This topic describes how to transfer data between two cross-account RDS instances using Data Transmission Service (DTS).
Data migration between RDS instances under two Alibaba Cloud accounts.
Data migration between CloudTmall RDS instances and Alibaba Cloud RDS instances.
Data migration between Alibaba Cloud RDS instances and Alibaba Finance Cloud RDS instances.
Before you can migrate, you need to create a migration account in both the source and target instances. Different database types require different migration account privileges. For more information about specific permission requirements, see Data migration between RDS instances.
The following is an example of data migration between RDS for MySQL instances under different accounts. This example demonstrates how to use DTS to migrate data between the RDS instances under two Alibaba Cloud accounts. This example configuration also applies to migration processes for other database types.
Log on to the DTS console with the Alibaba Cloud account to which the target RDS instance belongs. Click Create migration task in the upper-right corner to configure the migration task.
Configure instance connection information as shown in the following figure:
Enter a name for the migration task and configure the connection information for the source and target instances in migration. Specifically:
- Task name
By default, DTS automatically generates a name for every task. The task name is not required to be unique. You can modify the name. We recommend that you modify a name that indicates a specific service so that the task can be easily identified.
- Source instance connection information
- Instance type: Select RDS Instance.
- RDS instance ID: In this example, because the user logs on to the DTS console using an Alibaba Cloud account corresponding to the target instance, the account to which the source instance belongs is different from the account that you use to log on. Therefore, if you click RDS instances that belong to other Alicloud account, the source RDS instance configuration is displayed.
- RID belongs to Aliyun account: Enter the Alibaba Cloud account ID to which the source RDS instance belongs. Go to the Security Settings page to obtain the RID.
- Role Name: To enhance security, the account that you use to configure cross-account RDS migration tasks needs to be authorized by the cloud account to which the source RDS instance belongs before you can configure the source RDS instance. The **role name** configured in this section is the role name that is authorized for the RAM user. To authorize a cross-account, follow these steps:<br/>
(1) Go to the role management page of the , and click Create Role in the upper-right corner of the page to create cross-account authorization roles.
(2) Select User Role for the role type.
(3) Click Other Alibaba Cloud Account, and enter the ID of the account that you use to configure the migration task in the Trusted Alibaba Cloud Account ID field.
(4) Configure the basic information of the role, including the role name, which needs to be specified in the process of configuring a migration task.
When you create a role, you need to modify the role authorization policy, including: Grant the trusted cloud account permissions to only access its own cloud resources. To do this, follow these steps:
(1) On the role management page, click Authorize next to the created role and the Edit Role Authorization Policy dialog appears.
(2) Click Edit Basic Information in the upper-right corner. The Edit Role dialog box appears. Add a service definition to Principal, as shown below:
"Trusted Alibaba Cloud account ID@dts.aliyuncs.com"
The trusted Alibaba Cloud account ID is the ID of the Alibaba Cloud account that you use to configure the DTS migration task. dts.aliyuncs.com is the alias of DTS. Assume that the Alibaba Cloud account ID you use to configure DTS migration task is 121852226014398. In this case, the corresponding service is defined:
The complete role definition is as follows:
After you configure the trust identification of the role, you need to authorize the relevant permissions required to configure the DTS migration task to the role, so that DTS can assume this role to complete the task configuration and operation. Go to the RAM role management page, and click Authorize corresponding to the role you have created in the Actions column to authorize system policies to DTS.
In the Edit Role Authorization Policy dialog box, switch to the Search and Attach tab-page, search for AliyunDTSRolePolicy in the search bar, and then grant the system policy to the role.
The role name you entered in the DTS console is the name of the cross-account role you created.
- Instance region: The region where the source instance that needs to be configured is located.
- RDS instance ID: When you finish configuring the Alibaba Account and the role name, select the ID of the source RDS instance that needs to be migrated.
- Database account: The account to access the source RDS instance.
Database password: The password of the preceding database account.
Connection information of the target instance
Instance type: Choose RDS instance.
- RDS instance ID: Configure the ID of the RDS instance.
- Database account: Account that accesses the RDS instance.
- Database password: Password of the preceding account.
3.Set the migration type and the migration object, as shown in the following figure:
4.When you complete the configuration, click Pre-check and start as shown in the following figure. Pre-check is performed before the migration tasks are started:
- Pre-check successful: Migration starts successfully.
- Pre-check failed: You can click a specific failed item to see the details. Then you can fix the problem based on the details, and perform pre-check again.
After the pre-check is passed, you can start the migration task.
If the migration status is Complete, it indicates that the migration has completed successfully.
You have completed the configuration of the migration task that uses DTS to migrate data between two cross-account RDS instances.