It is tedious to move EC2 instances around in the AWS environment. Many steps are involved and ensuring things like tags being applied to the new instance and volumes is error prone. Not to mention the extra layer of debauchery that takes place when encryption is involved. Enter ec2_teleporter✨🚀.
Designed for use with AWS...obviously, and Python 3.7. This tool currently supports EBS backed instances only. See the Features list below.
git clone https://github.com/rowlinsonmike/ec2_teleportercd ./ec2_teleporterpip install requirements.txt
python ec2_teleporter.py
ec2_teleporter requires 2 profiles in your ~/.aws/credentials file
- One profile should have the name
srcand should contain access keys for source account - One profile should have the name
dstand should contain access keys for destination account
- run
python ec2_teleporter.py - select
source regionfrom given prompt - select
destination regionfrom given prompt - input
instance-idwhen prompted - instance will be powered off
- AMI will be created from instance
orprompted to use existing AMI - select destination
vpcfrom prompt - select destination
subnetfrom prompt - select destination
security groupfrom prompt - select destination
instance profilefrom prompt - If original instance is encrypted you will be prompted to select destination
kmskey to use. Else you will be asked whether you would like the instance encrypted or not. - Confirm all your selections with
yor backout withn - Prompted to cleanup AMI that was created.
ywill delete AMI and snapshots. - Prompted to terminate original instance.
ywill delete original instance even if termination protection is enabled. - New
instance-idwill be displayed
| Current Version | |
|---|---|
| teleport unencrypted/encrypted instance same region same account | ✅ |
| teleport unencrypted/encrypted instance cross region same account | ✅ |
| teleport unencrypted/encrypted instance same region cross account | ✅ |
| teleport unencrypted/encrypted instance cross region cross account | ✅ |
| delete resources (AMIs,snapshots,instance) after teleport | ✅ |
| Ability to teleport to/from a dedicated host | ✅ |
| Ability to teleport to/from a dedicated instance | ✅ |
| Ability to update instance type | ✅ |
| Ability to teleport ephemeral instances | ❌ |
| Ability to teleport from AMI instead of instance | ❌ |
| Ability to teleport a default encrypted instance | ❌ |
| Ability to use IAM roles instead of profiles | ❌ |
- Can I teleport a instance encrypted with default encryption? No. YOU MUST BE USING KMS CMKs in order to use this tool currently.
- Where can this process fail? It is possible that for various reasons the script times out waiting for either AMI creation or AMI copy. However, the waiters are set for 40 minutes, so if a timeout occurs something is likely wrong.
- What settings are applied on the new volumes? EBS volumes are set to delete with instance on termination when new instance is deployed and also recieve any tags the instance itself recieves.
- Use temporary access keys. AWS SSO is worth setting up if you haven't.
- If you already have an AMI of an instance you want to use, just make sure the AMI is named "Teleport-[instance-id]".
ec2-teleporterwill find it.
Updates
- Clone repo and create a new branch:
$ git checkout https://github.com/rowlinsonmike/ec2_teleporter -b name_for_new_branch. - Make changes and test
- Submit Pull Request with comprehensive description of changes
Issues
- Submit an issue with details that include logs and how one would emulate.
Reach out to me at one of the following places:
- website: mikerowlinson.com
- email: rowlinsonmike@gmail.com