AWS Partner Network (APN) Blog

How to Migrate Amazon EC2 Instances from EC2-Classic to Amazon VPC with CloudEndure

This is a guest post from David Shurtliff, Enterprise Solutions Architect, AWS, and Gonen Stein, VP Business Development, CloudEndure

Amazon Web Services (AWS) customers who have been using AWS services for a long period may still be using Amazon EC2 instances in the EC2-Classic platform, as well as using instances in Amazon’s newer Virtual Private Cloud (Amazon VPC) service. EC2-VPC is your private, isolated portion of the AWS cloud, and became the default network environment on December 4, 2013. Any accounts created after this date support EC2-VPC only, and cannot use EC2-Classic. There are a number of advantages of using EC2-VPC:

  • Security—You can control outbound (egress) and inbound (ingress) connectivity to EC2 resources, and you can create network access control lists (network ACLs) on VPC subnets
  • Flexibility—You can define IP address ranges (CIDR blocks) and subnets
  • Network isolation—You can control internal and external connectivity to EC2 resources
  • Features—Certain AWS features and newer instance types, such as C4, M4, and T2 instances, are available only in EC2-VPC. For more information, see the Benefits of Using a VPC

If you want to move your existing workloads from EC2-Classic to EC2-VPC using a manual approach, you would launch new AMIs within your EC2-VPC, install and configure your applications and databases, export the data from your old servers, and import it to the new servers. You would also need to assess the EC2-Classic application stack in advance, and configure your target VPC and servers accordingly, including your networking, instance types, and volume types, to mirror the EC2-Classic environment.

To simplify the journey from EC2-Classic to EC2-VPC, you may want to use AWS Technology Partners such as CloudEndure for an automated, 1-click migration solution.

CloudEndure is an APN Advanced Technology Partner and AWS Storage Competency Partner who provides customers with live workload mobility between data centers, clouds, regions, and networks within a region. You can use CloudEndure’s technology to migrate your live workloads from your old EC2-Classic network into EC2-VPC, while maintaining your existing configuration, including instance types, private IP addresses, and load balancers. In addition to creating the new EC2-VPC configuration automatically and moving the entire workload, CloudEndure lets you select target VPCs that may already exist, as well define specific servers to be migrated.

An automated solution such as CloudEndure significantly reduces the time to complete the migration, without affecting the operation and performance of the current workload while the data migration is in progress. The use of continuous data replication means that no data will be lost during the cutover from EC2-Classic to EC2-VPC.

In addition to EC2-Classic to EC2-VPC migration, you can also use CloudEndure to:

  • Migrate physical or virtual servers to AWS
  • Use AWS as a dramatically lower-cost disaster recovery site for your on-premises workloads
  • Provide cross-region disaster recovery for your cloud-based workloads
  • Clone your workloads within or across regions and Availability Zones for dev/test and staging purposes

This blog post walks you through the steps to migrate an EC2 workload from EC2-Classic to EC2-VPC using CloudEndure.

Getting Started

At a high level, the migration process will create instance replicas in a region, VPC, and subnet of your choosing. EC2 security groups are created in the target VPC, and rules from the source security group are copied to the target security group at the time of instance replica creation. The following diagram represents a high-level view of the CloudEndure replication process.

Step 1. Configure Your Account

The first step is to sign up for an account at Go to the signup page to create an account, and then log in to the CloudEndure dashboard to connect your CloudEndure account with your AWS account. You will need to enter your account credentials associated with the appropriate IAM policy, and set your source/target regions for the instance migration. You may migrate your EC2-Classic instances either to a VPC in the same region or to a VPC in a different region. You should then select a subnet that will be dedicated as a staging ground to replicate your source instances’ data. This subnet is used to maintain continuous replication of the data until you decide to cut over into the EC2-VPC and stop replication.

Step 2. Install the CloudEndure Agents

Download and install the CloudEndure agents on Microsoft Windows and Linux instances running in your EC2-Classic network. In this example, we will install the agent on these two EC2-Classic Windows and Linux instances:

As shown here in the Amazon EC2 console, the instance is outside a VPC:

The agent installation takes about 1 minute. The agent installation does not require a reboot, nor does it impact the source machine’s performance in any way. After connecting to the source machine, download and execute the appropriate Linux or Windows operating system CloudEndure agent. The following command line sequence shows a successful agent installation.

Step 3. Start Continuous Replication

Once the agent installation completes, the instance name will appear in the CloudEndure dashboard, and replication of the data will begin. During replication, you will see the percentage completion of each replicated instance. When replication reaches 100% for an instance, its status will change to a green checkmark.

Note: While CloudEndure agents are replicating data, either during the initial sync phase or during continuous sync, you should see CloudEndure replicator instance(s) with their attached volumes located within the replication server subnet as defined earlier in step 1.

Step 4. Create the Replicas in the Target VPC

When all servers show a green checkmark, select the instances that you want to migrate into the target VPC and click Create Replica.

Note: Before you create a replica, ensure that the status field for all instances shows a green checkmark, and pay attention to the last update time. Your replica(s) created in the new VPC will be as up-to-date as the time shown. The screenshot below shows the instance selection check boxes, replication status, last update time, and replica creation button.

The replica creation process takes several minutes. Once it is complete, the replica instances will appear on the right side of the dashboard:

Note: The replica instances in the new VPC will carry over any security group configuration, Elastic Load Balancing configuration, etc. In your AWS console, you will now be able to see both your old EC2-Classic instances and the new instances within the target VPC. In this example, the instances outlined in red are the newly created instances within the target VPC.

In the Amazon EC2 console, you can confirm that the instances are now in a VPC.

That’s it! Once you have confirmed that your application is behaving as expected in the target VPC, you may redirect your users to the new EC2-VPC based instances via public DNS redirection.

Note: This replication methodology will not impact your source server, and you can test your target replica servers in the EC2-VPC without any system disruption, so go ahead and test away.

Should you wish to make corrections to the application and spin up a newer version of your replica instances, you may delete the current replica by using the Delete Replica button, make the appropriate changes to the source instances, and repeat step 4.

When the cutover is complete and replication from your old EC2-Classic environment is no longer needed, you may uninstall the agents by right clicking the instances in the CloudEndure dashboard and selecting Stop Replication. This will stop all replication and remove the agent.

To find out more about CloudEndure, visit AWS Marketplace, or email