RDS Monitoring and Security
Start course

This course explores Alibaba's RDS service looking at RDS instances, features, security, and the foundational concepts of the service. You'll follow along with guided demos from the Alibaba Cloud platform that will show you how to use and manage the RDS service.

Learning Objectives

  • Get a foundational understanding of the RDS service
  • Create an RDS instance
  • Set up backups and temporary instances
  • Set up read-only instances
  • Use monitoring, metrics, and alerts in RDS
  • Upgrading RDS Instance Configuration

Intended Audience

This course is intended for anyone who wants to learn more about Alibaba RDS, as well as anyone studying for the ACP Cloud Computing certification exam.


To get the most out of this course, you should have a basic understanding of the Alibaba Cloud platform.


Next, let's look at RDS Monitoring and Security. The RDS console provides full performance metrics, which allow you to get a clear picture of the running state of each of your RDS database instances. So, these metrics are provided by CloudMonitor. CloudMonitor is the free monitoring tool that's built-in to the Alibaba Cloud platform. We also use this to monitor other services like ECS. And for RDS, CloudMonitor can record storage usage, memory usage, so that's RAM utilization, CPU usage, and many more.

Security. RDS provides a three-level Security Defense System to protect databases against a variety of security threats. We have a built-in anti-DDoS service, which protects against DDoS attacks up to five gigabits per second; built-in IP whitelisting, which supports up to 1,000 IPs per whitelist; and WAF or web application firewall, which can help defend against brute force attacks, SQL injection attacks, and a few other forms of common database-level attacks.

The RDS service also includes SQL audit capabilities, so you can keep track of the who, what, and when of database access and modification. On the security front, in terms of access to the RDS service and ability to manage the RDS service, we use something called RAM, Resource Access Management. This is actually how permissions are managed across all Alibaba Cloud services. So, of course, under your Alibaba Cloud account, you may have multiple users, perhaps you have developers, and database administrators, and auditors, and perhaps a few other types of roles.

Each of these people will have their own RAM account and they'll use this RAM account to log in to the Alibaba Cloud console. RDS allows you to set what's called RAM policy, which controls which of these RAM users can access and manage RDS. Now, that's at the RDS service level. So, what do you do about database users? How can your DBA manage permissions? RAM can't do that. RAM is designed to manage access to Alibaba Cloud's services. So, it actually works at the service level. If you need a service that allows you to manage user permissions at the database or table-level, then you need to use DMS.

DMS is our Data Management Service. So, with DMS, you can have a unified platform within the Alibaba Cloud console that manages access to individual databases, tables, and even columns for a variety of different users. And this is semi-automated. So, as the database administrator, you can set up a web form where your RAM users can apply for time-limited permissions to use the database. And then you, as the DBA, can approve. When you approve, the DMS system will automatically generate and execute GRANT statements to give the user the permissions they asked for and when their permissions expire, the accompanying REVOKE statements will also be automatically executed by DMS.

So, if you have multiple database users, this can save your database administrator a lot of time. Access control. So, again, this is done mostly through IP address whitelisting. Every RDS instance has at least one whitelist, which contains the IP addresses or address ranges that are allowed to access the database. We also provide SSL encryption. In particular, this supports MySQL and I believe also Microsoft SQL. So you can include encryption in transit between your ECS instances and your RDS database. So, if you want, you can add HTTPS SSL encryption as an optional feature so that access to your database instance is encrypted.

About the Author
Learning Paths

Alibaba Cloud, founded in 2009, is a global leader in cloud computing and artificial intelligence, providing services to thousands of enterprises, developers, and governments organizations in more than 200 countries and regions. Committed to the success of its customers, Alibaba Cloud provides reliable and secure cloud computing and data processing capabilities as a part of its online solutions.