Enabling Cross-Account Copying of an Amazon RDS Snapshot Copy to the Same or a Different Region

Updated

You can copy Amazon RDS snapshots to a different Amazon Web Services account by copying the snapshot to the target geographic region, and then copying the snapshot to the other account. Tags attached to the source snapshot are not copied to the destination account or to a regional snapshot copy.

To copy the snapshots, you must map the source region to the target region.

You can use cross-account copying in the following ways:

  • Replicate a snapshot from a region to the same region or a different region.

  • Copy a snapshot to a different account. If you are copying encrypted snapshots, the KMS key must be shared with the target account.

  • Copy a snapshot of an Amazon Aurora database cluster.

  • Copy a snapshot of an encrypted Amazon RDS instance.

    To replicate a copy of encrypted Amazon RDS snapshots, the user can have either the cvlt-rds alias or the cvlt-master alias at the destination region in the source and destination account. If the user is using the key with a different alias, then the user must create a tag for the KMS key with the tag name cvlt-rds or cvlt-master at the destination region.

    Note: The IAM user must be added as a key user for the KMS key used for the destination region.

Before You Begin

  • If the source Amazon RDS instance is using a Custom Option Group, then verify that a Custom Option Group with a similar name and similar parameters exists at the destination region.

  • The source account can be configured with an access key ID and secret access key pair or an STS role ARN. The destination account must be configured with an access key ID and secret access key pair or an STS role ARN.

  • To enable replication, you must have a secondary copy.

Procedure

  1. From the navigation pane, go to Protect > Databases.

    The Instances page appears.

  2. Click the instance.

    The instance page appears.

  3. In the Instance groups section, click the instance group to enable cross-account sharing for.

    The instance group page appears.

  4. In the Snapshot section, complete the following steps:

    1. Move the Replication toggle key to the right.

      The Add a region mapping page appears.

    2. From the Source region and Destination region lists, select a source Amazon Web Services region and a target Amazon Web Services region.

      You can map only one destination region to each configured source region for each instance group.

    3. Click OK.

    4. Move the Cross account operations toggle to the right.

      The Cross account operations page appears.

    5. For Choose action, click the Full copy button.

    6. From the Destination account list, select the account.

    7. Click OK.

  5. Create a plan for the replica copy.

  6. Perform an auxiliary copy operation.

Results

The auxiliary copy operation creates a secondary, standby copy of the data. If the primary copy becomes inoperative or is deleted to save storage costs, the secondary copy is used to restore the data.