Open in app

Sign in

Write

Sign in

Transferring AWS RDS data from one account to another managing encryption keys.

Harsh
2 min readSep 26, 2023

--

“During the initial stages of setting up our infrastructure, it’s common to opt for default configurations, which may not always be advisable. One such instance is the practice of creating RDS (Relational Database Service) instances with the AWS Key Management Service (KMS) master key for encryption. It’s important to note that this approach restricts the ability to share these instances with other AWS accounts, limiting their flexibility and usability for a variety of purposes.

Sharing RDS instances across AWS accounts can be particularly beneficial, serving multiple use cases, including load testing and the segregation of pre-production and production environments. As a result, it’s crucial to be aware of these limitations and consider alternative encryption strategies during the initial infrastructure setup to ensure it aligns with your evolving needs.”

Step 1: Create an RDS Snapshot in the Source Account

  • Access the source AWS account.
  • Create an RDS snapshot.
  • Note that the current encryption uses the AWS Key Management Service (KMS) master key, making it inaccessible for sharing with other accounts.

Step 2: Copy the Snapshot with New Encryption

  • Make a copy of the RDS snapshot.
  • During the copy process, change the encryption key to a new KMS key, named “rds-manual-snapshot-key.”

Step 3: Share the Snapshot with Another Account

  • In the source account, locate the RDS snapshot and select “Actions.”
  • Choose “Share snapshot” and input the target AWS account ID.
  • Save the configuration.

Step 4: Access the Shared Snapshot in the Destination Account

  • Switch to the destination AWS account.
  • Navigate to the RDS service and go to the “Snapshot” section.
  • Look for the shared snapshot within the “Shared with me” tab.

Step 5: Copy the Snapshot with Custom KMS Key

  • Select the shared snapshot and click “Copy snapshot.”
  • Specify the desired custom KMS key for encryption.
  • Initiate the creation of a new snapshot.

Step 6: Restore from the Manual Snapshot

  • Access the “Manual snapshot” section.
  • Click “Actions,” then “Restore.”
  • Follow the prompts to create a new DB instance using the selected snapshot.

This step-by-step guide outlines the process for securely transferring and restoring RDS snapshots from one AWS account to another, while also managing encryption keys.

--

--

Harsh
Harsh

Written by Harsh

0 Followers
2 Following

Software/Infrastructure/Devops Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams