By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I use the AWSSupport-ModifyRDSSnapshotPermission runbook to modify permissions for multiple Amazon RDS snapshots?

3 minute read
0

I want to use AWSSupport-ModifyRDSSnapshotPermission AWS Systems Manager Automation runbook to modify the permissions for multiple Amazon Relational Database Service (Amazon RDS) snapshots.

Short description

Use the AWSSupport-ModifyRDSSnapshotPermission runbook to modify permissions for multiple Amazon RDS snapshots. This runbook allows you to make your RDS snapshots public or private and share them with other AWS accounts. But you can't use runbook to share snapshots that are encrypted with a default AWS Key Management System (AWS KMS) with other accounts.

Resolution

Prerequisites

Before you run the automation, make sure that your AWS Identity and Access Management (IAM) user or the role has the following permissions:

  • ssm:StartAutomationExecution
  • ssm:GetAutomaticExecution
  • rds:DescribeDBSnapshots
  • rds:ModifyDBSnapshotAttribute.

For more information, see AWSSupport-ModifyRDSSnapshotPermission.

Note: To share an encrypted snapshot with another account, share the AWS KMS key with the destination account.

Run the Systems Manager automation runbook

  1. Open the AWS Systems Manager console.

  2. In the navigation pane, choose Documents.

  3. In the search bar, enter AWSSupport-ModifyRDSSnapshotPermission (Owner: Amazon).

  4. Choose the AWSSupport-ModifyRDSSnapshotPermission document.

  5. Choose Execute automation.

  6. For the input parameters, enter the following:

  7. SnapshotIds (required): The IDs of Amazon RDS snapshots that you want to share or modify the permissions of.

  8. Private (required): Choose No if you want to share the snapshot with specific account IDs. You provide these account IDs in the AccountIds parameter section.

  9. AutomationAssumeRole (optional): The Amazon Resource Name (ARN) of the IAM role that allows Systems Manager Automation to perform the actions on your behalf. If you don't specify a role, then Systems Manager Automation uses the permissions of the user that runs the document.

  10. AccountIds (optional): The list of account IDs for accounts that you want to share the snapshot with.

  11. AccountPermissionOperation (optional): Account level permissions. Choose add, remove or none.

  12. Choose Execute.

After the automation is completed, review the Outputs section for detailed results:

  • MakePrivate.Results: If you chose Yes for Private, then this field includes the SnapshotID and result of the operation.
  • SharedOtherAccounts.Result: If you chose AccountPermissionOperation, then this field includes the result of that operation.
  • MakePrivate.Commands: This field includes the command that the runbook used to modify the permissions of the RDS snapshot.
  • ValidateSnapshots.EncryptedSnapshots: This field lists the encrypted snapshots that are passed as inputs to share with other accounts.

View the snapshot with updated permissions

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Snapshots
  3. Choose the RDS snapshot that you used previously.

Related information

Run an automation

Set up automation

Systems Manager Automation runbook reference

Topics
Migration & ModernizationAnalyticsDatabaseEnd User Computing
Tags
Amazon Relational Database ServiceAWS Support Automation Workflows
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago
No comments

Relevant content