Skip to main content

RDS Snapshot Cross-Account Sharing

Create KMS Key and Give Access to Target Account

  1. Login to source AWS account and open AWS KMS console.
  2. Choose Customer managed keys from the navigation pane and click Create Key.
  3. Select Key type to Symmetric and Key usage to Encrypt and decrypt.
  4. Define a name to key in Alias and click Next.
  5. In Key administrators select Admin IAM user who can administer the AWS KMS key and click Next
  6. In Other AWS accounts, click Add another AWS account and add the target AWS account ID and click Next and finally click Finish.

Take Manual Snapshot and Share with Target Account

  1. In the source AWS account, go to RDS console.
  2. Select running AURORA or RDS instance.
  3. Click Actions and select Take snapshot option.
  4. Define proper name for snapshot; i.e., product-name-environment-date.
  5. Click the Take snapshot and wait for the snapshot to complete.
  6. Select the completed snapshot, click Actions and select Copy snapshot.
  7. Choose the same AWS Region as your current, and then define a name for New DB Snapshot Identifier.
  8. In the Encryption section, choose the KMS key that you created above.
  9. Finally click Copy snapshot and wait for the snapshot to complete.
  10. Select the second completed snapshot and click Actions and click Share snapshot.
  11. Enter target AWS account ID and click Add and finally click Save.

Restore the Snapshot in Target Account

  1. Login to target AWS account and open RDS console and go to Snapshot in navigation pane.
  2. In the Snapshots pane, select Shared with Me tab.
  3. Select the DB snapshot that was shared from source account.
  4. Click Actions and choose Copy snapshot to copy the snapshot to target account.
  5. Once the snapshot is copied and available in Manual tab, note down the name to be used in any restore procedure.