but you must manually select an RDS credential created in Key Management Service (KMS) to log on to the database. Note This parameter is available only when you register an ApsaraDB RDS instance. No Hosting (Not Recommended): If security hosting is disabled, you must frequently use your database account and password to log on, which may affect normal operations.
   	Add-on feature pack	Select a feature pack. Security Collaboration or Stable Change (choose one): Security Collaboration supports all the capabilities of Stable Change and provides DevOps features for you to flexibly customize development and approval workflows. Stable Change provides solutions for more stable database operations, such as lock-free schema change and SQL review. Note If you do not select Security Collaboration or Stable Change, the instance uses the Flexible Management mode by default. Sensitive Data Protection: This feature allows you to manage and mask sensitive data. For more information, see Enable Sensitive Data Protection.
   	Security rules	This parameter appears if you select the Security Collaboration feature pack. You can select the default system rules or custom security rules to implement fine-grained control over the database.
   	Classification and grading template	This parameter appears only if you enable Sensitive Data Protection. By binding a classification and grading template to an instance, you can identify whether fields in the instance's databases and tables match the recognition rules in the template. If a field matches a rule, it is tagged with a classification and sensitivity level to protect highly sensitive data.
   Advanced information	Environment type	Select the environment type of the instance.
   	Instance name	Clear the Synchronize Instance Name checkbox to specify a custom display name for the instance in DMS. Note DMS synchronizes the instance name from the cloud service only during the first registration. You can later change the instance name by editing the instance information.
   	Enable DBLink	Select whether to enable DBLink. For more information, see Logical data warehouse.
   	Lock-free Schema Change	Select whether to enable the lock-free schema change feature. Two execution modes are supported: Execute with DMS lock-free change and Prioritize native lock-free, switch to DMS on failure. Note This parameter is available only for MySQL databases.
   	Enable SSL	Note This parameter is available only for MySQL or Redis databases. By default, SSL connections are disabled in DMS. If you need to connect to the database over SSL, you must enable SSL in DMS and ensure that SSL is also enabled on the database server. Secure Sockets Layer (SSL) encrypts network connections at the transport layer to improve data security and integrity, but it can increase connection latency.
   	Instance DBA	Select a DBA role for subsequent workflows such as permission requests.
   	Query timeout (s)	This setting terminates query statements executed in the SQL window that exceed the specified time limit to help protect the database.
   	Export timeout (s)	This setting terminates export tasks executed from the SQL window that exceed the specified time limit to help protect the database.

4. After configuring the parameters, click Test Connection in the lower-left corner.

   Note

   If the connection test fails, check the instance information based on the error message.

5. When the Connection Successful message appears, click Submit.

   The cloud database instance is now registered with DMS. You can view and manage it in the instance list on the left of the DMS console.

Related operations

• If you switch from the Security Hosting - Automatic access mode to another mode and then switch back, DMS resets the password for the automatically generated account.

• If you need to access resources from another Alibaba Cloud account in DMS, or register your resources with the DMS of another Alibaba Cloud account, see Access or register resources across accounts.

• After you register a database instance with DMS, you may need to perform the following operations:

  • Create databases, create tables, query table data, and modify table data. For more information, see Get started with the SQL Console.

  • If you need to change a large amount of table data without locking the table, use the lock-free data change feature in DMS.

  • Export table data.

• Use the AddInstance API to register an instance.

FAQ

• Q: When I register an Alibaba Cloud database in DMS, a message about a whitelist appears, as shown in the following figure. What should I do?

  

  A: You can click Configure Whitelist in the message box. The system then automatically adds the DMS server IP addresses to the cloud database's whitelist. If the automatic configuration fails, you must add them manually. For more information, see Add DMS IP address ranges.

• Q: Is the Flexible Management mode no longer available in DMS?

  A: The mode is still available. If you do not select Stable Change or Security Collaboration, your instance uses the Flexible Management mode by default.

• Q: After I enable TLS/SSL encryption for a Redis instance, I fail to log on to the database from DMS. The system displays a message indicating that an SSL connection is required, as shown in the following figure. How do I resolve this issue?

  

  A: You can resolve this issue by editing the instance.

  1. Log in to DMS 5.0.

  2. On the DMS homepage, in the Database Instances > Instances Disconnected list in the navigation pane on the left, find and right-click the target Redis instance, and then select Edit.

  3. In the Advanced Information section, Enable SSL.

  4. After enabling SSL, click Test Connection.

  5. After the connection test succeeds, click Save. The database can now be connected to DMS.

• Q: Why can't I view table information after I register a MaxCompute instance in DMS? What should I do?

  A: Starting from March 1, 2024, MaxCompute no longer automatically installs the project-level Information Schema package for new projects. This means new projects do not have the package by default. You can install the Information Schema permission package as the Project Owner or a RAM user with the Super_Administrator role to obtain permission to access project metadata. For example, log on to the MaxCompute client and run the install package Information_Schema.systables; command.

  Note

  For more information, see Project-level Information Schema.

• For more FAQs about logging on to databases, see Log on to a database.