How do I share an Amazon RDS for Oracle DB snapshot?

Resolution

Share an Amazon RDS for Oracle DB snapshot

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

To share a DB snapshot, you can use the Amazon RDS console, the AWS CLI, or the Amazon RDS API.

For Amazon RDS for Oracle snapshots, you can share either a public or private snapshot. When you share a public snapshot, all AWS accounts can access the snapshot. The accounts then have permission to copy the snapshot, and create DB instances from the snapshot. Private snapshots allow you to restrict access to only the accounts that you specify.

Share encrypted DB snapshots

You can't publicly share encrypted snapshots. This includes RDS for Oracle DB snapshots that use Transparent Data Encryption (TDE) or the default AWS Key Management Service (AWS KMS) key for encryption.

To share an encrypted snapshot, complete the following steps:

1. Create a customer managed key.
   Note: On the Define key usage permissions page, add the accounts that you want to access the snapshot.
2. Copy the snapshot.
   Note: For AWS KMS key, specify your customer managed key.
3. Share the new snapshot.

Share DB snapshots with custom option groups

If your DB instance uses an option group with permanent or persistent options, then you can't share a snapshot. The exception is an RDS for Oracle DB instance that uses the Timezone or OLS option, or both. To copy shared DB snapshots for instances that use one or both options, specify a target option group that includes these options.

Share DB snapshots across different Regions

You can move RDS for Oracle DB snapshots from your account in one AWS Region to another account in a different Region. For more information, see Cross-Region snapshot copy for Amazon RDS.

Share automated DB snapshots

You can't share automated RDS for Oracle DB snapshots with other accounts. To share an automated snapshot, you must first copy the automated snapshot, and then share the new copy of the snapshot.

When you copy a snapshot that's shared across accounts, the snapshot is a full copy. The snapshot copy is incremental only when you meet the following conditions:

• You previously copied a snapshot of the same source DB instance to the destination account, and the snapshot still exists in the destination account.
• All copies of the snapshot in the destination account are unencrypted, or you used the same AWS KMS key to encrypt the copies.
• The source DB instance is a Multi-AZ instance that didn't fail over to another Availability Zone after you took the last snapshot.