The Snapshot Tool for Amazon RDS automates the task of creating manual snapshots, copying them into a different account and a different region, and deleting them after a specified number of days
We weren't able to copy a snapshot encrypted with the aws managed default key (aws/rds) into another destination account. CopySnapshot lambda which in the destination account fails to copy the shared snapshot, as it has no access to the KMS default key of the other account.
We thought this is a common case and covered by the script. After some deep dive, I think we need to copy the snapshot once more within the source account and attach another CMK to the snapshot which is shared to the destination account. WOuld love to hear some opinions about this issue.
We weren't able to copy a snapshot encrypted with the aws managed default key (aws/rds) into another destination account. CopySnapshot lambda which in the destination account fails to copy the shared snapshot, as it has no access to the KMS default key of the other account.
We thought this is a common case and covered by the script. After some deep dive, I think we need to copy the snapshot once more within the source account and attach another CMK to the snapshot which is shared to the destination account. WOuld love to hear some opinions about this issue.