AWS EBS offers persistent block level storage that is used with Amazon Elastic Compute Cloud (Amazon EC2) instances for persistent data storage. Additionally, EBS offers the option to create point-in-time snapshots that are ideally used to back up and restore data to achieve DR capabilities. If an AWS account owner wants to share data with another AWS account user, the account owner can share snapshots with the other AWS account. This is done by modifying snapshot permission attributes, which requires the AWS account ID of the other user. Users can obtain their AWS account IDs from their AWS account section. The other AWS account owner that you shared the snapshots with can create a new EBS volume in their AWS account, enabling them to have all of data from your EBS volume in their account. It is important to note that users can share only unencrypted snapshots since encryption keys differ per AWS account. In this article, we will show you how to share snapshots (EBS volume data backup) with other AWS account owners by modifying snapshot attributes.
- In the example below, we used a Windows 2012 instance with the following data:
- Next, create a snapshot from the previously created volume: Using the AWS CLI aws ec2 create-snapshot –volume-id vol-5be6ff47 –description “This is my data volume snapshot.”
- In order to share your snapshot with another AWS account, select ‘Modify Snapshot Permissions’ under the ‘Actions’ tab in your AWS console and enter the appropriate AWS account number. (Note: An AWS account ID is a 12-digit numeric code that you can find in your AWS account settings. Please refer to the following wizard for more details). Using the CLI [Modify Attribute] aws ec2 modify-snapshot-attribute –snapshot-id snap-1529153f –attribute createVolumePermission –operation add –user-ids xxxxxxxxxx38
- You can see if the snapshot was successfully shared with the other AWS account by logging into the other account and filtering according to ‘Private Snapshots’ and ‘Snapshot ID’. Using the CLI llll aws ec2 describe-snapshots –snapshot-id snap-1529153f (Note: The step above requires you to change your credentials to those of the AWS account that you shared the snapshots.)
- Now create a volume from the shared snapshot: Using the CLI aws ec2 create-volume –size 1 –region us-west-1 –availability-zone us-west-1a –volume-type gp2 –snapshot snap-079094c2
- We have attached the new volume to an EC2 instance in the targeted account. In the following wizard, you can see that the data from the original AWS account is available in the target AWS account’s volume.