How do I share manual Amazon RDS DB snapshots or Aurora DB cluster snapshots with another AWS account?

Last updated: 2020-03-26

How do I share manual Amazon Relational Database Service (Amazon RDS) DB snapshots or Amazon Aurora DB cluster snapshots with another AWS account?

Short Description

You can share manual DB snapshots with up to 20 AWS accounts. You can start or stop sharing manual snapshots by using the Amazon RDS console, except for the following limitations:

  • Automated Amazon RDS snapshots can't be shared with other AWS accounts. To share an automated snapshot, copy the snapshot to make a manual version, and then share that copy.
  • Manual snapshots of DB instances that use custom option groups with persistent or permanent options, such as Transparent Data Encryption (TDE) and time zone, can't be shared.
  • Encrypted manual snapshots that don't use the default Amazon RDS encryption key can be shared, but you must first share the AWS Key Management Service (AWS KMS) key with the account that you want to share the snapshot with. To share the key with another account, share the AWS Identity and Access Management (IAM) policy with the primary and secondary accounts. Shared encrypted snapshots can't be restored directly from the destination account. First, copy the snapshot to the destination account by using a KMS key in the destination account. Then, share the copied snapshot.
  • Snapshots that use the default Amazon RDS encryption key (aws/rds) can be shared, but you must first copy the snapshot and choose a custom encryption key. Then, you can share the custom key and the copied snapshot.
  • Snapshots can be shared across AWS Regions. First share the snapshot, and then copy the snapshot to the same Region in the destination account. Then, you can copy the snapshot to another Region.

Resolution

  1. Open the Amazon RDS console.
  2. Choose Snapshots from the left navigation pane.
  3. Choose the DB snapshot that you want to copy.
  4. Choose Actions, and then choose Share Snapshot.
  5. Choose the DB snapshot visibility:
    Public permits all AWS accounts to restore a DB instance from your manual DB snapshot.
    Private permits only AWS accounts that you specify to restore a DB instance from your manual DB snapshot.
  6. In the AWS Account ID field, enter the ID of the AWS account that you want to permit to restore a DB instance from your manual DB snapshot, and then choose Add.
    Note: You can repeat this step to share snapshots with up to 20 AWS accounts.
  7. Choose Save.
  8. To stop sharing a snapshot with an AWS Account, select the Delete check box next to the account ID from the Manage Snapshot Permissions pane, and then choose Save.

To restore a DB instance or DB cluster from a shared snapshot by using the AWS Command Line Interface (AWS CLI) or Amazon RDS API, you must specify the full Amazon Resource Name (ARN) of the shared snapshot as the snapshot identifier.


Did this article help you?

Anything we could improve?


Need more help?