Guide to Migrating RDS Instances Across AWS Accounts

When organizations grow or restructure, it’s common to move AWS resources—including RDS instances—between accounts for better access control, billing separation, or project isolation. While AWS does not allow direct transfer of an RDS instance across accounts, you can achieve this by sharing and copying snapshots.

In this blog, I’ll walk you through a step-by-step guide to safely and efficiently migrate your RDS database from one AWS account to another.

---

Step-by-Step Migration Guide

1. Create a KMS Key (if snapshot is encrypted)

If your RDS snapshot is encrypted, you must use a KMS (Key Management Service) key for encryption in the destination account.

• Go to AWS KMS in the source account.

• Create a Customer Managed Key (CMK).

• Ensure the key has appropriate permissions to allow access from the destination account.

2. Modify KMS Key Permissions

To allow the destination account to use the KMS key:

• Edit the key policy of the KMS key.

• Add the destination account’s AWS Account ID with the necessary permissions such as:

    {
      "Sid": "Allow use of the key",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<DESTINATION_ACCOUNT_ID>:root"
      },
      "Action": [
        "kms:Decrypt",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }
  

3. Take a Manual Snapshot of the Source RDS

• Navigate to the RDS console.

• Select your RDS instance.

• Choose Actions > Take snapshot.

• Name your snapshot and create it.

Note: Ensure the snapshot is manual, not automated—only manual snapshots can be shared.

4. Share the Snapshot with the Destination Account

• In the source account, go to Snapshots.

• Select the snapshot > Actions > Share snapshot.

• Enter the destination AWS Account ID.

• For encrypted snapshots, ensure the destination account has access to the KMS key.

5. Copy the Snapshot in the Destination Account

• Login to the destination AWS account.

• Go to RDS > Snapshots > Shared with me.

• Select the shared snapshot.

• Click Actions > Copy snapshot.

• Choose your desired AWS Region and KMS key (if encrypted).

• Give it a name and proceed.

6. Restore the Database from the Copied Snapshot

• In the destination account, go to Snapshots.

• Select the newly copied snapshot.

• Click Actions > Restore snapshot.

• Configure the DB instance settings (instance class, storage, VPC, subnet group, security group, etc.)

• Launch the restored RDS instance.

---

Conclusion

Migrating RDS instances between AWS accounts may seem complex, but using manual snapshots and KMS key sharing makes the process manageable and secure. Whether it's part of an organizational restructure, project handover, or billing cleanup, this approach ensures minimal downtime and data integrity.

---

Need Help?

If you need assistance at any step—whether it's setting up the KMS policy, dealing with snapshot sharing errors, or restoring the RDS instance—feel free to contact.