Menu
Amazon Relational Database Service
User Guide (API Version 2014-10-31)

Copying a DB Snapshot or DB Cluster Snapshot

With Amazon Relational Database Service (Amazon RDS), you can copy encrypted and unencrypted DB snapshots by using one of these methods:

  • Copy an automated or manual DB snapshot to create a manual DB snapshot in the same AWS Region.

  • Copy an automated or manual DB snapshot from one region to another region. The DB snapshot can be encrypted.

  • Copy an automated or manual DB cluster snapshot (Aurora) to create a manual DB cluster snapshot in the same AWS Region. You cannot copy a DB cluster snapshot to a different region.

Note

Copying an encrypted DB snapshot to the EU (London) region or the Canada (Central) region is not supported.

To copy a DB snapshot, use the AWS Management Console, the copy-db-snapshot command, or the CopyDBSnapshot API action.

To copy an Amazon Aurora DB cluster snapshot, use the AWS Management Console, the copy-db-cluster-snapshot command, or the CopyDBClusterSnapshot API action.

If you create a manual DB snapshot or DB cluster snapshot, you can keep that snapshot indefinitely. However, automated snapshots are deleted after their retention period expires. Amazon RDS storage costs might apply to your snapshot backups. For information on backup storage costs, see Amazon RDS Pricing.

If you copy a DB snapshot to another AWS Region, you create a manual DB snapshot that is retained in that region. To copy a DB snapshot to another AWS Region, you can use the AWS Management Console, the copy-db-snapshot AWS CLI command, or the CopyDBSnapshot RDS API action, as described following:

  • To copy a DB snapshot to another AWS Region by using the AWS Management Console, specify the Destination Region for the DB snapshot on the Make Copy of DB Snapshot page. If you are copying an encrypted DB snapshot to another region, specify the AWS KMS key identifier of the destination region.

  • To copy a DB snapshot using the copy-db-snapshot CLI command or CopyDBSnapshot API action, issue the command in the AWS Region that you want to copy the DB snapshot to. Use an Amazon RDS Amazon Resource Name (ARN) to specify the source DB snapshot to be copied, including the source region. For information about Amazon RDS ARN formats, see Working with Amazon Resource Names (ARNs) in Amazon RDS.

Amazon RDS deletes automated snapshots either at the end of their retention period, when you disable automated snapshots for a DB instance or DB cluster, or when you delete a DB instance or DB cluster. If you want to keep an automated snapshot for a longer period, copy it to create a manual snapshot, which is retained until you delete it. Amazon RDS storage costs apply to snapshots that you retain after you delete a DB instance or DB cluster.

You can copy a snapshot that has been encrypted using a KMS encryption key. If you copy an encrypted snapshot, the copy of the snapshot must also be encrypted. You can encrypt the snapshot with the same KMS encryption key as the original snapshot, or you can specify a different KMS encryption key to encrypt the copy of the snapshot.

You can also encrypt a copy of an unencrypted snapshot. This way, you can quickly add encryption to a previously unencrypted DB instance. That is, you can create a snapshot of your DB instance or DB cluster when you are ready to encrypt it, and then create a copy of that snapshot and specify a KMS encryption key to encrypt that snapshot copy. You can then restore an encrypted DB instance or DB cluster from the encrypted snapshot. You don't need to encrypt an Amazon Aurora DB cluster snapshot to create an encrypted copy of an Aurora DB cluster. If you specify a KMS encryption key when restoring from an unencrypted DB cluster snapshot, the restored DB cluster is encrypted using the specified KMS encryption key.

You can share manual snapshots with other AWS accounts and copy snapshots shared to you by other AWS accounts. If you are copying an encrypted snapshot that has been shared from another AWS account, you must have access to the KMS encryption key that was used to encrypt the DB snapshot. For more information, see Sharing an Encrypted Snapshot.

Depending on the regions involved and the amount of data to be copied, a cross-region snapshot can take hours to complete. If there are large numbers of cross-region DB snapshot copy requests from a given source region, Amazon RDS might queue new cross-region copy requests for that source region until some in-progress copies have completed. No progress information is displayed about copy requests while they are in the queue. Progress information is displayed when the copy starts.

Limitations

There are some limitations to how and where you can copy DB snapshots:

  • You cannot copy a DB snapshot to or from the AWS GovCloud (US) region.

  • You cannot copy a DB snapshot across regions if it was created from a DB instance that is using Oracle Transparent Data Encryption (TDE) or Microsoft SQL Server TDE.

  • You cannot copy a SQL Server DB snapshot across regions if the DB snapshot was created from an instance using Multi-AZ mirroring.

A snapshot copied across regions doesn't include either the parameter group or option group that was used by the DB instance the snapshot was created from. When you restore a snapshot to create a new DB instance, that DB instance is assigned the default parameter group and default option group for the region it is created in. To give the new DB instance the same parameters and options as the source, you must do the following:

  1. In the destination region, create a parameter group with the same settings as the parameter group used by the source DB instance, or note the name of an existing parameter group that has those settings.

  2. In the destination region, create an option group with the same settings as the option group used by the source DB instance, or note the name of an existing option group that has those settings.

  3. After restoring the snapshot in the destination region, modify the new DB instance to add the parameter group and option group available in the destination region.

Copying a DB Snapshot to Another Region

For each AWS account, you can copy up to five DB snapshots at a time from one region to another. Copying a snapshot out of the source region incurs Amazon RDS data transfer charges. For more information about Amazon RDS data transfer pricing, see Amazon Relational Database Service Pricing.

After the DB snapshot copy has been created in the new region, the DB snapshot copy behaves the same as all other DB snapshots in that region. For example, the following CLI copy command results in a DB snapshot in the us-west-2 region with the identifier mysql-instance1-snapshot-20130805-copy.

For Linux, OS X, or Unix:

aws rds copy-db-snapshot \
    --source-db-snapshot-identifier arn:aws:rds:us-east-1:123456789012:snapshot:mysql-instance1-snapshot-20130805 \
    --region us-west-2 \
    --target-db-snapshot-identifier mysql-instance1-snapshot-20130805-copy 

For Windows:

aws rds copy-db-snapshot ^
    --source-db-snapshot-identifier arn:aws:rds:us-east-1:123456789012:snapshot:mysql-instance1-snapshot-20130805 ^
    --region us-west-2 ^
    --target-db-snapshot-identifier mysql-instance1-snapshot-20130805-copy 

When the copy is finished, the AWS Management Console shows the DB snapshot with the name mysql-instance1-snapshot-20130805-copy in your list of DB snapshots in us-west-2. You can perform all DB snapshot actions by using the DB snapshot identifier. For example, running the following CLI command in the us-west-2 region creates a new DB instance with data from the DB snapshot copy:

For Linux, OS X, or Unix:

aws rds restore-db-instance-from-db-snapshot \
    --db-instance-identifier mysql-instance1-west \
    --region us-west-2 \
    --db-snapshot-identifier mysql-instance1-snapshot-20130805-copy 

For Windows:

aws rds restore-db-instance-from-db-snapshot ^
    --db-instance-identifier mysql-instance1-west ^
    --region us-west-2 ^
    --db-snapshot-identifier mysql-instance1-snapshot-20130805-copy 

AWS Management Console

To copy a DB snapshot

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Snapshots.

  3. Set Filter to Automated Snapshots.

  4. Select the check box for the automated DB snapshot you want to copy.

  5. Choose Copy Snapshot.

  6. To copy the DB snapshot to a different region, choose that region for Destination Region.

  7. Type the name of the DB snapshot copy in New DB Snapshot Identifier.

  8. To copy tags and values from the snapshot to the copy of the snapshot, choose Copy Tags.

    Copy a DB snapshot

    To encrypt the copied DB snapshot, choose Yes for Enable Encryption, and then specify the KMS key identifier to use to encrypt the copied DB snapshot for Master Key.

    Copy and encrypt a DB snapshot

    If the DB snapshot being copied is encrypted, specify the KMS key identifier for the KMS encryption key to encrypt the DB snapshot for Master Key.

    Copy an encrypted a DB snapshot
  9. Choose Copy Snapshot.

CLI

To copy a DB snapshot, use the AWS CLI copy-db-snapshot command. (To copy an Amazon Aurora DB cluster snapshot, use the copy-db-cluster-snapshot command. You cannot copy Aurora DB cluster snapshots to different regions.) The following parameters are required:

  • --source-db-snapshot-identifier

  • --target-db-snapshot-identifier

The following code makes a copy of the snapshot rds:mydbinstance-2013-09-04-22-50 named mydbsnapshotcopy. When the copy is made, all tags on the original snapshot are copied to the snapshot copy.

Example

For Linux, OS X, or Unix:

aws rds copy-db-snapshot \
  --source-db-snapshot-identifier rds:mydbinstance-2013-09-04-22-50 \
  --target-db-snapshot-identifier mydbsnapshotcopy \
  --copy-tags
			

For Windows:

aws rds copy-db-snapshot ^
  --source-db-snapshot-identifier rds:mydbinstance-2013-09-04-22-50 ^
  --target-db-snapshot-identifier mydbsnapshotcopy ^
  --copy-tags
			

The output from this command should look similar to the following:

DBSNAPSHOT  mydbsnapshotcopy  2013-09-04T22:51:29.982Z  mydbinstance  2013-09-04T22:50:22.355Z  mysql  5  available  MasterUser
default:mysql-5-6  5.6.12  general-public-license  manual

API

To copy a DB snapshot, use the Amazon RDS API CopyDBSnapshot action. (To copy an Amazon Aurora DB cluster snapshot, use the CopyDBClusterSnapshot API action. You cannot copy Aurora DB cluster snapshots to different regions.) The following parameters are required:

  • SourceDBSnapshotIdentifier = arn%3Aaws%3Ards%3Aus-east-1%3A815981987263%3Asnapshot%3Ards%3Amysqldb-2014-04-27-08-15

  • TargetDBSnapshotIdentifier = mydbsnapshotcopy

Example

https://rds.us-east-1.amazonaws.com/
   ?Action=CopyDBSnapshot
   &CopyTags=true
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &SourceDBSnapshotIdentifier=arn%3Aaws%3Ards%3Aus-east-1%3A815981987263%3Asnapshot%3Ards%3Amysqldb-2014-04-27-08-15
   &TargetDBSnapshotIdentifier=mydbsnapshotcopy
   &Version=2013-09-09
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140429/us-east-1/rds/aws4_request
   &X-Amz-Date=20140429T175351Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=9164337efa99caf850e874a1cb7ef62f3cea29d0b448b9e0e7c53b288ddffed2

Copying an Encrypted DB Snapshot to Another Region

For each AWS account, you can copy up to five encrypted DB snapshots at a time from one region to another. Copying a snapshot out of the source region incurs Amazon RDS data transfer charges. For more information about Amazon RDS data transfer pricing, see Amazon Relational Database Service Pricing.

Note

Copying an encrypted DB snapshot to the EU (London) region or the Canada (Central) region is not supported.

You can copy an encrypted DB snapshot for the following database engines:

  • MariaDB

  • MySQL

  • Oracle

  • PostgreSQL

  • Microsoft SQL Server

AWS Management Console

To copy an encrypted DB snapshot

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Snapshots.

  3. Select the check box for the DB snapshot you want to copy.

  4. Choose Copy Snapshot.

  5. For Destination Region, choose the AWS Region you want to copy the snapshot to.

    Note

    The destination region must have the same database engine version available as the source region.

  6. Type the name of the DB snapshot copy in New DB Snapshot Identifier.

  7. To copy tags and values from the snapshot to the copy of the snapshot, choose Copy Tags.

  8. For Master Key, choose the KMS key identifier of the destination region.

    Copy an encrypted DB snapshot
  9. Choose Copy Snapshot.

Note

Depending on the amount of data to be copied and the region you choose, this operation can take several hours to complete. Updates for the progress bar might be delayed until setup is complete.

CLI

To copy an encrypted DB snapshot to another region, you can use the AWS CLI copy-db-snapshot command from the destination region. The following parameters are used to copy an encrypted DB snapshot to another AWS Region:

  • --source-region — The AWS region that the encrypted DB snapshot will be copied from. If source-region is not specified, you must specify a pre-signed-url. A pre-signed-url is a URL that contains a Signature Version 4 signed request for the CopyDBSnapshot action to be called in the source region where the DB snapshot will be copied from. To learn more about the pre-signed-url, see CopyDBSnapshot.

  • --source-db-snapshot-identifier — The identifier for the encrypted DB snapshot to be copied. This identifier must be in the ARN format for the source region. The region specified in source-db-snapshot-identifier must match the region specified as the source-region.

  • --target-db-snapshot-identifier — The identifier for the new copy of the encrypted DB snapshot in the destination region.

  • --kms-key-id — The KMS key identifier for the key to use to encrypt the copy of the DB snapshot in the destination region.

The following code example copies the encrypted DB snapshot from the us-west-2 region to the us-east-1 region. The region where you call the copy-db-snapshot command is the destination region for the encrypted DB snapshot to be copied to.

Example

For Linux, OS X, or Unix:

aws rds copy-db-snapshot \
  --source-db-snapshot-identifier arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115 \
  --region us-east-1 \
  --target-db-snapshot-identifier mydbsnapshotcopy \
  --source-region us-west-2 \	
  --kms-key-id my-us-east-1-key
    		

For Windows:

aws rds copy-db-snapshot ^
  --source-db-snapshot-identifier arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20161115 ^
  --region us-east-1 ^
  --target-db-snapshot-identifier mydbsnapshotcopy ^
  --source-region us-west-2 ^	
  --kms-key-id my-us-east-1-key			
  			

API

To copy an encrypted DB snapshot to another region, you can use the Amazon RDS API CopyDBSnapshot action from the destination region. To copy an encrypted DB snapshot to another region, you must specify a value for PreSignedURL. PreSignedURL should contain a request for the CopyDBSnapshot action to call in the source region where the DB snapshot is copied from. To learn more about PreSignedUrl, see CopyDBSnapshot.

Example

https://rds.us-east-1.amazonaws.com/
    ?Action=CopyDBSnapshot
    &KmsKeyId=my-us-east-1-key
    &PreSignedUrl=https%253A%252F%252Frds.us-west-2.amazonaws.com%252F
         %253FAction%253DCopyDBSnapshot
         %2526DestinationRegion%253Dus-east-1
         %2526KmsKeyId%253Dmy-us-east-1-key
         %2526SignatureMethod%253DHmacSHA256
         %2526SignatureVersion%253D4
         %2526SourceDBSnapshotIdentifier%253Darn%25253Aaws%25253Ards%25253Aus-west-2%25253A123456789012%25253Asnapshot%25253Amysql-instance1-snapshot-20161115
         %2526Version%253D2014-10-31
         %2526X-Amz-Algorithm%253DAWS4-HMAC-SHA256
         %2526X-Amz-Credential%253DAKIADQKE4SARGYLE%252F20161117%252Fus-west-2%252Frds%252Faws4_request
         %2526X-Amz-Date%253D20161117T215409Z
         %2526X-Amz-Expires%253D3600
         %2526X-Amz-SignedHeaders%253Dcontent-type%253Bhost%253Buser-agent%253Bx-amz-content-sha256%253Bx-amz-date
         %2526X-Amz-Signature%253D255a0f17b4e717d3b67fad163c3ec26573b882c03a65523522cf890a67fca613
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &SourceDBSnapshotIdentifier=arn%3Aaws%3Ards%3Aus-west-2%3A123456789012%3Asnapshot%3Amysql-instance1-snapshot-20161115
    &TargetDBInstanceIdentifier=my-new-encrypted-db-snapshot
    &Version=2014-10-31
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20161117/us-east-1/rds/aws4_request
    &X-Amz-Date=20161117T221704Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=da4f2da66739d2e722c85fcfd225dc27bba7e2b8dbea8d8612434378e52adccf