It is tedious to move EC2 instances around in the AWS environment. Many steps are involved and ensuring things like tags being applied to the new instance and volumes is error prone. Not to mention the extra layer of debauchery that takes place when encryption is involved. Enter ec2_teleporter
✨🚀.
Designed for use with AWS...obviously, and Python 3.7. This tool currently supports EBS backed
instances only. See the Features list below.
git clone https://github.com/rowlinsonmike/ec2_teleporter
cd ./ec2_teleporter
pip install requirements.txt
python ec2_teleporter.py
ec2_teleporter
requires 2 profiles in your ~/.aws/credentials
file
- One profile should have the name
src
and should contain access keys for source account - One profile should have the name
dst
and should contain access keys for destination account
- run
python ec2_teleporter.py
- select
source region
from given prompt - select
destination region
from given prompt - input
instance-id
when prompted - instance will be powered off
- AMI will be created from instance
or
prompted to use existing AMI - select destination
vpc
from prompt - select destination
subnet
from prompt - select destination
security group
from prompt - select destination
instance profile
from prompt - If original instance is encrypted you will be prompted to select destination
kms
key to use. Else you will be asked whether you would like the instance encrypted or not. - Confirm all your selections with
y
or backout withn
- Prompted to cleanup AMI that was created.
y
will delete AMI and snapshots. - Prompted to terminate original instance.
y
will delete original instance even if termination protection is enabled. - New
instance-id
will be displayed
Current Version | |
---|---|
teleport unencrypted/encrypted instance same region same account | ✅ |
teleport unencrypted/encrypted instance cross region same account | ✅ |
teleport unencrypted/encrypted instance same region cross account | ✅ |
teleport unencrypted/encrypted instance cross region cross account | ✅ |
delete resources (AMIs,snapshots,instance) after teleport | ✅ |
Ability to teleport to/from a dedicated host | ✅ |
Ability to teleport to/from a dedicated instance | ✅ |
Ability to update instance type | ✅ |
Ability to teleport ephemeral instances | ❌ |
Ability to teleport from AMI instead of instance | ❌ |
Ability to teleport a default encrypted instance | ❌ |
Ability to use IAM roles instead of profiles | ❌ |
- Can I teleport a instance encrypted with default encryption? No. YOU MUST BE USING KMS CMKs in order to use this tool currently.
- Where can this process fail? It is possible that for various reasons the script times out waiting for either AMI creation or AMI copy. However, the waiters are set for 40 minutes, so if a timeout occurs something is likely wrong.
- What settings are applied on the new volumes? EBS volumes are set to delete with instance on termination when new instance is deployed and also recieve any tags the instance itself recieves.
- Use temporary access keys. AWS SSO is worth setting up if you haven't.
- If you already have an AMI of an instance you want to use, just make sure the AMI is named "Teleport-[instance-id]".
ec2-teleporter
will find it.
Updates
- Clone repo and create a new branch:
$ git checkout https://github.com/rowlinsonmike/ec2_teleporter -b name_for_new_branch
. - Make changes and test
- Submit Pull Request with comprehensive description of changes
Issues
- Submit an issue with details that include logs and how one would emulate.
Reach out to me at one of the following places:
- website: mikerowlinson.com
- email: rowlinsonmike@gmail.com