AWS RDS Cross-Region Replica Command Line Creation Method

A recent test found that the previous option for AWS RDS to create cross-region replicas is gone. (Beijing and Ningxia regions are not available). This feature is often absent from time to time. It is said to consider compliance reasons, this function is not directly visible in the Console.

There are always more solutions than difficulties. Without the console, we still have cli, and there are always methods.
After testing, the method is as follows:

1. First refer to the official cli document to
   create a cross-region replica command line
   https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance-read-replica.html

2. If it is across regions, there is a requirement to fill in the arn part to
   construct the ARN of Amazon RDS
   https://docs.aws.amazon.com/zh_cn/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing

   RDS example：
   arn:aws:rds:<region>:<account number>:<resourcetype>:<name>

   Note that the China area is arn:aws-cn.... This is a small pit. It is best to find arn in the configuration and modify it based on your existing RDS.

3. The output of the actual test: the
   following command is aws cli to connect to cn-north-1 (Beijing), remotely transfer the database testdb of cn-northwest-1 (Ningxia) under the same account, and create a replica to Beijing.
   For the purpose of testing, I did not add more optional parameters. I plan to modify them through the console later.

   aws rds  create-db-instance-read-replica \
   --db-instance-identifier   cli-create-xx \
   --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
   --db-instance-class db.m4.large \
   --source-region cn-northwest-1  

Screenshot of the result:
4. If you create a replica of the same region, it is simpler, no need to write arn, just write the names of master and replica

aws rds  create-db-instance-read-replica \
--db-instance-identifier cli-create-testdb2 \
--source-db-instance-identifier mysql57 \
--db-instance-class db.m4.large \
--source-region cn-north-1  

Note: To create a cross-region replica in the aws cli method, you need to set the aws configure environment and connect to the region where you plan to create the replica (I am connected to Beijing, and the replica is created in Beijing). The reason is because db-instance-identifier cannot specify arn, while source-db-instance-identifier can specify arn. And only through arn, in conjunction with the source-region parameter, can we find resources across regions.

5. Example:
   Requirements:
   Master in Beijing and
   Replica in Ningxia

Actual operation: In the
aws configure configuration, choose to connect to Beijing

 aws configure
AWS Access Key ID [****************ZFFF]:
AWS Secret Access Key [****************HfnD]:
Default region name [cn-north-1]:
Default output format [None]:

Then start to execute the creation command in step 3.

The following is the addition of more parameters such as VPC, security group, db-subnet-group, and more comprehensive parameter selection and designation, which has the value of actual production use.

6. Specify VPC, security group

   aws rds  create-db-instance-read-replica \
   --db-instance-identifier   replica-zhy-1 \
   --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
   --db-instance-class db.m4.large \
   --source-region cn-northwest-1  \
   --availability-zone cn-north-1b   \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --db-subnet-group-name  replica-subnet-group    

   After creating a screenshot,
   note: the information in the red box in the figure needs to be used in the command line.
   

   Increase public network access, storage type, multi-AZ, etc.

   aws rds  create-db-instance-read-replica \
   --db-instance-identifier   replica-zhy-2 \
   --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
   --db-instance-class db.m4.large \
   --source-region cn-northwest-1  \
   --availability-zone cn-north-1b,cn-north-1a   \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --db-subnet-group-name  replica-subnet-group  \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --multi-az \
   --publicly-accessible \
   --storage-type standard  \
   --deletion-protection \
   --tags Key=Name,Value=test-OK

   If you encounter the error
   An error occurred (InvalidVPCNetworkStateFault) when calling the CreateDBInstanceReadReplica operation: Cannot create a publicly accessible DBInstance. The specified VPC does not support DNS resolution, DNS hostnames, or both. Update the VPC and then try again
   above, the following reference documents need to enable the DNS host name and DNS resolution properties of Amazon VPC.
   The VPC network properties enableDnsHostnames and enableDnsSupport must be set to true. To view and modify these properties, please go to the VPC console at https://console.aws.amazon.com/vpc/ .
   https://aws.amazon.com/cn/premiumsupport/knowledge-center/rds-launch-in-vpc/?nc1=h_ls
   https://docs.aws.amazon.com/zh_cn/vpc/latest/userguide/ vpc-dns.html

7. After solving the VPC problem, re-execute and continue to find errors. --multi-az and --availability-zone cannot appear at the same time. Even if I list both AZs, it still doesn't work.

   aws rds  create-db-instance-read-replica \
   --db-instance-identifier   replica-zhy-2 \
   --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
   --db-instance-class db.m4.large \
   --source-region cn-northwest-1  \
   --availability-zone cn-north-1b,cn-north-1a   \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --db-subnet-group-name  replica-subnet-group  \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --multi-az \
   --publicly-accessible \
   --storage-type standard  \
   --deletion-protection \
   --tags Key=Name,Value=test-OK

   An error occurred (InvalidParameterCombination) when calling the CreateDBInstanceReadReplica operation: Requesting a specific availability zone is not valid for Multi-AZ instances.

8. Remove the availability-zone parameter, the execution is successful

aws rds  create-db-instance-read-replica \
--db-instance-identifier   replica-zhy-2 \
--source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
--db-instance-class db.m4.large \
--source-region cn-northwest-1  \
--vpc-security-group-ids sg-0df896e1034f08331 \
--db-subnet-group-name  replica-subnet-group  \
--multi-az \
--publicly-accessible \
--vpc-security-group-ids sg-0df896e1034f08331 \
--storage-type standard  \
--deletion-protection \
--tags Key=Name,Value=test-OK

9. Increase disk type IO1, IOPS parameters, option-group-name test

   aws rds  create-db-instance-read-replica \
   --db-instance-identifier   replica-zhy-5 \
   --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
   --db-instance-class db.m4.large \
   --source-region cn-northwest-1  \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --db-subnet-group-name  replica-subnet-group  \
   --no-multi-az \
   --port 3316 \
   --publicly-accessible \
   --vpc-security-group-ids sg-0df896e1034f08331 \
   --storage-type io1  \
   --iops 1000 \
   --deletion-protection \
   --tags Key=Name,Value=test-OK \
   --option-group-name mysql8-replica  

   The output shows that the port modification is valid and the
   
   option group is also valid
   

10. Use gp2 to store the test.
    Note: If you set --storage-type standard, io1 and iops 1000 will be used by default. In fact, even in the aws console, ordinary disks cannot be selected. (If any great god has tested a useful setting method, please leave a message at the bottom of the article, thank you)

    aws rds  create-db-instance-read-replica \
    --db-instance-identifier   replica-zhy-6 \
    --source-db-instance-identifier  arn:aws-cn:rds:cn-northwest-1:027807615311:db:testdb \
    --db-instance-class db.m4.large \
    --source-region cn-northwest-1  \
    --vpc-security-group-ids sg-0df896e1034f08331 \
    --db-subnet-group-name  replica-subnet-group  \
    --multi-az \
    --port 3316 \
    --publicly-accessible \
    --vpc-security-group-ids sg-0df896e1034f08331 \
    --storage-type gp2  \
    --deletion-protection \
    --tags Key=Name,Value=test-OK \
    --option-group-name mysql8-replica 

    The output is as follows. After many tests, no matter what value is set for --storage-type (including not set), it is the default setting of IO1 disk, 100G, and 1000IOPS.

In summary, creating a replica through the command line can be done very quickly, but there are many parameters that are modified again after the replica is created, and it takes a period of time to adjust.
The following parameters are changed later (of course, they are all done automatically by the system).

--multi-az 
--port 3316
--storage-type gp2 

After many tests, no matter what value is set for --storage-type (including not set), it is the default setting of using IO1 disk, 100G, and 1000IOPS. Finally, it will be modified to the type specified by --storage-type.

Refer to the screenshot below, the final completion time mainly depends on the amount of data.


At this point, the creation of the replica is completed.