Linux – Recover data from EC2 instance storage

So last week, an instance on EC2 stopped responding, I still don't know exactly why because I can no longer SSH in, I suspect the /tmp/ directory which was mounted to another drive is no longer accessible for some unknown reason.

I have some very important files I need to get off this server…

I am still able to pull the logs in the AWS console, here are some very relevant lines (I am still able to reboot the server):

        Welcome to  CentOS release 5.4 (Final)
        Press 'I' to enter interactive startup.
Cannot access the Hardware Clock via any known method.
Use the --debug option to see the details of our search for an access method.
Setting clock : Thu Dec 29 13:52:43 EST 2011 [  OK  ]

Starting udev: [  OK  ]

Setting hostname localhost.localdomain:  [  OK  ]

No devices found
Setting up Logical Volume Management: File descriptor 7 (/sys/kernel/hotplug) leaked on lvm.static invocation. Parent PID 232: /bin/bash
[  OK  ]

Checking filesystems
Checking all file systems.
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1 
/dev/sda1: clean, 202786/1310720 files, 1428718/2621440 blocks
[  OK  ]

Remounting root filesystem in read-write mode:  [  OK  ]

Mounting local filesystems:  [  OK  ]

Enabling local filesystem quotas:  [  OK  ]

chown: cannot access `/tmp/.ICE-unix': No such file or directory
Enabling /etc/fstab swaps:  [  OK  ]

INIT: Entering runlevel: 4

Entering non-interactive startup
Starting background readahead: [  OK  ]

Bringing up loopback interface:  [  OK  ]

Bringing up interface eth0:  
Determining IP information for eth0...mktemp: cannot create temp file /tmp/wnt890: No such file or directory
/sbin/dhclient-script: line 57: $rscf: ambiguous redirect
/sbin/dhclient-script: line 62: $rscf: ambiguous redirect
/sbin/dhclient-script: line 69: $rscf: ambiguous redirect
 done.
[  OK  ]

Starting getsshkey:  /etc/rc4.d/S11getsshkey: line 12: /tmp/my-key: No such file or directory
getting ssh-key...
/etc/rc4.d/S11getsshkey: line 17: /tmp/my-key: No such file or directory
getting ssh-key...

I'm certain its not a firewall issue. Here is the output of nmap

[root@ip-xxxxxxxxx ~]# nmap -sS -P0 xxxxxxxxxxx

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-12-29 16:32 EST
Interesting ports on xxxxxx (xxxxxxxxx):
Not shown: 1675 filtered ports
PORT     STATE  SERVICE
22/tcp   closed ssh
25/tcp   closed smtp
80/tcp   closed http
443/tcp  closed https
8000/tcp closed http-alt

Best Answer

I don't think asking anyone on here to help you "hack into a server" is particularly conducive to answers.

Create a snapshot of your running EC2 instance
Create a new instance.
Mount the snapshot as a new EBS volume on the instance.
Copy the data off the snapshot
Kill the previous and new virtual machine instances.

Ta Dah! You've just recovered the data, no hacking involved.

Some tools here might help.

Best Answer

Related Solutions

Linux SSH – Permission Denied (publickey) from Ubuntu to Amazon EC2

Ubuntu – Recover EC2 instance created from AMI of other EBS instance

Related Topic