Home United States USA — software Migrating Data From an Encrypted Amazon MySQL RDS Instance to an Encrypted...

Migrating Data From an Encrypted Amazon MySQL RDS Instance to an Encrypted Amazon Aurora Instance

293
0
SHARE

In this blog post, we’ll discuss migrating data from encrypted Amazon MySQL RDS to encrypted Amazon Aurora. One of my customers wanted to migrate from an enc…
In this blog post, we’ll discuss migrating data from encrypted Amazon MySQL RDS to encrypted Amazon Aurora.
One of my customers wanted to migrate from an encrypted MySQL RDS instance to an encrypted Aurora instance. They have a pretty large database; therefore, using mysqldump or a similar tool was not suitable for them. They also wanted to setup replication between old MySQL RDS and new Aurora instances.
At first, I checked Amazon’s documentation on encryption and found nothing about this type of migration. Even more, if I trust the documentation, it looks like they don’t support replication or migration between encrypted MySQL RDS and encrypted Aurora. All instructions are for either “MySQL RDS to MySQL RDS” or “Aurora to Aurora” setups. For example, the documentation says here:
I had to find a workaround.
However, the documentation specified that Aurora and MySQL RDS use the same AWS KMS key. As a result, both kinds of encryption should be compatible (if not practically the same) . Amazon also has the AWS Database Migration Service, which has this promising section in its FAQ:
I decided to give it a try. And it worked!
The next step was to make this newly migrated Aurora encrypted instance a read replica of the original MySQL RDS instance. This is easy in part with the help of great how-to on migration by Adrian Cantrill. As suggested, you only need to find the master’s binary log file, current position and supply them to the stored routine mysql.rds_set_external_master. Then, start replication using the stored routine _set_external_master. Then, start replication using the stored routine mysql.rds_start_replication .
While AWS Database Migration Service has limitations for both source and target databases, this solution allows you to migrate encrypted instances easily and securely!

Continue reading...