# 8074694861\_\_how-to-copy-data-from-production-to-development-environment-in-duplocloud

## How to copy data from production to development environment in DuploCloud

When copying data from your production environment to your development environment in DuploCloud, there are several important considerations due to DuploCloud's tenant-scoped architecture. Key Considerations Before setting up data copying, be aware of these DuploCloud-specific requirements: IAM permissions are tenant-scoped: Each tenant (prod vs dev) has its own IAM role. Resources running in dev won't have access to prod S3 buckets by default. S3 bucket policies: DuploCloud-managed buckets often have restrictive bucket policies tied to the tenant's IAM role. KMS encryption: If prod S3 data is encrypted with a tenant-specific KMS key, the dev role will need kms:Decrypt permission on that key. Recommended Approach The safest and most straightforward approach is to run the copy script from the production environment, where the role already has read access to prod buckets, and write to the dev buckets. Setting Up an EC2 Instance in Production To create an EC2 instance in your production tenant: In the DuploCloud portal, switch to your production tenant Go to Cloud Services → Hosts and click

* Add Choose your instance type, AMI, subnet (private is recommended), and key pair DuploCloud automatically assigns the tenant's IAM role and places it in the correct VPC/security group The EC2 instance will automatically have access to your production database since they share the same tenant and security group. Granting Cross-Tenant Access To enable copying from production to development buckets, you'll need to grant the production IAM role write access to development buckets. Contact your DuploCloud support team to: Add an IAM policy to the production role allowing writes to development buckets Choose between specific bucket-pair access or broader wildcard access for flexibility Once configured, you can run standard AWS CLI commands like aws s3 sync or aws s3 cp directly from your production EC2 instance. Accessing Database Credentials Database credentials are typically stored in DuploCloud as configs/secrets. Note that environment variables from App Config are only injected into containers/pods, not directly into EC2 nodes. To access database credentials from your EC2 instance, you can fetch them directly from AWS Secrets Manager using the node's IAM role:

## List available secrets

aws secretsmanager list-secrets --region us-east-1

## Fetch specific secret

aws secretsmanager get-secret-value --secret-id --region us-east-1 Alternatively, you can run your data copying script as a Kubernetes job, where environment variables are automatically injected.