skip to Main Content

Import Your VM as an EC2/AMI Image

http://docs.aws.amazon.com/vm-import/latest/userguide/import-vm-image.html

 

After exporting your VM from your virtualization environment, you can import it to Amazon EC2. The import process is the same regardless of the origin of the VM.

Prerequisites

You must provide an Amazon S3 bucket and an IAM role named vmimport.

Amazon S3 Bucket

VM Import requires an Amazon S3 bucket to store your disk images, in the region where you want to import your VMs. You can create a bucket as follows, or use an existing bucket if you prefer.

(Optional) To create an S3 bucket

  1. Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
  2. Choose Create Bucket.
  3. In the Create a Bucket dialog box, do the following:
    1. For Bucket Name, type a name for your bucket. This name must be unique across all existing bucket names in Amazon S3. In some regions, there might be additional restrictions on bucket names. For more information, see Bucket Restrictions and Limitations in the Amazon Simple Storage Service Developer Guide.
    2. For Region, select the region that you want for your AMI.
    3. Choose Create.

VM Import Service Role

VM Import requires a role to perform certain operations in your account, such as downloading disk images from an Amazon S3 bucket. You must create a role named vmimport with a trust relationship policy document that allows VM Import to assume the role, and you must attach an IAM policy to the role.

To create the service role

  1. Create a file named trust-policy.json with the following policy:
    {
       "Version": "2012-10-17",
       "Statement": [
          {
             "Effect": "Allow",
             "Principal": { "Service": "vmie.amazonaws.com" },
             "Action": "sts:AssumeRole",
             "Condition": {
                "StringEquals":{
                   "sts:Externalid": "vmimport"
                }
             }
          }
       ]
    }

    You can save the file anywhere on your computer. Take note of the location of the file, because you’ll specify the file in the next step.

  2. Use the create-role command to create a role named vmimport and give VM Import/Export access to it. Ensure that you specify the full path to the location of the trust-policy.json file.
    aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
  3. Create a file named role-policy.json with the following policy, where disk-image-file-bucket is the bucket where the disk images are stored:
    {
       "Version": "2012-10-17",
       "Statement": [
          {
             "Effect": "Allow",
             "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
             ],
             "Resource": [
                "arn:aws:s3:::disk-image-file-bucket"
             ]
          },
          {
             "Effect": "Allow",
             "Action": [
                "s3:GetObject"
             ],
             "Resource": [
                "arn:aws:s3:::disk-image-file-bucket/*"
             ]
          },
          {
             "Effect": "Allow",
             "Action":[
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
             ],
             "Resource": "*"
          }
       ]
    }
  4. Use the following put-role-policy command to attach the policy to the role created above. Ensure that you specify the full path to the location of the role-policy.json file.
    aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

For more information about IAM roles, see IAM Roles in the IAM User Guide.

Import the VM

You can upload your VMs to your Amazon S3 bucket using the upload tool of your choice. After you upload your VM to Amazon S3, you can use the AWS CLI to import the image. These tools accept either a URL (public Amazon S3 file, a signed GET URL for private Amazon S3 files) or the Amazon S3 bucket and path to the disk file.

Use the import-image command to create an import image task.

Example 1: Import an OVA

aws ec2 import-image --description "Windows 2008 OVA" --disk-containers file://containers.json

The following is an example containers.json file.

[
  {
    "Description": "Windows 2008 OVA",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "my-import-bucket",
        "S3Key": "vms/my-windows-2008-vm.ova"
    }
}]

Example 2: Import Multiple Disks

aws ec2 import-image --description "Windows 2008 VMDKs" --disk-containers file://containers.json

The following is an example containers.json file.

[
  {
    "Description": "First disk",
    "Format": "vmdk",
    "UserBucket": {
        "S3Bucket": "my-import-bucket",
        "S3Key": "disks/my-windows-2008-vm-disk1.vmdk"
    }
  },          
  {
    "Description": "Second disk",
    "Format": "vmdk",
    "UserBucket": {
        "S3Bucket": "my-import-bucket",
        "S3Key": "disks/my-windows-2008-vm-disk2.vmdk"
    }
  }
]

Check the Status of the Import Task

Use the describe-import-image-tasks command to return the status of an import task.

Status values include the following:

  • active — The import task is in progress.
  • deleting — The import task is being canceled.
  • deleted — The import task is canceled.
  • completed — The import task is completed and the AMI is ready to use.
aws ec2 describe-import-image-tasks --import-task-ids import-ami-fgxn195v

(Optional) Cancel an Import Task

Use the cancel-import-task command to cancel an active import task.

aws ec2 cancel-import-task --import-task-id import-ami-fg4z7c9h

Next Steps

Now that you have an AMI, you can launch it as an instance or copy it to another region. For more information, see the following topics in the Amazon EC2 documentation.

This Post Has 0 Comments

Leave a Reply

Back To Top