Exporting and Importing AWS EC2 Server Disk Images

We are heavy users of Amazon Web Services (AWS) Elastic Cloud Computing (EC2) and regularly work with clients to help them transition their on-premises systems to the cloud, build a brand-new infrastructure, or evaluate the security of their virtual data centers. Migrating servers to an Infrastructure as a Service (IaaS) like AWS makes sense for most of our clients.

Instead of the capital expense of servers and ongoing operating expenses needed to support an on-premises data center, using a cloud-based service like EC2 or Microsoft Azure is a win for most organizations.

Exporting and Importing AWS EC2 Images - FireOak Technical How-To Series

However, one factor that is often not taken into consideration is archival storage and backups of server disk images (i.e., EC2 volumes). There are plenty of best practice use cases for creating backups or archives of server disk images – for instance, full backups of gold system images, images that were created before patches were applied, forensic images made before investigating an information security incident, or backups of old servers that have been decommissioned.

Amazon’s snapshot functionality makes creating these images easy, but these images are then locked into the AWS ecosystem. If you leave the images in your AWS account, monthly storage fees quickly accumulate. Snapshot storage is billed at $0.05 USD per gigabyte per month. While that might not sound like much, keeping just twenty 100GB images on hand will cost your organization $1,200 a year. In most cases, you’ll never need to use these old images, but even so, there are many reasons to keep them around just in case.

Given that many cloud providers such as Dropbox and Google are now offering packages that include unlimited storage, it’s likely that your organization already has access to a much less costly space to use to store these kinds of server images.  The problem is that Amazon does not offer a native ability to export AWS volumes outside of the Amazon ecosystem.

In Part 1 of this series, I’ll demonstrate a technique using standard Linux tools to export an AWS volume to another cloud provider or on-prem storage. In Part 2, I’ll demonstrate how to move and reinstate the volume back into AWS. In Part 3, I’ll demonstrate how to automate the export process.

Read the series:

Eric Smith is the FireOak Strategies Chief Technologist and Information Security Officer.