Copying a DB cluster snapshot - Amazon Aurora
LimitationsSnapshot retentionCopying shared snapshotsHandling encryptionIncremental snapshot copyingCross-Region copyingParameter groupsCopying a DB cluster snapshot
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Copying a DB cluster snapshot

With Amazon Aurora, you can copy automated backups or manual DB cluster snapshots. After you copy a snapshot, the copy is a manual snapshot. You can make multiple copies of an automated backup or manual snapshot, but each copy must have a unique identifier.

You can copy a snapshot within the same Amazon Web Services Region, you can copy a snapshot across Amazon Web Services Regions, and you can copy shared snapshots.

You can't copy a DB cluster snapshot across Regions and accounts in a single step. Perform one step for each of these copy actions. As an alternative to copying, you can also share manual snapshots with other Amazon accounts. For more information, see Sharing a DB cluster snapshot.

Note

Amazon bills you based upon the amount of Amazon Aurora backup and snapshot data you keep and the period of time that you keep it. For information about the storage associated with Aurora backups and snapshots, see Understanding Amazon Aurora backup storage usage. For pricing information about Aurora storage, see Amazon RDS for Aurora pricing.

Limitations

The following are some limitations when you copy snapshots:

  • You can't copy a snapshot to or from the following Amazon Web Services Regions:

    • China (Beijing)

    • China (Ningxia)

  • You can copy a snapshot between Amazon GovCloud (US-East) and Amazon GovCloud (US-West). However, you can't copy a snapshot between these Amazon GovCloud (US) Regions and commercial Amazon Web Services Regions.

  • If you delete a source snapshot before the target snapshot becomes available, the snapshot copy might fail. Verify that the target snapshot has a status of AVAILABLE before you delete a source snapshot.

  • You can have up to five snapshot copy requests in progress to a single destination Region per account.

  • When you request multiple snapshot copies for the same source DB instance, they're queued internally. The copies requested later won't start until the previous snapshot copies are completed. For more information, see Why is my EC2 AMI or EBS snapshot creation slow? in the Amazon Knowledge Center.

  • Depending on the Amazon Web Services Regions involved and the amount of data to be copied, a cross-Region snapshot copy can take hours to complete. In some cases, there might be a large number of cross-Region snapshot copy requests from a given source Region. In such cases, Amazon RDS might put new cross-Region copy requests from that source Region into a queue until some in-progress copies complete. No progress information is displayed about copy requests while they are in the queue. Progress information is displayed when the copy starts.

Snapshot retention

Amazon RDS deletes automated backups in several situations:

  • At the end of their retention period.

  • When you disable automated backups for a DB cluster.

  • When you delete a DB cluster.

If you want to keep an automated backup for a longer period, copy it to create a manual snapshot, which is retained until you delete it. Amazon RDS storage costs might apply to manual snapshots if they exceed your default storage space.

Copying shared snapshots

You can copy snapshots shared to you by other Amazon accounts. In some cases, you might copy an encrypted snapshot that has been shared from another Amazon account. In these cases, you must have access to the Amazon KMS key that was used to encrypt the snapshot.

You can only copy a shared DB cluster snapshot, whether encrypted or not, in the same Amazon Web Services Region. For more information, see Sharing encrypted snapshots.

Handling encryption

You can copy a snapshot that has been encrypted using a KMS key. If you copy an encrypted snapshot, the copy of the snapshot must also be encrypted. If you copy an encrypted snapshot within the same Amazon Web Services Region, you can encrypt the copy with the same KMS key as the original snapshot. Or you can specify a different KMS key.

If you copy an encrypted snapshot across Regions, you must specify a KMS key valid in the destination Amazon Web Services Region. It can be a Region-specific KMS key, or a multi-Region key. For more information on multi-Region KMS keys, see Using multi-Region keys in Amazon KMS.

The source snapshot remains encrypted throughout the copy process. For more information, see Limitations of Amazon Aurora encrypted DB clusters.

Note

For Amazon Aurora DB cluster snapshots, you can't encrypt an unencrypted DB cluster snapshot when you copy the snapshot.

Incremental snapshot copying

Aurora doesn't support incremental snapshot copying. Aurora DB cluster snapshot copies are always full copies. A full snapshot copy contains all of the data and metadata required to restore the DB cluster.

Cross-Region snapshot copying

You can copy DB cluster snapshots across Amazon Web Services Regions. However, there are certain constraints and considerations for cross-Region snapshot copying.

Depending on the Amazon Web Services Regions involved and the amount of data to be copied, a cross-Region snapshot copy can take hours to complete.

In some cases, there might be a large number of cross-Region snapshot copy requests from a given source Amazon Web Services Region. In such cases, Amazon RDS might put new cross-Region copy requests from that source Amazon Web Services Region into a queue until some in-progress copies complete. No progress information is displayed about copy requests while they are in the queue. Progress information is displayed when the copying starts.

If you use Amazon Backup for cross-Region snapshot copying, while the copies are full copies, the data transfer charges are incremental. For more information, see Creating backup copies across Amazon Web Services Regions in the Amazon Backup Developer Guide.

Parameter group considerations

When you copy a snapshot across Regions, the copy doesn't include the parameter group used by the original DB cluster. When you restore a snapshot to create a new DB cluster, that DB cluster gets the default parameter group for the Amazon Web Services Region it is created in. To give the new DB cluster the same parameters as the original, do the following:

  1. In the destination Amazon Web Services Region, create a DB cluster parameter group with the same settings as the original DB cluster. If one already exists in the new Amazon Web Services Region, you can use that one.

  2. After you restore the snapshot in the destination Amazon Web Services Region, modify the new DB cluster and add the new or existing parameter group from the previous step.

Copying a DB cluster snapshot

Use the procedures in this topic to copy a DB cluster snapshot. If your source database engine is Aurora, then your snapshot is a DB cluster snapshot.

For each Amazon account, you can copy up to five DB cluster snapshots at a time from one Amazon Web Services Region to another. Copying both encrypted and unencrypted DB cluster snapshots is supported. If you copy a DB cluster snapshot to another Amazon Web Services Region, you create a manual DB cluster snapshot that is retained in that Amazon Web Services Region. Copying a DB cluster snapshot out of the source Amazon Web Services Region incurs Amazon RDS data transfer charges.

After the DB cluster snapshot copy has been created in the new Amazon Web Services Region, the DB cluster snapshot copy behaves the same as all other DB cluster snapshots in that Amazon Web Services Region.

Console

This procedure works for copying encrypted or unencrypted DB cluster snapshots, in the same Amazon Web Services Region or across Regions.

To cancel a copy operation once it is in progress, delete the target DB cluster snapshot while that DB cluster snapshot is in copying status.

To copy a DB cluster snapshot

  1. Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/.

  2. In the navigation pane, choose Snapshots.

  3. Select the DB cluster snapshot you want to copy.

  4. For Actions, choose Copy snapshot. The Copy snapshot page appears.

    Copy a DB cluster snapshot

  5. (Optional) To copy the DB cluster snapshot to a different Amazon Web Services Region, choose that Amazon Web Services Region for Destination Region.

  6. Enter the name of the DB cluster snapshot copy in New DB Snapshot Identifier.

  7. To copy tags and values from the snapshot to the copy of the snapshot, choose Copy Tags.

  8. Choose Copy Snapshot.

Copying an unencrypted DB cluster snapshot by using the Amazon CLI or Amazon RDS API

Use the procedures in the following sections to copy an unencrypted DB cluster snapshot by using the Amazon CLI or Amazon RDS API.

To cancel a copy operation once it is in progress, delete the target DB cluster snapshot identified by --target-db-cluster-snapshot-identifier or TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in copying status.

Amazon CLI

To copy a DB cluster snapshot, use the Amazon CLI copy-db-cluster-snapshot command. If you are copying the snapshot to another Amazon Web Services Region, run the command in the Amazon Web Services Region to which the snapshot will be copied.

The following options are used to copy an unencrypted DB cluster snapshot:

  • --source-db-cluster-snapshot-identifier – The identifier for the DB cluster snapshot to be copied. If you are copying the snapshot to another Amazon Web Services Region, this identifier must be in the ARN format for the source Amazon Web Services Region.

  • --target-db-cluster-snapshot-identifier – The identifier for the new copy of the DB cluster snapshot.

The following code creates a copy of DB cluster snapshot arn:aws-cn:rds:us-east-1:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20130805 named myclustersnapshotcopy in the Amazon Web Services Region in which the command is run. When the copy is made, all tags on the original snapshot are copied to the snapshot copy.

Example

For Linux, macOS, or Unix:

aws rds copy-db-cluster-snapshot \
  --source-db-cluster-snapshot-identifier arn:aws-cn:rds:us-east-1:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20130805 \
  --target-db-cluster-snapshot-identifier myclustersnapshotcopy \
  --copy-tags

For Windows:

aws rds copy-db-cluster-snapshot ^
  --source-db-cluster-snapshot-identifier arn:aws-cn:rds:us-east-1:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20130805 ^
  --target-db-cluster-snapshot-identifier myclustersnapshotcopy ^
  --copy-tags

RDS API

To copy a DB cluster snapshot, use the Amazon RDS API CopyDBClusterSnapshot operation. If you are copying the snapshot to another Amazon Web Services Region, perform the action in the Amazon Web Services Region to which the snapshot will be copied.

The following parameters are used to copy an unencrypted DB cluster snapshot:

  • SourceDBClusterSnapshotIdentifier – The identifier for the DB cluster snapshot to be copied. If you are copying the snapshot to another Amazon Web Services Region, this identifier must be in the ARN format for the source Amazon Web Services Region.

  • TargetDBClusterSnapshotIdentifier – The identifier for the new copy of the DB cluster snapshot.

The following code creates a copy of a snapshot arn:aws-cn:rds:us-east-1:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20130805 named myclustersnapshotcopy in the US West (N. California) Region. When the copy is made, all tags on the original snapshot are copied to the snapshot copy.

Example 
https://rds.us-west-1.amazonaws.com/
   ?Action=CopyDBClusterSnapshot
   &CopyTags=true
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &SourceDBSnapshotIdentifier=arn%3Aaws%3Ards%3Aus-east-1%3A123456789012%3Acluster-snapshot%3Aaurora-cluster1-snapshot-20130805
   &TargetDBSnapshotIdentifier=myclustersnapshotcopy
   &Version=2013-09-09
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140429/us-west-1/rds/aws4_request
   &X-Amz-Date=20140429T175351Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=9164337efa99caf850e874a1cb7ef62f3cea29d0b448b9e0e7c53b288ddffed2

Copying an encrypted DB cluster snapshot by using the Amazon CLI or Amazon RDS API

Use the procedures in the following sections to copy an encrypted DB cluster snapshot by using the Amazon CLI or Amazon RDS API.

To cancel a copy operation once it is in progress, delete the target DB cluster snapshot identified by --target-db-cluster-snapshot-identifier or TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in copying status.

Amazon CLI

To copy a DB cluster snapshot, use the Amazon CLI copy-db-cluster-snapshot command. If you are copying the snapshot to another Amazon Web Services Region, run the command in the Amazon Web Services Region to which the snapshot will be copied.

The following options are used to copy an encrypted DB cluster snapshot:

  • --source-db-cluster-snapshot-identifier – The identifier for the encrypted DB cluster snapshot to be copied. If you are copying the snapshot to another Amazon Web Services Region, this identifier must be in the ARN format for the source Amazon Web Services Region.

  • --target-db-cluster-snapshot-identifier – The identifier for the new copy of the encrypted DB cluster snapshot.

  • --kms-key-id – The KMS key identifier for the key to use to encrypt the copy of the DB cluster snapshot.

    You can optionally use this option if the DB cluster snapshot is encrypted, you copy the snapshot in the same Amazon Web Services Region, and you want to specify a new KMS key to encrypt the copy. Otherwise, the copy of the DB cluster snapshot is encrypted with the same KMS key as the source DB cluster snapshot.

    You must use this option if the DB cluster snapshot is encrypted and you are copying the snapshot to another Amazon Web Services Region. In that case, you must specify a KMS key for the destination Amazon Web Services Region.

The following code example copies the encrypted DB cluster snapshot from the US West (Oregon) Region to the US East (N. Virginia) Region. The command is called in the US East (N. Virginia) Region.

Example

For Linux, macOS, or Unix:

aws rds copy-db-cluster-snapshot \
  --source-db-cluster-snapshot-identifier arn:aws-cn:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115 \
  --target-db-cluster-snapshot-identifier myclustersnapshotcopy \
  --kms-key-id my-us-east-1-key

For Windows:

aws rds copy-db-cluster-snapshot ^
  --source-db-cluster-snapshot-identifier arn:aws-cn:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115 ^
  --target-db-cluster-snapshot-identifier myclustersnapshotcopy ^
  --kms-key-id my-us-east-1-key

RDS API

To copy a DB cluster snapshot, use the Amazon RDS API CopyDBClusterSnapshot operation. If you are copying the snapshot to another Amazon Web Services Region, perform the action in the Amazon Web Services Region to which the snapshot will be copied.

The following parameters are used to copy an encrypted DB cluster snapshot:

  • SourceDBClusterSnapshotIdentifier – The identifier for the encrypted DB cluster snapshot to be copied. If you are copying the snapshot to another Amazon Web Services Region, this identifier must be in the ARN format for the source Amazon Web Services Region.

  • TargetDBClusterSnapshotIdentifier – The identifier for the new copy of the encrypted DB cluster snapshot.

  • KmsKeyId – The KMS key identifier for the key to use to encrypt the copy of the DB cluster snapshot.

    You can optionally use this parameter if the DB cluster snapshot is encrypted, you copy the snapshot in the same Amazon Web Services Region, and you specify a new KMS key to use to encrypt the copy. Otherwise, the copy of the DB cluster snapshot is encrypted with the same KMS key as the source DB cluster snapshot.

    You must use this parameter if the DB cluster snapshot is encrypted and you are copying the snapshot to another Amazon Web Services Region. In that case, you must specify a KMS key for the destination Amazon Web Services Region.

  • PreSignedUrl – If you are copying the snapshot to another Amazon Web Services Region, you must specify the PreSignedUrl parameter. The PreSignedUrl value must be a URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot action to be called in the source Amazon Web Services Region where the DB cluster snapshot is copied from. To learn more about using a presigned URL, see CopyDBClusterSnapshot.

The following code example copies the encrypted DB cluster snapshot from the US West (Oregon) Region to the US East (N. Virginia) Region. The action is called in the US East (N. Virginia) Region.

Example 
https://rds.us-east-1.amazonaws.com/
    ?Action=CopyDBClusterSnapshot
    &KmsKeyId=my-us-east-1-key
    &PreSignedUrl=https%253A%252F%252Frds.us-west-2.amazonaws.com%252F
         %253FAction%253DCopyDBClusterSnapshot
         %2526DestinationRegion%253Dus-east-1
         %2526KmsKeyId%253Dmy-us-east-1-key
         %2526SourceDBClusterSnapshotIdentifier%253Darn%25253Aaws%25253Ards%25253Aus-west-2%25253A123456789012%25253Acluster-snapshot%25253Aaurora-cluster1-snapshot-20161115
         %2526SignatureMethod%253DHmacSHA256
         %2526SignatureVersion%253D4
         %2526Version%253D2014-10-31
         %2526X-Amz-Algorithm%253DAWS4-HMAC-SHA256
         %2526X-Amz-Credential%253DAKIADQKE4SARGYLE%252F20161117%252Fus-west-2%252Frds%252Faws4_request
         %2526X-Amz-Date%253D20161117T215409Z
         %2526X-Amz-Expires%253D3600
         %2526X-Amz-SignedHeaders%253Dcontent-type%253Bhost%253Buser-agent%253Bx-amz-content-sha256%253Bx-amz-date
         %2526X-Amz-Signature%253D255a0f17b4e717d3b67fad163c3ec26573b882c03a65523522cf890a67fca613
    &SignatureMethod=HmacSHA256
    &SignatureVersion=4
    &SourceDBClusterSnapshotIdentifier=arn%3Aaws%3Ards%3Aus-west-2%3A123456789012%3Acluster-snapshot%3Aaurora-cluster1-snapshot-20161115
    &TargetDBClusterSnapshotIdentifier=myclustersnapshotcopy
    &Version=2014-10-31
    &X-Amz-Algorithm=AWS4-HMAC-SHA256
    &X-Amz-Credential=AKIADQKE4SARGYLE/20161117/us-east-1/rds/aws4_request
    &X-Amz-Date=20161117T221704Z
    &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
    &X-Amz-Signature=da4f2da66739d2e722c85fcfd225dc27bba7e2b8dbea8d8612434378e52adccf

Copying a DB cluster snapshot across accounts

You can enable other Amazon accounts to copy DB cluster snapshots that you specify by using the Amazon RDS API ModifyDBClusterSnapshotAttribute and CopyDBClusterSnapshot actions. You can only copy DB cluster snapshots across accounts in the same Amazon Web Services Region. The cross-account copying process works as follows, where Account A is making the snapshot available to copy, and Account B is copying it.

  1. Using Account A, call ModifyDBClusterSnapshotAttribute, specifying restore for the AttributeName parameter, and the ID for Account B for the ValuesToAdd parameter.

  2. (If the snapshot is encrypted) Using Account A, update the key policy for the KMS key, first adding the ARN of Account B as a Principal, and then allow the kms:CreateGrant action.

  3. (If the snapshot is encrypted) Using Account B, choose or create a user and attach an IAM policy to that user that allows it to copy an encrypted DB cluster snapshot using your KMS key.

  4. Using Account B, call CopyDBClusterSnapshot and use the SourceDBClusterSnapshotIdentifier parameter to specify the ARN of the DB cluster snapshot to be copied, which must include the ID for Account A.

To list all of the Amazon accounts permitted to restore a DB cluster snapshot, use the DescribeDBSnapshotAttributes or DescribeDBClusterSnapshotAttributes API operation.

To remove sharing permission for an Amazon account, use the ModifyDBSnapshotAttribute or ModifyDBClusterSnapshotAttribute action with AttributeName set to restore and the ID of the account to remove in the ValuesToRemove parameter.

Copying an unencrypted DB cluster snapshot to another account

Use the following procedure to copy an unencrypted DB cluster snapshot to another account in the same Amazon Web Services Region.

  1. In the source account for the DB cluster snapshot, call ModifyDBClusterSnapshotAttribute, specifying restore for the AttributeName parameter, and the ID for the target account for the ValuesToAdd parameter.

    Running the following example using the account 987654321 permits two Amazon account identifiers, 123451234512 and 123456789012, to restore the DB cluster snapshot named manual-snapshot1.

    https://rds.us-west-2.amazonaws.com/
	?Action=ModifyDBClusterSnapshotAttribute
	&AttributeName=restore
	&DBClusterSnapshotIdentifier=manual-snapshot1
	&SignatureMethod=HmacSHA256&SignatureVersion=4
	&ValuesToAdd.member.1=123451234512
	&ValuesToAdd.member.2=123456789012
	&Version=2014-10-31
	&X-Amz-Algorithm=AWS4-HMAC-SHA256
	&X-Amz-Credential=AKIADQKE4SARGYLE/20150922/us-west-2/rds/aws4_request
	&X-Amz-Date=20150922T220515Z
	&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
	&X-Amz-Signature=ef38f1ce3dab4e1dbf113d8d2a265c67d17ece1999ffd36be85714ed36dddbb3

  2. In the target account, call CopyDBClusterSnapshot and use the SourceDBClusterSnapshotIdentifier parameter to specify the ARN of the DB cluster snapshot to be copied, which must include the ID for the source account.

    Running the following example using the account 123451234512 copies the DB cluster snapshot aurora-cluster1-snapshot-20130805 from account 987654321 and creates a DB cluster snapshot named dbclustersnapshot1.

    https://rds.us-west-2.amazonaws.com/
   ?Action=CopyDBClusterSnapshot
   &CopyTags=true
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &SourceDBClusterSnapshotIdentifier=arn:aws-cn:rds:us-west-2:987654321:cluster-snapshot:aurora-cluster1-snapshot-20130805
   &TargetDBClusterSnapshotIdentifier=dbclustersnapshot1
   &Version=2013-09-09
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20150922/us-west-2/rds/aws4_request
   &X-Amz-Date=20140429T175351Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=9164337efa99caf850e874a1cb7ef62f3cea29d0b448b9e0e7c53b288ddffed2

Copying an encrypted DB cluster snapshot to another account

Use the following procedure to copy an encrypted DB cluster snapshot to another account in the same Amazon Web Services Region.

  1. In the source account for the DB cluster snapshot, call ModifyDBClusterSnapshotAttribute, specifying restore for the AttributeName parameter, and the ID for the target account for the ValuesToAdd parameter.

    Running the following example using the account 987654321 permits two Amazon account identifiers, 123451234512 and 123456789012, to restore the DB cluster snapshot named manual-snapshot1.

    https://rds.us-west-2.amazonaws.com/
	?Action=ModifyDBClusterSnapshotAttribute
	&AttributeName=restore
	&DBClusterSnapshotIdentifier=manual-snapshot1
	&SignatureMethod=HmacSHA256&SignatureVersion=4
	&ValuesToAdd.member.1=123451234512
	&ValuesToAdd.member.2=123456789012
	&Version=2014-10-31
	&X-Amz-Algorithm=AWS4-HMAC-SHA256
	&X-Amz-Credential=AKIADQKE4SARGYLE/20150922/us-west-2/rds/aws4_request
	&X-Amz-Date=20150922T220515Z
	&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
	&X-Amz-Signature=ef38f1ce3dab4e1dbf113d8d2a265c67d17ece1999ffd36be85714ed36dddbb3

  2. In the source account for the DB cluster snapshot, create a custom KMS key in the same Amazon Web Services Region as the encrypted DB cluster snapshot. While creating the customer managed key, you give access to it for the target Amazon Web Services account. For more information, see Create a customer managed key and give access to it.

  3. Copy and share the snapshot to the target Amazon Web Services account. For more information, see Copy and share the snapshot from the source account.

  4. In the target account, call CopyDBClusterSnapshot and use the SourceDBClusterSnapshotIdentifier parameter to specify the ARN of the DB cluster snapshot to be copied, which must include the ID for the source account.

    Running the following example using the account 123451234512 copies the DB cluster snapshot aurora-cluster1-snapshot-20130805 from account 987654321 and creates a DB cluster snapshot named dbclustersnapshot1.

    https://rds.us-west-2.amazonaws.com/
   ?Action=CopyDBClusterSnapshot
   &CopyTags=true
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &SourceDBClusterSnapshotIdentifier=arn:aws-cn:rds:us-west-2:987654321:cluster-snapshot:aurora-cluster1-snapshot-20130805
   &TargetDBClusterSnapshotIdentifier=dbclustersnapshot1
   &Version=2013-09-09
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20150922/us-west-2/rds/aws4_request
   &X-Amz-Date=20140429T175351Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=9164337efa99caf850e874a1cb7ef62f3cea29d0b448b9e0e7c53b288ddffed2