- Cross-account access by using IAM roles allows to take EBS snapshots of other AWS accounts.
- Use the AWS STS (Security Token Service) to request limited-privilege credentials for AWS IAM role.
- Possible to centralize the environment to take EBS snapshots for each AWS accounts.
There are ways to take EBS snapshots, such as via Console Management, AWS CLI, and AWS SDKs and it is also possible to regularly and automatically take snapshots by using cron and AWS CLI or writing scripts with AWS SDKs.
I believe that those who have several AWS accounts such as Management Service Provider, System Integrator, or Enterprise Company especially need to create the environment to take snapshots for each AWS accounts or maybe they can install the environment on each EC2 instances itself.
The problem is that the environment (EC2 Instances) to take EBS snapshots are increasing as they have more AWS Accounts they have to manage. EBS snapshots with IAM Cross-Account acccess will be one of the solution to centralize the environment to lower cost.
Finally, I prepared a CloudFormation template to deploy a stack with the environment to install and run the script. Please try it and give me a feedback if you have any on it.
No comments:
Post a Comment