All Products
Search

This Product

    Data Transmission Service:Configure a cross-account DTS task

    Document Center

    Data Transmission Service:Configure a cross-account DTS task

    Last Updated:Mar 30, 2026

    Data Transmission Service (DTS) lets you replicate data between databases owned by different Alibaba Cloud accounts. Common use cases include merging data after organizational restructuring, migrating resources between accounts, and separating environments across business units.

    How it works

    A cross-account DTS task involves at least two Alibaba Cloud accounts:

    • The account that owns the database instance (the source, destination, or both)

    • The account that creates the DTS task

    Before creating the task, the account that owns the database instance must grant the task-creator account access through RAM (Resource Access Management) authorization. This involves creating a RAM role, granting it the required permissions, and adding the task-creator account to the role's trust policy.

    The Replicate Data Across Alibaba Cloud Accounts parameter determines which database is cross-account. The three supported scenarios are:

    Scenario Source setting Destination setting
    Source database is cross-account Yes No
    Destination database is cross-account No Yes
    Both databases are cross-account Yes Yes

    Prerequisites

    Before you begin, make sure you have:

    • Created the source instance, or both the source and destination instances

    • Authorized DTS to access the Alibaba Cloud resources of the account that owns the database instance. For more information, see Authorize DTS to access Alibaba Cloud resources

    Supported databases

    The following databases support cross-account DTS tasks. Supported combinations depend only on the Database Type and Access Method parameters — the cross-account setting for the source database does not affect the destination database type.

    Source database

    Database type Access method
    MySQL Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS
    PolarDB for MySQL Alibaba Cloud Instance
    Tair/Redis Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS, Cloud Enterprise Network (CEN), Database Gateway
    SQL Server Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway
    PostgreSQL Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway
    MongoDB Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS, Cloud Enterprise Network (CEN)
    Oracle Express Connect/VPN Gateway/Smart Access Gateway
    PolarDB (Compatible with Oracle) Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway
    PolarDB for PostgreSQL Alibaba Cloud Instance
    PolarDB-X 1.0 Alibaba Cloud Instance
    PolarDB-X 2.0 Alibaba Cloud Instance
    DB2 for iSeries (AS/400) Express Connect/VPN Gateway/Smart Access Gateway
    DB2 for LUW Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS
    MariaDB Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS
    ApsaraDB OceanBase for MySQL Alibaba Cloud Instance, Express Connect/VPN Gateway/Smart Access Gateway, Self-managed Database on ECS
    SLS Alibaba Cloud Instance
    AnalyticDB for MySQL 3.0 Alibaba Cloud Instance

    Destination database

    Database type Access method
    MySQL Alibaba Cloud Instance
    PolarDB for MySQL Alibaba Cloud Instance
    AnalyticDB for MySQL 3.0 Alibaba Cloud Instance
    Tair/Redis Alibaba Cloud Instance
    ClickHouse Alibaba Cloud Instance
    SelectDB Alibaba Cloud Instance
    MongoDB Alibaba Cloud Instance

    Usage notes

    • Two-way synchronization across accounts is supported only between ApsaraDB RDS for MySQL instances, between ApsaraDB RDS for MySQL clusters, between Tair (Enterprise Edition) instances, between ApsaraDB for MongoDB replica set instances, or between ApsaraDB for MongoDB sharded cluster instances. For two-way sync, both the source and destination accounts must complete RAM authorization.

    • DTS cannot replicate data between accounts on different infrastructures — for example, between an Alibaba Finance Cloud account and an Alibaba Gov Cloud account.

    • Log on to the RAM console with your Alibaba Cloud account, not a RAM user. Using a RAM user to grant permissions may cause an "invalid permissions" error when you configure the DTS task.

    Configure a cross-account DTS task

    The steps below use a data synchronization task as an example.

    Scenario 1: Source database is cross-account

    Configuration logic:

    • The source database belongs to Account A. Account B creates and owns the DTS task.

    • Log on to the RAM console using Account A to create a RAM role, then add Account B to the trust policy.

    • Create the DTS task using Account B (the destination database account).

    • In the task configuration, set Replicate Data Across Alibaba Cloud Accounts to Yes for the source database, and enter Account A's ID in Alibaba Cloud Account.

    Steps:

    1. Configure RAM authorization using Account A (the source database account). For the full procedure, see Scenario 1 in Configure RAM authorization for cross-account DTS tasks.

    2. Log on to the DTS console or DMS console using Account B (the destination database account).

      DTS console

      1. Log on to the DTS console.

      2. In the left-side navigation pane, click Data Synchronization.

      3. In the upper-left corner of the page, select the region in which the data synchronization instance resides.

      DMS console

      Note

      The actual operations may vary based on the mode and layout of the DMS console. For more information, see Simple mode and Customize the layout and style of the DMS console.

      1. Log on to the DMS console.

      2. In the top navigation bar, move the pointer over Data + AI and choose DTS (DTS) > Data Synchronization.

      3. From the drop-down list to the right of Data Synchronization Tasks, select the region in which the data synchronization instance resides.

    3. Click Create Task to go to the task configuration page.

    4. Configure the source database:

      1. Select the Database Type, Access Method, and Instance Region for the source database.

      2. Set Replicate Data Across Alibaba Cloud Accounts to Yes. Cross-account

      3. In Alibaba Cloud Account, enter the ID of the account that owns the source instance (Account A). To find the account ID, see Preparations in Configure RAM authorization for cross-account DTS tasks.

      4. In RAM Role Name, enter the name of the RAM role created by Account A. For example: ram-for-dts. > Important: > - Enter only the role name — not the RAM user name, the Alibaba Cloud Resource Name (ARN) of the role, or the default DTS role AliyunDTSDefaultRole. > - To create this RAM role, see Step 1: Create a RAM role in Scenario 1 of Configure RAM authorization for cross-account DTS tasks.

    5. Complete the remaining task configuration based on your requirements.

    Scenario 2: Destination database is cross-account

    Configuration logic:

    • The destination database belongs to Account B. Account A creates and owns the DTS task.

    • Log on to the RAM console using Account B to create a RAM role, then add Account A to the trust policy.

    • Create the DTS task using Account A (the source database account).

    • In the task configuration, set Replicate Data Across Alibaba Cloud Accounts to Yes for the destination database, and enter Account B's ID in Alibaba Cloud Account.

    Steps:

    1. Configure RAM authorization using Account B (the destination database account). For the full procedure, see Scenario 2 in Configure RAM authorization for cross-account DTS tasks.

    2. Log on to the DTS console or DMS console using Account A (the source database account).

      DTS console

      1. Log on to the DTS console.

      2. In the left-side navigation pane, click Data Synchronization.

      3. In the upper-left corner of the page, select the region in which the data synchronization instance resides.

      DMS console

      Note

      The actual operations may vary based on the mode and layout of the DMS console. For more information, see Simple mode and Customize the layout and style of the DMS console.

      1. Log on to the DMS console.

      2. In the top navigation bar, move the pointer over Data + AI and choose DTS (DTS) > Data Synchronization.

      3. From the drop-down list to the right of Data Synchronization Tasks, select the region in which the data synchronization instance resides.

    3. Click Create Task to go to the task configuration page.

    4. Configure the source database based on your requirements.

    5. Configure the destination database:

      1. Select the Database Type, Access Method, and Instance Region for the destination database.

      2. Set Replicate Data Across Alibaba Cloud Accounts to Yes. Cross-account

      3. In Alibaba Cloud Account, enter the ID of the account that owns the destination instance (Account B). To find the account ID, see Preparations in Configure RAM authorization for cross-account DTS tasks.

      4. In RAM Role Name, enter the name of the RAM role created by Account B. For example: ram-for-dts. > Important: > - Enter only the role name — not the RAM user name, the Alibaba Cloud Resource Name (ARN) of the role, or the default DTS role AliyunDTSDefaultRole. > - To create this RAM role, see Step 1: Create a RAM role in Scenario 2 of Configure RAM authorization for cross-account DTS tasks.

    6. Complete the remaining task configuration based on your requirements.

    Scenario 3: Both databases are cross-account

    Configuration logic:

    • Both source and destination databases belong to different accounts (Account A and Account B). A third account, Account C, creates the DTS task.

    • Log on to the RAM console using Account A and Account B separately to create RAM roles, and add Account C to each role's trust policy.

    • Create the DTS task using Account C.

    • In the task configuration, set Replicate Data Across Alibaba Cloud Accounts to Yes for both the source and destination databases, and enter the respective account IDs.

    Steps:

    1. Configure RAM authorization for both Account A (source) and Account B (destination). For the full procedure, see Scenario 3 in Configure RAM authorization for cross-account DTS tasks.

    2. Log on to the DTS console or DMS console using Account C (the DTS task-creator account).

      DTS console

      1. Log on to the DTS console.

      2. In the left-side navigation pane, click Data Synchronization.

      3. In the upper-left corner of the page, select the region in which the data synchronization instance resides.

      DMS console

      Note

      The actual operations may vary based on the mode and layout of the DMS console. For more information, see Simple mode and Customize the layout and style of the DMS console.

      1. Log on to the DMS console.

      2. In the top navigation bar, move the pointer over Data + AI and choose DTS (DTS) > Data Synchronization.

      3. From the drop-down list to the right of Data Synchronization Tasks, select the region in which the data synchronization instance resides.

    3. Click Create Task to go to the task configuration page.

    4. Configure cross-account settings for the source database:

      1. Select the Database Type, Access Method, and Instance Region for the source database.

      2. Set Replicate Data Across Alibaba Cloud Accounts to Yes. Cross-account

      3. In Alibaba Cloud Account, enter the ID of Account A (the source instance owner). To find the account ID, see Preparations in Configure RAM authorization for cross-account DTS tasks.

      4. In RAM Role Name, enter the name of the RAM role created by Account A. For example: ram-for-dts. > Important: > - Enter only the role name — not the RAM user name, the Alibaba Cloud Resource Name (ARN) of the role, or the default DTS role AliyunDTSDefaultRole. > - To create this RAM role, see Create a RAM role in Scenario 3 of Configure RAM authorization for cross-account DTS tasks.

    5. Configure cross-account settings for the destination database:

      1. Select the Database Type, Access Method, and Instance Region for the destination database.

      2. Set Replicate Data Across Alibaba Cloud Accounts to Yes. Cross-account

      3. In Alibaba Cloud Account, enter the ID of Account B (the destination instance owner). To find the account ID, see Preparations in Configure RAM authorization for cross-account DTS tasks.

      4. In RAM Role Name, enter the name of the RAM role created by Account B. For example: ram-for-dts. > Important: > - Enter only the role name — not the RAM user name, the Alibaba Cloud Resource Name (ARN) of the role, or the default DTS role AliyunDTSDefaultRole. > - To create this RAM role, see Create a RAM role in Scenario 3 of Configure RAM authorization for cross-account DTS tasks.

    6. Complete the remaining task configuration based on your requirements.

    Troubleshooting

    Error Cause Solution
    AliyunUIDNotFound: account has not logged into the DTS console The account ID you entered in Alibaba Cloud Account is either invalid, or the account has never logged on to the DTS console. Log on to the DTS console using the specified account to initialize it, then retry. To find the correct account ID, see Preparations in Configure RAM authorization for cross-account DTS tasks.
    AliyunUidFormat: invalid Alibaba Cloud account ID format The account ID in Alibaba Cloud Account does not match the standard Alibaba Cloud UID format. Enter a valid account ID. To find the correct format and value, see Preparations in Configure RAM authorization for cross-account DTS tasks.
    AssumeRoleFail: Invalid role arn format You entered the ARN of a RAM role (for example, `acs:ram*`) in RAM Role Name** instead of the role name. Enter only the role name. For the correct value, see Configure RAM authorization for cross-account DTS tasks.
    AssumeRoleFail: The role not exists The role name in RAM Role Name does not exist, or the role does not have the required permissions. Check that the role name is correct and that the required permissions are granted. For details, see Configure RAM authorization for cross-account DTS tasks.
    AssumeRoleFail: NoPermission: You are not authorized to do this action. You should be authorized by RAM. The RAM role does not have valid permissions. Common causes include: required permissions not granted to the role, trust policy not edited, the account ID placeholder in the trust policy not replaced, or trust policy not saved. Grant the required permissions to the RAM role. For details, see Configure RAM authorization for cross-account DTS tasks.
    NoPermission: (Access Denied) You are not allowed to perform this action. Please contact your account administrators to grant permissions via RAM. The required permissions are not granted to the RAM role in RAM Role Name. Grant the required permissions to the RAM role. For details, see Configure RAM authorization for cross-account DTS tasks.
    Abnormal.RamCheckUserRole: AliyunDTSDefaultRole entered in RAM Role Name You entered AliyunDTSDefaultRole (the default DTS system role) in RAM Role Name. Enter the name of the custom RAM role you created for this cross-account task. For details, see Configure RAM authorization for cross-account DTS tasks.

    What's next

    References