Applications DBA Arena: AWS Cross Account Encrypted RDS DB Cloning

Today, I am going to write about the cross account RDS clone of Mysql Community Flavor DB.

Current Setup - Account A has encrypted DB with default Key.

Requirement is to clone the DB to Account B.

Steps Involved:

1. Take Manual Snapshot Backup of of the DB

2. You can't share the snapshot to Account B. "Sharing snapshots encrypted with the default service key for RDS is currently not supported. " As DB is encrypted with default encryption Key.

3. Create Symmetric KMS Key in Account B

4. Share the symmetric KMS Key in the Account B to Account A ( ON KMS key Creation Step "Define key usage permissions Screen" )

5. On Account A, Copy the Manual Snapshot that was created to new snapshot with Shared KMS Key(Copy using ARN option)

6. On Account A Share the newly copied snapshot to Account B

7. You can't restore straight after sharing, Hence On Account B Copy the snapshot with new KMS Key or Default aws/rds key with Target Option Group (Optional)

8. Restore as a DB from snapshot that was copied.

Screenshot - Step 2 Error

Screenshot - Step 3

Screenshot - Step 4

Screenshot - Step 5

Screenshot - Step 6 (In my case I shared with two different accounts)

Hope this helps someone.

Search This Blog

Cloud Articles

HIGH AVAILABILITY

Databases

SQL Server

Oracle DEMANTRA

Oracle Life Sciences

Tracing/Debugging

AWS Cross Account Encrypted RDS DB Cloning

No comments:

About Me

Oracle DB POSTS

Oracle 11i POSTS

Tools,Books

Exadata

Oracle R12 POSTS

My Favorite

	Specialized in Databases. Led, mentored many DBAs and Developers on best practices in database design and performance tuning. Specialized in multiple database engines, Oracle E-Business Suite Setup, Upgrades, Backup and Recovery, Cloning Optimizations, Cloud Migrations, Replication and Disaster Recovery. You can reach me at meet.lsuresh at gmail.com
Suresh Lakshmanan, USA View my profile here.