Learning Migrating EC2 Resources

Get ready to learn about Migrating EC2 resources with features – SSH Keys and Security Groups.

  • EC2 is a web service
  • EC2 provides resizable compute capacity
  • Migrating an instance involves
    • copying the data and images
    • check for security groups and SSH keys
    • then restarting fresh instances.

SSH Keys

  • AWS does not keep any SSH private keys after they are generated
  • public keys are made available to EC2 instances when they are running
  • retrieve a fingerprint of each key from  API, SDK, CLI or the AWS Management Console.
  • SSH public keys are stored in a region only.
  • AWS does not copy or synchronize configured SSH keys between regions.
  • can log in to an existing Linux instance in the source region, obtain a copy of the public key (from
  • ~/.ssh/authorized_keys), and import this public key into the target region.
  • Auto Scaling launch configurations and CloudFormation templates might refer to SSH keys using the key pair name.

Key pairs in the AWS Management Console

Security Groups

  • restrict ingress traffic (or in VPC, ingress and egress traffic) to a group of EC2 instances.
  • security group’s rule can access source (or in VPC, destination) by
    • CIDR notation in IPv4 address range as – a.b.c.d/x
    • security group identifier as – XXXXXXXX
  • The scope of every security group is the region.
  • The same name can exist in multiple regions but have different definitions of what traffic is
  • permitted to pass.
  • All instances which are activated, should be a member of the security group.
  • review configured security groups to ensure that the required level of network access restrictions is in place.
  • To export a copy of the definitions of existing security groups (using the command line tools), run the following command: ec2-describe-group –H -–region <sourceregionname> > security_groups.txt

Amazon Machine Images

  • It is a special type of preconfigured operating system image
  • used to create a virtual machine (an EC2 instance) within the EC2 environment.
  • AMI is assigned an identifier, of form “ami-XXXXXXXX”, where ”X” is a hexadecimal value (0-9, A-F).
  • Each AMI is unique per region.
  • AMIs do not span multiple regions.
  • the same content of an AMI can be available in other regions
  • A unique AMI ID is given to every region’s copy of data
  • User can create their own AMIs from instances which are running
  • AMI Copy function is used to migrate AMIs across regions and can be executed by
    • AWS Management Console
    • Amazon EC2 CLI
    • Amazon EC2 API
  • AMI Copy is available for AMIs backed by EBS and instance store-backed AMIs.
  • Every AMI copy has a unique AMI ID
  • Changes done to source AMI are not done to new AMI during AMI copy process
  • You must recopy the AMI to the target regions to copy the changes made to the source AMI.

Enrich and upgrade your profile to become an AWS Certified Developer – Associate with hundreds of practice tests. Try Free Practice Test Now!

Menu