Architecture

Backup of the RDS database to Oracle directory, which is located on internal RDS server
Copy the backup to S3 bucket
Mount the S3 bucket as a directory on the staging host
Mount Accelario disk to the staging server
Restore from the mounted directory to staging Oracle instance (the instance is located on Accelario disk that was mounted in action 4)
Create standard VDB

Prerequisites

RDS Oracle database
Staging EC2 Linux server with Oracle Database software installed - same version as the RDS database

Create a Standard S3 Bucket with a one folder inside.
In our example, we created a bucket rds-ora19 with folder ora19-folder

Create IAM policy. It will be used for S3 bucket access from both RDS and EC2 servers.
In our example we called it loki-s3-access-policy

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::*" ] } ] }
In order to get files from S3 to EC2 server (action 3 in the architecture diagram) you have to decide how to authenticate.
There are 2 modes :

If you plan to use Access Key with Secret Key then create an IAM user with the above access policy.

After the users creation, generate its access key and store it in a safe place - you will use them when you will be configuring GI

Regardless of what choice you made in point 3 , create IAM role and attach the S3 policy with it.
It is important since RDS is accessing S3 (action 2 in the architecture diagram) using IAM role only.
Make sure to choose “AWS service”, then “RDS”, then “RDS - Add Role to Database”

Ignore error: Policy AmazonRDSServiceRolePolicy not attached

In the end the role should look like this (in our example we called it loki-s3-access-role):

Goto RDS and create an Option group for oracle engine and version that are the same as your RDS instance (oracle-ee stands for Enterprise Edition, oracle-se2 stands for Standard Edition Two).
In our example we called it s3-option-group-oracle-se2
Once option group is created, select it and click on Add Option for the group.
Add S3_INTEGRATION from Option name dropdown, choose Version 1.0, check Yes for Apply immediately and press Add Option.
Now apply this option group with RDS database.
Choose the required RDS database, click Modify
Under the Additional configuration find Option group, open the list and choose the option group that you have created in the previous point.

Verify that the RDS database has backups enabled. It is needed to enable Archive Log Mode.
Setup the backup retention period to be long enough to accommodate future refreshes from Accelario.
Recommended value is at least 7 days.
Add the IAM role created in Step 5, with S3_INTEGRATION feature
Go to the RDS database, select tab Connectivity & security, scroll down to Manage IAM roles, choose the role from step 5 (in our example loki-s3-access-role)

In the end it should look like this:
Perform some admin configuration in the RDS database. Connect to RDS database using an admin user.

Set Archive Log retention.
Check current value:
set serveroutput on EXEC rdsadmin.rdsadmin_util.show_configuration;
If the value is under 48 – set it to 48
begin rdsadmin.rdsadmin_util.set_configuration( name => 'archivelog retention hours', value => '48'); end; /
Enable Force Logging.
Enable Block Change Tracking – optionally, but highly recommended

If the rpm package is not available, you can download it from our repository and install:

Apply the IAM role to the server. Choose it in the EC2 console, go to Actions > Security > Modify IAM role
Make sure that the server has Oracle Database software installed - same version as the RDS database