Summary Prerequisites and limitations Architecture Tools Best practices Epics Related resources

Migrate an Amazon RDS DB instance to another VPC or account

Created by Dhrubajyoti Mukherjee (AWS)

Environment: PoC or pilot	Source: Amazon RDS	Target: Amazon RDS
R Type: Relocate	Technologies: Migration; Databases	AWS services: Amazon RDS; Amazon VPC

Summary

This pattern provides guidance for migrating an Amazon Relational Database Service (Amazon RDS) DB instance from one virtual private cloud (VPC) to another in the same AWS account, or from one AWS account to another AWS account.

This pattern is useful if you want to migrate your Amazon RDS DB instances to another VPC or account for separation or security reasons (for example, when you want to place your application stack and database in different VPCs).

Migrating a DB instance to another AWS account involves steps such as taking a manual snapshot, sharing it, and restoring the snapshot in the target account. This process can be time-consuming, depending on database changes and transaction rates. It also causes database downtime, so plan ahead for the migration. Consider a blue/green deployment strategy to minimize downtime. Alternatively, you can evaluate AWS Data Migration Service (AWS DMS) to minimize downtime for the change. However, this pattern doesn’t cover this option. To learn more, see the AWS DMS documentation.

Prerequisites and limitations

Prerequisites

An active AWS account
AWS Identity and Access Management (IAM) permissions required for the VPC, subnets, and Amazon RDS console

Limitations

Changes to a VPC cause a database reboot, resulting in application outages. We recommend that you migrate during low peak times.
Limitations when migrating Amazon RDS to another VPC:
- The DB instance you’re migrating must be a single instance with no standby. It must not be a member of a cluster.
- Amazon RDS must not be in multiple Availability Zones.
- Amazon RDS must not have any read replicas.
- The subnet group created in the target VPC must have subnets from the Availability Zone where the source database is running.
Limitations when migrating Amazon RDS to another AWS account:
- Sharing snapshots encrypted with the default service key for Amazon RDS isn‘t currently supported.

Architecture

Migrating to a VPC in the same AWS account

The following diagram shows the workflow for migrating an Amazon RDS DB instance to a different VPC in the same AWS account.

The steps consist of the following. See the Epics section for detailed instructions.

Create a DB subnet group in the target VPC. A DB subnet group is a collection of subnets that you can use to specify a specific VPC when you create DB instances.
Configure the Amazon RDS DB instance in the source VPC to use the new DB subnet group.
Apply the changes to migrate the Amazon RDS DB to the target VPC.

Migrating to a different AWS account

The following diagram shows the workflow for migrating an Amazon RDS DB instance to a different AWS account.

The steps consist of the following. See the Epics section for detailed instructions.

Access the Amazon RDS DB instance in the source AWS account.
Create an Amazon RDS snapshot in the source AWS account.
Share the Amazon RDS snapshot with the target AWS account.
Access the Amazon RDS snapshot in the target AWS account.
Create an Amazon RDS DB instance in the target AWS account.

Tools

AWS services

Amazon Relational Database Service (Amazon RDS) helps you set up, operate, and scale a relational database in the AWS Cloud.
Amazon Virtual Private Cloud (Amazon VPC) helps you launch AWS resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Best practices

If database downtime is a concern when migrating an Amazon RDS DB instance to another account, we recommend that you use AWS DMS. This service provides data replication, which causes less than five minutes of outage time.

Epics

Task Description Skills required

Task	Description	Skills required
Create a new VPC.	On the Amazon VPC console, create a new VPC and subnets with the desired properties and IP address ranges. For detailed instructions, see the Amazon VPC documentation.	Administrator
Create a DB subnet group.	On the Amazon RDS console: Choose Subnet groups, Create DB subnet group. Enter the subnet group name, description, and VPC ID. Add the subnets that belong to the subnet group. Add subnets to cover at least two Availability Zones. Choose Create. For additional information, see the Amazon RDS documentation.	Administrator
Modify the Amazon RDS DB instance to use the new subnet group.	On the Amazon RDS console: In the navigation pane, choose Databases, and then choose the Amazon RDS DB instance to be migrated. In the Connectivity section, choose the subnet group that’s associated with the target VPC. In the Schedule modifications section, choose Apply immediately. When the migration to the target VPC is complete, the target VPC's default security group is assigned to the Amazon RDS DB instance. You can configure a new security group for that VPC with the required inbound and outbound rules to your DB instance. Alternatively, use the AWS Command Line Interface (AWS CLI) to perform the migration to the target VPC by explicitly providing the new VPC security group ID. For example: `aws rds modify-db-instance \ --db-instance-identifier testrds \ --db-subnet-group-name new-vpc-subnet-group \ --vpc-security-group-ids sg-idxxxx \ --apply-immediately`	Administrator

Create a new VPC.

On the Amazon VPC console, create a new VPC and subnets with the desired properties and IP address ranges. For detailed instructions, see the Amazon VPC documentation.

Administrator

Create a DB subnet group.

On the Amazon RDS console:

Choose Subnet groups, Create DB subnet group.
Enter the subnet group name, description, and VPC ID.
Add the subnets that belong to the subnet group. Add subnets to cover at least two Availability Zones.
Choose Create.

For additional information, see the Amazon RDS documentation.

Administrator

Modify the Amazon RDS DB instance to use the new subnet group.

On the Amazon RDS console:

In the navigation pane, choose Databases, and then choose the Amazon RDS DB instance to be migrated.
In the Connectivity section, choose the subnet group that’s associated with the target VPC.
In the Schedule modifications section, choose Apply immediately.

When the migration to the target VPC is complete, the target VPC's default security group is assigned to the Amazon RDS DB instance. You can configure a new security group for that VPC with the required inbound and outbound rules to your DB instance.

Alternatively, use the AWS Command Line Interface (AWS CLI) to perform the migration to the target VPC by explicitly providing the new VPC security group ID. For example:


aws rds modify-db-instance \
    --db-instance-identifier testrds \
    --db-subnet-group-name new-vpc-subnet-group \
    --vpc-security-group-ids sg-idxxxx \
    --apply-immediately

Administrator

Task	Description	Skills required
Create a new VPC and subnet group in the target AWS account.	On the Amazon VPC console, create a new VPC with the desired properties and IP address ranges. For detailed instructions, see the Amazon VPC documentation. Create subnets for the new VPC by following the instructions in the Amazon VPC documentation. On the Amazon RDS console, create DB subnet groups. For instructions, see the Amazon RDS documentation.	Administrator
Share a manual snapshot of the database and share it with the target account.	Take a manual snapshot of the source database by following the instructions in the Amazon RDS documentation. Share the snapshot with the target AWS account by providing the target account ID. For instructions, see the re:Post article about sharing DB snapshots with other accounts.	Administrator
Launch a new Amazon RDS DB instance.	Launch a new Amazon RDS DB instance from the shared snapshot in the target AWS account. For instructions, see the Amazon RDS documentation.	Administrator

Related resources

Amazon VPC documentation
Amazon RDS documentation
How do I change the VPC for an RDS DB instance? (AWS re:Post article)
How do I transfer ownership of Amazon RDS resources to a different AWS account? (AWS re:Post article)
How do I share manual Amazon RDS DB snapshots or Aurora DB cluster snapshots with another AWS account? (AWS re:Post article)
AWS DMS documentation

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Migrate VMware SDDC to VMware Cloud on AWS

Migrate an Amazon RDS for Oracle DB to another VPC