Enabling Cross-Account Sharing of an Amazon RDS Snapshot Copy to the Same or a Different Region

Updated

You can share Amazon RDS snapshots to a different AWS account by copying the snapshot to the target geographic region, and then by sharing the copied snapshot cross account. Tags attached to the source snapshot are not copied to the destination account or to a regional snapshot copy.

To copy the snapshots to a different account, you must map the source region to the target region. By default, if you don't map the source region to the target region, the target region is mapped to be the same region as the source region of the snapshot.

You can use cross-account sharing in the following ways:

  • Replicate a snapshot from the same region to the same or a different region.

  • Share a snapshot to a different account. If you are sharing encrypted snapshots, the KMS key must be shared with the target account.

  • Share a snapshot of an Amazon Aurora database cluster.

  • Share a snapshot of an encrypted Amazon RDS instance.

    To replicate a copy of encrypted RDS snapshots, the user can either have a key with alias cvlt-rds or cvlt-master at the destination region. If the user is using the key with a different alias, then the user must create a tag for the KMS key with the tag name cvlt-rds or cvlt-master at the destination region.

    Note: The IAM user must be added as a key user for the KMS key used for the destination region.

Before You Begin

  • The source account can be configured with an access key ID and secret access key pair or an STS role ARN. The destination account must be configured with an access key ID and secret access key pair or an STS role ARN.

  • To enable replication, you must have a secondary copy.

Procedure

  1. From the navigation pane, go to Protect > Databases.

    The Instances page appears.

  2. Click the instance.

    The instance page appears.

  3. In the Instance groups section, click the instance group for which you want to enable cross-account sharing.

    The instance group properties page appears.

  4. In the Snapshot section, complete the following steps:

    1. Move the Replication toggle key to the right.

      The Add a region mapping page appears. The region mapping information initially displayed is inherited from the plan, but you can modify it.

    2. From the Source region and Destination region lists, select a source AWS region and a target AWS region.

      You can map only one destination region to each configured source region per instance group.

    3. Click OK.

    4. Move the Cross account operations toggle to the right.

      The Cross account operations page appears.

    5. For Choose action, click the Share only button.

    6. From the Destination account list, select the account.

    7. Click OK.

  5. Perform an auxiliary copy operation.