Synchronize or migrate data across Alibaba Cloud accounts - Data Transmission Service

Background information

Two Alibaba Cloud database instances such as ApsaraDB RDS for MySQL instances or self-managed databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway belong to different Alibaba Cloud accounts. You need to migrate data from the instance of Account A to the instance of Account B. The following figure shows the architecture of the migration solution.

Note Account B to which the destination instance belongs must be an Alibaba Cloud account.

Source instances that are supported

Alibaba Cloud database instances: ApsaraDB RDS for MySQL, ApsaraDB RDS for MariaDB TX, ApsaraDB RDS for PostgreSQL, PolarDB-X 1.0, PolarDB for Oracle, and ApsaraDB for Redis.
Self-managed databases: self-managed MySQL, PostgreSQL, Redis, MongoDB, Oracle, SQL Server, and Db2 for LUW databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway.

Sections in this topic


Section	Description
Step 1: Make preparations. Log on to the Alibaba Cloud Management Console by using Account A to which the source instance belongs and grant the related permissions to a RAM role.	When you configure the RAM role, set Account B as the trusted account and authorize the RAM role to access the resources of Account A.
Step 2: Configure a DTS task. Log on to the Alibaba Cloud Management Console by using Account B to which the destination instance belongs and configure a DTS task.	When you configure the DTS task by using Account B, specify the ID of Account A so that DTS can read data from the source instance that belongs to Account A.
Configuration example	An example is provided to show you how to configure a DTS task to synchronize data across Alibaba Cloud accounts.

Step 1: Make preparations

Log on to the RAM console by using Account A to which the source instance belongs. Create a RAM role and authorize Account B to access the cloud resources of Account A by using DTS. For more information, see Configure RAM authorization for cross-account data migration and synchronization and Configure RAM authorization for data migration or synchronization from a self-managed database in a VPC across different Alibaba Cloud accounts.

Step 2: Configure a DTS task

Go to the Data Synchronization Tasks or Data Migration Tasks page in the Data Management (DMS) console by using Account B to which the destination instance belongs. Account B must be an Alibaba Cloud account.
1. Log on to the DMS console by using Account B to which the destination instance belongs.
2. In the top navigation bar, click DTS.
3. In the left-side navigation pane, choose DTS (DTS) > Data Synchronization or DTS (DTS) > Data Migration.
Note
- If you use the DMS console in simple mode, you can move the pointer over the icon in the upper-left corner and choose All functions > DTS > Data Synchronization or All functions > DTS > Data Migration. For more information, see Configure the DMS console based on your business requirements.
- You can also go to the Data Synchronization Tasks or Data Migration Tasks page of the new DTS console.
Select the region in which the destination instance resides and click Create Task.

In the Source Database section, specify the account information of the source instance such as account ID and RAM role name to allow DTS to read the source instance information across Alibaba Cloud accounts.


Parameter	Description
Replicate Data Across Alibaba Cloud Accounts	Specifies whether data is replicated across Alibaba Cloud accounts. Select Yes.
Alibaba Cloud Account	The Alibaba Cloud account ID of Account A to which the source instance belongs. Note To obtain the Alibaba Cloud account ID of Account A to which the source instance belongs, you must log on to the Account Management console by using the account. The account ID is displayed on the Basic Information page.
RAM Role Name	The name of the RAM role that you created in Step 1: Make preparations.

Configuration example

In this example, a DTS task is configured to synchronize data across Alibaba Cloud accounts.

Create a RAM role.

Log on to the RAM console console by using the Alibaba Cloud account to which the source instance belongs.
In the left-side navigation pane, choose Identities > Roles.
On the Roles page, click Create Role.
In the Create Role panel, select Alibaba Cloud Account for the Select Trusted Entity parameter and click Next.

In the Configure Role step, set parameters for the RAM role.


Parameter	Description
RAM Role Name	The name of the RAM role. In this example, ram-for-dts is used. Note The role name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).
Note	Optional. The description for the RAM role.
Select Trusted Alibaba Cloud Account	Select Other Alibaba Cloud Account and enter the ID of the Alibaba Cloud account to which the destination instance belongs. Note To obtain the ID of the Alibaba Cloud account to which the destination instance belongs, log on to the Account Management console by using with the Alibaba Cloud account. On the Basic Information page, copy the value of the Account ID parameter, which is the ID of the Alibaba Cloud account.

Click OK.

Click Input and Attach to grant permissions to the created RAM role.
1. In the Add Permissions panel, select System Policy as Type.
2. In the Policy Name field, enter AliyunDTSRolePolicy.
3. Click OK.
4. After you grant the permissions, click Close.
Modify the trust policy.
1. On the Roles page, find the RAM role that you created and click the role name to view details.
2. On the Basic Information page of the RAM role, click the Trust Policy Management tab.
3. On the Trust Policy Management tab, click Edit Trust Policy.
4. Copy the following code to the code editor:
```
{
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
                "RAM": [
                    "acs:ram::<ID of the Alibaba Cloud account to which the destination instance belongs>:root"
                ],
                "Service": [
                    "<ID of the Alibaba Cloud account to which the destination instance belongs>@dts.aliyuncs.com"
                ]
            }
        }
    ],
    "Version": "1"
}
```
  Note In the preceding code, replace ID of the Alibaba Cloud account to which the destination instance belongs with the Alibaba Cloud account ID that you specified when you configure the RAM role information.
5. Click OK.

Create a synchronization task.

Log on to the DMS console by using the Alibaba Cloud account to which the destination instance belongs.
In the top navigation bar, click DTS.
In the left-side navigation pane, choose DTS (DTS) > Data Synchronization.

Note If you use the DMS console in simple mode, you can move the pointer over the icon in the upper-left corner, and then choose All functions > DTS > Data Synchronization. For more information, see Configure the DMS console based on your business requirements.
Click Create Task. On the page that appears, configure the source and destination databases.
Set the Database Type, Access Method, and Instance Region parameters based on your business requirements.

Configure the Alibaba Cloud account to which the source instance belongs.


Parameter	Description
Replicate Data Across Alibaba Cloud Accounts	Specifies whether data is replicated across Alibaba Cloud accounts. Select Yes.
Alibaba Cloud Account	The ID of Alibaba Cloud account to which the source instance belongs. Note To obtain the ID of the Alibaba Cloud account to which the source instance belongs, log on to the Account Management console by using the account. The account ID is displayed on the Basic Information page.
RAM Role Name	The name of the RAM role that you created in Step 1. In this example, the name is ram-for-dts.

Configure the data synchronization task based on the types of the source and destination instances. For more information, see Overview of data synchronization scenarios and Overview of data migration scenarios.