I am trying to do a MSSQL database backup and restore (from one AWS account to another) following the native backup and restore documentation.
The backup seems to work fine to an S3 bucket. I am then downloading it from Account A and uploading it back to an S3 bucket in Account B.
When I then try to restore using
exec msdb.dbo.rds_restore_database
@restore_db_name='database_name',
@s3_arn_to_restore_from='arn:aws:s3:::bucket_name/file_name.extension',
I get the following error
Aborted the task because of a task failure or a concurrent RESTORE_DB request. Task has been aborted ** The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.**
This suggests to me an encryption issue however I have not specified a KMS key using the '@kms_master_key_arn' parameter on either the export or import which the documentation suggests should export an unencrypted DB:
The following parameters are optional:
@kms_master_key_arn – The ARN for the symmetric encryption KMS key to use to encrypt the item.
*** If you don't specify a KMS key identifier, the backup file won't be encrypted.**
I'd appreciate any ideas if anyone has come across this problem before.
Hi,
Thanks for the response, I can confirm this isn't encrypted with a default key the encryption on the database is with a custom KMS key.
Thanks