Loading...

Enabling Cross-Account Sharing of an Amazon RDS Snapshot Copy

You can share Amazon RDS snapshots with a different Amazon account by copying the snapshot to the target geographic region, and then sharing the copied snapshot with the other account.

To copy the snapshots to a different account, you must map the source region to the target region. If you don't map the source region to the target region, by default, the target region is mapped to be the same region as the source region of the snapshot.

You can use cross-account sharing in the following ways:

  • Replicate a snapshot from a region to the same region or a different region.
  • Share a snapshot to a different account. If you are sharing encrypted snapshots, the KMS key must be shared with the target account.
  • Share a snapshot of an Aurora database cluster.
  • Share a snapshot of an encrypted RDS instance that uses the KMS key encryption. To do that, you use an account that has a secret key/access key or an IAM role.

    To replicate a copy of encrypted RDS snapshots, the user can have either the cvlt-rds alias or the cvlt-master alias at the destination region. If the user is using the key with a different alias, then the user must create a tag for the KMS key with the tag name cvlt-rds or cvlt-master at the destination region.

    Note: The IAM user must be added as a key user for the KMS key used for the destination region.

Procedure

  1. From the navigation pane, go to Protect > Databases.

    The Instances page appears.

  2. Click the instance.

    The instance page appears.

  3. In the Instance groups section, click the instance group that you want to enable cross-account sharing for.

    The instance group properties page appears.

  4. In the Snapshot section, complete the following steps:
    1. Move the Replication toggle key to the right.

      The Add a region mapping page appears.

    2. From the Source region and Destination region lists, select a source Amazon region and a target Amazon region.

      You can map only one destination region to each configured source region for each instance group.

    3. Click OK.
    4. Move the Cross account share toggle key to the right.
    5. Click Edit to select the destination account.
    6. Click OK.
  5. Perform an auxiliary copy operation.

    The auxiliary copy operation creates a secondary, standby copy of the data. If the primary copy becomes inoperative or is deleted to save storage costs, the secondary copy is used to restore the data.

Last modified: 2/17/2021 3:33:51 PM