All Products
Search
Document Center

Data Transmission Service:Configure a DTS task across Alibaba Cloud accounts

Last Updated:May 23, 2024

Data Transmission Service (DTS) allows you to configure a DTS task across Alibaba Cloud accounts for scenarios such as resource migration or merging across Alibaba Cloud accounts and business architecture adjustment.

Background information

Two Alibaba Cloud database instances such as ApsaraDB RDS for MySQL instances or self-managed databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway belong to different Alibaba Cloud accounts. You want to migrate data from the database of Account A to the database of Account B.

Supported databases

The following table describes the databases for which you can configure the Replicate Data Across Alibaba Cloud Accounts parameter when you configure a DTS task.

Note

The setting of the Replicate Data Across Alibaba Cloud Accounts parameter of the source database does not affect the setting of the Database Type parameter of the destination database.

Database instance

Alibaba Cloud database instance

Self-managed database

Source database

ApsaraDB RDS for MySQL, ApsaraDB RDS for MariaDB, ApsaraDB RDS for PostgreSQL, PolarDB-X 1.0, PolarDB-X 2.0, PolarDB for PostgreSQL, PolarDB for PostgreSQL (Compatible with Oracle), PolarDB for MySQL, ApsaraDB for Redis, Tair, and ApsaraDB for MongoDB.

Self-managed MySQL, MariaDB, PostgreSQL, PolarDB for PostgreSQL (Compatible with Oracle), Redis, MongoDB, Oracle, SQL Server, Db2 for LUW, Db2 for i databases that are connected over Express Connect, VPN Gateway, or Smart Access Gateway, or hosted on Elastic Compute Service (ECS) instances.

Destination database

ApsaraDB RDS for MySQL, PolarDB for MySQL, ApsaraDB for SelectDB, and ApsaraDB for ClickHouse.

Not supported.

Prerequisites

  • The source and destination instances are created.

  • The Resource Access Management (RAM) role of DTS is authorized by the Alibaba Cloud accounts to which the source and destination instances belong to access the cloud resources of the accounts. For more information, see Authorize DTS to access Alibaba Cloud resources.

  • The IDs of the Alibaba Cloud accounts to which the source and destination instances belong and the ID of the Alibaba Cloud account that is used to create a DTS task are obtained. To obtain the IDs of the Alibaba Cloud accounts, log on to the Alibaba Cloud Management Console, go to the Security Settings page, and then view the value of the Account ID parameter in the upper-right corner.

Usage notes

  • You can configure a two-way synchronization task across Alibaba Cloud accounts only between ApsaraDB RDS for MySQL instances.

    Note

    If the Replicate Data Across Alibaba Cloud Accounts parameter is unavailable for a DTS task, you can use Cloud Enterprise Network (CEN) to configure the DTS task across Alibaba Cloud accounts. For more information, see the Connect databases to DTS across Alibaba Cloud accounts or regions section of the "Connect an on-premises database to DTS by using CEN" topic.

  • You cannot use DTS to synchronize data between accounts of different infrastructures. For example, you cannot use DTS to synchronize data between an Alibaba Finance Cloud account and an Alibaba Gov Cloud account.

Procedure

Note

In this example, a synchronization task is configured to show how to configure a DTS task across Alibaba Cloud accounts.

  1. Create a RAM role for the database instance.

    Note
    • If you grant permissions to a RAM role as a RAM user, an error message about invalid permissions may appear when you configure a DTS task.

    • You do not need to create a RAM role for the database instance of a DTS task for which the Replicate Data Across Alibaba Cloud Accounts parameter is unavailable or is set to No.

    1. Log on to the RAM console by using the Alibaba Cloud account to which the source or destination instance belongs.

    2. In the left-side navigation pane, choose Identities > Roles.

      身份管理-角色-new-zh.jpg

      Important

      Do not choose Identities > Users. Otherwise, DTS cannot access the instance, and an error may be reported.

    3. On the Roles page, click Create Role.

    4. On the Create Role page, set the Select Trusted Entity parameter to Alibaba Cloud Account and click Next.创建角色

    5. In the Configure Role step, configure parameters for the RAM role.信任账号

      Parameter

      Description

      RAM Role Name

      The name of the RAM role. In this example, ram-for-dts is used.

      Note

      The name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).

      Note

      Optional. The description for the RAM role.

      Select Trusted Alibaba Cloud Account

      Select Other Alibaba Cloud Account and enter the ID of the Alibaba Cloud account that is used to create the DTS task.

    6. Click OK.

  2. Grant permissions to the created RAM role.

    1. Click Input and Attach.创建角色

    2. On the Permissions tab, click Precise Permission.

      image

    3. In the Precise Permission panel, set the Type parameter to System Policy.

      image

    4. In the Policy Name field, enter AliyunDTSRolePolicy.

    5. Click OK.

    6. Click Close.

  3. Modify the trust policy.

    1. Optional. On the Roles page, find the created RAM role and click its name.

      image

    2. On the details page of the RAM role, click the Trust Policy tab.

      image

    3. On the Trust Policy tab, click Edit Trust Policy.

    4. Copy the following code to the code editor:

      {
          "Statement": [
              {
                  "Action": "sts:AssumeRole",
                  "Effect": "Allow",
                  "Principal": {
                      "RAM": [
                          "acs:ram::<Alibaba Cloud account ID>:root"
                      ],
                      "Service": [
                          "<Alibaba Cloud account ID>@dts.aliyuncs.com"
                      ]
                  }
              }
          ],
          "Version": "1"
      }
    5. Replace <Alibaba Cloud account ID> in the preceding code with the ID of the Alibaba Cloud account that is used to create the DTS task.

    6. Click Save trust policy document.

  4. Create a data synchronization task.

    1. Log on to the Data Management (DMS) console by using the Alibaba Cloud account ID that is specified in the trust policy.

    2. In the top navigation bar, choose DTS > Data Synchronization.

      Note

      If you use the DMS console in simple mode, you can move the pointer over the 3 icon in the upper-left corner, and choose All functions > DTS > Data Synchronization. For more information, see Customize the layout and style of the DMS console.

    3. Click Create Task. In the Create Task wizard, configure the source and destination databases.

    4. Configure the Database Type, Access Method, and Instance Region parameters based on your business requirements.

    5. Configure the Alibaba Cloud account to which the database instance belongs.

      跨账号

      Parameter

      Description

      Replicate Data Across Alibaba Cloud Accounts

      Specifies whether to synchronize or migrate data across Alibaba Cloud accounts. In this example, Yes is selected.

      Alibaba Cloud Account

      The ID of the Alibaba Cloud account to which the database instance belongs.

      Note

      To obtain the ID of the Alibaba Cloud account to which the database instance belongs, log on to the Account Management Console by using this account. The account ID is displayed on the Security Settings page.

      RAM Role Name

      The name of the RAM role that you created in Step 1. In this example, ram-for-dts is used.

    6. Configure the DTS task across Alibaba Cloud accounts based on the source and destination instance types. For more information about how to configure the DTS task, see Overview of data synchronization scenarios, Overview of data migration scenarios, and Overview of change tracking scenarios.

FAQ

  • What Alibaba Cloud accounts do I use in different stages of a cross-account DTS task?

    In a cross-account DTS task, the use of each Alibaba Cloud account is related to the database of the Alibaba Cloud account. Take note of the following items when you decide to use an Alibaba Cloud account:

    Note
    • The accounts that you use during the DTS task are Alibaba Cloud accounts.

    • If a database to be used during the task does not belong to the Alibaba Cloud account that you use to create the DTS task, set the Replicate Data Across Alibaba Cloud Accounts parameter of the database to Yes.

    • The Replicate Data Across Alibaba Cloud Accounts parameter is available only if you select MySQL or ClickHouse for the Database Type parameter in the Destination Database section.

    The following table describes how to decide the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task. You must decide the across-account database that you want to use first. Find the row that meets your business requirements based on the Across-account database column. Then, you can view the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task.

    Across-account database

    Alibaba Cloud account that is used to log on to the RAM console

    Alibaba Cloud account that is specified in the trust policy

    Alibaba Cloud Account that is used to create the DTS task

    Alibaba Cloud account that is configured for the Alibaba Cloud Account parameter

    Source database

    Alibaba Cloud account to which the source database belongs

    Alibaba Cloud account to which the destination database belongs

    Alibaba Cloud account to which the destination database belongs

    Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs.

    Destination database

    Alibaba Cloud account to which the destination database belongs

    Alibaba Cloud account to which the source database belongs

    Alibaba Cloud account to which the source database belongs

    Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.

    Source and destination databases

    Each of the Alibaba Cloud accounts to which the source and destination database belong

    Specific Alibaba Cloud account

    Specific Alibaba Cloud account

    • Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs.

    • Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.

  • How do I handle the errors that occur when I configure a cross-account DTS task?

    The following table shows the common error messages that appear when you configure a cross-account DTS task and provides the corresponding solutions.

    Error message

    Solution

    UID错误提示_zh

    The value of the Alibaba Cloud Account parameter is invalid. Check whether you enter a valid ID of the Alibaba Cloud account to which the source or destination instance belongs. For more information, see the Preparations section of this topic.

    角色名错误

    image

    These errors may occur due to the following reasons:

    • The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs.

    • The required permissions are not granted to the RAM role. Use the Alibaba Cloud account to which the source or destination instance belongs to grant permissions.

    Note

    For more information, see the Preparations section of this topic.

    RAM

    These errors may occur due to the following reasons:

    • The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs.

    • The required permissions are not granted to the RAM role. Check whether you have granted the required permissions to the RAM role.

    • The trust policy of the RAM role is not modified. Check whether you have modified the trust policy for the RAM role.

    Note

    For more information, see the Preparations section of this topic.

    没有权限

    The RAM role that you specify in the RAM Role Name parameter is not granted the required permissions. To grant the required permissions to the RAM role, go to the details page of the RAM role. On the Permissions tab, click Precise Permission and specify the policy in the Precise Permission panel. Then, create the task again. For example, you must grant the required permissions to the RAM role of the Alibaba Cloud account to which the source instance belongs. For information about how to grant permissions to a RAM role, see the "Grant permissions to an existing RAM role" section of the Configure RAM authorization for cross-account DTS tasks topic.

    image

    The value of the RAM Role Name parameter is invalid. Enter the RAM role that you create during preparations instead of the default role AliyunDTSDefaultRole of DTS.