Migrating DynamoDB tables from one AWS Account to Another using AWS Backup Service
In today’s dynamic cloud computing landscape, it is common for businesses and organisations to migrate their resources between different AWS accounts. One such resource is the DynamoDB table, a fully managed NoSQL database service provided by Amazon Web Services (AWS). Understanding how to migrate DynamoDB tables from one AWS account to another is essential, whether you’re restructuring your AWS account architecture, consolidating resources, or even transferring ownership.
In order to migrate DynamoDB tables from one account to another we can use any of the below approaches:
- AWS Backup
- DynamoDB import and export to Amazon Simple Storage Service (Amazon S3)
- Amazon S3 and AWS Glue
- AWS Data Pipeline
- Amazon EMR
In this blog post we will discuss in detail of the various steps involved to migrate DynamoDB table between accounts by using AWS Backup Service.
For the purpose of this blog, I created a test DynamoDB table named “dynamodb-crossaccount-test” and inserted some data.
Select Query results on the table:
- Create an AWS Backup vault in the target account in the Region where your DynamoDB will be present.
From the Console goto Backup service and click on create Backup vault. I have used the backup service default key. If you have a CMK, then select the CMK and share it with the source account.
2. Add an AWS Identity and Access Management (IAM) policy to the vault that allows other accounts to copy into the vault. You can do so by selecting the option Allow access to a backup vault from organization.
A new window pops up and adds a policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "backup:CopyIntoBackupVault",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "o-xxxxxxx"
}
}
}
]
}3. In the source account where your DynamoDB is present, create an AWS Backup vault in the Region where your table data needs to be migrated.
4. Repeat step No: 2 of creating IAM policy to the Backup Vault in the source account.
5. For the purpose of this blog, I have created on demand backup in the source account from the backup vault. But in order to automate, we can create a backup plan and select a schedule and the DynamoDB resources to be included into the backup.
Once the backup is completed we can see the backup under recovery points of Backup Vault.
6. Select the backup taken in step-5 in the source account Backup recovery points and click on actions and click copy.
7. Create the copy configuration by choosing the region to copy and turn on the “Copy to another account’s vault” and provide the target account backup vault ARN and click on allow.
8. Once the backup copy job is completed we can see the backup under the Backup Vault Recovery Points of the target account. We can see the backup under DynamoDB backups also.
9. Select the recovery point and click on actions and click on restore. A new window pops up, where we have to input the table name and other details.
10. Once the table is restored you can query the table and the applications can connect to the endpoint of the restored table.
Conclusion:
In this way we can migrate DynamoDB tables from one account to another account. By creating a backup plan, we can automatically take backup regularly based on the frequency of the backup schedule.
Hope you have learned something new.
Happy Learning !!!!!!!!!!!!!!!!
