Security Best Practices for GeminiDB DynamoDB-Compatible API
Huawei Cloud and you share the responsibility for security. Huawei Cloud is responsible for the security of cloud services to provide a secure cloud. As a tenant, you should properly use the security capabilities provided by cloud services to protect data, and securely use the cloud. For details, see Shared Responsibilities.
This section provides best practices for enhancing security of GeminiDB DynamoDB-Compatible API. You can continuously evaluate the security status of your GeminiDB DynamoDB-Compatible instances and combine different security capabilities provided by GeminiDB DynamoDB-Compatible API. By doing this, data in GeminiDB DynamoDB-Compatible instances can be protected from being disclosed or tampered with.
Consider the following aspects for your security configurations:
- Enabling SSL and Setting the CCM PCA or SSL Certificate
- Using a Unique CCM Certificate for Each Instance
- Replacing the Instance Certificate Before It Expires
Enabling SSL and Setting the CCM PCA or SSL Certificate
Since April 2017, GeminiDB has offered a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Replace the old certificate before it expires to improve system security.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot