Friday, 1 January 2016

AWS: Importing an Existing VM Windows Server to AWS


1. Export the VM server ( Server01 ) from vCenter in OVA format ( * Have to shut down Server01 in order to export the server )
2. Upload to OVA file to Amazon S3
3. Create an user ( User01 ) at IAM console and record the Access Key ID and Secret Access  Key.
4. Download and install the AWS Command Line Interface
5. Open Windows Command Prompt and type in aws configure
6. Type in the Access Key ID and Secret Access  Key from Part 9, and region name
7. Create a file name "trust-policy.json" with following policies:
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"",
         "Effect":"Allow",
         "Principal":{
            "Service":"vmie.amazonaws.com"
         },
         "Action":"sts:AssumeRole",
         "Condition":{
            "StringEquals":{
               "sts:ExternalId":"vmimport"
            }
         }
      }
   ]


8. Use the following command to create service role:
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

* Note: Make sure the trust-policy.json file is stored in the directory where you are running the command

9. Create a file named "role-policy.json" to use as policy for this service role:
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::Bucket01"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::Bucket01/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

* Note: Replace the Bucket01 with your own S3 bucket

10. Run this command to attach the policy to the role created above:
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

* Note: Make sure the trust-policy.json file is stored in the directory where you are running the command

11. Type in the following command to import the OVA file and convert it into AMI image:
aws ec2 import-image --cli-input-json "{  \"Description\": \"Server Description\", \"DiskContainers\": [ { \"Description\": \"First CLI task\", \"UserBucket\": { \"S3Bucket\": \"Bucket01\", \"S3Key\" : \"Server01.ova\" } } ]}"

12. Record the ImportTaskId
13. Run the following command to view the status of the import task:
aws ec2 describe-import-image-tasks –import-task-ids import-ami-fuehrts2

* Note: import-ami-fuehrts2 is the ImportTaskId

14. Once the import task has completed, login to the AWS console, go to EC2 console > AMIs and click Launch
15. Select the type of instance
16. Create a security group
17. Create a new key pair, download and keep the PEM file

1 comment: