Jarrod Igou's picture

Greetings!

I'm trying to shift our current TKLBAM account over to a completely different AWS account. I've gone through the generation of the new ARN for both accounts, but now that I've got my legacy account set up with the Role ARN, I don't appear to have any option to change that Role ARN.

Is my only recourse to set up a new Turnkey Hub account and configure my backups to run there?

Thanks--

Jarrod

Forum: 
Jeremy Davis's picture

TBH I'm not the best person to talk to about the Hub and/or AWS. I would imagine that there is a way to edit the ARN/IAMs role (via AWS) and/or swap out the used IAM role but I'm not 100% sure if or how.

I'll get in touch with Alon (the Hub guru) and let you know ASAP...

Jarrod Igou's picture

Any update on this? I've gone down the route of setting up a new Hub account, but get an error when trying to re-initialize the backup on an existing server that was running fine. Simply pointing the existing, functioning account over to the IAM role on the second AWS account would still be the simplest solution, I think.

Jeremy Davis's picture

Thanks for the bump. I did speak with Alon about this but I forgot to let you know. Sorry about that.

Here is what Alon said:

The hub currently does not support changing the ARN, as that would result in loss of access to resources, or require the migration of servers and data to the new account.

The best option is to create a new account with the Hub to be used with the new AWS account, then move across the backups manually.

So it sounds like you are already going in the right direction... Without knowing more about exactly what you are doing and how, I'm guessing that you may need to remove the old API key first?

Try:

mv /var/lib/tklbam /var/lib/tklbam.backup

and then reinitialise TKLBAM. If everything work fine then don't forget to delete the old API key info:

rm -rf /var/lib/tklbam.backup

Add new comment