Scenario
A customer wants to shutdown an AWS account say Account A, however it has RDS/Aurora databases. These databases are encrypted. Prior to shutdown, they want to backup these databases.
My Recommendation:
- Create manual snapshots of these databases and copy them to backup account i.e. account B. [Within region]
- For encryption, use a KMS key from account B to encrypt target snapshots.
I have gone through the documentation and can see the only limitation in this scenario is deleting the source snapshot before the copy is complete or target snapshot status is Available
. Reference
Questions:
- Are there any other limitations that I should be aware of in this scenario? I don't want the customer to be surprised when they try to restore using this snapshot after account A has been deleted.