It’s important to note before migrating anything out of GovCloud or into it for that matter that AWS GovCloud is an ITAR compliant region and data is subject to ITAR controls. Be sure you are meeting proper controls before moving data into or out of GovCloud. Migrating AMIs and instances from a commercial region to AWS GovCloud and vice versa is a little different due to the fact that AWS GovCloud is an isolated AWS region. Rather than spending time on the why this is, let’s focus on the how to make migrations happen.
First, I am going to be focusing on Linux based instances if there is a demand I will come back and update this with Windows options later on.
Note: Remember to take an EBS Snapshot first.
To move an instance first you will need an instance created and built out as you want it. Think of this as your gold image, either STIGing, hardening, or just installing the application. Once the instance is built and you have taken your snapshot of the EBS volume, SSH in and elevate privilege. Run
fdisk –l
to get a list of volumes attached. You will be able to tell which of the volumes is the EBS volume that you want to create the image on by the size. Create an S3 bucket for the image transfer this will be used later in the region you are using for the image build.
The easy way to do the copy is to create a new EBS volume in addition to the root volume and mount it to the same instance. Once that’s done you go back to your CLI, and run
dd if=/dev/sdX conv=sync,noerror bs=64K | gzip -c > /path/to/backup.img.gz
Note: “that /dev/sdX” will be replaced with the volume path of the EBS volume you want to copy to govcloud.
You can also then run
fdisk -l /dev/sdX > /path/to/list_fdisk.info
This will add the telemetry data about the partition table, it might be useful on the recreation on the govcloud side.
Once you the disk copy is done, run
aws s3 sync /path/to/backup.img.gz <target> [--options]
this will copy the img file to the target S3 bucket for you to copy down. You could also use SCP if you wanted to copy it down from your ssh console but S3 will save the img copy for later use.
Now then copy the image out of S3 down locally, then upload it into an S3 bucket on GovCloud.
Once in GovCloud create a new EC2 instances with an EBS volume that is the same size as the one copied. SSH in elevate priviledge run
fdisk –l
so you know what your ebs volume is named then run
gunzip -c /path/to/backup.img.gz | dd of=/dev/sdX
here your path to the image will be the path to the s3 bucket with the image name and the sdX will be the new ebs volume on the ec2 instance.
And that’s it.
If you don’t want to do a disk copy or feel that this is all too much it is worth noting that AWS partners CloudVelox and CloudEndure are able to do this for you for a fee.
Let me know if this is helpful or if you need to see the steps for Windows instances?