Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Compare EBS volumes from two different accounts

0

Hi, I need to compare two EBS volumes in different account from same region. Actually both the volumes are identically same but need to show the evidence that both volumes are same. Important that, volume size are above 100 GB. Could you please help me how to compare two large volumes in boto3 or SSM command

Topics
ServerlessManagement & GovernanceComputeStorage
Tags
Amazon EC2AWS Management ConsoleAmazon Elastic Block StoreAWS Lambda
Language
English
asked 2 years ago369 views
2 Answers
1

Hello.

Do you want to compare whether the EBS sizes match?
If so, I think you should create a script like the one below.
The Boto3 script below sets "ebs_id_a" to be within the account running the script.
By doing so, it is possible to obtain EBS information using the privileges of the IAM user running the script.
"ebs_id_b" configures EBS in another account.
This is in a different account, so I perform assume_role on the IAM role in the different account and create a session.

import boto3

ec2_a = boto3.client('ec2')
ebs_id_a = 'vol-xxxxxxxxxx'

sts = boto3.client('sts',region_name='us-east-1',endpoint_url='https://sts.us-east-1.amazonaws.com')
assume_role = sts.assume_role(RoleArn='arn:aws:iam::11111111111:role/ebs-iam-assumerole',RoleSessionName='ebs-assume-role')
session = boto3.Session(aws_access_key_id=assume_role['Credentials']['AccessKeyId'],aws_secret_access_key=assume_role['Credentials']['SecretAccessKey'],aws_session_token=assume_role['Credentials']['SessionToken'],region_name='ap-northeast-1')
ec2_b = session.client('ec2')
ebs_id_b = 'vol-yyyyyyyy'


def get_ebs(ec2_client, ebs_id):
    response = ec2_client.describe_volumes(VolumeIds=[ebs_id])
    volume = response['Volumes'][0]
    return {
            'Size': volume['Size'],
            'VolumeType': volume['VolumeType'],
            'Encrypted': volume['Encrypted']
           }

ebs_a = get_ebs(ec2_a, ebs_id_a)
print(ebs_id_a,ebs_a)

ebs_b = get_ebs(ec2_b, ebs_id_b)
print(ebs_id_b,ebs_b)

Therefore, please create the following IAM role in the AWS account where "ebs_id_b" exists.
IAM policy: AmazonEC2ReadOnlyAccess

trust policy
"test-user" is the IAM user that runs the script with the AWS account "ebs_id_a".
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-api.html

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111122223333:user/test-user"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
1

Hi,

Let's assume the complex situation that volumes in account B and Account A are encrypted by customer-managed keys. In that case, you cannot share direct access across accounts: see https://repost.aws/knowledge-center/share-ebs-volume on how to get the data of EBS volume of account B in account A.

When this is done, you can restore the snapshot of EBS volume from B into a new volume in A and compare both via a simple scripts (that you will enclose in a SSM script). This script is described here for any directory: https://www.baeldung.com/linux/compare-two-directories.

So, apply it to the root of volume from A and restored volume from B with both mounted in the file system of an EC2 instance that you will sping for this purpose.

Of course, with 100GB to snapshot, restore and compare, you will need a bit of patience to manipulate such large amounts of data.

Best,

Didier

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content