Automating Cross-Region Amazon RDS Disaster Recovery with AWS Lambda

Overview

In this blog, we will guide you through the process of implementing a cross-region disaster recovery (DR) strategy for Amazon RDS, utilizing automated snapshots and AWS Lambda. This approach ensures business continuity and compliance by replicating RDS snapshots to a secondary region without manual intervention. By automating this process, organizations can significantly reduce operational overhead and minimize downtime in the event of regional outages.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

Amazon RDS offers automated backups and snapshots to maintain database resilience. However, these snapshots are region-specific by default, which means they cannot be directly used for recovery in another AWS region.
For businesses operating in multiple geographies or under strict compliance requirements, cross-region replication of snapshots becomes essential.

AWS provides a flexible way to achieve this using AWS Lambda functions and Amazon CloudWatch Events, enabling you to automate snapshot copying to a designated DR region.

This solution is cost-effective, easy to implement, and avoids the complexity of full multi-region deployments.

Understanding the Need

Cross-region DR is critical for several reasons:

Compliance: Many industries, such as finance and healthcare, require off-site backups to meet regulatory standards.
Business Continuity: Regional outages, though rare, can disrupt operations. Having snapshots in a different region ensures a quick recovery.
Cost Optimization: Instead of maintaining a full secondary cluster, copying snapshots provides a lightweight DR solution.
Risk Mitigation: Protects against data loss due to natural disasters, regional failures, or accidental deletions.

Prerequisites

Before starting, ensure the following:

Automated Backups Enabled: Your Amazon RDS instance must have automated backups turned on.
AWS IAM Permissions: Create roles with permissions that allow AWS Lambda to interact with Amazon RDS and, optionally, Amazon S3 for logging purposes.
Target Region Prepared: Ensure the destination region has sufficient storage and encryption keys (KMS) if you plan to encrypt snapshots.
AWS CLI or Console Access: For validation and troubleshooting.

Procedure Steps

Enable Automated Snapshots

Navigate to Amazon RDS Console → Databases → Backup Settings.
Confirm Automated Backups are enabled with an appropriate retention period (e.g., 7 days).
This ensures snapshots are created regularly for AWS Lambda to copy.

Create an AWS IAM Role for AWS Lambda

Go to AWS IAM Console → Roles → Create Role.
Select AWS Lambda as the trusted entity.
Attach the following policies:

- AmazonRDSFullAccess (for snapshot operations)
- AmazonS3FullAccess (optional, for logging)
- Custom policy for:
  - rds:CopyDBSnapshot
  - rds:DescribeDBSnapshots

This role enables AWS Lambda to fetch and copy snapshots securely.

Develop an AWS Lambda Function to Copy Snapshots

Create an AWS Lambda function in the source region.
Use Python or Node.js runtime.
Logic:
- Fetch the latest snapshot using describe_db_snapshots.
- Call copy_db_snapshot to the target region.

Example snippet (Python):

import boto3
import datetime

rds = boto3.client('rds')
targetregion = 'us-west-2'

def lambdahandler(event, context):
    snapshots = rds.describedbsnapshots(DBInstanceIdentifier='mydb', SnapshotType='automated')
    latestsnapshot = max(snapshots['DBSnapshots'], key=lambda x: x['SnapshotCreateTime'])
    snapshotid = latestsnapshot['DBSnapshotIdentifier']
    copyid = f"{snapshotid}-copy-{datetime.datetime.now().strftime('%Y%m%d')}"
    
    rds.copydbsnapshot(
        SourceDBSnapshotIdentifier=snapshotid,
        TargetDBSnapshotIdentifier=copyid,
        SourceRegion='us-east-1'
    )
    return f"Snapshot {snapshotid} copied to {targetregion} as {copyid}"

import boto3

import datetime

rds = boto3.client('rds')

targetregion = 'us-west-2'

def lambdahandler(event, context):

snapshots = rds.describedbsnapshots(DBInstanceIdentifier='mydb', SnapshotType='automated')

latestsnapshot = max(snapshots['DBSnapshots'], key=lambda x: x['SnapshotCreateTime'])

snapshotid = latestsnapshot['DBSnapshotIdentifier']

copyid = f"{snapshotid}-copy-{datetime.datetime.now().strftime('%Y%m%d')}"

rds.copydbsnapshot(

SourceDBSnapshotIdentifier=snapshotid,

TargetDBSnapshotIdentifier=copyid,

SourceRegion='us-east-1'

)

return f"Snapshot {snapshotid} copied to {targetregion} as {copyid}"

Configure Amazon CloudWatch Event Trigger

Navigate to Amazon CloudWatch → Events → Create Rule.
Set a schedule expression (e.g., cron(0 0 * * ? *) for daily at midnight).
Target: Your AWS Lambda function.
This ensures snapshots are copied automatically without manual intervention.

Validate Snapshot in Target Region

Go to Amazon RDS Console → Snapshots in the target region.
Confirm the copied snapshot is available and ready for restore.
Optionally, perform a test restore to validate DR readiness.

Conclusion

Automating cross-region snapshot replication for Amazon RDS provides a cost-effective DR solution. It minimizes manual effort, ensures compliance, and significantly reduces recovery time during regional outages. While this approach doesn’t replace full multi-region deployments for mission-critical workloads, it offers an excellent balance between cost and resilience.

Drop a query if you have any questions regarding Amazon RDS and we will get back to you quickly.

Empowering organizations to become ‘data driven’ enterprises with our Cloud experts.

Reduced infrastructure costs
Timely data-driven decisions

Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. Is there downtime during snapshot copy?

ANS: – No, the source database remains operational during snapshot copy.

2. Can I encrypt snapshots during copy?

ANS: – Yes, specify AWS KMS key in copy_db_snapshot.

3. What triggers the AWS Lambda function?

ANS: – Amazon CloudWatch scheduled events or custom triggers.

WRITTEN BY Rohit Kumar

Rohit is a Cloud Engineer at CloudThat with expertise in designing and implementing scalable, secure cloud infrastructures. Proficient in leading cloud platforms such as AWS, Azure, and GCP, he is also skilled in Infrastructure as Code (IaC) tools like Terraform. With a strong understanding of cloud architecture and automation, Rohit focuses on delivering efficient, reliable, and cost-optimized solutions. In his free time, he enjoys exploring new cloud services and keeping up with the latest advancements in cloud technologies.