Replication of RDS snapshots may fail with "Cross region snapshot copy is not supported for TDE encrypted snapshots"
=================================================================================================
As of June 13 2007, AWS has fixed this issue: https://aws.amazon.com/about-aws/whats-new/2017/06/amazon-rds-supports-cross-region-copying-of-tde-snapshots/
=================================================================================================
Replication of RDS snapshots may fail with the "Cross region snapshot copy is not supported for TDE encrypted snapshots" message in the CPM logs:
<Message>Cross region snapshot copy is not supported for TDE encrypted snapshots</Message>
This message is pointing to 2 possible reasons for replication failure:
1) AWS doesn't support copying across regions a snapshot from a TDE SQL Server instance.
2) AWS currently doesn't support copying across regions a snapshot of multi-AZ (MAZ) RDS SQL server.
Both of these limitations are documented here: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html
Related Articles
Cross-Account and Cross-Region DR of an encrypted RDS database may fail
If cross-region and cross-account backup of an encrypted RDS database is successful, but fails in the cross-region cross-account DR copy, you may see the following error in the cpm logs: ERROR: start_copy_region(dr_rds.py:381) RDS DR copy_snapshot ...
Cross-Region recovery of encrypted RDS may fail
Cross-Region recovery of encrypted RDS may fail with following error in the Recovery Log: Reason: Must specify new KMS key for cross region encrypted snapshot copy If you found the above error, please upgrade to the latest 2.X.X. version to resolve ...
Cross-region DR copy of encrypted snapshot may fail with "Copy failed due to an AWS limitation regarding default encryption key” error
DR of encrypted snapshots may fail with the following error in the Backup log: Error - <DR Policy>, copy snapshot failed (in Backup account) due to an AWS limitation regarding default encryption key source <source region>, target <target region>, ...
Cross region copy of RDS snapshots may fail with error: RDS DR copy snapshot failed (in Backup account). No matching KMS alias in target region
Issue: The Following error may appear in the CPM Server logs: ERROR: start_copy_region(dr_rds.py:301) RDS DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source EU (Frankfurt), target Asia Pacific (Singapore), RDS ...
Cross-Region DR RDS backup may fail with "Copy failed due to an AWS limitation regarding default encryption key” error
RDS DR backup of encrypted snapshots between different regions may fail with the following error in the Backup log: Error - RDS DR, copy snapshot failed (to DR account) due to an AWS limitation regarding default encryption key (source US East (Ohio), ...