AWS EBS offers persistent block level storage that is used with Amazon Elastic Compute Cloud (Amazon EC2) instances for persistent data storage. Additionally, EBS offers the option to create point-in-time snapshots that are ideally used to back up and restore data to achieve DR capabilities.
If an AWS account owner wants to share data with another AWS account user, the account owner can share snapshots with the other AWS account. This is done by modifying snapshot permission attributes, which requires the AWS account ID of the other user. Users can obtain their AWS account IDs from their AWS account section. The other AWS account owner that you shared the snapshots with can create a new EBS volume in their AWS account, enabling them to have all of data from your EBS volume in their account.
It is important to note that users can share only unencrypted snapshots since encryption keys differ per AWS account.
In this article, we will show you how to share snapshots (EBS volume data backup) with other AWS account owners by modifying snapshot attributes.
- In the example below, we used a Windows 2012 instance with the following data:
- Next, create a snapshot from the previously created volume:
Using the AWS CLI
aws ec2 create-snapshot –volume-id vol-5be6ff47 –description “This is my data volume snapshot.”
- In order to share your snapshot with another AWS account, select ‘Modify Snapshot Permissions’ under the ‘Actions’ tab in your AWS console and enter the appropriate AWS account number.
(Note: An AWS account ID is a 12-digit numeric code that you can find in your AWS account settings. Please refer to the following wizard for more details).
Using the CLI [Modify Attribute]
aws ec2 modify-snapshot-attribute –snapshot-id snap-1529153f –attribute createVolumePermission –operation add –user-ids xxxxxxxxxx38
- You can see if the snapshot was successfully shared with the other AWS account by logging into the other account and filtering according to ‘Private Snapshots’ and ‘Snapshot ID’.
Using the CLI
llll aws ec2 describe-snapshots –snapshot-id snap-1529153f
(Note: The step above requires you to change your credentials to those of the AWS account that you shared the snapshots.)
- Now create a volume from the shared snapshot:
Using the CLI
aws ec2 create-volume –size 1 –region us-west-1 –availability-zone us-west-1a –volume-type gp2 –snapshot snap-079094c2
- We have attached the new volume to an EC2 instance in the targeted account. In the following wizard, you can see that the data from the original AWS account is available in the target AWS account’s volume.
This article demonstrates how to copy data from one account to another account by sharing snapshots with a targeted account. It’s important to note that sharing snapshots is more secure, fast and cost-effective when compared to copying data using SCP or any other copy command from one account to another. It’s also important to note that when you share snapshots, all of the data on your EBS volume is shared with the other account. This may include secure data such as (kets, log files, etc.) so it’s important to remove secure content that you don’t want to share with the other user.
N2Ws offers a solution that enables you to further simplify the process of using snapshots. N2WS Backup & Recovery (CPM) is an enterprise-class backup-recovery and disaster recovery solution for the EC2 compute cloud. CPM is available as a service model that allows users to manage multiple AWS accounts and configure policies and schedules to take automated snapshot backups. It also has a Windows agent to consistently back up Windows applications. CPM allows you to recover a volume from a snapshot, increase its size and switch it with an existing attached volume, in a single step.