- Newest
- Most votes
- Most comments
Does the Oracle export file already sit in an S3 bucket owned by account #1? if it does then you can replicate the contents of that bucket location ("bucket prefix" to be strictly correct) to a bucket owned by account #2 using cross-account bucket replication. This will be particularly helpful if the task is to become a regular thing, and also it keeps all the data in the cloud and doesn't touch your local device.
Once the replication job is initially created, a dialog will come up asking if you want to apply this setting to existing objects in the source bucket, just answer yes.
There is a walk through about how to setup cross-account bucket replication this here https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-2.html
If source or target is encrypted with KMS then it's more complicated because account #1 will need access to the KMS key in account #2, the extra steps are described here https://repost.aws/knowledge-center/s3-cross-account-replication-object-lock (the doc is about ObjectLock, but the KMS stuff is relevant here).
To move an Oracle database export file from RDS1 in AWS Cloud Account 1 to RDS2 in AWS Cloud Account 2:
Upload the file from RDS1 to an S3 bucket in Account 1. Configure cross-account access, allowing Account 2 to access the S3 bucket in Account 1. Create an IAM role in Account 2 with read permissions for the S3 bucket in Account 1. Assume the IAM role using temporary credentials through STS in Account 2. Download the file from the S3 bucket in Account 1 and upload to S3 in Account 2. Import the Oracle database export file from S3 into RDS2 in Account 2.
Did you mean to configure cross account access using IAM roles from account 1 to account 2? I have RDS admi role and system admin, so I am not sure if this has enough permissions to setup all this configurtion needed. Is there a simpler way to accomplish this? For example I was thinking of downloading the source file from S3 in account 1 to local windows client machine and then upload to s3 in account 2. This might be very slow solution though.
You dont have to create a role, you can just grant access via a policy to a role or IAM User/Group. Downloading the export locally could breach your comapanys security controls
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 2 months ago
The file sits on the RDS1 machine now. I should be able to copy it to an S3 though easily. Is S3 replication between two accounts the only way to copy file to another S3 in a second account? Is there a way for Account 2 to read contents on Account1 S3 or not? About KMS encryption, how do you check that? I think when you create the RDS that is setup as default.
Apologies, I wasn't clear, I meant KMS encryption on the S3 bucket, not RDS.
Yes, there is a way that account #2 can access the contents of a bucket owned by account #1. It's pretty much what @Aravind says in his answer above.