Importing a VM into AWS EC2 from S3 Bucket

01.trust_policy.MD

NOTE: Assuming .vhd image is already uploaded to s3 bucket, the following is the process to import the image when the vmimport role is missing

#create a role policy json file

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"",
         "Effect":"Allow",
         "Principal":{
            "Service":"vmie.amazonaws.com"
         },
         "Action":"sts:AssumeRole",
         "Condition":{
            "StringEquals":{
               "sts:ExternalId":"vmimport"
            }
         }
      }
   ]
}

02.create_role.MD

#create the role from cli using the above policy file

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

OUTPUT:

{
    "Role": {
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17", 
            "Statement": [
                {
                    "Action": "sts:AssumeRole", 
                    "Principal": {
                        "Service": "vmie.amazonaws.com"
                    }, 
                    "Effect": "Allow", 
                    "Condition": {
                        "StringEquals": {
                            "sts:ExternalId": "vmimport"
                        }
                    }, 
                    "Sid": ""
                }
            ]
        }, 
        "RoleId": "AROAJKAOLYHOM4KSIHTFO", 
        "CreateDate": "2018-01-26T16:51:58.194Z", 
        "RoleName": "vmimport", 
        "Path": "/", 
        "Arn": "arn:aws:iam::585959602392:role/vmimport"
    }
}

03.role-policy.MD

#update the bucket name to the bucket name you have created

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::<disk-image-file-bucket>"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::<disk-image-file-bucket>/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

04.assign_policy.MD

#Assign the policy to the role created in the beginning

 aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
 

05.ec2-import.MD

#now import the image into ec2 from our bucket mgmt-thirdparty-images

aws ec2 import-image --disk-containers file://containers3.json --region=eu-west-1

OUTPUT:

[-255-(mohan@xpsbox) ~/aws ]$ aws ec2 import-image --disk-containers file://containers3.json --region=eu-west-1
{
    "Status": "active", 
    "Progress": "2", 
    "SnapshotDetails": [
        {
            "UserBucket": {
                "S3Bucket": "mgmt-thirdparty-images", 
                "S3Key": "cfme-ec2-5.8.2.3-3.x86_64.vhd"
            }, 
            "DiskImageSize": 0.0, 
            "Format": "VHD"
        }
    ], 
    "StatusMessage": "pending", 
    "ImportTaskId": "import-ami-fgbhgzvt"
}

06.Validate_output.MD

[-127-(mohan@xpsbox) ~/aws ]$ aws ec2 describe-import-image-tasks --region eu-west-1  --import-task-ids import-ami-fgbhgzvt
{
    "ImportImageTasks": [
        {
            "Status": "active", 
            "SnapshotDetails": [
                {
                    "UserBucket": {
                        "S3Bucket": "mgmt-thirdparty-images", 
                        "S3Key": "cfme-ec2-5.8.2.3-3.x86_64.vhd"
                    }, 
                    "DiskImageSize": 0.0, 
                    "Format": "VHD"
                }
            ], 
            "Progress": "4", 
            "StatusMessage": "validating", 
            "ImportTaskId": "import-ami-fgbhgzvt"
        }
    ]
}