Data Transmission Service:Migrate data between ApsaraDB RDS instances of different Alibaba Cloud accounts

Prerequisites

• The IDs of the Alibaba Cloud accounts to which the source and destination ApsaraDB RDS instances belong are obtained. For more information about how to obtain the ID of an Alibaba Cloud account, see the Preparations section of this topic.

• DTS is authorized by the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs to access the resources of the account. A Resource Access Management (RAM) role is created, the required permissions are granted to the RAM role, and the trust policy is modified. For more information about how to grant permissions, see the Preparations section of this topic.

• The Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs can be used to log on to the Data Management (DMS) or DTS console.

• The destination ApsaraDB RDS instance is created. The available storage space of the destination ApsaraDB RDS instance is larger than the total size of the data in the source ApsaraDB RDS database.

Billing rules

Permissions required for database accounts

Preparations

1. Required. Obtain the IDs of the Alibaba Cloud accounts to which the source and destination ApsaraDB RDS instances belong.

   Note

   If you have obtained the IDs of the required Alibaba Cloud accounts, skip the step.

   1. Use each of the Alibaba Cloud accounts to which the source and destination instances belong to log on to the Alibaba Cloud Management Console and go to the Security Settings page.

   2. Optional. In the left-side navigation pane, click Security Settings.

   3. View and record the value of the Account ID parameter.

2. Create a RAM role for the source ApsaraDB RDS instance.

   Important

   If you grant permissions to a RAM role as a RAM user, an error message that indicates invalid permissions may appear when you configure a DTS task.

   1. Log on to the RAM console by using the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs.

   2. In the left-side navigation pane, choose Identities > Roles.

      Important

      Do not choose Identities > Users. Otherwise, DTS cannot access the instance, and an error is reported.

   3. On the Roles page, click Create Role.

   4. On the Create Role page, set the Select Trusted Entity parameter to Alibaba Cloud Account and click Next.

   5. In the Configure Role step, configure parameters for the RAM role.

      Parameter	Description
      RAM Role Name	The name of the RAM role. In this example, ram-for-dts is used as the name of the RAM role that is created by using the Alibaba Cloud account to which the source or destination instance belongs. Note The role name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).
      Note	Optional. The description of the RAM role.
      Select Trusted Alibaba Cloud Account	The trusted Alibaba Cloud account. In this example, Other Alibaba Cloud Account is selected and the ID of the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs is entered.

   6. Click OK.

3. Grant permissions to the created RAM role.

   1. Click Input and Attach.

   2. On the Permissions tab, click Precise Permission.

      

   3. In the Precise Permission panel, set Type to System Policy.

      

   4. In the Policy Name field, enter AliyunDTSRolePolicy.

   5. In the message that appears, click OK.

   6. Click Close.

4. Modify the trust policy.

   1. Optional. On the Roles page, find the created RAM role and click its name.

      

   2. On the details page of the RAM role, click the Trust Policy tab.

      

   3. On the Trust Policy tab, click Edit Trust Policy.

   4. Copy the following code to the code editor:

      {
          "Statement": [
              {
                  "Action": "sts:AssumeRole",
                  "Effect": "Allow",
                  "Principal": {
                      "RAM": [
                          "acs:ram::<Alibaba Cloud account ID>:root"
                      ],
                      "Service": [
                          "<Alibaba Cloud account ID>@dts.aliyuncs.com"
                      ]
                  }
              }
          ],
          "Version": "1"
      }

   5. Replace <Alibaba Cloud account ID> in the code with the ID of the Alibaba Cloud account to which the destination RDS instance belongs.

   6. Click Save trust policy document.

Procedure

1. Go to the Data Migration Tasks page by using the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs.

   1. Log on to the DMS console by using the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs.

   2. In the top navigation bar, move the pointer over DTS.

   3. Choose DTS (DTS) > Data Migration.

   Note

   You can also go to the Data Migration page in the DTS console of the new version.

2. From the drop-down list on the right side of Data Migration Tasks, select the region in which your data migration instance resides.

   Note

   If you use the new DTS console, you must select the region in which the data migration instance resides in the upper-left corner.

3. On the Data Migration page, click Create Task. In the Create Task wizard, configure the source and destination databases.

   Warning

   After you configure the source and destination databases, we recommend that you read the Limits that are displayed in the upper part of the page. Otherwise, the task may fail or data inconsistency may occur.

   Section	Parameter	Description
   N/A.	Task Name	The name of the task. DTS automatically generates a task name. We recommend that you specify an informative name to identify the task. You do not need to specify a unique task name.
   Source Database	Select an existing DMS database instance	The instance that you want to use. You can choose whether to use an existing instance based on your business requirements. If you select an existing instance, DTS automatically populates the parameters for the database. If you do not select an existing instance, you must configure parameters for the source database.
   	Database Type	The type of the source database. Select MySQL.
   	Access Method	The access method of the source database. Select Alibaba Cloud Instance.
   	Instance Region	The region in which the source ApsaraDB RDS instance resides. Note You can select different regions for the source and destination ApsaraDB RDS instances.
   	Replicate Data Across Alibaba Cloud Accounts	Specifies whether to migrate data across Alibaba Cloud accounts. In this example, Yes is selected.
   	Alibaba Cloud Account	The ID of the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs. Note For more information about how to obtain the ID of an Alibaba Cloud account, see the Preparations section of this topic.
   	RAM Role Name	The name of the RAM role that is configured for the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs. Note For more information about how to create and grant permissions to the RAM role, see the Preparations section of this topic.
   	RDS Instance ID	The ID of the source ApsaraDB RDS instance. Note If an alert message is displayed when you select an ApsaraDB RDS instance ID, modify the parameter settings as prompted. For more information about alert messages, see the FAQ section of this topic.
   	Database Account	The account of the source database. For more information about the required permissions for the account, see the Permissions required for database accounts section of this topic.
   	Database Password	The password that is used to access the database instance.
   	Encryption	Specifies whether to encrypt the connection to the source database. Select Non-encrypted or SSL-encrypted based on your requirements. In this example, Non-encrypted is selected. Note If you want to select SSL-encrypted, you must enable SSL encryption for the ApsaraDB RDS instance before you configure the data migration task. For more information, see Configure the SSL encryption feature.
   Destination Database	Select an existing DMS database instance	The instance that you want to use. You can choose whether to use an existing instance based on your business requirements. If you select an existing instance, DTS automatically populates the parameters for the instance. If you do not select an existing instance, you must configure parameters for the destination database.
   	Database Type	The type of the destination database. Select MySQL.
   	Access Method	The access method of the destination database. Select Alibaba Cloud Instance.
   	Instance Region	The region in which the destination ApsaraDB RDS instance resides. Note You can select different regions for the source and destination ApsaraDB RDS instances.
   	Replicate Data Across Alibaba Cloud Accounts	Specifies whether data is migrated across Alibaba Cloud accounts. In this example, No is selected.
   	RDS Instance ID	The ID of the destination ApsaraDB RDS instance.
   	Database Account	The account of the destination database. For more information about the permissions that are required for the account, see the Permissions required for database accounts section of this topic.
   	Database Password	The password that is used to access the database instance.
   	Encryption	Specifies whether to encrypt the connection to the destination database. Select Non-encrypted or SSL-encrypted based on your requirements. In this example, Non-encrypted is selected. Note If you want to select SSL-encrypted, you must enable SSL encryption for the ApsaraDB RDS instance before you configure the data migration task. For more information, see Configure SSL encryption for an ApsaraDB RDS for MySQL instance.

4. In the lower part of the page, click Test Connectivity and Proceed.

   If the source or destination database is an Alibaba Cloud database instance, such as an ApsaraDB RDS for MySQL or ApsaraDB for MongoDB instance, DTS automatically adds the CIDR blocks of DTS servers to the IP address whitelist of the instance. If the source or destination database is a self-managed database hosted on an Elastic Compute Service (ECS) instance, DTS automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance, and you must make sure that the ECS instance can access the database. If the self-managed database is hosted on multiple ECS instances, you must manually add the CIDR blocks of DTS servers to the security group rules of each ECS instance. If the source or destination database is a self-managed database that is deployed in a data center or provided by a third-party cloud service provider, you must manually add the CIDR blocks of DTS servers to the IP address whitelist of the database to allow DTS to access the database. For more information, see the CIDR blocks of DTS servers section of the Add the CIDR blocks of DTS servers topic.

   Warning

   If the public CIDR blocks of DTS servers are automatically or manually added to the whitelist of a database instance or to the security group rules of an ECS instance, security risks may arise. Therefore, before you use DTS to migrate data, you must understand and acknowledge the potential risks and take preventive measures, including but not limited to the following measures: enhancing the security of your username and password, limiting the ports that are exposed, authenticating API calls, regularly checking the whitelist or security group rules and forbidding unauthorized CIDR blocks, or connecting the database instance to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.

5. Configure the objects to be migrated and advanced settings.

   Parameter	Description
   Migration Types	To perform only full data migration, select Schema Migration and Full Data Migration. To ensure service continuity during data migration, select Schema Migration, Full Data Migration, and Incremental Data Migration. Note If you do not select Incremental Data Migration, we recommend that you do not write data to the source database during data migration. This ensures data consistency between the source and destination databases.
   Method to Migrate Triggers in Source Database	The method that is used to migrate triggers from the source database. You can select a migration method based on your business requirements. If no triggers are to be migrated, you do not need to configure this parameter. For more information, see Synchronize or migrate triggers from the source database. Note This parameter is available only if you select Schema Migration and Incremental Data Migration for the Migration Types parameter.
   Enable Migration Assessment	Specifies whether to enable migration assessment. Migration assessment aims to check whether the schemas of the source and destination databases, such as the length of indexes, stored procedures, and dependent tables, meet the requirements. You can select Yes or No based on your business requirements. Note You can configure this parameter only if you select Schema Migration when you configure the Migration Types parameter. If you select Yes, the precheck may take more time. You can view the assessment results during the precheck. The assessment results do not affect the precheck results.Assessment Result
   Processing Mode of Conflicting Tables	Precheck and Report Errors: checks whether the destination database contains tables that use the same names as tables in the source database. If the source and destination databases do not contain tables that have identical table names, the precheck is passed. Otherwise, an error is returned during the precheck and the data migration task cannot be started. Note If the source and destination databases contain tables with identical names and the tables in the destination database cannot be deleted or renamed, you can use the object name mapping feature to rename the tables that are migrated to the destination database. For more information, see Map object names. Ignore Errors and Proceed: skips the precheck for identical table names in the source and destination databases. Warning If you select Ignore Errors and Proceed, data inconsistency may occur and your business may be exposed to the following potential risks: If the source and destination databases have the same schema, and a data record has the same primary key as an existing data record in the destination database, the following scenarios may occur: During full data migration, DTS does not migrate the data record to the destination database. The existing data record in the destination database is retained. During incremental data migration, DTS migrates the data record to the destination database. The existing data record in the destination database is overwritten. If the source and destination databases have different schemas, only specific columns are migrated or the data migration task fails. Proceed with caution.
   Capitalization of Object Names in Destination Instance	The capitalization of database names, table names, and column names in the destination instance. By default, DTS default policy is selected. You can select other options to make sure that the capitalization of object names is consistent with that of the source or destination database. For more information, see Specify the capitalization of object names in the destination instance.
   Source Objects	Select one or more objects from the Source Objects section. Click the icon to add the objects to the Selected Objects section. Note You can select columns, tables, or databases as the objects to be migrated. If you select tables or columns as the objects to be migrated, DTS does not migrate other objects, such as views, triggers, or stored procedures, to the destination database.
   Selected Objects	To rename an object that you want to migrate to the destination instance, right-click the object in the Selected Objects section. For more information, see Map the name of a single object. To rename multiple objects at a time, click Batch Edit in the upper-right corner of the Selected Objects section. For more information, see Map multiple object names at a time. Note If you use the object name mapping feature to rename an object, other objects that depend on the object may fail to be migrated. To specify WHERE conditions to filter data, right-click an object in the Selected Objects section. In the dialog box that appears, specify the conditions. For more information, see Set filter conditions. To migrate DML or DDL operations performed on a specific database or table, right-click the object in the Selected Objects section. In the dialog box that appears, select the DML or DDL operations that you want to migrate.

6. Click Next: Advanced Settings to configure advanced settings.

   • Data Verification Settings

     For more information about how to configure the data verification feature, see Enable data verification.

   • Advanced Settings

     Parameter or setting	Description
     Dedicated Cluster for Task Scheduling	By default, DTS schedules the data migration task to the shared cluster if you do not specify a dedicated cluster. If you want to improve the stability of data migration tasks, purchase a dedicated cluster. For more information, see What is a DTS dedicated cluster.
     Set Alerts	Specifies whether to configure alerting for the data migration task. If the task fails or the migration latency exceeds the specified threshold, the alert contacts receive notifications. Valid values: No: does not configure alerting. Yes: configures alerting. In this case, you must also configure the alert threshold and alert notification settings. For more information, see the Configure monitoring and alerting when you create a DTS task section of the Configure monitoring and alerting topic.
     Copy the temporary table of the Online DDL tool that is generated in the source table to the destination database.	If you use DMS or the gh-ost tool to perform online DDL operations on the source database, you can specify whether to migrate the data of temporary tables generated by online DDL operations. Valid values: Important You cannot use tools such as pt-online-schema-change to perform online DDL operations on the source database. Otherwise, the DTS task fails. Yes: DTS migrates the data of temporary tables generated by online DDL operations. Note If online DDL operations generate a large amount of data, latency may occur for the data migration task. No, Adapt to DMS Online DDL: DTS does not migrate the data of temporary tables generated by online DDL operations. Only the original DDL operations that are performed by using DMS are migrated. Note If you select this option, the tables in the destination database may be locked. No, Adapt to gh-ost: DTS does not migrate the data of temporary tables generated by online DDL operations. Only the original DDL operations that are performed by using the gh-ost tool are migrated. You can use the default or custom regular expressions to filter out the shadow tables of the gh-ost tool and tables that are not required. Note If you select this option, the tables in the destination database may be locked.
     Whether to Migrate Accounts	Specifies whether to migrate accounts. In this example, No is selected.
     Retry Time for Failed Connections	The retry time range for failed connections. If the source or destination database fails to be connected after the data migration task is started, DTS immediately retries a connection within the retry time range. Valid values: 10 to 1440. Unit: minutes. Default value: 720. We recommend that you set the parameter to a value greater than 30. If DTS is reconnected to the source and destination databases within the specified retry time range, DTS resumes the data migration task. Otherwise, the data migration task fails. Note If you specify different retry time ranges for multiple data migration tasks that share the same source or destination database, the value that is specified later takes precedence. When DTS retries a connection, you are charged for the DTS instance. We recommend that you specify the retry time range based on your business requirements. You can also release the DTS instance at the earliest opportunity after the source database and destination instance are released.
     Retry Time for Other Issues	The retry time range for other issues. For example, if DDL or DML operations fail to be performed after the data migration task is started, DTS immediately retries the operations within the retry time range. Valid values: 1 to 1440. Unit: minutes. Default value: 10. We recommend that you set the parameter to a value greater than 10. If the failed operations are successfully performed within the specified retry time range, DTS resumes the data migration task. Otherwise, the data migration task fails. Important The value of the Retry Time for Other Issues parameter must be smaller than the value of the Retry Time for Failed Connections parameter.
     Enable Throttling for Full Data Migration	Specifies whether to enable throttling for full data migration. During full data migration, DTS uses the read and write resources of the source and destination databases. This may increase the loads of the database servers. You can enable throttling for full data migration based on your business requirements. To configure throttling, you must configure the Queries per second (QPS) to the source database, RPS of Full Data Migration, and Data migration speed for full migration (MB/s) parameters. This reduces the loads of the destination database server. Note You can configure this parameter only if you select Full Data Migration for the Migration Types parameter.
     Enable Throttling for Incremental Data Migration	Specifies whether to enable throttling for incremental data migration. To configure throttling, you must configure the RPS of Incremental Data Migration and Data migration speed for incremental migration (MB/s) parameters. This reduces the loads of the destination database server. Note You can configure this parameter only if you select Incremental Data Migration for the Migration Types parameter.
     Environment Tag	The environment tag that is used to identify the DTS instance. You can select an environment tag based on your business requirements. In this example, no environment tag is added.
     Configure ETL	Specifies whether to enable the extract, transform, and load (ETL) feature. For more information, see What is ETL? Valid values: Yes: configures the ETL feature. You can enter data processing statements in the code editor. For more information, see Configure ETL in a data migration or data synchronization task. No: does not configure the ETL feature.
     Whether to delete SQL operations on heartbeat tables of forward and reverse tasks	Specifies whether to write SQL operations on heartbeat tables to the source database while the DTS instance is running. Valid values: Yes: does not write SQL operations on heartbeat tables. In this case, a latency of the DTS instance may be displayed. No: writes SQL operations on heartbeat tables. In this case, features such as physical backup and cloning of the source database may be affected.

7. In the lower part of the page, click Next: Save Task Settings and Precheck.

   You can move the pointer over Next: Save Task Settings and Precheck and click Preview OpenAPI parameters to view the parameters to be specified when you call the relevant API operation to configure the DTS task.

   Note

   • Before you can start the data migration task, DTS performs a precheck. You can start the data migration task only after the task passes the precheck.

   • If the task fails to pass the precheck, click View Details next to each failed item. After you analyze the causes based on the check results, troubleshoot the issues. Then, run a precheck again.

   • If an alert is triggered for an item during the precheck:

     • If an alert item cannot be ignored, click View Details next to the failed item and troubleshoot the issues. Then, run a precheck again.

     • If the alert item can be ignored, click Confirm Alert Details. In the View Details dialog box, click Ignore. In the message that appears, click OK. Then, click Precheck Again to run a precheck again. If you ignore the alert item, data inconsistency may occur, and your business may be exposed to potential risks.

8. Wait until Success Rate becomes 100%. Then, click Next: Purchase Instance.

9. On the Purchase Instance page, configure the Instance Class parameter for the data migration instance. The following table describes the parameters.

   Section	Parameter	Description
   New Instance Class	Resource Group	The resource group to which the data migration instance belongs. Default value: default resource group. For more information, see What is Resource Management?
   	Instance Class	DTS provides instance classes that vary in the migration speed. You can select an instance class based on your business scenario. For more information, see Instance classes of data migration instances.

10. Read and agree to Data Transmission Service (Pay-as-you-go) Service Terms by selecting the check box.

11. Click Buy and Start. In the message that appears, click OK.

    You can view the progress of the task on the Data Migration page.

FAQ

• What Alibaba Cloud accounts do I use in different stages of a cross-account DTS task?

  In a cross-account DTS task, the use of each Alibaba Cloud account is related to the database of the Alibaba Cloud account. Take note of the following items when you decide to use an Alibaba Cloud account:

  Note

  • The accounts that you use during the DTS task are Alibaba Cloud accounts.

  • If a database to be used during the task does not belong to the Alibaba Cloud account that you use to create the DTS task, set the Replicate Data Across Alibaba Cloud Accounts parameter of the database to Yes.

  • The Databases that support the Replicate Data Across Alibaba Cloud Accounts parameter, see Supported databases.

  The following table describes how to decide the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task. You must decide the across-account database that you want to use first. Find the row that meets your business requirements based on the Across-account database column. Then, you can view the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task.

  Across-account database	Alibaba Cloud account that is used to log on to the RAM console	Alibaba Cloud account that is specified in the trust policy	Alibaba Cloud Account that is used to create the DTS task	Alibaba Cloud account that is configured for the Alibaba Cloud Account parameter
  Source database	Alibaba Cloud account to which the source database belongs	Alibaba Cloud account to which the destination database belongs	Alibaba Cloud account to which the destination database belongs	Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs.
  Destination database	Alibaba Cloud account to which the destination database belongs	Alibaba Cloud account to which the source database belongs	Alibaba Cloud account to which the source database belongs	Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.
  Source and destination databases	Each of the Alibaba Cloud accounts to which the source and destination database belong	Specific Alibaba Cloud account	Specific Alibaba Cloud account	Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs. Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.

• How do I handle the errors that occur when I configure a cross-account DTS task?

  The following table shows the common error messages that appear when you configure a cross-account DTS task and provides the corresponding solutions.

  Error message	Solution
  	The value of the Alibaba Cloud Account parameter is invalid. Check whether you enter a valid ID of the Alibaba Cloud account to which the source or destination instance belongs. For more information, see the Preparations section of this topic.
  	These errors may occur due to the following reasons: The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs. The required permissions are not granted to the RAM role. Use the Alibaba Cloud account to which the source or destination instance belongs to grant permissions. Note For more information, see the Preparations section of this topic.
  	These errors may occur due to the following reasons: The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs. The required permissions are not granted to the RAM role. Check whether you have granted the required permissions to the RAM role. The trust policy of the RAM role is not modified. Check whether you have modified the trust policy for the RAM role. Note For more information, see the Preparations section of this topic.
  	The RAM role that you specify in the RAM Role Name parameter is not granted the required permissions. To grant the required permissions to the RAM role, go to the details page of the RAM role. On the Permissions tab, click Precise Permission and specify the policy in the Precise Permission panel. Then, create the task again. For example, you must grant the required permissions to the RAM role of the Alibaba Cloud account to which the source instance belongs. For information about how to grant permissions to a RAM role, see the "Grant permissions to an existing RAM role" section of the Configure RAM authorization for cross-account DTS tasks topic.
  	The value of the RAM Role Name parameter is invalid. Enter the RAM role that you create during preparations instead of the default role AliyunDTSDefaultRole of DTS.