All Products
Search
Document Center

Data Transmission Service:Synchronize or migrate data across Alibaba Cloud accounts

Last Updated:May 18, 2023

You can use Data Transmission Service (DTS) to synchronize or migrate data across different Alibaba Cloud accounts by setting the Replicate Data Across Alibaba Cloud Accounts parameter to Yes in the Source Database section. This feature is suitable for scenarios such as resource migration or resource merging across Alibaba Cloud accounts and business architecture adjustment.

Background information

Two Alibaba Cloud database instances such as ApsaraDB RDS for MySQL instances or self-managed databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway belong to different Alibaba Cloud accounts. You need to migrate data from the instance of Account A to the instance of Account B.
Important Account B to which the destination instance belongs must be an Alibaba Cloud account.

Supported source instances

  • Alibaba Cloud database instances: ApsaraDB RDS for MySQL instances, ApsaraDB RDS for MariaDB instances, ApsaraDB RDS for PostgreSQL instances, PolarDB-X 1.0 instances, PolarDB for PostgreSQL(Compatible with Oracle) clusters, PolarDB for MySQL clusters, and ApsaraDB for Redis instances.
  • Self-managed databases: self-managed MySQL, PostgreSQL, Redis, MongoDB, Oracle, SQL Server, and Db2 for LUW databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway.

Procedure

In this example, a DTS task is configured to synchronize data across Alibaba Cloud accounts.

  1. Create a RAM role.
    1. Log on to the RAM console by using the Alibaba Cloud account to which the source instance belongs.
      Important We recommend that you use the Alibaba Cloud account to which the source instance belongs to grant permissions. Otherwise, an error message about invalid permissions may appear when you configure a DTS task.
    2. In the left-side navigation pane, choose Identities > Roles.
    3. On the Roles page, click Create Role.
    4. In the Create Role panel, select Alibaba Cloud Account for the Select Trusted Entity parameter and click Next. createRole
    5. In the Configure Role step, configure parameters for the RAM role. Ram
      ParameterDescription
      RAM Role NameThe name of the RAM role. In this example, ram-for-dts is used.
      Note The role name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).
      NoteOptional. The description for the RAM role.
      Select Trusted Alibaba Cloud AccountSelect Other Alibaba Cloud Account and enter the ID of the Alibaba Cloud account to which the destination instance belongs.
      Note To obtain the ID of the Alibaba Cloud account to which the destination instance belongs, log on to the Account Management console by using the Alibaba Cloud account. On the Basic Information page, copy the value of the Account ID parameter, which is the ID of the Alibaba Cloud account.
      Obtain the ID of an Alibaba Cloud account
    6. Click OK.
  2. Click Input and Attach to grant permissions to the created RAM role. input
    1. In the Add Permissions panel, select System Policy as Type.
    2. In the Policy Name field, enter AliyunDTSRolePolicy. policy
    3. Click OK.
    4. After you grant the permissions, click Close.
  3. Modify the trust policy.
    1. On the Roles page, find the RAM role that you created and click the role name to view details. Roles
    2. On the Basic Information page of the RAM role, click the Trust Policy Management tab. Trust Policy Management
    3. On the Trust Policy Management tab, click Edit Trust Policy.
    4. Copy the following code to the code editor:
      {
          "Statement": [
              {
                  "Action": "sts:AssumeRole",
                  "Effect": "Allow",
                  "Principal": {
                      "RAM": [
                          "acs:ram::<ID of the Alibaba Cloud account to which the destination instance belongs>:root"
                      ],
                      "Service": [
                          "<ID of the Alibaba Cloud account to which the destination instance belongs>@dts.aliyuncs.com"
                      ]
                  }
              }
          ],
          "Version": "1"
      }
    5. In the preceding code, replace ID of the Alibaba Cloud account to which the destination instance belongs with the Alibaba Cloud account ID that you specified when you configure the RAM role information.
    6. Click OK.
  4. Create a synchronization task.
    1. Log on to the DMS console by using the Alibaba Cloud account to which the destination instance belongs.
    2. In the top navigation bar, click DTS.
    3. In the left-side navigation pane, choose DTS (DTS) > Data Synchronization.
      Note If you use the DMS console in simple mode, you can move the pointer over the 3 icon in the upper-left corner, and then choose All functions > DTS > Data Synchronization. For more information, see Configure the DMS console based on your business requirements.
    4. Click Create Task. On the page that appears, configure the source and destination databases.
    5. Configure the Database Type, Access Method, and Instance Region parameters based on your business requirements.
    6. Configure the Alibaba Cloud account to which the source instance belongs.
      Across Alibaba Cloud Accounts
      ParameterDescription
      Replicate Data Across Alibaba Cloud AccountsSpecifies whether to synchronize data across Alibaba Cloud accounts. In this example, Yes is selected.
      Alibaba Cloud AccountThe ID of Alibaba Cloud account to which the source instance belongs.
      Note To obtain the ID of the Alibaba Cloud account to which the source instance belongs, log on to the Account Management console by using this account. The account ID is displayed on the Basic Information page.
      RAM Role NameThe name of the RAM role that you created in Step 1. In this example, ram-for-dts is used.
    7. Configure the data synchronization task based on the types of the source and destination instances. For more information, see Overview of data synchronization scenarios and Overview of data migration scenarios.

Troubleshooting

The following table describes the common alert messages and the corresponding solutions when you configure the source instance.

Alert messageSolution
UID errorThe value of the Alibaba Cloud Account parameter is invalid. Check whether you enter a valid ID of the Alibaba Cloud account to which the source instance belongs. For more information, see Preparations.
Role name errorPossible causes:
  • The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source instance belongs.
  • The required permissions are not granted to the RAM role. Use the Alibaba Cloud account to which the source instance belongs to grant permissions.
Note For more information, see Preparations.
RAMPossible causes:
  • The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source instance belongs.
  • The required permissions are not granted to the RAM role. Check whether you have granted the required permissions to the RAM role.
  • The trust policy of the RAM role is not modified. Check whether you correctly have modified the trust policy for the RAM role.
Note For more information, see Preparations.
Permission errorThe RAM role that you specify in the RAM Role Name parameter is not granted permissions by clicking Input and Attach on the Roles page in the Resource Access Management (RAM) console. Grant the required permissions to the RAM role by clicking Input and Attach on the Roles page and create a task again. For more information, see Grant permissions to an existing RAM role.