Configuring cross-Region snapshot copy for an Amazon KMS–encrypted cluster
When you launch an Amazon Redshift cluster, you can choose to encrypt it with a root key from the Amazon Key Management Service (Amazon KMS). Amazon KMS keys are specific to an Amazon Region. If you want to enable cross-Region snapshot copy for an Amazon KMS–encrypted cluster, you must configure a snapshot copy grant for a root key in the destination Amazon Region. By doing this, you enable Amazon Redshift to perform encryption operations in the destination Amazon Region.
The following procedure describes the process of enabling cross-Region snapshot copy for an Amazon KMS-encrypted cluster. For more information about encryption in Amazon Redshift and snapshot copy grants, see Copying Amazon KMS–encrypted snapshots to another Amazon Region.
To configure a cross-Region snapshot for an Amazon KMS–encrypted cluster
-
Sign in to the Amazon Web Services Management Console and open the Amazon Redshift console at https://console.amazonaws.cn/redshiftv2/
. -
On the navigation menu, choose Clusters, then choose the cluster that you want to move snapshots for.
-
For Actions, choose Configure cross-region snapshot.
The Configure cross-Region dialog box appears.
-
For Copy snapshots, choose Yes.
-
In Destination Amazon Region, choose the Amazon Region to which to copy snapshots.
-
In Automated snapshot retention period (days), choose the number of days for which you want automated snapshots to be retained in the destination Amazon Region before they are deleted.
-
In Manual snapshot retention period, choose the value that represents the number of days for which you want manual snapshots to be retained in the destination Amazon Region before they are deleted. If you choose Custom value, the retention period must be between 1 to 3653 days.
-
Choose Save.