There are times where, in order to do some debugging or perhaps a manual migration, I need to copy large chunks of data from one EC2 instance to another. When the size of the data is tiny, it's simple enough to just scp from instance A to my machine and then scp to instance B, but for large payloads that's unsustainable.
My current approach of logging into AWS instances is through SSH over an OpenVPN tunnel. My OS user on EC2 machines doesn't really have the option of ssh from one machine to another.
I have a couple of options here. I could generate an SSH key used just to ssh from one machine to another. Or perhaps I could enable password-based login only within the subnet of the instances (not sure that's even doable). Neither sound particularly appealing or safe.
What's the best practice in this situation? I'm sure I'm not the first one to need to enable something like this.
Best Answer
If the EC2 instance is EBS based, and some downtime is acceptable, you could make a snapshot of the EBS volume containing the data, create a new EBS volume based on that snapshot, and attach it to the other instance. See Creating an Amazon EBS Snapshot and Restoring an Amazon EBS Volume from a Snapshot.
Another option would be to copy via s3 instead, using AWS CLI with the command
aws s3 cpor s3cmd.Another option is Amazon Elastic File System, which lets you share a file system between EC2 instances and on-premises servers in a manner similar to NFS. As of 2018-09-15, this service wasn't available in all AWS regions yet. You may want to consult the AWS Region Table to check if it is available in your target region.
Note that none of these options require the instances to be able to reach each other, and no SSH keys are needed.