AWS EC2 Instance Migration and AMI Sharing

Migrating an EC2 Instance Across Availability Zones (AZs)

• Objective: Move an EC2 instance from one AZ to another within the same region.
• Method: Use Amazon Machine Images (AMIs).
• Steps:
  1. Create an AMI from the existing EC2 instance.
  2. Launch a new EC2 instance in a different AZ using the created AMI.

Example:

• Original instance in us-east-1a.
• Create AMI.
• Launch new instance from AMI in us-east-1b.

Cross-Account AMI Sharing

• Purpose: Share AMIs with another AWS account.
• Ownership: Sharing does not change the ownership of the AMI.
• Conditions for Sharing:
  • Unencrypted volumes can be shared with other accounts or publicly.
  • Encrypted volumes require the volume to be encrypted with a customer-managed key (CMK).

Sharing Unencrypted AMIs

• Scenario: Account A shares an unencrypted AMI with Account B.
• Outcome: Account B can directly launch an EC2 instance from the shared AMI.

Sharing Encrypted AMIs

• Scenario: Account A shares an encrypted AMI, encrypted with CMK-A, with Account B.
• Requirements:
  • Share the AMI with Account B.
  • Share the corresponding KMS key (CMK-A) with Account B.
  • Grant permissions to Account B to describe, decrypt, and re-encrypt using CMK-A

Cross-Account AMI Copy