Configuring cross-Region snapshot copy for an Amazon KMS–encrypted cluster
When you launch an Amazon Redshift cluster, you can configure a snapshot copy grant for a root key in your account in the destination Amazon Web Services Region. If you don't configure a grant, snapshots in the destination region are encrypted with a default Amazon-owned key. By doing this, you enable Amazon Redshift to perform encryption operations in the destination Amazon Region.
The following procedure describes the process of enabling cross-Region snapshot copy for an Amazon KMS-encrypted cluster. For more information about encryption in Amazon Redshift and snapshot copy grants, see Copying Amazon KMS–encrypted snapshots to another Amazon Web Services Region.
To configure a cross-Region snapshot for an Amazon KMS–encrypted cluster
-
Sign in to the Amazon Web Services Management Console and open the Amazon Redshift console at https://console.amazonaws.cn/redshiftv2/
. -
On the navigation menu, choose Clusters, then choose the cluster that you want to move snapshots for.
-
For Actions, choose Configure cross-region snapshot.
The Configure cross-Region dialog box appears.
-
For Copy snapshots, choose Yes.
-
In Destination Amazon Region, choose the Amazon Region to which to copy snapshots.
-
In Automated snapshot retention period (days), choose the number of days for which you want automated snapshots to be retained in the destination Amazon Region before they are deleted.
-
In Manual snapshot retention period, choose the value that represents the number of days for which you want manual snapshots to be retained in the destination Amazon Region before they are deleted. If you choose Custom value, the retention period must be between 1 to 3653 days.
-
Choose Save.