Copy Amazon DynamoDB tables across accounts using AWS Backup - AWS Prescriptive Guidance
SummaryPrerequisites and limitationsArchitectureToolsEpicsRelated resources

Copy Amazon DynamoDB tables across accounts using AWS Backup

Created by Ramkumar Ramanujam (AWS)

Environment: PoC or pilot

Technologies: Databases; Migration

AWS services: Amazon DynamoDB; AWS Backup

Summary

When working with Amazon DynamoDB on Amazon Web Services (AWS), a common use case is to copy or sync DynamoDB tables in development, testing, or staging environments with the table data that is in the production environment. As a standard practice, each environment uses a different AWS account. 

AWS Backup supports cross-Region and cross-account backup and restore of data for DynamoDB, Amazon Simple Storage Service (Amazon S3), and other AWS services. This pattern provides the steps for using AWS Backup cross-account backup and restore to copy DynamoDB tables between AWS accounts.

Prerequisites and limitations

Prerequisites 

  • Two active AWS accounts that belong to the same AWS Organizations organization

  • DynamoDB tables in both the accounts.

  • AWS Identity and Access Management (IAM) permissions to create and use AWS backup vaults

Limitations 

  • Source and target AWS accounts should be part of the same AWS Organizations organization.

Architecture

Target technology stack  

  • AWS Backup 

  • Amazon DynamoDB

Target architecture 

Description of copying tables between backup vaults follows the diagram.

  1. Create the DynamoDB table backup in the AWS Backup backup vault in the source account.

  2. Copy the backup to the backup vault in the target account.

  3. Restore the DynamoDb table in the target account using the backup from the target account backup vault.

Automation and scale

You can use AWS Backup to schedule backups to run at specific intervals.

Tools

  • AWS Backup – AWS Backup is a fully-managed service for centralizing and automating data protection across AWS services, in the cloud, and on premises. Using this service, you can configure backup policies and monitor activity for your AWS resources in one place. It allows you to automate and consolidate backup tasks that were previously performed service-by-service, and removes the need to create custom scripts and manual processes.

  • Amazon DynamoDB – Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.

Epics

TaskDescriptionSkills required
Turn on advanced features for DynamoDB and cross-account backup.

In both the source and the target AWS accounts, do the following:

  1. On the AWS Management Console, open the AWS Backup console.

  2. Choose Settings.

  3. Under Advanced features for Amazon DynamoDB backups, confirm that Advanced features is enabled, or choose Enable.

  4. Under Cross-account management, for Cross-account backup, choose Enable.

AWS DevOps, Migration engineer
TaskDescriptionSkills required
Create backup vaults.

In both the source and the target AWS accounts, do the following:

  1. On the AWS Backup console, choose Backup vaults.

  2. Choose Create Backup vault.

  3. Copy the Amazon Resource Name (ARN) of the backup vault and save it.

The ARNs of both the source and the target backup vaults will be required when you copying the DynamoDB table backup between the source account and the target account.

AWS DevOps, Migration engineer
TaskDescriptionSkills required
In the source account, create a DynamoDB table backup.

To create a backup for the DynamoDB table in the source account, do the following:

  1. On the AWS Backup Dashboard page, choose Create on-demand backup.

  2. In the Settings section, for Resource type, select DynamoDB, and then select the table name.

  3. In the Backup vault dropdown list, select the backup vault that you created in the source account.

  4. Select the Retention period that you want.

  5. Choose Create on-demand backup

A new backup job is created. 

To monitor the status of the backup job, on the AWS Backup Jobs page, choose the Backup Jobs tab. All active, in-progress, and completed backup jobs are listed in this tab.

AWS DevOps, DBA, Migration engineer
Copy the backup from the source account to the target account.

After the backup job is completed, copy the DynamoDB table backup from the backup vault in the source account to the backup vault in target account.

To copy the backup vault, in the source account, do the following:

  1. On the AWS Backup console, choose Backup vaults.

  2. Under Backups, choose the DynamoDB table backup.

  3. Choose Actions, Copy.

  4. Enter the AWS Region of the target account.

  5. For External vault ARN, enter the ARN of the backup vault that you created in the target account.

  6. To copy backups from the source account to the target account, in the target account backup vault, enable access from a different account.

AWS DevOps, Migration engineer, DBA
Restore the backup in the target account.

In the target AWS account, do the following:

  1. On the AWS Backup console, choose Backup vaults.

  2. Under Backups, select the backup that you copied from the source account.

  3. Choose Actions, Restore.

  4. Enter the name of the target DynamoDB table that you want to restore.

AWS DevOps, DBA, Migration engineer

Related resources