Using VM Import
migrate your existing VM-based applications and preserve the software and settings that you have configured in your existing VM.
Follow this article in Youtube
-
- OnPremise VM (Preferably in VMWare / Virtualbox)
- If you have
*.vmdk
image of your VM that will also be enough - MUST: You should have the
uid
/password
to log into this VM
- If you have
- AWS CLI with access to
Administrator
privileges- You can tighten it down based on your requirements
- OnPremise VM (Preferably in VMWare / Virtualbox)
-
Depending on virtualization tool, use the appropriate procedure to export your VM into
*.vmdk
or*.ova
image. Upload the image to S3 Bucket and note down thebucket_name
andvm_image_name
. -
bucket_name="n-backup" # Add the appropriate S3 Prefix to the VM Image vm_image_name="VM-Import/vCentOS7-disk002.vmdk"
-
Create the IAM trust policy json with the name
trust-policy.json
cat > "trust-policy.json" << "EOF" { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "vmie.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals":{ "sts:Externalid": "vmimport" } } } ] } EOF
-
Ensure that you create the role with the name
vmimport
. Use the trust policy created in the previous stepaws iam create-role --role-name vmimport --assume-role-policy-document "file://trust-policy.json"
-
This policy will be attached to the role
vmimport
created in the previous step. The bucket name is picked up from theglobal variable
.echo '{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::'${bucket_name}'", "arn:aws:s3:::'${bucket_name}'/*" ] }, { "Effect":"Allow", "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource":"*" } ] } ' | sudo tee role-policy.json
-
aws iam put-role-policy --role-name vmimport \ --policy-name vmimport \ --policy-document "file://role-policy.json"
-
The following command will begin the import of the VM Image. The S3 Bucket name & Bucket Key is picked up from the global variables.
# Set the metadata, echo '[ { "Description": "centosv7", "Format": "vmdk", "UserBucket": { "S3Bucket": "'${bucket_name}'", "S3Key": "'${vm_image_name}'" } }] ' > containers.json
aws ec2 import-image --description "centosv7" --disk-containers "file://containers.json"
The expected output,
{ "Description": "centosv7", "ImportTaskId": "import-ami-0d6db3a35d431e4e3", "Progress": "2", "SnapshotDetails": [ { "DiskImageSize": 0.0, "Format": "VMDK", "UserBucket": { "S3Bucket": "n-backup", "S3Key": "VM-Import/vCentOS7-disk002.vmdk" } } ], "Status": "active", "StatusMessage": "pending" }
Note down the
ImportTaskId
to check the progress of the import job.aws ec2 describe-import-image-tasks --import-task-ids "import-ami-0d6db3a35d431e4e3"
# VM Image being updated to AMI [root:tmp]# aws ec2 describe-import-image-tasks --import-task-ids "import-ami-0d6db3a35d431e4e3" { "ImportImageTasks": [ { "Description": "centosv7", "ImportTaskId": "import-ami-0d6db3a35d431e4e3", "Progress": "30", "SnapshotDetails": [ { "Description": "centosv7", "DiskImageSize": 931182592.0, "Format": "VMDK", "Status": "completed", "UserBucket": { "S3Bucket": "n-backup", "S3Key": "VM-Import/vCentOS7-disk002.vmdk" } } ], "Status": "active", "StatusMessage": "updating" } ] }
[root:tmp]# aws ec2 describe-import-image-tasks --import-task-ids "import-ami-0d6db3a35d431e4e3" { "ImportImageTasks": [ { "Architecture": "x86_64", "Description": "centosv7", "ImageId": "ami-0da97e2296167b5ca", "ImportTaskId": "import-ami-0d6db3a35d431e4e3", "LicenseType": "BYOL", "Platform": "Linux", "SnapshotDetails": [ { "Description": "centosv7", "DeviceName": "/dev/sda1", "DiskImageSize": 931182592.0, "Format": "VMDK", "SnapshotId": "snap-0dc6d32a5924b22c7", "Status": "completed", "UserBucket": { "S3Bucket": "n-backup", "S3Key": "VM-Import/vCentOS7-disk002.vmdk" } } ], "Status": "completed" } ] }
-
Once you launch the VM, you can login using the same
uid
/password
you used onpremise. Typically in real-world you will clean this before the import task and setup SSH key-based authentication
Please open a GitHub issue.
Please open a GitHub issue. I encourage you to contribute your changes and send me pull request.