Migrate Amazon RDS for Oracle DB instances to other accounts that use AMS
Created by Pinesh Singal (AWS)
Environment: PoC or pilot | Source: Databases: Relational | Target: Amazon RDS for Oracle on AWS Managed Services |
R Type: Rehost | Workload: Oracle | Technologies: Databases; Migration; Storage & backup |
AWS services: Amazon RDS; AWS Managed Services |
Summary
This pattern shows you how to migrate an Amazon Relational Database Service (Amazon RDS) for Oracle DB instance from one AWS account to another AWS account. The pattern applies to scenarios where the source AWS account doesn't use AWS Managed Services (AMS) but the target account does use AMS. You can complete the migration by using a request for change (RFC) in AMS instead of using the AWS Management Console to perform database operations. This approach provides minimal downtime for a multi-terabyte Oracle source database with a high number of transactions. For example, the downtime for a 400–900 GB database could last for approximately two or three hours. Database migration time is directly proportionate to the size of the Amazon RDS for Oracle DB instance.
Important: This pattern requires you to take a database snapshot of the Amazon RDS for Oracle DB instance in a source account, copy the snapshot to a target account that's using AMS, and then create a new DB instance from that snapshot by raising RFCs.
Prerequisites and limitations
Prerequisites
An active AWS account for the source account
An active AWS account that uses AMS for the target account
Amazon RDS for Oracle DB instance, up and running
Limitations
The same properties or configurations for the DB instances in the source account are copied over to a new target DB instance on AMS.
The RFC method that's used in this migration approach has limited features to support Amazon RDS for Oracle. You can access the full features of Amazon RDS for Oracle by using an AWS CloudFormation template to perform the database migration.
You can experience an application outage for several hours because the migration must be completed during scheduled downtime. During downtime, you stop the DB instance in the source account, and then you go live to a new DB instance in the target account.
This migration approach doesn't apply to the migration of a DB instance from one AWS Region to another Region within the same AWS account.
Product versions
Oracle Database Standard Edition 2 (SE2) 12.1.0.2.v2 instance and later on Amazon RDS for Oracle
Amazon RDS for Oracle 11g is no longer supported (For more information, see Amazon RDS for Oracle in the Amazon RDS documentation.)
Architecture
Source technology stack
Oracle Database SE2 12.1.0.2.v2 instance on Amazon RDS for Oracle
Amazon RDS subnet group
Amazon RDS option group (if needed)
Amazon RDS parameter group (if needed)
Amazon Virtual Private Cloud (Amazon VPC) security group
AWS Key Management Service (AWS KMS) with AWS managed keys or customer managed keys
AWS Identity and Access Management (IAM) role (if needed)
Target technology stack
Oracle Database SE2 12.1.0.2.v2 instance on Amazon RDS for Oracle
Amazon RDS subnet group
Amazon RDS option group (if needed)
Amazon RDS parameter group (if needed)
Amazon VPC security group
AWS Managed Services (AMS)
AWS KMS with AWS managed keys and customer managed keys
IAM role (if needed)
Source and target migration architecture
The following diagram shows the migration of an Amazon RDS for Oracle DB instance in one AWS account to an Amazon RDS for Oracle DB instance in another AWS account that uses AMS.
The diagram shows the following workflow:
Take a database snapshot of the Amazon RDS for Oracle DB instance in the source account.
Copy the snapshot to AMS in the target account.
Create a new Amazon RDS for Oracle DB instance from the snapshot in the target account.
Automation and scale
You can automate and scale the migration by using CloudFormation templates and creating RFCs in AMS. CloudFormation enables you to use all the features of Amazon RDS for Oracle, including the ability to configure and restore the DB instance when you create an Amazon RDS for Oracle DB instance from a snapshot.
Tools
Amazon Relational Database Service (Amazon RDS) for Oracle helps you set up, operate, and scale an Oracle relational database in the AWS Cloud.
AWS Key Management Service (AWS KMS) helps you create and control cryptographic keys to help protect your data.
AWS Managed Services (AMS) helps you operate your AWS infrastructure more efficiently and securely.
Epics
| Task | Description | Skills required |
|---|---|---|
Create a custom AWS KMS key. |
| AWS, AMS |
Create a security group. | Raise an automated RFC called Create security group to create a security group for your VPC from your target account. Be sure to specify the following:
| AWS, AMS |
(Optional) Review your Amazon RDS resources. | The following resources are created when an Amazon RDS for Oracle DB instance is created:
If you want to review the Amazon RDS resources that were created when you created your DB instance, then you can connect to your Oracle DB instance and find your subnet group, option group, and parameter group in the Amazon RDS console. | AWS |
| Task | Description | Skills required |
|---|---|---|
Stop the application. | Stop the application and its dependent services. You must stop all traffic to the database in the source account. | App owner |
Take a manual snapshot. | Manually create a DB snapshot of the Amazon RDS for Oracle DB instance in the source account. | AWS |
Stop the DB instance. | AWS | |
Copy the snapshot. | Copy the DB snapshot to the same source account, and then use the custom KMS key shared from the target account to re-encrypt the copied DB snapshot file. | AWS |
Share the snapshot. | Share the new snapshot (copied with the custom KMS key) with the target account. | AWS |
| Task | Description | Skills required |
|---|---|---|
Copy the snapshot. | Raise an automated RFC called Copy RDS snapshot to copy the DB snapshot to the same target account and use the default AWS managed KMS key created for re-encryption. This is required to make the target account the owner of the new snapshot and to enable the Amazon RDS for Oracle DB instance created from the snapshot to be associated with the option group, if needed. | AWS, AMS |
Create a DB instance from the snapshot. | Raise an automated RFC called Create DB from snapshot to create an Amazon RDS for Oracle DB instance from the snapshot. Be sure to specify the following:
| AWS, AMS |
Attach the instance to the security group and make configuration updates. |
| AWS, AMS |
Test the DB instance. | Test the new Amazon RDS for Oracle DB instance endpoint connectivity by logging into any instance or application server hosted on the same security group and by using telnet to connect to the 1521 port. For more information, see Connecting to an Amazon RDS DB instance in the Amazon RDS documentation. Note: If the primary user login credentials are available, you can test the Amazon RDS for Oracle DB instance by logging in from any SQL client (such as Oracle SQL Developer). | AWS, DBA |
Related resources
AWS Managed Services
(AWS documentation) How RFCs work (AWS Managed Services documentation)
Sharing encrypted snapshots (Amazon RDS User Guide)
How can I share an encrypted Amazon RDS DB snapshot with another account?
(AWS Knowledge Center) What is Amazon Relational Database Service (Amazon RDS)? (Amazon RDS User Guide)
Amazon RDS for Oracle (Amazon RDS User Guide)
Using the AMS consoles (AWS Managed Services documentation)
Additional information
Roll back the migration
If you want to roll back the migration, complete the following steps:
Raise a manual RFC (Update Other) from the target account to delete the database stack created in the target account.
Update the application configuration to point to the Amazon RDS for Oracle DB instance in the source account.
Start the Amazon RDS for Oracle DB instance in the source account.
