How do I change the VPC for an Amazon RDS DB instance?

3 minute read
0

How can I move my Amazon Relational Database Service (Amazon RDS) DB instance from an existing Amazon Virtual Private Cloud (Amazon VPC) to a new VPC?

Short description

To move an Amazon RDS DB instance to a new VPC, you must change its subnet group. Before you move the RDS DB instance to a new network, configure the new VPC. This configuration includes the security group inbound rules, the subnet group, and the route tables. When you change the VPC for a DB instance, the instance reboots when it moves from one network to another. Because the DB instance isn't accessible while it's being moved, change the VPC during a planned change window that is outside the RDS weekly maintenance window.

You can't change the VPC for a DB instance if:

  • The DB instance is in multiple Availability Zones (AZs). Convert the DB instance to a single AZ, and then convert it back to a Multi-AZ DB instance after moving to the new VPC. For more information about converting instances, see High availability (Multi-AZ) for Amazon RDS
    Note: You can't change a DB subnet group to a Multi-AZ configuration. By default, the Amazon Aurora storage is Multi-AZ—even for a single instance—so you can't modify the VPC for Amazon Aurora. For more information, see How can I change the VPC of an Amazon Aurora for MySQL or PostgreSQL cluster?
  • The DB instance is a read replica or has read replicas. Remove the read replicas, and then add read replicas after the DB instance is moved to the new VPC.
  • The subnet group created in the target VPC doesn't have subnets from the AZ where the source database is running. If the AZs are different, then the operation fails.

Resolution

  1. Open the Amazon RDS console.
  2. From the navigation pane, choose Subnet Groups from the navigation pane.
  3. Choose Create DB Subnet Group.
  4. Enter the subnet name, description, and VPC ID, and then choose the subnets needed for the DB instance.
  5. Choose Create.
  6. From the navigation pane, choose Databases.
  7. Select the DB instance, and then choose Modify.
  8. From the Connectivity section, select the Subnet Group associated with the new VPC. Then, choose the appropriate Security Group for that VPC.
  9. Choose Continue, and then choose Apply Immediately.
    Note: If you don't choose Apply Immediately, then Amazon RDS modifies the VPC during the next maintenance window.
  10. Review the details on the Modify DB Instance page, and then choose Modify DB Instance.

This task can take several minutes to complete. You can confirm that the subnet is changed by selecting the instance and then navigating to the configuration details page. This shows that the subnet group is updated and the status is Complete. You can also open the RDS console and then choose Events in the left navigation pane. Confirm that the process moved the DB instance to the target VPC.


Related information

Working with a DB instance in a VPC

VPCs and subnets