How do I share manual Amazon RDS DB snapshots or Aurora DB cluster snapshots with another AWS account?
Last updated: 2022-05-23
I want to share manual Amazon Relational Database Service (Amazon RDS) DB snapshots or Amazon Aurora DB cluster snapshots with another account. How can I do this?
You can share manual DB snapshots with up to 20 AWS accounts. You can start or stop sharing manual snapshots by using the Amazon RDS console, except for the following limitations:
- You can't share automated Amazon RDS snapshots with other AWS accounts. To share an automated snapshot, copy the snapshot to make a manual version, and then share that copy.
- You can't share manual snapshots of DB instances that use custom option groups with persistent or permanent options. For example, this includes Transparent Data Encryption (TDE) and time zone.
- You can share encrypted manual snapshots that don't use the default Amazon RDS encryption key. But you must first share the AWS Key Management Service (AWS KMS) key with the account that you want to share the snapshot with. To share the key with another account, share the AWS Identity and Access Management (IAM) policy with the primary and secondary accounts. You can't restore shared encrypted snapshots directly from the destination account. First, copy the snapshot to the destination account by using a KMS key in the destination account. Then, restore the copied snapshot.
- To share snapshots that use the default AWS managed key for Amazon RDS (aws/rds), encrypt the snapshot by copying it with a customer managed AWS KMS Key. Then, share the newly created snapshot.
- You can share snapshots across AWS Regions. First share the snapshot, and then copy the snapshot to the same Region in the destination account. Then, copy the snapshot to another Region.
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
- Open the Amazon RDS console.
- Choose Snapshots from the left navigation pane.
- Choose the DB snapshot that you want to copy.
- Choose Actions, and then choose Share Snapshot.
- Choose the DB snapshot visibility:
Public allows all AWS accounts to restore a DB instance from your manual DB snapshot.
Private allows only AWS accounts that you specify to restore a DB instance from your manual DB snapshot.
- In the AWS Account ID field, enter the ID of the AWS account that you want to permit to restore a DB instance from your manual DB snapshot. Then, choose Add.
Note: You can repeat this step to share snapshots with up to 20 AWS accounts.
- Choose Save.
- To stop sharing a snapshot with an AWS Account, select the Delete check box next to the account ID from the Manage Snapshot Permissions pane.
- Choose Save.
You can restore a DB instance or DB cluster from a shared snapshot by using the AWS CLI or Amazon RDS API. To do this, you must specify the full Amazon Resource Name (ARN) of the shared snapshot as the snapshot identifier.