Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Why doesn't my Amazon Redshift cross-Region snapshot work in another Region?

3 minute read
0

I copied my Amazon Redshift snapshot to another AWS Region for backup and disaster recovery purposes and experienced issues with the cross-Region snapshot.

Resolution

Verify that you activated cross-Region snapshot and selected a destination Region

Complete the following steps:

  1. Open the Amazon Redshift console.
  2. In the navigation pane, choose Clusters, and then select your cluster.
  3. Select the Properties tab.
  4. In the Snapshot copy section, confirm that you activated cross-region snapshot.
  5. In Destination AWS Region, confirm that you selected the destination Region to copy snapshots to. If you didn't select a destination Region, then select one.
  6. Choose Save.

For more information, see Configuring cross-Region snapshot copy for a nonencrypted cluster.

Create an AWS KMS key policy for your snapshot copy grant

If your cluster uses AWS Key Management Service (AWS KMS) encryption, then you must create a policy for your snapshot copy grant. The AWS KMS snapshot copy grant policy allows Amazon Redshift to perform encryption operations on the copied snapshots in the destination Region.

Complete the following steps:

  1. Open the AWS Identity and Access Management (IAM) console in the destination Region.

  2. In the navigation pane, choose Policies.

  3. Choose Create policy.

  4. In the Policy editor, choose JSON.

  5. Enter the following statement into the policy:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": [
                "kms:DescribeKey",
                "kms:CreateGrant"
            ],
            "Resource": [
                "*"
            ],
            "Condition": {
                "StringEquals": {
                    "kms:CallerAccount": "your-account-id"
                }
            }
        }
    ]
}

    Note: Replace your-account-id with your AWS account ID.

  6. Choose Next.

  7. For Policy name, enter a name for your policy, and then choose Create policy.

For more information, see Copying AWS KMS–encrypted snapshots to another AWS Region and Configuring cross-Region snapshot copy for an AWS KMS–encrypted cluster.

Make sure that the cluster has the correct permissions

The IAM role that you associated with your Amazon Redshift cluster must have the required permissions to access and copy snapshots across Regions. Verify that you attached the AmazonRedshiftFullAccess AWS managed policy to the IAM role. 

If you created a custom policy, then confirm that the IAM role has the following permissions:

To edit a custom policy, see Edit IAM policies

Verify that the destination Region is in a supported Amazon Redshift Region

To verify that the destination Region is one that Amazon Redshift supports, choose the Region from the list of available AWS services

Related information

Copying a snapshot to another AWS Region

Amazon Redshift snapshots and backups

Amazon Redshift best practices

Topics
Analytics
Tags
Amazon Redshift
Language
English
AWS OFFICIALUpdated 10 months ago
No comments

Relevant content