Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How do I share an encrypted Amazon RDS DB snapshot with another account?
I want to share an encrypted snapshot of an Amazon Relational Database Service (Amazon RDS) DB instance with another AWS account. The snapshot uses the default AWS Key Management Service (AWS KMS) key.
Resolution
You can't use the default AWS KMS encryption key to share an encrypted snapshot.
To share an encrypted RDS DB snapshot, take one of the following actions:
- Run the AWSSupport-ShareRDSSnapshot AWS Systems Manager Automation document.
- Manually create a custom AWS KMS key, and then use it to copy and share the snapshot.
For additional restrictions to share an encrypted snapshot, see Sharing encrypted snapshots for Amazon RDS.
Use the AWSSupport-ShareRDSSnapshot runbook
Run the AWSSupport-ShareRDSSnapshot runbook. You can provide the DB instance or DB cluster ID to share with snapshots. You can also provide an existing AWS KMS key, or leave that parameter blank to create a new key.
For more information, see Add a key policy statement in the local account.
Manually create a custom AWS KMS key to copy and share the snapshot
Complete the following steps:
- Create a custom AWS KMS key, and then add the target account.
- Use the customer managed key to copy the snapshot, and then share the snapshot with the target account.
- Copy the shared DB snapshot from the target account.
Related information
How do I change the encryption key that my Amazon RDS DB instances and DB snapshots use?
Encrypting Amazon RDS resources
- Language
- English
Relevant content
- asked 6 years ago
- AWS OFFICIALUpdated 9 months ago
