AWS EC2 AMI and RDS Snapshot sharing - amazon-web-services

We are currently migrating our AWS infrastructure into another AWS Account,
To do so, I created AMIs of my EC2 instances which I need to redeploy in the newer AWS account,
Similarly I took Snapshot of the RDS which I will be needing.
I shared the AMIs and the RDS with the new AWS Account Number.
What I am worried about is,
When the old account is cleaned and shut down,
will my shared AMIs and Snapshots get removed from the new account as well?

Yes, they will go away and be inaccessible from the new account, since they will no longer exist.
Sharing only gives the remote account permission to access the resource. It doesn't copy or clone them.
From the new account, you need to make a copy of the shared AMIs and shared DB Snapshots if you want them to be permanently available.

Related

How to transfer AWS RDS to different role

We have two AWS roles/accounts, and I hosted our PostgreSQL in one account, and later I was notified this role would be disabled shortly, and I need to transfer our database to another AWS accounts. So I made a snapshot of the DB from one to another. I'm wondering if the original account is deleted in the future, does my snapshot also get impacted? Thanks for the clarification
I agree with #erik258. I am sharing this article that says you can't transfer resources between accounts. However, you can migrate Amazon RDS resources to another account.
To migrate Amazon RDS resources to another account, follow these instructions:
Create a DB snapshot.
Share the snapshot with the target account.
Create a new DB instance in the target account by restoring the DB snapshot.

Can't export a EC2 AMI to another account because the AWS Marketplace OS is obsolete

I'm trying to backup an old instance that I have from one of my accounts that I want to close down so I don't lose that instance. I was thinking in backing up the instance by making it an AMI and then transfer that image to another AWS account which I still have active.
I then started the process of sharing the image with the other aws account that I have and when I want to launch a new EC2 instance using that AMI, I get this error:
Then I went to that URL described in the error message to subscribe I get this notification:
According to what I'm seeing, AWS doesn't offer this version of centos OS, so I was wondering what happens in these cases, is there anything that can be done so I can still create the backup and save it in my other active account?
If you just need the data inside your instance, maybe you can try to create a snapshot of the volume and make it available for your other account ?

How to copy redshift cluster snapshot from one account to another account through script

How to copy a redshift cluster snapshot from one account to another account through script.
To manually migrate an Amazon Redshift cluster to another AWS account, follow these steps:
Create a manual snapshot of the cluster you want to migrate.
Share the cluster snapshot with another AWS account to view and
restore the snapshot.
Before you copy a snapshot to another region, first enable
cross-region snapshots.
In the destination AWS account, restore the shared cluster snapshot.
Please see
https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-redshift/
If you want to do that in a "script" for some reason - then you need to read https://docs.aws.amazon.com/redshift/latest/mgmt/manage-snapshots-api-cli.html
I believe everything you need can be done using aws cli.

Is it possible to dowload a Windows AMI created in EC2 for a local copy

I am making a backup of all the instances in EC2 and I am following the best practices specified by techsoup for backup
In this it is mentioned to keep a local copy of the server at 2 different locations. I was wondering if it is possible to download a Windows AMI created in Amazon EC2 which was not exported from the local VM or using the AWS CLI. It is completely an EC2 instance whose AMI was created for backup.
Can I keep a local copy of the AMI for on-premise backup?
No, it is not possible. If the AMI needs to be kept in two locations then those locations should be separate AWS regions. You can copy the AMI to another region using the AWS CLI's copy-image or via the AWS console.

Move AWS EC2 Instance to another account

I created a Amazon AWS EC2 instance under my account and made an website/ftp on it, now a new partner wants to move the instance under his company account so his company can pay the bills.
We can't change the instance IP because banks in the region are communicating with the server.
How can I move the instance to a different account without having to change anything on the configuration?
The short answer is: No, you cannot move an running instance from one account to another unless and ofcourse AWS Technical support has some magic available behind the curtains.
You can However, Create an AMI from this instance and share this AMI with other users/account. refer: http://aws.amazon.com/articles/530
To share or migrate EC2 instances from a source account to a target
account follow these steps:
Create a custom Amazon Machine Image (AMI)
from the instance you want to share or migrate. Be sure to include all
required EBS data volumes in the AMI.
Note: Data stored on instance store volumes isn't preserved in AMIs, and won't be on the instance store volumes of the instances
that you launch from the AMI.
Share the AMI with the target account
using either the EC2 console or the AWS Command Line Interface (CLI).
From the target account, find the AMI
using the EC2 console or the AWS CLI.
Launch a new instance from the shared AMI
on the target account.
Note: The private IP address of VPC instances will be different in the new account, unless you specifically set them during
launch.
Related information
Changing the Encryption State of Your Data
AWS CLI Command Reference (EC2)
Source: Transfer Amazon EC2 Instance
This is not possible.
AWS Support does not have access to copy Amazon EC2 resources or
manipulate any configuration options in AWS accounts. You can't
separate an AWS account from an Amazon.com account or transfer
resources between AWS accounts. It is possible to manually migrate
Amazon EC2 resources from one account to another by completing the
steps described here.
Source : https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-ec2-instance/
I'm working with several hundreds on EC2 instances in several AWS regions and accounts. You can move an EC2 instance to another AWS account, however, you can't move the Elastic IP and it will take up 16 steps with AWS CLI, if you want to migrate Tags and clone the Security Groups. I wrote a detailed post with the whole process at https://medium.com/#gmusumeci/how-to-move-an-ec2-instance-to-another-aws-account-e5a8f04cef21.
there are more than 10 steps involved in doing the cloud move. I would suggest you use Infrastructure as a Configuration (terraform and CloudFormation) or Infrastructure as a real code (pulumi and CDK)
however if you want to give a go at a nice tool I found called KopiCloud. Please feel welcome to try it and leave your comments below. Is good if you need to move instances on a quick lift and shift scenario.
You can re-think the design of having the banks in the region communicating to your servers via IP.
If the banks communicate using DNS names, you have much more flexibility to move your servers around.
You can also achieve improvements in high availability and resiliency by moving to DNS connections.
So a plan might be
Setup a DNS record for your existing server
Get the banks who connect to your server to connect via the DNS name
Setup your new server in the other account (other answers describe this)
Cut the banks over to your new server in the new account simply by updating the DNS record
I haven't tried load balancing across accounts, but that may be another option, which would give you HA as a bonus. By registering your current instance, and new instance in another account as targets with a load balancer and getting your clients to connect to the load balancer, you could cut over to the other account. The only part I haven't tried is registering targets in different accounts, but looks like this should be possible with an AWS Network Load Balancer