Sharing encrypted database


Sharing unencrypted database to other accounts is very simple and straightforward. But sharing an encrypted database is slightly difficult. Here we will go through the steps that needs to be followed to share the encrypted database.

Step 1: Create a managed key

Create a new customer managed key in AWS KMS, in the define key usage permissions area provide the account id of the other account.

Step 2: Copy and share a snapshot

Once the key is created, go to RDS > Snapshots, select the snapshot and click Copy Snapshot. In the encryption change the master key to the key we created before.
Once the copied snapshot is ready, as usual share the snapshot to another account by clicking share snapshot and providing the other account id.

Step 3: Copy the shared snapshot

Now go to the other AWS account > RDS > Shared with me. Select the shared snapshot and click copy-snapshot again and change the encryption key to the encryption key in the account.

Step 4: Add tags to the copied snapshot

In the copied snapshot add a tag with Key as “Name” and Value as “duploservices-{tenantname}” where tenantname is the tenant where u want to launch an RDS with this snapshot.

Step 5: Create a new database

Go to DuploCloud portal select the tenant. Open RDS > Add new DB (+ icon) > Give name for the new database. In the snapshot select the new snapshot. Enter instance type and hit submit. In few mins, the database will be created with the data from the snapshot. You must use the existing username and password to access the database.