Cross-Region Read Replicas (Aurora)

Introduction to Cross-Region Read Replicas

You can use this capability to set up a read-only database instance in a different AWS Region. Data is asynchronously transmitted from your primary database instance to a cross-Region read replica in close to real-time for read scale-out when using a cross-Region read replica. You can also transfer an existing database to a new AWS Region and develop a disaster recovery solution using it. Each source is allowed a maximum of five combined in-Region and cross-Region replicas.

An Aurora cluster is also created in the region when a read replica is created there. With a relatively short replication lag (usually less than 20 ms) within the region, this cluster can hold up to 15 additional read copies (depending on how far apart the source and target are, latency will differ between regions). For disaster recovery, you can replicate your clusters and read replica setup across regions using this architecture. You can make the cross-region replica the master in the event of a regional outage. Your cross-regional application's downtime can be reduced as a result. The Aurora clusters that are not encrypted can use this capability. You can't create an encrypted Aurora Replica from an unencrypted Aurora DB cluster. You can't create an unencrypted Aurora Replica from an encrypted Aurora DB cluster.

Cross-Region read replicas give you the option to manually upgrade your read replicas as a new Single-AZ instance in the event of a disaster in your primary AWS Region. You can configure a read replica for a DB instance that also has a standby replica configured for high availability in a Multi-AZ deployment. Replication with the standby replica is synchronous, and the standby replica can't serve read traffic.

Creating Cross-Region Read Replicas

• You can use the AWS Command Line Interface (AWS CLI), AWS Management Console, and Amazon RDS API to build an Aurora DB cluster that is a cross-Region read replica.

• When you use the AWS Management Console to build a cross-Region read replica for Aurora MySQL, Amazon RDS automatically generates a database cluster in the target AWS Region.

• The target AWS Region's DB cluster must first be created before constructing a cross-Region read replica using the AWS CLI or RDS API. After it becomes operational, you construct a database instance that serves as the main instance for that database cluster.

• As soon as the main read replica DB cluster instance is made accessible, replication starts.

Creating Cross-Region Read Replicas With The Console

Using the AWS Management Console, Build a Cross-Region Aurora MySQL DB Cluster Read Replica

• Open the Amazon RDS interface via this link after logging into the AWS Management Console.
• In the upper part of the AWS Console, choose the AWS Region where your underlying DB cluster is located.
• Select Databases from the navigation window.
• Select the database cluster for which a cross-region read replica is to be created.
• Select Create cross-Region read replica under Actions.
• On the Create cross-region read replica page, choose the options for your cross-Region read replica DB cluster.
• To create a cross-Region read replica for Aurora, select Create.

Creating Cross-Region Read Replicas With The AWS CLI

Using the CLI, One can build a cross-regional Aurora MySQL DB Cluster Read Replica

• In the AWS Region where you want to construct the read replica DB cluster, issue the command AWS CLI create-db-cluster. When creating a read replica, include the --replication-source-identifier option and the Amazon Resource Name (ARN) of the source DB cluster.
• The --master-username and --master-user-passwordoptions cannot be specified. The source DB cluster provided those values. Using an unencrypted DB cluster snapshot from the us-west-2 Region, the following code example builds a read replica in the us-east-1 Region. The US-East-1 Region receives the command.

For Windows:

• The code snippet that follows builds a read replica from an encrypted DB cluster snapshot in the us-west-2 Region in the us-east-1 Region. The US-East-1 Region receives the command.

For Windows:

• The —source-region option is required for cross-Region replication between the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions when the DB cluster indicated by —replication-source-identifier is encrypted.
• Using the AWS CLI describe-db-clusters command, as demonstrated in the following example, verify that the DB cluster is now usable. aws rds describe-db-clusters --db-cluster-identifier sample-replica-cluster
• When the describe-db-clusters findings reveal a state of available, create the primary instance again for the DB cluster so that replication may begin. Use the AWS CLI create-db-instance command to accomplish this, as illustrated in the example below.

For Windows:

• Replication starts as soon as the database instance is built and made available. By using the AWS CLI describe-db-instances command, you may find out if the database instance is accessible.

Creating Cross-Region Read Replicas With The RDS API

Using the API, Build an Aurora MySQL DB Cluster Which is a Cross-Region Read Replica

• In the AWS Region where you wish to build the read replica DB cluster, call the RDS API CreateDBCluster operation. When creating a read replica, be sure to provide the ReplicationSourceIdentifier argument and the Amazon Resource Name (ARN) of the source DB cluster.
• Configure the StorageEncrypted option to true for cross-Region replication if the DB cluster indicated by the ReplicationSourceIdentifier is encrypted. Also, specify the KmsKeyId parameter.
• Using an unencrypted DB cluster snapshot from the us-west-2 Region, the following code example builds a read replica in the us-east-1 Region. The US-East-1 Region is where the activity is called.

The code snippet that follows builds a read replica from an encrypted DB cluster snapshot in the us-west-2 Region in the us-east-1 Region. The US-East-1 Region is where the activity is called.

• When executing cross-Region replication between the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions, you must also specify the PreSignedUrl option if the DB cluster specified by ReplicationSourceIdentifier is encrypted. The pre-signed URL needs to be a legitimate CreateDBCluster API operation request that is capable of being executed in the source AWS Region that houses the encrypted DB cluster that will be replicated.
• Using the RDS API DescribeDBClusters action, as demonstrated in the following example, confirm that the DB cluster is now usable.

Replication starts as soon as the database instance is built and made available. By using the AWS CLI DescribeDBInstances command, you may find out if the database instance is accessible.

Cross-Region Read Replicas with RDS for MariaDB

For the following versions, cross-Region read replicas using RDS for MariaDB are accessible in all Regions:

• 10.6 RDS for MariaDB (All versions)
• RDS 10.5 for MariaDB (All versions)
• 10.4 RDS for MariaDB (All versions)
• 10.3 RDS for MariaDB (All versions)

Cross-Region Read Replicas with RDS for MySQL

The following versions of RDS for MySQL support cross-Region read replicas in all Regions:

• 8.0 RDS for MySQL (All versions)
• 5.7 RDS for MySQL (All versions)

Cross-Region Read Replicas with RDS for Oracle

RDS for Oracle's cross-region read replicas are accessible in all Regions with the following version restrictions:

• Cross-Region read replicas are not available for RDS for Oracle 21c.
• Cross-Region read replicas for Oracle Database 19c instances that aren't container database (CBD) instances are available for RDS for Oracle 19c.
• Cross-Region read replicas for Oracle Enterprise Edition (EE) of Oracle Database 12c Release 1 (12.1) using 12.1.0.2.v10 and higher 12c releases are available for RDS for Oracle 12c.

Cross-Region Read Replicas with RDS for PostgreSQL

For the following versions, RDS for PostgreSQL offers cross-Region read replicas in all Regions including PostgreSQL 10 RDS(All versions) to 14 RDS(All versions).

Cross-Region Replication Considerations

Cross-Region replication must take into account every factor that affects replication operations within an AWS Region. When replicating between AWS Regions, the following additional considerations are relevant:

• A source DB instance might well have cross-Region read replicas in several AWS Regions.
• GovCloud only allows replication between its (US-East) and (US-West) regions; you cannot replicate within or outside of GovCloud (US).
• For Oracle, PostgreSQL, and Microsoft SQL Server databases, you can only create a cross-Region Amazon RDS read replica from a source Amazon RDS database instance that is not a read replica of another Amazon RDS database instance. This restriction does not apply to DB instances operating on MariaDB and MySQL.
• Any read replica that is located in an AWS Region other than the source instance will most likely experience a greater degree of lag time. The lengthier network links connecting regional data centres are to blame for this lag time.
• Any of the create read replica commands that use the —db-subnet-group-name parameter must specify a DB subnet group from the same VPC to construct cross-Region read replicas.
• We are only able to guarantee a maximum of five cross-Region read replica instances due to the VPC's restriction on the number of access control list (ACL) entries.
• Most of the time, the read replica employs the chosen DB engine's default DB option group and DB parameter group.
• The AWS CLI function create-db-instance-read-replica allows you to specify a custom parameter group for the read replica for the MySQL and Oracle DB engines using the —db-parameter-group-name option. When using the AWS Management Console, a custom parameter group cannot be specified.
• The default security group is used by the read replica.
• When a cross-Region read replica's source DB instance is removed for MariaDB, and Oracle DB instances, the read replica is promoted.

Requesting a Cross-Region Read Replica

The requester (IAM role or IAM user) needs access to both the source DB instance and the source Region to request the formation of a cross-Region read replica.

The request may be unsuccessful due to certain restrictions in the requester's IAM policy. The examples that follow assume that the read replica is established in US East and that the source DB instance is in US East (Ohio) (N. Virginia).
These illustrations demonstrate circumstances in the requester's IAM policy that result in the request failing:

• There is a requirement for aws:RequestedRegion in the requester's policy.

• The policy forbids access to the source Region, hence the request is denied. Be sure to provide the source and destination Regions for a successful request.

• The source DB instance cannot be accessed under the requester's policy.

Indicate both the source instance and the replica for a successful request.

The policy of the requester forbids aws:ViaAWSService.

• A condition for aws:SourceVpc or aws:SourceVpce exists in the requester's policy.

These requests can be unsuccessful because the call from the specified VPC or VPC endpoint isn't made by RDS when it contacts the distant Region. You can add a second statement using aws:CalledVia to your policy to make the request successful if you need to employ one of the earlier conditions that would make it fail. As demonstrated below, you can combine aws:CalledVia and aws:SourceVpce.

Cross-Region Replication Costs

Amazon RDS data transfer fees are applied to the data transported for cross-Region replication. Charges are incurred for the data transmitted outside of the originating AWS Region during these cross-Region replication actions:

• When a read replica is created, Amazon RDS copies a snapshot of the source instance to the read replica AWS Region.
• Amazon RDS moves data from the source AWS Region to the read replica AWS Region for each modification made to the source databases.

Reducing the amount of cross-region read replicas you establish for MySQL and MariaDB instances will lower your data transport expenses. For instance, let's say you wish to have three read replicas in another AWS Region and you have a source DB instance in one AWS Region.