Copying RDS Snapshot to another account

Question

**Scenario**

A customer wants to shutdown an AWS account say Account A, however it has RDS/Aurora databases. These databases are encrypted. Prior to shutdown, they want to backup these databases.

**My Recommendation:**

- Create manual snapshots of these databases and copy them to backup account i.e. account B. [Within region]
- For encryption, use a KMS key from account B to encrypt target snapshots.

I have gone through the documentation and can see the only limitation in this scenario is deleting the source snapshot before the copy is complete or target snapshot status is `Available`. [Reference](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html#USER_CopySnapshot.Limitations)

**Questions:**

- Are there any other limitations that I should be aware of in this scenario? I don't want the customer to be surprised when they try to restore using this snapshot after account A has been deleted.

Accepted Answer

Be very careful with KMS policies and ensure that the final snapshot is encrypted with a key belonging to the target account.

Additionally, you can share this entry from our Knowledge Center with the customer, https://aws.amazon.com/premiumsupport/knowledge-center/share-encrypted-rds-snapshot-kms-key/

Copying RDS Snapshot to another account

関連するコンテンツ