Amazon EC2 is a foundational service in AWS that allows businesses to run virtual servers in the cloud. However, cloud infrastructure is rarely static—organizations may need to move EC2 instances to a different VPC or subnet due to network re-architecture, security compliance, workload separation, or cost optimization.
While AWS doesn’t support a direct “move” of EC2 instances between VPCs, there are other ways to accomplish the migration efficiently and securely. This article provides a professional and detailed walkthrough on how to move an EC2 instance to another subnet or VPC.
Understanding subnet and VPC in AWS
In AWS, a VPC (Virtual Private Cloud) is your own isolated network environment in the cloud, like having your own private data center within AWS. You define its IP address range and control routing, security, and how resources like EC2 instances and databases communicate inside and outside the network.
A subnet is a smaller segment within a VPC’s IP range, used to organize and isolate resources. You can create public subnets (with internet access) and private subnets (internal-only), and each subnet must be located in a single Availability Zone. This setup helps you design secure and high-availability architectures.
How to move an EC2 instance to another subnet or VPC?
You cannot directly move an existing Amazon EC2 instance to another subnet, Availability Zone, or VPC. If you need to relocate an instance, you must create an AMI of the instance, then use the AMI to launch a new instance in the target subnet, Availability Zone, or VPC. Afterward, you need to reassign any Elastic IP addresses associated with the original instance to the new one.
There are two main methods to migrate an EC2 instance:
1. Use the AWSSupport-CopyEC2Instance automation document, which automatically creates an AMI and launches a new instance.
2. Manually create an AMI and launch a new instance from it.
Before proceeding, note the following:
For large file systems without existing snapshots, creating an AMI might take several hours. To shorten the AMI creation time, create Amazon EBS snapshots beforehand.
If your source instance is joined to a domain, use Sysprep or remove the instance from the domain before creating the AMI. This avoids security identifier (SID) conflicts when the new instance joins the domain.
Instance store volumes are not automatically included when creating an AMI. If you need to back up instance store volumes, refer to the method for backing up EC2 instance store volumes to Amazon EBS.
The steps for using AWSSupport-CopyEC2Instance are:
1. Open the AWSSupport-CopyEC2Instance page.
2. Under "Execute automation document," choose "Simple execution."
3. Enter the Instance ID of the instance you want to copy. You can view all instances by selecting "Show all instances."
4. Enter the target Region and Subnet ID.
5. Fill in any other optional parameters as needed, then choose "Execute."
6. In the AWS Systems Manager console, navigate to "Automation" to monitor the execution status and view executed steps.
7. After the automation is complete, proceed to reassign the Elastic IP address.
If you choose the manual method, follow these steps:
1. Open the EC2 console and navigate to the "AMI" section.
2. Find and select the newly created AMI.
3. Choose "Launch instance from AMI."
4. Enter a name for the new instance, reusing the original tags if desired.
5. Select the same instance type as the original.
6. Choose the same key pair used by the original instance.
7. In the network settings, select the target VPC and subnet. Choose the same security group as the original instance. If moving across VPCs, create a new security group in the target VPC with the necessary settings.
8. Configure any other required settings.
9. Review the summary and launch the instance.
10. After launching, you will receive a success message. Click the instance ID to check its status.
Regarding the Elastic IP address:
The new instance will have different private IPv4 or public IPv6 addresses. Update any DNS records or other references that relied on the previous IP addresses.
If you were using an Elastic IP address, detach it from the source instance and reattach it to the new instance. Note that Elastic IP addresses can only be used within the same AWS Region and cannot be reused across Regions.
Finally, after confirming that the new instance is functioning correctly, deregister any unused AMIs and delete associated snapshots to save resources and costs.
Backup EC2 instance with Vinchin Backup & Recovery
To ensure a smooth instance migration, it's recommended to back up your EC2 instances in advance. Vinchin Backup & Recovery makes this easy by supporting AWS EC2 backups through integration with your AWS access key ID. You can choose from full, incremental, or differential backup strategies based on your needs. Recovery is equally flexible—restore entire instances, specific volumes, or individual files, and even perform direct recovery to other platforms like VMware, Hyper-V, and Proxmox. With Amazon S3 integration for secure archiving and V2V migration capabilities, Vinchin offers a streamlined, user-friendly interface to manage all your backup tasks with ease.
To backup EC2 instance with Vinchin Backup & Recovery, follow these steps:
1. Select the EC2 instance to be backed up.
2. Select the backup destination.
3. Configure the backup strategies.
4. Review and submit the job.
Explore the benefits of Vinchin Backup & Recovery with a 60-day free trial. Prefer a tailored solution? Reach out to us for a customized plan that fits your specific needs.
Move EC2 instance to another VPC and subnet FAQs
1. How do I move an EC2 instance to another AWS account?
AWS does not support a direct “move” of EC2 instances between accounts. You can move the instances by creating and sharing a custom AMI, configuring the operating system in another account.
2. Is it possible to move an EC2 instance from one security group to another?
Yes. To change an AWS EC2 instance's security group, open the Amazon EC2 Console and Select “Instances.” Click “Change Security Groups” under “Actions” and select the security group to assign an instance.
Conclusion
Migrating an EC2 instance to a different subnet or VPC isn't a direct process, but with the right tools and planning, it can be executed smoothly. You can choose to automate the process or perform the steps manually. By understanding the dependencies and configurations of your instance, and by carefully managing resources like Elastic IPs and security groups, you can ensure a seamless transition.
