Help Center/ Database Security Service/ User Guide/ Shared VPC
Updated on 2025-07-09 GMT+08:00
View PDF
Share

Shared VPC

Scenario

Ensure the VPC of the database audit instance is the same as that of the node (application side or database side) where you plan to install the database audit agent. Otherwise, the instance will be unable to connect to the agent or perform audit.

Creating a VPC

  1. Log in to the management console.
  2. Click in the upper left corner, choose Management & Governance > Resource Access Manager, and go to the resource access management page.
  3. Choose Shared by Me > Resource Shares.
  4. Click Create Resource Share in the upper right corner.
  5. Set resource type to vpc:subnet, choose the corresponding region, and select VPCs to be shared. Click Next: Associate Permissions.

    Figure 1 Specifying shared resources

  6. Associate a RAM managed permission with each resource type on the displayed page. Then, click Next: Grant Access to Principals in the lower right corner.

    Figure 2 Configuring permissions

  7. Specify the principals that you want to have access to the resources on the displayed page. Then, click Next: Confirm in the lower right corner.

    Figure 3 Specifying principals
    Table 1 Parameter descriptions

    Parameter

    Description

    Principal Type
    • Organization

      For details about how to create an organization, see .

      NOTE:

      If you have not enabled resource sharing with organizations, this parameter cannot be set to Organization. For details, see .

    • Huawei Cloud account ID

  8. Check the configurations and click OK.

    Figure 4 Confirming configurations

Using a VPC

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the upper right corner, click Buy DBSS.
  4. Set Basic Settings and Edition.

    Table 2 Basic settings parameters

    Parameter

    Description

    Service Type

    The value is fixed at Database Audit Service.

    Billing Mode

    Only the yearly/monthly mode is available.

    Region

    Select the region where the instance is located. Regions are geographic areas isolated from each other. Resources are region-specific and cannot be used across regions through internal network connections. For low network latency and quick resource access, select the nearest region.

    AZ Type

    Only general AZs are supported.

    AZ

    An AZ is a physical location that uses an independent power supply and network. AZs in the same region can communicate with each other over an intranet.

    You can select random allocation or specify an AZ.
    Table 3 Edition specifications

    Parameter

    Description

    Edition specifications

    Basic, Standard, Professional, and Advanced editions are available.

    For details about the specifications supported by each edition, see Table 4.
    Table 4 Database audit editions

    Edition

    Specification

    Maximum Databases

    Performance

    Starter

    Database audit starter edition

    1
    • Peak QPS: 1,000 queries/second
    • Database load rate: 1.2 million statements/hour
    • Online SQL statement storage: 100 million statements

    Basic

    Database audit basic edition

    3
    • Peak QPS: 3,000 queries/second
    • Database load rate: 3.6 million statements/hour
    • Online SQL statement storage: 400 million statements

    Professional

    Database audit professional edition

    6
    • Peak QPS: 6,000 queries/second
    • Database load rate: 7.2 million statements/hour
    • Online SQL statement storage: 600 million statements

    Advanced

    Database audit advanced edition

    30
    • Peak QPS: 30,000 queries/second
    • Database load rate: 10.8 million records/hour
    • Online SQL statement storage: 1.5 billion statements
    • A database instance is uniquely defined by its database IP address and port.

      The number of database instances equals the number of database ports. If a database IP address has N database ports, there are N database instances.

      Example: A user has two database IP addresses, IP1 and IP2. IP1 has a database port. IP2 has three database ports. IP1 and IP2 have four database instances in total. To audit all of them, select professional edition DBSS, which supports a maximum of six database instances.

    • To change the edition of a DBSS instance, unsubscribe from it and purchase a new one.
    • Online SQL statements are counted based on the assumption that the capacity of an SQL statement is 1 KB.

  5. Select the VPC and subnet for database audit. For details about related parameters, see Table 5.

    Figure 5 Setting database audit parameters
    Table 5 Database audit instance parameters

    Parameter

    Description

    VPC

    You can select an existing VPC, or click View VPC to create one on the VPC console.

    NOTE:
    • Select the VPC of the node (application or database side) where you plan to install the agent. For more information, see How Do I Determine Where to Install an Agent?
    • To change the VPC of a DBSS instance, unsubscribe from it and purchase a new one.

    For more information about VPC, see Virtual Private Cloud User Guide.

    Security Group

    You can select an existing security group in the region or create a security group on the VPC console. Once a security group is selected for an instance, the instance is protected by the access rules of this security group.

    For more information about security groups, see Virtual Private Cloud User Guide.

    Subnet

    You can select a subnet configured in the VPC or create a subnet on the VPC console.

    Name

    Instance name