You can use Data Transmission Service (DTS) to synchronize or migrate data across different Alibaba Cloud accounts. This feature is suitable for scenarios such as resource migration or resource merging across Alibaba Cloud accounts and business architecture adjustment.
Background information
Two Alibaba Cloud database instances such as ApsaraDB RDS for MySQL instances or self-managed databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway belong to different Alibaba Cloud accounts. You need to migrate data from the instance of Account A to the instance of Account B.
Supported source instances
Alibaba Cloud database instances: ApsaraDB RDS for MySQL instances, ApsaraDB RDS for MariaDB TX instances, ApsaraDB RDS for PostgreSQL instances, PolarDB-X 1.0 instances, PolarDB for PostgreSQL (Compatible with Oracle) clusters, PolarDB for MySQL clusters, ApsaraDB for Redis instances, and ApsaraDB for MongoDB instances.
Self-managed databases: self-managed MySQL, PostgreSQL, Redis, MongoDB, Oracle, SQL Server, and Db2 for LUW databases that are connected over Express Connect, VPN Gateway, Smart Access Gateway or Elastic Compute Service (ECS).
Supported destination instances
Only ApsaraDB RDS for MySQL instances are supported.
Prerequisites
The source and destination instances are created.
The RAM role of DTS is authorized by the Alibaba Cloud accounts to which the source and destination instances belong to access the cloud resources of the accounts. For more information, see Authorize DTS to access Alibaba Cloud resources.
The IDs of the Alibaba Cloud accounts to which the source and destination instances belong and in which the DTS task is created are obtained. To obtain the ID of the Alibaba Cloud account that you use to create the DTS task, go to the Account Center page of this account. The Account ID is displayed on the Security Settings page.
Procedure
In this example, a synchronization task is configured to demonstrate how to configure a DTS task across Alibaba Cloud accounts.
Create a RAM role for the database instance.
NoteIf you grant permissions to a RAM role by using a RAM user, an error message about invalid permissions may appear when you configure a DTS task.
For database instances that do not require cross-account operations, creating a RAM role is not necessary.
Log on to the RAM console by using the Alibaba Cloud account to which the source or destination instance belongs.
In the left-side navigation pane, choose .
ImportantDo not choose
. Otherwise, DTS cannot access the instance, and an error will be reported.On the Roles page, click Create Role.
In the Create Role panel, select Alibaba Cloud Account for the Select Trusted Entity parameter and click Next.
In the Configure Role step, configure parameters for the RAM role.
Parameter
Description
RAM Role Name
The name of the RAM role. In this example, ram-for-dts is used.
NoteThe name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).
Note
Optional. The description for the RAM role.
Select Trusted Alibaba Cloud Account
Select Other Alibaba Cloud Account and enter the ID of the Alibaba Cloud account that is used to create the DTS task.
ImportantIf the account that creates the synchronization task also owns the destination instance, its ID only needs to be specified by the account to which the source instance belongs.
If the account that creates the synchronization task also owns the source instance, its ID only needs to be specified by the account to which the destination instance belongs.
If the account that creates the synchronization task does not own the source or destination instance, its ID needs to be specified by both the accounts to which the source and destination instances belong.
Click OK.
Grant permissions to the created RAM role.
Click Input and Attach.
In the Add Permissions panel, select System Policy for Type.
In the Policy Name field, enter AliyunDTSRolePolicy.
Click OK.
After you grant the permissions, click Close.
Modify the trust policy.
On the RAM Roles page, find the RAM role that you created, and click the role name to view details.
On the Basic Information page of the RAM role, click the Trust Policy Management tab.
On the page that appears, click Edit Trust Policy.
Copy the following code to the code editor:
{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": [ "acs:ram::<ID of the Alibaba Cloud account>:root" ], "Service": [ "<ID of the Alibaba Cloud account>@dts.aliyuncs.com" ] } } ], "Version": "1" }
In the preceding code, replace
ID of the Alibaba Cloud account
with the Alibaba Cloud account ID that is used to create the DTS task.Click OK.
Create a synchronization task.
Log on to the DMS console by using the Alibaba Cloud account ID that is configured in the trust policy.
In the top navigation bar, choose .
NoteIf you use the DMS console in simple mode, you can move the pointer over the
icon in the upper-left corner, and then choose . For more information, see Configure the DMS console based on your business requirements.
Click Create Task. On the page that appears, configure the source and destination databases.
Configure the Database Type, Access Method, and Instance Region parameters based on your business requirements.
Configure the Alibaba Cloud account to which the database instance belongs.
Parameter
Description
Replicate Data Across Alibaba Cloud Accounts
Specifies whether to synchronize or migrate data across Alibaba Cloud accounts. In this example, Yes is selected.
Alibaba Cloud Account
The ID of Alibaba Cloud account to which the database instance belongs.
NoteTo obtain the ID of the Alibaba Cloud account to which the database instance belongs, log on to the Account Management console by using this account. The account ID is displayed on the Basic Information page.
RAM Role Name
The name of the RAM role that you created in Step 1. In this example, ram-for-dts is used.
Configure the data synchronization or data migration task based on the types of the source and destination instances. For more information, see Overview of data synchronization scenarios and Overview of data migration scenarios.
Troubleshooting
The following table describes the common alert messages and the corresponding solutions when you configure the source instance.
Alert message | Solution |
![]() | The value of the Alibaba Cloud Account parameter is invalid. Check whether you enter a valid ID of the Alibaba Cloud account to which the source or destination instance belongs. For more information, see Preparations. |
![]() | Possible causes:
Note For more information, see Preparations. |
![]() | Possible causes:
Note For more information, see Preparations. |
![]() | The RAM role that you specify in the RAM Role Name parameter is not granted permissions by clicking Input and Attach on the Roles page in the RAM console. Grant the required permissions to the RAM role by clicking Input and Attach on the Roles page and create a task again. For example, you must grant the required permissions to the RAM role of the Alibaba Cloud account to which the source instance belongs. For information about how to grant permissions to a RAM role, see the "Grant permissions to an existing RAM role" section of the Configure RAM authorization for cross-account data migration or synchronization topic. |