RDS Encrypted Snapshot Copy between AWS Accounts

I was working on cross account copy of RDS snapshots which are encrypted. We prefer to have snapshot copy in a different AWS Region of destination AWS account. The process of copying encrypted RDS snapshot is different from that of a normal non-ecrypted RDS snapshot.

What you require,

KMS keys in both AWS Accounts. Running RDS encrypted instance. I have my RDS instance in N Virginia Region which is my source AWS Account and have Automatic RDS daily snapshot. I have to copy RDS snapshot to Destination AWS account in Singapore Region. I have logged as root user in both AWS Accounts. We will see the steps to follow,

1. Create KMS key in SourceAWSAccount Singapore Region. During creation of KMS key, give permission to Destination AWS Account( specify Account Number).
2. Select the snapshot from N Virginia Region and copy to Singapore Region of Source AWS Account. In the process, select the KMS key created in step1.
3. After copy is completed, select the RDS snapshot in Singapore Region and Share the snapshot to the destination AWS account by specifying its AWS account number.
4. Now log into destination AWS Account.
5. Create AWS KMS key in AWS Singapore Region.
6. In AWS RDS Console in Singapore Region, search for shared snapshots. Select the one available due to step 3.
7. Copy the shared snapshot to Singapore Region so that it is available locally. During the process select the encryption key created in step 5
8. Test it by launching RDS instance from the snapshot. Note: Encryption is available t2.small and above instance type at the time of writing

Conclusion

We have seen the steps required to copy an encrypted RDS snapshot from one AWS account to another. We have executed some additional steps beyond an normal copying of un-encrypted RDS snapshot.

Disclaimer: You are requested to test thoroughly before implement in production environment.