AWS CLI restore-from-cluster-snapshot doesn't find snapshot in account

0
votes

I'm trying to restore a cluster from a snapshot using

aws redshift restore-from-cluster-snapshot --cluster-identifier my-cluster
--snapshot-identifier my-identifier  --profile my-profile --region my-region

But I'm receiving

An error occurred (ClusterSnapshotNotFound) when calling
 the RestoreFromClusterSnapshot operation: Snapshot not found: my-identifier

I checked the available snapshots using

aws redshift describe-cluster-snapshots --profile my-profile --region my-region

And my-identifier appears as available snapshot.

Entering via Redshift console I'm also able to see the snapshots and was able to restore it from the UI.

Does anybody have any clues ?

P.S.: Not sure if it's relevant, but it's a snapshot from another account that I shared with the account where I'm trying to restore the cluster

1
amazon-web-servicesamazon-redshiftaws-cli
Do you have the same rights when using the CLI as when in the console? Like the ability to read the snapshot. - Bill Weiner
Yes. I used the same profile to check the UI - Lucas Abreu
Have you tried the --owner-acount? From the help page: "--owner-account (string) The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot." - Bill Weiner
Thanks, Bill ! It worked. I find it odd tho, that I used to execute the exact same command without providing the owner account. - Lucas Abreu
Good to hear. It's security thing. The creating account is needed to decrypt the snapshot. - Bill Weiner

1 Answers

1
votes

You must specify the owner account number when restoring to enable Redshift to decrypt the shared snapshot.

aws redshift restore-from-cluster-snapshot  \
  --profile myAwsCliProfile  \
  --snapshot-identifier mySnapshotName \

  --owner-account 012345678910  \

  --cluster-identifier my-new-redshift-cluster \
  --number-of-nodes 6     \
  --node-type ra3.16xlarge   \
  --port 5439   \
  --region us-east-1   \
  --availability-zone us-east-1d \
  --cluster-subnet-group-name default\
  --availability-zone-relocation  \
  --no-publicly-accessible \
  --maintenance-track-name CURRENT