Configure the replication AWS account to support cross-account snapshot copy for Amazon RDS. This configuration focuses on preparing the replication account with the required IAM roles, KMS keys, and corresponding infrastructure in Commvault to receive and retain copied snapshots.
Procedure
-
Create an Amazon EC2 hypervisor client for the replication AWS account where you want to store copied snapshots.
-
Disable backup and restore activity on the hypervisor client, and note the client ID.
-
Applies only to protection group: Set the nCommvaultClientForCrossAccountCopy setting at the CommCell level, and use the client ID from the previous step as the value.
-
On the server group that is used as the access node group for Aurora and RDS snapshot workloads, enable the bAmazonIsIntermediateCopyRequired additional setting.
-
Create resource pools for the RDS workload with the required regions for the hosted infrastructure. Ensure that the resource pools align with the replication regions.
-
Increase the snapshot limits in the replication AWS account based on the number of snapshots you plan to retain.
-
Increase the concurrent snapshot copy limits to allow snapshots from multiple source accounts to be copied in parallel.
-
Create an AWS Identity and Access Management (IAM) role using replication role permissions to enable cross-account snapshot copy and add the hosted-infrastructure account (associated with access nodes) as the trusted entity.
-
Create a customer managed AWS Key Management Service (KMS) key in both the source and replication regions in the replication account.