AWS Import, Export AMI

最後更新: 2021-08-19

目錄

  • 什麼是 AMI
  • 準備 VMware VM Image (OVA)
  • Import
  • Monitor an import image task
  • Troubleshoot
  • Export AMI to S3

前言

 * An imported VM may fail to boot if the root partition is not on the same virtual hard drive as the MBR.

 * Importing VMs with dual-boot configurations is not supported.

過程

  1. 準備 VMware VM Image (OVA)
  2. 設定 IAM
  3. Upload the image to Amazon S3
  4. ...
  5. Monitor an import image task

Impoort Tested

  • Centos 7
  • Server 2016

Export Tested

  • S2012 R2

 


什麼是 AMI

 

i.e.

Centos 7

https://aws.amazon.com/marketplace/pp/prodview-qkzypm3vjr45g

 


準備 VMware VM Image (OVA)

 

過程: Export OVF -> Convert OVF to OVA

OVA

OVA = OVF + DiskImage

You can't do it from the web interface anymore, but you can use ovftool.

Export it as OVF and then use the ovftool to merge the files to an OVA

ovftool 有分 Windows 版及 Linux 版

ovftool.exe path_to_your_OVF_file.ovf Path_to_your_OVA_file.ova

i.e.

cd C:\Program Files\VMware\VMware OVF Tool

ovftool.exe C:\VM\c7.mini\c7.mini.ovf C:\VM\c7.mini\c7.mini.ova

同一 Folder 要有

  • c7.mini.nvram
  • c7.mini.ovf
  • c7.mini-0.vmdk
  • c7.mini.mf

 


設定 IAM

 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:DeleteObject",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Resource": ["arn:aws:s3:::my-import-export-bucket","arn:aws:s3:::my-import-export-bucket/*"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CancelConversionTask",
        "ec2:CancelExportTask",
        "ec2:CreateImage",
        "ec2:CreateInstanceExportTask",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:DescribeConversionTasks",
        "ec2:DescribeExportTasks",
        "ec2:DescribeExportImageTasks",
        "ec2:DescribeImages",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInstances",
        "ec2:DescribeSnapshots",
        "ec2:DescribeTags",
        "ec2:ExportImage",
        "ec2:ImportInstance",
        "ec2:ImportVolume",
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances",
        "ec2:ImportImage",
        "ec2:ImportSnapshot",
        "ec2:DescribeImportImageTasks",
        "ec2:DescribeImportSnapshotTasks",
        "ec2:CancelImportTask"
      ],
      "Resource": "*"
    }
  ]
}

 


Upload the image to Amazon S3

 

 * bucket 要與 instance 在同一 region

All objects by default are private. Only the object owner has permission to access these objects.

When you create a presigned URL for your object, you must provide your security credentials,

specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time.

 


Import

 

Private Amazon S3 files require a presigned URL

containers.json

[
  {
    "Description": "My Server OVA",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "my-import-export-bucket",
        "S3Key": "vms/c7.mini.ova"
    }
  }
]

PS:

vms 是 Folder 名

ie:

aws ec2 import-image --dry-run --disk-containers "file:///root/containers.json"

An error occurred (DryRunOperation) when calling the ImportImage operation:
 Request would have succeeded, but DryRun flag is set.

aws ec2 import-image --disk-containers "file:///root/containers.json"

ImportTaskId: import-ami-?
Progress: '1'
SnapshotDetails:
- Description: My Server OVA
  DiskImageSize: 0.0
  Format: OVA
  UserBucket:
    S3Bucket: my-import-export-bucket
    S3Key: c7.mini.ova
Status: active
StatusMessage: pending

Other Opts

--license-type

Licensing options: Auto (default), AWS, BYOL

 * Linux: support only BYOL licenses. Choosing Auto means that a BYOL license is used.

 * Window: Auto = The AWS license is used if the VM has a server OS. Otherwise, the BYOL license is used.

--dry-run

Checks whether you have the required permissions for the action,

without actually making the request, and provides an error response.

--description "My server VM"

--architecture x86_64

x86_64 | arm64

--platform Windows

Valid values: Windows | Linux

ie.

aws ec2 import-image \
--license-type BYOL \
--platform Windows \
--disk-containers "file:///root/containers.json"

 


Monitor an import image task

 

aws ec2 describe-import-image-tasks [--import-task-ids import-ami-?]

i.e.

aws ec2 describe-import-image-tasks --import-task-ids import-ami-?

- ImportTaskId: import-ami-?
  LicenseType: BYOL
  Platform: Windows
  Progress: '19'
  SnapshotDetails:
  - DiskImageSize: 12794772480.0
    Format: VMDK
    Status: active
    UserBucket:
      S3Bucket: my-import-export-bucket
      S3Key: s2016.ova
  Status: active
  StatusMessage: converting
  Tags: []

正常過程

Status: active > completed

StatusMessage: pending > converting > updating > booting > preparing ami > completed

說明

converting — The imported image is being converted into an AMI.

updating — Import status is updating.

----

active — The import task is in progress.

deleting — The import task is being canceled.
deleted — The import task is canceled.

validating — The imported image is being validated.
validated — The imported image was validated.

completed — The import task is completed and the AMI is ready to use.

 


Troubleshoot

 

[1]

ImportImageTasks:
- ImportTaskId: import-ami-?
  SnapshotDetails: []
  Status: deleted
  StatusMessage: 'ClientError: Disk validation failed [We do not have access to the
    given resource. Reason 403 Forbidden]'
  Tags: []

 

 


Export AMI to S3

 

Limitations

 * You can't export an image if it contains third-party software provided by AWS.
    For example, VM Export cannot export Windows or SQL Server images,
    or any image created from an image in the AWS Marketplace.

 * You can't export an image with encrypted EBS snapshots in the block device mapping.

 * You can't export an image from Amazon EC2 if you've shared it from another AWS account.

 * VMs with volumes larger than 1 TiB are not supported.

Step

1. Install & Config the AWS CLI

2. Create an Amazon S3 bucket and folder for storing the exported images
    (i.e. my-import-export-bucket/exports)

3. Create an IAM role named vmimport            # 必須是這個名

4. Start an export image task

AMI_ID="ami-???"

S3BUCKET="my-import-export-bucket"

FOLDER="exports"

aws ec2 export-image --dry-run --image-id $AMI_ID \
    --disk-image-format VMDK \
    --s3-export-location S3Bucket=$S3BUCKET,S3Prefix=$FOLDER/

Opts

--disk-image-format (VMDK|RAW|VHD)

P.S.

file: export-ami-id.format (ie. export-ami-ID.vmdk)

5. Monitor an export image task

aws ec2 describe-export-image-tasks

Or

aws ec2 describe-export-image-tasks --export-image-task-ids export-ami-0e7e25a8efb3841c7

- ExportImageTaskId: export-ami-04503f03ad85f6f1b
  Progress: '50'
  S3ExportLocation:
    S3Bucket: my-import-export-bucket
    S3Prefix: exports/
  Status: active
  StatusMessage: updating
  Tags: []

StatusMessage : validating -> updating -> converting (大部份時間在這) ->

 


Doc