AWS Prescriptive Guidance
Patterns

Migrate an Amazon RDS for Oracle database to another AWS account and AWS Region using AWS DMS for ongoing replication

R Type :ReLocate

source :Databases: Relational

target :Amazon RDS for Oracle

tags :cross account aws region data replication, aws dms, amazon rds for oracle

Summary

This pattern walks you through the steps for migrating an Amazon Relational Database Service (Amazon RDS) for Oracle source database to a different AWS account and AWS Region. The pattern uses a DB snapshot for a one-time full data load, and enables AWS Database Migration Service (AWS DMS) for ongoing replication.

Assumptions and Prerequisites

Prerequisites

  • An active AWS account that contains the source Amazon RDS for Oracle database, which has been encrypted using a non-default AWS Key Management Service (AWS KMS) key

  • An active AWS account in a different AWS Region from the source database, to use for the target Amazon RDS for Oracle database

  • Virtual private cloud (VPC) peering between the source and target VPCs

  • Familiarity with using an Oracle database as a source for AWS DMS

  • Familiarity with using an Oracle database as a target for AWS DMS 

Architecture

Source technology stack

  • Oracle versions 11g (versions 11.2.0.3.v1 and later) and 12c, for the Enterprise, Standard, Standard One, and Standard Two editions

Target technology stack

  • Oracle versions 11g (versions 11.2.0.3.v1 and later) and 12c, for the Enterprise, Standard, Standard One, and Standard Two editions

Ongoing replication architecture

Tools Used

Tools used for one-time full data load:

Amazon RDS DB snapshot- Amazon RDS creates a storage volume snapshot of your DB instance, backing up the entire DB instance and not just individual databases. When you create a DB snapshot, you need to identify which DB instance you are going to back up, and then give your DB snapshot a name so you can restore from it later. The amount of time it takes to create a snapshot varies with the size of your databases. Because the snapshot includes the entire storage volume, the size of files, such as temporary files, also affects the amount of time it takes to create the snapshot. For more information about using DB snapshots, see Creating a DB Snapshot in the Amazon RDS documentation.

KMS key for Amazon RDS encryption- When you create an encrypted DB instance, you can also supply the KMS key identifier for your encryption key. If you don't specify a KMS key identifier, Amazon RDS uses your default encryption key for your new DB instance. AWS KMS creates your default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS Region. For this pattern, the Amazon RDS DB instance should be encrypted using the non-default KMS key. For more information about using KMS keys for Amazon RDS encryption, see Encrypting Amazon RDS Resources in the Amazon RDS documentation.

Tools used for ongoing replication:

AWS DMS - This pattern uses AWS DMS to replicate ongoing changes and to keep the source and target databases in sync. For more information about using AWS DMS for ongoing replication, see Working with an AWS DMS Replication Instance in the AWS DMS documentation.

Epics

Configure your source AWS account

Tasks

Title Description Skills Predecessor
Prepare the source Oracle DB instance. Let the Amazon RDS for Oracle DB instance run in ARCHIVELOG mode, and set the retention period. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Amazon-Managed. DBA
Set supplemental logging for the source Oracle DB instance. Set database-level and table-level supplemental logging for the Amazon RDS Oracle DB instance. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.Amazon-Managed. DBA
Update the KMS key policy in the source account. Update the KMS key policy in the source AWS account to allow the target AWS account to use the encrypted Amazon RDS KMS key. For details, see https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying.html#key-policy-modifying-external-accounts. SysAdmin
Create a manual Amazon RDS DB snapshot of the source DB instance. AWS IAM user
Share the manual, encrypted Amazon RDS snapshot with the target AWS account. For details, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html. AWS IAM user

Configure your target AWS account

Tasks

Title Description Skills Predecessor
Attach a policy. In the target AWS account, attach an AWS Identity and Access Management (IAM) policy to the root IAM user, to allow the IAM user to copy an encrypted DB snapshot using the shared AWS KMS key. SysAdmin
Switch to the source AWS Region. AWS IAM user
Copy the shared snapshot. In the Amazon RDS console, in the Snapshots pane, choose Shared with Me, and select the shared snapshot. Copy the snapshot to the same AWS Region as the source database by using the Amazon Resource Name (ARN) for the KMS key used by the source database. For details, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html. AWS IAM user
Switch to the target AWS Region, and create a new KMS key. AWS IAM user
Copy the snapshot. Switch to the source AWS Region. In the Amazon RDS console, in the Snapshots pane, choose Owned by Me, and select the copied snapshot. Copy the snapshot to the target AWS Region by using the KMS key for the new target AWS Region. IAM user
Restore the snapshot. Switch to the target AWS Region. In the Amazon RDS console, in the Snapshots pane, choose Owned by Me. Select the copied snapshot and restore it to an Amazon RDS for Oracle DB instance. For details, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html. AWS IAM user

Prepare your source database for ongoing replication

Tasks

Title Description Skills Predecessor
Create an Oracle user with the appropriate permissions. Create an Oracle user with the required privileges for Oracle as a source for AWS DMS. For details, see https://docs.aws.amazon.com/dms/latest/userguide./CHAP_Source.Oracle.html. DBA
Configure the source database for Oracle LogMiner or Oracle Binary Reader. DBA

Prepare your target database for ongoing replication

Tasks

Title Description Skills Predecessor
Create an Oracle user with the appropriate permissions. Create an Oracle user with the required privileges for Oracle as a target for AWS DMS. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Oracle.html#CHAP_Target.Oracle.Privileges. DBA

Create AWS DMS components

Tasks

Title Description Skills Predecessor
Create a replication instance in the target AWS Region. Create a replication instance in the VPC of the target AWS Region. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_GettingStarted.html#CHAP_GettingStarted.ReplicationInstance. IAM user
Create source and target endpoints with required encryption, and test connections. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_GettingStarted.html#CHAP_GettingStarted.Endpoints. DBA
Create replication tasks. For the migration type, choose ongoing replication. For the change data capture (CDC) start point, use the Oracle system change number (SCN) when the Amazon RDS snapshot was taken for full load, or the timestamp when the full load was taken. For TargetTablePrepMode, choose DO_NOTHING. If the task has large binary object (LOB) data tables, choose Limited LOB mode, and set the max LOB size to the maximum size of the LOB data in the table. Enable logging. Group tables that are related through keys into a single task. If there are tables with a large amount of LOB data and the table has no relationship with other tables, create a separate task for it with the LOB settings described previously. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_GettingStarted.html#CHAP_GettingStarted.Tasks. IAM user
Start the tasks and monitor them. For details, see https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Monitoring.html. IAM user
Enable validation on the task if needed. Note that enabling validation does have a performance impact on the replication. For details, see https://docs.aws.amazon.com/dms/latest/userguide./CHAP_Validating.html IAM user

References and Help

References

Contact and help

Migration Pattern Library Support: aws-mpl@amazon.com