Help Center/ GeminiDB/ GeminiDB DynamoDB-Compatible API/ Best Practices/ Security Best Practices for GeminiDB DynamoDB-Compatible API
Updated on 2025-07-03 GMT+08:00

Security Best Practices for GeminiDB DynamoDB-Compatible API

Huawei Cloud and you share the responsibility for security. Huawei Cloud is responsible for the security of cloud services to provide a secure cloud. As a tenant, you should properly use the security capabilities provided by cloud services to protect data, and securely use the cloud. For details, see Shared Responsibilities.

This section provides best practices for enhancing security of GeminiDB DynamoDB-Compatible API. You can continuously evaluate the security status of your GeminiDB DynamoDB-Compatible instances and combine different security capabilities provided by GeminiDB DynamoDB-Compatible API. By doing this, data in GeminiDB DynamoDB-Compatible instances can be protected from being disclosed or tampered with.

Consider the following aspects for your security configurations:

Enabling SSL and Setting the CCM PCA or SSL Certificate

Since April 2017, GeminiDB has offered a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Replace the old certificate before it expires to improve system security.

Using a Unique CCM Certificate for Each Instance

Configuring a unique SSL certificate for each instance can significantly improve the system security and help organizations better cope with potential threats.

Replacing the Instance Certificate Before It Expires

You can configure notification policies for the instance certificate before it expires. Renew or replace the certificate in a timely manner to avoid affecting instance functions.