I have an aws instance running on one account A. Then I wanted to transform everything on that account to another aws account B. Here's what i did, i create an AMI (private) for A and shared it with account B by adding permissions. Then I used the shard AMI created another instance running on account B.
Now is it safe to shut down the running instance on account A? Cause I no longer want to use that account.
Or what further steps do I need?
Thanks,it's really a hurry !
Yes, that's all the steps you need to do. Now you can safely remove the EC2 instance and the AMI from account A, account B won't be affected.
Related
I have created an AWS lambda function to shut down an EC2 instance in my account. The function is called from CloudWatch at a certain time.
Suppose you have to accomplish the same task in an AWS Organization. You have full control over the master account and you are the owner of the Organization.
If you want to shut down all the EC2 instances in the organization at a certain time, first of all, it is possible to control that from your master account? If it is, then what would be the approach?
Master CloudWatch --calls--> Master Lambda --> shuts down EC2 instances in the organization
Member CloudWatch --> Member Lambda --> shuts down EC2 in their organization.
If 2. is the only option, is it possible to push CloudWatch rules and Lambda functions from the Master account into each member account?
Any other approach to address this problem?
Many thanks!
Option one is probably the better of the two, as it's a bit simpler (no cross-account events to deal with).
To do this you'll need to understand AWS Security Token Service's Assume Role.
This would allow your lambda to systematically:
Assume a role in Account 1 that can list and shutdown EC2 instances
Shutdown EC2 instances
Assume a role in Account 2 ... etc.
To do this you'll have to make an IAM role to be assumed in each 'slave' account, and an IAM role that is allowed to use sts:AssumeRole in the master account to invoke that lambda with.
I would challenge you to make sure this is what you need. Typically life is much easier in AWS if you can keep your accounts with only very loose dependencies on each other; instead considering an approach where each account is responsible for shutting down their own EC2 instances based on a trigger.
I have created a free trial instance in GCP. Now I am seeing 2 instance in VM instance dashboard.
One is the instance that I am using and other is ce-replicator-goo16-2e8##f6b. I tried to delete this instance but it automatically comes up again. I am not sure why this instance is for. Will I be charged for this instance as well.
IF anyone have idea on this, Please help.
Thanks
J
It happens when you are using CloudEndure migration service to bring your instance into GCP. In such cases, Service Account having Owner permission recreating the instance "ce-replicator-goo16-2e8##f6b". Deleting the "service account" used for migration would allow deleting those temporary instance.
I want to copy the EC2 instance that i have to one amazon account to another one account that i have now.At the first account,at the EC2 instance i am running a website.I want exactly the same website to be copied at the new account that i have,because my second account is for testing purposes and i want to do changes to the website without affecting the first account,the website that is online.I don't know very well of the Amazon services and how can i manage them,I ask for your understanding.Can i do this?And if i can do it,which are the steps? But if i can make a copy inside the first account,that has the online website,and testing this copy without affecting the main website again,is accepted and i can do it,just tell me how can i do this. Thanks in advance
The following AWS KB article describes the process. It's not possible to copy the instance, but you can create an AMI of the instance and share it with the other AWS account. Then you create another instance from that AMI in the other account.
https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-ec2-instance/
Stop Instance(if possible) and create AMI from it
Copy AMI from Account A to Account B .
launch Instance from AMI and you are good to go.
You can read about it here
Also, if you want to automate this then you can visit Botmetric
I try to use one AWS EC2 instance to start another EC2 instance automatically so that it could be started automatically if this monitoring EC2 instance keeps running. I could use SSH to connect to my instance . However ,when I try to use ec2-start-instance . I failed with following bugs:
The instance ID 'i-XXXXXXXX' does not exist
These two instances are in different availability zone so I think it is networking settings problem but I don't know how to solve it.Anyone could help me?
I suspect your answer lies in Roles. i.e. Account A's EC2 instance needs to have a Role Right on Account B to start EC2 instances in Account B. And it needs to somehow be assigned this role. Not sure that's possible?
Check into:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
"The access policy for the role specifies what the role allows someone to do. For example, you could specify that the role allows someone to manage only your Amazon EC2 and Amazon RDS resources but not your IAM users or groups. In our sample scenario, you use the access policy to give Example Corp read-only access to all of the resources in your account."
#Mark B
I fixed because I used the wrong credentials. One AWS account was set up for my personal website and the other was other uses so I considered using this continuously running instance to do something for me.
Thank you
Is there a way to copy an EC2 snapshop made in one amazon account to another one and i.e. lauch a new instance with it? If it's possible, which steps do I have to do exactly? How to allow another account access to your snapshots and how to copy them across? Would appreciate your help.
This procedure will help you to share your unencrypted snapshots. For security reasons, encrypted snapshots cannot be shared or made public.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
Click Snapshots in the navigation pane.
The console displays a list of current snapshots and their status.
Select a snapshot and select Modify Snapshot Permissions from the Actions list.
Choose whether to make the snapshot public or to share it with select AWS accounts:
Important
Making your snapshot public shares all snapshot data with everyone. Snapshots with AWS Marketplace product codes cannot be made public.
To make the snapshot public, select Public.
To expose the snapshot only to specific AWS accounts, select Private, enter the ID of the AWS account (without hyphens) in the AWS Account Number field, and click Add Permission. Repeat until you've added all the required AWS accounts.
Click Save when you're done.
Important
When you share a snapshot (whether by sharing it with another AWS account or making it public to all), you are giving others access to all the data on your snapshot. Share snapshots only with people with whom you want to share all your snapshot data.
See here for more : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
If you want the other account to launch a clone of one of your instances, you can create an AMI from your instance and add the other account ID to the Permissions on the AMI.
The AMI will then appear in their list of "Shared With Me" AMIs and they can launch it.