How to move an Amazon RDS DB instance from an Amazon Virtual Private Cloud (Amazon VPC) to a new VPC

In this article, I am going to show you how to migrate an Amazon Relational Database Service (Amazon RDS) DB instance from one virtual private cloud (VPC) to another in the same AWS account. This is useful especially when you want to place your application stack and database in different VPCs for security reasons.

But this sort of approach has few limitations.

• When you move the RDS DB instance to a new network and configure the new VPC, the DB instance reboots. So, change the VPC during a planned change window that is outside the RDS weekly maintenance window.

• The DB instance you’re migrating must be a single instance with no standby. It must not be a member of a cluster.

• Amazon RDS must not be in multiple Availability Zones. Convert the DB instance to a single AZ, and then convert it back to a Multi-AZ DB instance after moving to the new VPC.

• Amazon RDS must not have any read replicas. Remove the read replicas, and then add read replicas after the DB instance is moved to the new VPC.

• The subnet group created in the target VPC must have subnets from the Availability Zone where the source database is running. If the AZs are different, then the operation fails.

Let’s get started!

Please visit my GitHub Repository for RDS articles and GitHub Repository for VPC articles on various topics being updated on constant basis.

1. Create RDS Database Instance

2. Create a new VPC, Subnets, Route Tables, VPC Security Group

3. Create a new DB subnet group

4. Modify the Amazon RDS DB instance to use the new DB subnet group

• AWS user account with admin access, not a root account.
• an IAM role with permissions required for the VPC, subnets, and Amazon RDS console

Amazon RDS documentation
AWS IAM Documentation
Amazon VPC documentation

1. Create RDS Database Instance

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

2. Create a new VPC, Subnets, Route Tables, VPC Security Group

Create a new VPC

1

2

3

Create new Subnets

1

2

3

Create a new Route Table

1

2

3

4

Create a new VPC Security Group

1

2

3

3. Create a new DB subnet group.

1

2

4. Modify the Amazon RDS DB instance to use the new DB subnet group

1

2

3

4

5

6

7

8

9

10

11

• Continue
  
  12

13

14

• When the migration to the target VPC is complete, the target VPC’s default security group is assigned to the Amazon RDS DB instance.
  
  15

16

• choose Events in the left navigation pane.
• Confirm that the process moved the DB instance to the target VPC
  
  17

• delete RDS instance
• delete VPC and its components

I have successfully moved an Amazon RDS DB instance to a new VPC, by first changing its subnet group.