WorkHub
- Home
-
Cloudairy Al
- Pricing
- Book a Demo
Whiteboard
instances across AWS accounts For many organizations, working with Amazon RDS databases across multiple AWS accounts is part of their daily operations. Whether it's for compliance, improved fault tolerance, or setting up a disaster recovery mechanism, replicating your RDS data securely and efficiently becomes essential. But doing this manually every time isn't just time-consuming—it’s also error-prone. That’s where automating the process comes into play. This template walks you through a straightforward way to automate RDS replication between AWS accounts, using a combination of EventBridge, Step Functions, and Lambda functions. While there are many ways to approach this, what we’re focusing on here is an architecture that minimizes manual tasks and ensures your data stays in sync—even across accounts.
Before diving into the actual workflow, let’s look at why automating RDS replication matters.
If you have your primary database in one AWS account but need the same data in another—for instance, in a different business unit, a separate dev/test environment, or for a DR setup—you’ll need a system that not only replicates data but does so without affecting performance or requiring constant supervision.
Automation allows this to happen in the background. You set it up once, and it keeps working—backing up, replicating, and notifying you if anything goes wrong.
Here’s a simple explanation of how the automation works:
EventBridge detects a scheduled event or a trigger you’ve set—like a database snapshot being created.
That event kicks off a Step Function workflow, which maps out the steps needed for replication.
A Lambda function is called to handle the actual snapshot creation in the source account.
The snapshot is shared with the target AWS account.
A second Lambda function in the target account restores the snapshot as a new RDS instance.
Along the way, services like Secrets Manager, CloudWatch, and SNS help with security, monitoring, and notifications.
This process ensures that your RDS data is regularly copied to another account without the need for someone to log in and do it manually.
If you're using Cloudairy to manage your infrastructure templates, setting this up becomes more visual and manageable.
Login to your Cloudairy account and go to the “Templates” section.
In the search bar, type in “RDS Cross-Account Replication.”
Once you see the template preview, open it in Designer Mode.
Make changes to the Step Function workflow and EventBridge rules depending on how frequently you want replication to happen.
Save your configuration and export it for deployment through the AWS Management Console or CI/CD pipeline.
No two organizations are the same, so a few tweaks will be necessary to make this work for your use case.
Replication Timing: Decide how often the snapshots should be created and shared. This could be daily, weekly, or based on business hours.
IAM Roles: Set up permissions so that your Lambda functions can access the databases, create snapshots, and share them across accounts.
Secrets Manager: Store database credentials securely, especially if your Lambda function needs to connect to the database for verification or custom logic.
Encryption Settings: Use AWS KMS to handle encryption of backups and make sure the target account can access the KMS key.
Here’s a breakdown of the AWS services and their roles in this automation:
Amazon RDS (Green): The source database in Account A.
Amazon RDS (Blue): The replica database restored in Account B.
AWS Lambda: Used for snapshot creation, sharing, and restoration logic.
AWS Step Functions: Coordinates the sequence of tasks involved in replication.
Amazon EventBridge: Detects triggers and starts the workflow.
AWS Secrets Manager: Keeps sensitive data like DB passwords safe.
Amazon SNS: Sends emails or alerts about the replication status.
CloudWatch Logs: Helps monitor Lambda function output and errors.
IAM Roles: Grants access to AWS services and handles trust between accounts.
AWS VPC & Security Groups: Ensures network security for both source and target databases.
AWS KMS: Manages encryption keys for snapshots and backups.
Let’s say you're finance department maintains its own AWS account, separate from the IT operations department. The finance team runs its own RDS PostgreSQL instance, but the operations team needs read-only access to that data for analytics.
By using this automated setup, you can schedule a daily snapshot of the finance department’s database and automatically restore it in the operations account. There’s no need to manually send credentials, export and import data manually, and no risk of human error. Plus, if anything goes wrong—like a failed snapshot or a missing IAM permission—you’ll get alerted immediately via SNS.
Setting up automated Replication of Amazon RDS across AWS accounts may sound complicated at first, but when you break it down into smaller parts, it becomes very doable—even for small teams. Using AWS-native tools like Lambda, Step Functions, and EventBridge makes the process both powerful and cost-effective.
Most importantly, this setup gives you peace of mind. Whether you're preparing for disaster recovery, building a testing environment, or syncing data across business units, your databases will stay updated, secure, and reliable—without constant manual effort.
Find templates tailored to your specific needs. Whether you’re designing diagrams, planning projects, or brainstorming ideas, explore related templates to streamline your workflow and inspire creativity
Unlock AI-driven design and teamwork. Start your free trial today
Unlock AI-driven design and teamwork. Start your free trial today
