By default, you can download backup files of TencentDB for MySQL instances over public or private network. To limit the download, you can adjust backup download settings.
Note:Backup download settings are supported in the following regions:
Guangzhou, Shanghai, Beijing, Shenzhen, Chengdu, Chongqing, Nanjing, Hong Kong (China), Beijing Finance, Shanghai Finance, Shenzhen Finance, Toronto, Singapore, Silicon Valley, Frankfurt, Seoul, Mumbai, Bangkok, and Tokyo.
Note:Download over public network is enabled by default and when it is enabled, download over private network is also allowed.
By default, sub-accounts do not have the permission to set backup download rules for TencentDB for MySQL instances. Therefore, you need to create CAM policies to grant specific sub-accounts the permission.
Cloud Access Management (CAM) is a web-based Tencent Cloud service that helps you securely manage and control access permissions to your Tencent Cloud resources. Using CAM, you can create, manage, and terminate users (groups), and control the Tencent Cloud resources that can be used by the specified user through identity and policy management.
You can use CAM to bind a user or user group to a policy which allows or denies them access to specified resources to complete specified tasks. For more information on CAM policy elements, see Element Reference.
The following policy syntax is used to authorize a sub-account to set backup download rules for TencentDB for MySQL instances:
{
"version":"2.0",
"statement":
[
{
"effect":"effect",
"action":["action"],
"resource":["resource"]
}
]
}
effect
, action
, and resource
. One policy has only one statement
.name
) or a feature set (a set of specific APIs prefixed with permid
).In a CAM policy statement, you can specify any API operation from any service that supports CAM. For database audit, the API prefixed with name/cdb:
should be used. To specify multiple operations in a single statement, separate them by comma:
"action":["name/cdb:action1","name/cdb:action2"]
You can also specify multiple operations by using a wildcard. For example, you can specify all operations beginning with "Describe" in the name as shown below:
"action":["name/cdb:Describe*"]
Resource paths are generally in the following format:
qcs::service_type::account:resource
cdb
here.uin/326xxx46
.Below is a sample:
"resource": ["qcs::cdb::uin/326xxx46:instanceId/cdb-kfxxh3"]
Here, cdb-kfxxh3
is the ID of the TencentDB for MySQL instance resource, i.e., the resource
in the CAM policy statement.
The following example only shows the usage of CAM. For the complete list of APIs used to set MySQL backup download rules, see the API documentation.
{
"version":"2.0",
"statement":
[
{
"effect":"allow",
"action": ["name/cdb: ModifyBackupDownloadRestriction"],
"resource": ["*"]
}
]
}
*
to indicate that the backup download rules of TencentDB for MySQL instances in the specified region can be set.BackupDownloadRestriction
) as required and Description and click Done.
Was this page helpful?