I'm trying to move an existing Redshift database from one AWS account to another following How do I transfer ownership of an Amazon Redshift cluster to a different AWS account?. I've successfully created a snapshot of the old database and given the new account access to it. Both accounts have different VPCs.
When I try to restore a cluster from that snapshot, I receive the following error message:
You have no subnet groups that are suitable for restoring this snapshot to VPC.
Is it possible to restore a Redshift cluster to another VPC? I can't create a Subnet to the old VPC since it's in my new AWS account.
You need to create an Amazon Redshift Cluster Subnet Group, which is a list of subnets that Redshift can use within a particular VPC.
In the Amazon Redshift management console:
Click Security in the left navigation pane
Click the Subnet Groups tab
Create a Subnet Cluster Group by choosing a VPC, AZ(s) and subnet(s)
Then, try restoring the snapshot again and select your new Subnet Cluster Group.
Related
I created an Amazon RDS cluster with two instances i.e read and write, after 5-10 minutes those instances gets deleted automatically. I had created a DB subnet group containing public subnet Ids, is this the issue?
Do AWS does not allow to create databases in public subnet within VPC?
I have an AWS RDS MySQL in one of the Public Subnets of one of the default VPCs.
What would be the best and smooth procedure to migrate it to an RDS MySQL located in a new custom VPC in a private subnet?
Would it be possible to create a VPC peering between both VPCs and then create an RDS Standby?
Thanks!
Create a Snapshot
Restore the database, select the custom VPC in the settings.
Update the new endpoint in your applications.
(or)
You can modify the DB settings and apply it in the next maintenance window
https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/
This is easier: https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/
You can go to Databases console and modify the instance's VPC in the Network & Connectivity section.
I have one Oracle SE instance that is not multi-az and does not have encryption enabled, and I have an Oracle EE instance that is multi-az and has encryption enabled. The former has the option to change the subnet group through the console (modify instance > network and security), whereas the latter does not. Both instances are in a subnet group within the default vpc, and I have a custom vpc within the same account with another subnet group in it.
What conditions determine whether or not it is possible to change the subnet group of an RDS instance? I have not been able to find any documentation on this so far.
It is the Multi AZ Deployment that is the determining factor. To test this, modify your DB instance and turn off the Multi AZ Deployment. Once it is done, go modify it again and you'll notice you now have the option to change the subnet group.
I haven't found any indication as to the reason for this behavior in the AWS documentation.
As #hackakhan mentioned, you need to have Multi AZ Deployment turned off to modify the DB subnet group of an RDS instance. Unfortunately, the RDS instance will only be migrated to one of the subnets from the new DB subnet group if the new DB subnet group resides in a different VPC. You could create a temporary VPC to migrate away the RDS instance only to migrate it back to your existing VPC and the right DB subnet group within that VPC.
The AWS Premium Support Knowledge Center has a detailed explanation of the steps involved: https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/
My understanding
RDS instances can't be migrated from one database subnet group to another if:
The destination database subnet group is in the same VPC as the current group
The instance has the multi-availability zone setting enabled
What worked for me
Creating the subnet group within my VPC that would be the eventual home of my RDS instance
Creating a temporary database subnet group in the "DEFAULT" VPC (my RDS instance has previously been a subnet group in a VPC that I had provisioned, not the default one) consisting of the three subnets that belong to the "DEFAULT" VPC—this can be done in the RDS section of the AWS Console, no need to go to the VPC section
Modifying the instance's subnet group to the newly created group (from 2.)
Modifying the instance's subnet group to its eventual home within my original VPC (from 1.)
For version cut-over, I am using CloudFormation to spin up a new infrastructure with a new VPC, Subnets, and Security Groups. I want a copy of my production database in the new VPC (same region). I do not want to use a Snapshot, because that would require me to take the app down for a while (after the snapshot is taken, any new data will be lost, so I have to shut down the app).
I want to create a read-replica into the new VPC/SecurityGroup/Subnets, and then when I am ready for cut-over I will promote that read replica. Is this possible?
AWS documentation gives clues that creating a read replica across VPCs in the same region is not supported, but does not explicitly say so. Alternately, I am open to moving the database after promotion.
Thanks
P.S. example of what I mean by "clue":
"Within a region, all cross-region replicas created from the same source DB instance must either be in the same Amazon VPC or be outside of a VPC."
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
This almost answers my question... But what about replicas created in the same region as the source DB?
It is not supported.
You can do a read replica within the same VPC, then take a snapshot of the replica and restore it on the other VPC.
You can actually do this using external MySQL replicas. You will need appropriate routing and security groups between your VPCs. As long as your VPC subnets can communicate with each other, create a replica, stop replication on it and record the binlog position info where it was stopped. Take a snapshot of the replica and use that to spin up a new RDS instance in the new VPC, now set the external replica to your old RDS instance and start replicating where the binlog position was recorded. You've now got a master RDS instance in your new VPC, replicating from the old VPC.
This article covers it in easy to follow steps:
http://quiddle.net/post/78453641455/migrating-rds-from-ec2-to-vpc
I'm following AWS's instructions Scenario 2: VPC with Public and Private Subnets and am having issues at the point I try to launch a DB server.
When I launch my instance, all is fine and I am able to assign it to my newly created VPC. However, when it comes to launch the RDS, the only VPC available (on step 4, configure advanced settings) is the default VPC (ie not the one I created as per their instructions).
Has anyone any idea about this or indeed how to resolve it?
RDS requires a little more setup than an EC2 instance if you want to launch it within a VPC.
Specifically, you need to create:
a DB subnet group within the VPC
a VPC security group for the RDS instance
The documentation is a little buried in the AWS RDS documents. It can be found here:
Creating a DB Instance in a VPC