Never Stop Learning

Automating The Cross Region Copy Of RDS Snapshots

If you would like to see the full version of this article please click here

Video Instruction

Yoube Video Instructions

The Architecture

When a snapshot of an RDS instance has started or is completed, and event is issued to Cloud Watch Events. Cloud Watch events can in turn check our rule set, and if a given event matches our rule set, it can perform an action on our behalf. On of those actions is my favorite.. Lambda.

Application Work Flow
Automated Snapshot Copy Workflow

Step 1: Iam Permissions

Create a new policy with permissions to copyDBSnapshots.

Create IAM Policy

Next we will create a new role. Chose Lambda as the service that can assume this role. Attach two Polcies. The first is the policy created in the previous step, the second is “AWSLambdaBasicExecutionRole”. Name This role appropriately

Step 2: Creating the Lambda Function

Create a new lambda function using Python 3.7 and the existing role we created in the previous step.

Create Lambda Function
Create Lambda Function

Using the inline editor, paste the following code into the lambda function.

# Written By GeekTopia
# Copy RDS Automated snapshots to a new region upon creation
# --Free to use under all conditions
# --Script is provied as is. No Warranty, Express or Implied

import json
import boto3

destinationRegion = "us-east-1"

def lambda_handler(event, context):
    sourceRegion = event['region']
    rds = boto3.client('rds',region_name=destinationRegion)
    #Build the Snapshot ARN - Always use the ARN when copying snapshots across region. 
    sourceSnapshotARN = event['detail']['SourceArn']
    sourceSnapshotARN= sourceSnapshotARN.replace(":db:",":snapshot:")
    #build a new snapshot name
    sourceSnapshotIdentifer = event['detail']['SourceIdentifier']
    targetSnapshotIdentifer ="{0}-ManualCopy".format(sourceSnapshotIdentifer)
    targetSnapshotIdentifer = targetSnapshotIdentifer.replace(":","-")

    #Execute copy
        copy = rds.copy_db_snapshot(SourceDBSnapshotIdentifier=sourceSnapshotARN,TargetDBSnapshotIdentifier=targetSnapshotIdentifer,SourceRegion=sourceRegion)
        print("Started Copy of Snapshot {0} in {2} to {1} in {3} ".format(sourceSnapshotIdentifer,targetSnapshotIdentifer,sourceRegion,destinationRegion))
    except ClientError as ex:
        if ex.response['Error']['Code'] == 'DBSnapshotAlreadyExists':
            print("Snapshot  {0} already exist".format(targetSnapshotIdentifer))
            print("ERROR: {0}".format(ex.response['Error']['Code']))

    return {
        'statusCode': 200,
        'body': json.dumps('Opearation Complete')

Review line 10 of the function code

destinationRegion = "us-east-1"                        

Set this to the region of your choice. Click the save button to save the Lambda function.

Save Button
Save Button

Do not test this function as it will fail when executed from the web console.

Step 3: Build The Cloud Watch Rule To Invoke Lambda

Navigate to the CloudWatch tab in the AWS Console. On the left hand menu select “Rules” then Click “Create Rule”.

CloudWatch Rule Creation

Do not edit any options. Click the “Edit” Link above the “Event Pattern Preview” Box. Replace any text in the box with the following filter. Then Click Save.

    "source": [
    "detail-type": ["RDS DB Snapshot Event"],
    "detail": {
       "Message":["Automated snapshot created"]

On the right hand menu, select “Add Target” and select the lambda function created in step 2 and click “Configure Details”.

Name the Cloud Watch Rule, pand provide a description per your naming conventions. Click “Create Rule” and you are done!

References Used