I recently wrote a blog post about sharing an encrypted RDS snapshot with another AWS account, which is a multi-step process with several moving parts. But what if you just want to share an unencrypted RDS snapshot?
The process gets significantly easier when your snapshot isn’t encrypted. In fact, with AWS Tools for Windows PowerShell, you can do it with a single line of code:
Edit-RDSDBSnapshotAttribute -DBSnapshotIdentifier <your_snapshot_id> -AttributeName "restore" -ValuesToAdd "<acct_number>,<another_acct_number>" -Region "<your_aws_region>"
Two important notes: 1) The value for the -AttributeName parameter has to be “restore”. You can’t make up your own. 2) The -ValuesToAdd parameter is the list of account numbers you want to share your RDS snapshot with. You don’t need to include your own account number here.
That’s it! Your snapshot is shared. Anyone with access to the snapshot can now create a new RDS instance from it using the Restore-RDSDBInstanceFromDBSnapshot cmdlet, specifying the DBSnapshotIdentifier of the snapshot you just shared.
So what if you decide later on that you don’t want the guy who owns one of the accounts you shared with to have access to your snapshot anymore (Maybe he insulted your girlfriend)? Simply run the command again, but change -ValuesToAdd to -ValuesToRemove.
Edit-RDSDBSnapshotAttribute -DBSnapshotIdentifier <your_snapshot_id> -AttributeName "restore" -ValuesToRemove "that_jerks_acct_number" -Region "<your_aws_region"
It’s important to understand, however, that this only removes access to the shared snapshot. If someone makes a copy of it in their own account before you cut off access, then they still have full ownership over that copy. Moral of the story: Don’t share a snapshot with someone unless you want them to have it forever.
I hope this helps someone out there who, like me, was looking for the non-existent “Share-RDSDBSnapshot” cmdlet. Though the Edit-RDSDBSnapshotAttribute cmdlet name might not be intuitive when you’re searching for it, it gets the job done – and that’s all that matters.