Some notes on creating a cross region RDS read replica & if necessary , to promote the Read Replica to a standalone RDS instance using AWS CLI
The purpose of these notes is to document the basic AWS CLI commands and does not replace a thorough Architectural review of using RDS replica as an HA solution for your organization
---Create a cross region RDS replica
--Get the source RDS arn from Region 1. This value is used to create the Read Replica , and will act as the Primary Source RDS
aws rds describe-db-instances --query "DBInstances[?DBInstanceIdentifier=='
--Attempt 1 : Create cross-region read replica based on the source RDS instance
aws rds create-db-instance-read-replica --db-instance-identifier
If you see this error , you'll need to either speak to your Administrator or identify a list of security values
An error occurred (InvalidSubnet) when calling the CreateDBInstanceReadReplica operation: No default subnet detected in VPC. Please contact AWS Support to recreate default Subnets.
A list of Amazon EC2 VPC security groups to associate with the read replica.Choose the appropriate one
aws ec2 describe-security-groups --query "SecurityGroups[].[GroupName,GroupId]" --Region
list subnet group names i alternative region , if there isn't a valid one - create a relevant one , either manually or IaC process
aws rds describe-db-subnet-groups --query "DBSubnetGroups[].DBSubnetGroupName" --region us-west-2
If you see this error , a valid KMS Key Id based in Region 2 is required
An error occurred (InvalidParameterCombination) when calling the CreateDBInstanceReadReplica operation: Cannot create a cross region unencrypted read replica from encrypted source.
List out KMS keys & Pick either the key ARN, key ID, alias ARN, or alias name for the KMS key.
aws kms list-aliases --region
The full create-db-instance-read-replica statement, with some fake values
aws rds create-db-instance-read-replica --db-instance-identifier my_multi_region_Secondary --region us-east-1 --source-db-instance-identifier arn:aws:rds:us-west-2:xxxxxxxxxx:db: my_multi_region_Primary --vpc-security-group-ids sg-xxxxxxx --db-subnet-group-name xxxxxxxxx --kms-key-id arn:aws:kms:us-east-1:xxxxxxxxx:alias/aws/xxxx
To check on the status of the target RDS read replica in the target region
aws rds describe-db-instances --db-instance-identifier my_multi_region_Secondary --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus,ReadReplicaSourceDBInstanceIdentifier]" --region us-east-1
"my_multi_region_Secondary",
"available",
arn:aws:rds:us-west-2:xxxxxxxxx:db:my_multi_region_Primary ==> This value is the source RDS and only appears for Read Replicas
Promote the read replica , if required , and will promote the Read Replica to a standalone RDS instance. Beware the Split Brain
aws rds promote-read-replica my_multi_region_Secondary --region us-east-1
Check status of read-replica instance after it has been promoted to a complete standalone . Now accepting read & writes
aws rds describe-db-instances --db-instance-identifier my_multi_region_Secondary --query "DBInstances[].[DBInstanceIdentifier,DBInstanceStatus,ReadReplicaSourceDBInstanceIdentifier]" --region us-east-1
"my_multi_region_Secondary",
"available",
null ==> The previous ReadReplicaSourceDBInstanceIdentifier value has disappeared
Check status of the original source instance
aws rds describe-db-instances --db-instance-identifier my_multi_region_Secondary --query "DBInstances[].DBInstanceIdentifier,DBInstanceStatus,ReadReplicaSourceDBInstanceIdentifier]" --region us-west-2
"my_multi_region_Primary",
"available",
null
