Migrate on premise VM to
AWS - AWS VM Import / Export
1) Export VM to .ovf or .vmdk
format. Ex. myvm.vmdk
2) Upload “myvm.vmdk” to S3
bucket called “anupvmmigration”
3) Go to IAM create role called
“vmimport” (role name should be vmimport) – copy the role json format for AWS
docs links - https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
Click on IAM -> Click on Role -> Click on Create Role -> Click
on EC2 (Allows EC2 instances to call AWS services on
your behalf.) -> Click on Next -> Click on Next -> Give Tags & click on
Next -> Give Role Name – “vmimport” -> and finally click on Create Role
OR Command line to create role
- Create
a file named
trust-policy.json
with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
-
aws iam create-role --role-name vmimport --assume-role-policy-document
"file://trust-policy.json"
4) Click on Roles in IAM, click
on Role that you created i.e. “vmimport” -> Click on “Trust Relationship”
tab -> Click on Edit Trust Relationship button -> paste following policy
-> Finally click on Update Trust Policy
{
"Version":
"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:Externalid": "vmimport"
}
}
}
]
}
5)
Click on Policies in IAM
-> Click on Create policy -> Click on JSON tab -> paste the following
policy from AWS link - https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
-> Click on Review Policy button -> Give Policy name –“vmimportpolicy” -> Finally create
policy button.
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3::: anupvmmigration", ß update your bucket name here
"arn:aws:s3::: anupvmmigration/*" ß Update your bucket name here
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
OR Command
line to create policy
Create
a file named
role-policy.json
with the above policy, where anupvmmigration is the bucket where the
disk images are stored: aws iam put-role-policy
--role-name vmimport --policy-name vmimport --policy-document
"file://role-policy.json"
6)
Again, go to Roles in IAM
-> Click on role vmimport -> Under Permissions Policy click on Attach
Policy -> search policy “vmimportpolicy” & select check box
-> Click on Attach policy button.
7)
Go to Users in IAM ->
Click on Add User -> Give user name “anupvmuser”
& Give him programmatic access -> Click on Next -> Click on “Attach
existing policies directly” -> Click on Create Policy & click on JSON
tab -> and paste following code from AWS doc link (update bucket as in red)
–
{
"Version":
"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": ["arn:aws:s3::: anupvmmigration","arn:aws:s3::: anupvmmigration/*"]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:PutRolePolicy"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CancelConversionTask",
"ec2:CancelExportTask",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeConversionTasks",
"ec2:DescribeExportTasks",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:ImportInstance",
"ec2:ImportVolume",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ImportImage",
"ec2:ImportSnapshot",
"ec2:DescribeImportImageTasks",
"ec2:DescribeImportSnapshotTasks",
"ec2:CancelImportTask"
],
"Resource": "*"
}
]
}
Click on Review Policy button -> Give Name to policy “anupcustompolicy” -> Click on Create
policy -> Now attach two policy to user “anupvmuser” – “anupcustompolicy”
& “AdministratorAccess” à Click on Next -> On
review page click on Create user -> Finally downlod.csv file.
8)
Create /root/containers.json
file and copy following code from AWS doc link - https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
[
{
"Description": "Redhat Linux 64 bit",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "anupvmmigration", ß Give your bucket name here
"S3Key": "myvm.vmdk" ß Give your vmdk file name
}
}]
OR To import multiple vm’s use following
containers.json file format
[
{
"Description": "First disk",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "my-import-bucket",
"S3Key": "disksmy-windows-2008-vm-disk1.vmdk"
}
},
{
"Description": "Second disk",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "my-import-bucket",
"S3Key": "disks/my-windows-2008-vm-disk2.vmdk"
}
}
]
9)
Go to Linux or Windows
machine configure AWS CLI using Access key id & Secret access key of user “anupvmuser”
10)
Use following command to
start migration
aws ec2 import-image --description
"Redhat Linux 64 bit" --disk-containers file:///root/containers.json
11)
To check the status of
import task use following command take the highlighted task id from previous
command
Troubleshooting
You might get following errors.
1) Error-
For above error you should
go to roles click on role “vmimport” and check if you have attached policy to
it.
2)
Error-
For above error go to your
vm fstab file and check for any errors or wrong syntax and make correction, again
export vm from Vmware and upload again to S3 and start import