AWS Import, Export AMI

最後更新: 2021-08-19


 * An imported VM may fail to boot if the root partition is not on the same virtual hard drive as the MBR.

 * Importing VMs with dual-boot configurations is not supported.


  1. 準備 VMware VM Image (OVA)
  2. 設定 IAM
  3. Upload the image to Amazon S3
  4. ...
  5. Monitor an import image task

Impoort Tested

  • Centos 7
  • Server 2016

Export Tested

  • S2012 R2



準備 VMware VM Image (OVA)


過程: Export OVF -> Convert OVF to OVA


OVA = OVF + DiskImage

You can't do it from the web interface anymore, but you can use ovftool.

Export it as OVF and then use the ovftool to merge the files to an OVA

ovftool 有分 Windows 版及 Linux 版

ovftool.exe path_to_your_OVF_file.ovf Path_to_your_OVA_file.ova


cd C:\Program Files\VMware\VMware OVF Tool

ovftool.exe C:\VM\\ C:\VM\\

同一 Folder 要有



設定 IAM


  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": "*"
      "Effect": "Allow",
      "Action": [
      "Resource": ["arn:aws:s3:::my-import-export-bucket","arn:aws:s3:::my-import-export-bucket/*"]
      "Effect": "Allow",
      "Action": [
      "Resource": "*"


Upload the image to Amazon S3


 * bucket 要與 instance 在同一 region

All objects by default are private. Only the object owner has permission to access these objects.

When you create a presigned URL for your object, you must provide your security credentials,

specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time.




Private Amazon S3 files require a presigned URL


    "Description": "My Server OVA",
    "Format": "ova",
    "UserBucket": {
        "S3Bucket": "my-import-export-bucket",
        "S3Key": "vms/"


vms 是 Folder 名


aws ec2 import-image --dry-run --disk-containers "file:///root/containers.json"

An error occurred (DryRunOperation) when calling the ImportImage operation:
 Request would have succeeded, but DryRun flag is set.

aws ec2 import-image --disk-containers "file:///root/containers.json"

ImportTaskId: import-ami-?
Progress: '1'
- Description: My Server OVA
  DiskImageSize: 0.0
  Format: OVA
    S3Bucket: my-import-export-bucket
Status: active
StatusMessage: pending

Other Opts


Licensing options: Auto (default), AWS, BYOL

 * Linux: support only BYOL licenses. Choosing Auto means that a BYOL license is used.

 * Window: Auto = The AWS license is used if the VM has a server OS. Otherwise, the BYOL license is used.


Checks whether you have the required permissions for the action,

without actually making the request, and provides an error response.

--description "My server VM"

--architecture x86_64

x86_64 | arm64

--platform Windows

Valid values: Windows | Linux


aws ec2 import-image \
--license-type BYOL \
--platform Windows \
--disk-containers "file:///root/containers.json"


Monitor an import image task


aws ec2 describe-import-image-tasks [--import-task-ids import-ami-?]


aws ec2 describe-import-image-tasks --import-task-ids import-ami-?

- ImportTaskId: import-ami-?
  LicenseType: BYOL
  Platform: Windows
  Progress: '19'
  - DiskImageSize: 12794772480.0
    Format: VMDK
    Status: active
      S3Bucket: my-import-export-bucket
      S3Key: s2016.ova
  Status: active
  StatusMessage: converting
  Tags: []


Status: active > completed

StatusMessage: pending > converting > updating > booting > preparing ami > completed


converting — The imported image is being converted into an AMI.

updating — Import status is updating.


active — The import task is in progress.

deleting — The import task is being canceled.
deleted — The import task is canceled.

validating — The imported image is being validated.
validated — The imported image was validated.

completed — The import task is completed and the AMI is ready to use.





- ImportTaskId: import-ami-?
  SnapshotDetails: []
  Status: deleted
  StatusMessage: 'ClientError: Disk validation failed [We do not have access to the
    given resource. Reason 403 Forbidden]'
  Tags: []



Export AMI



 * You can't export an image if it contains third-party software provided by AWS.

For example, VM Export cannot export Windows or SQL Server images,

or any image created from an image in the AWS Marketplace.

 * You can't export an image with encrypted EBS snapshots in the block device mapping.

 * You can't export an image from Amazon EC2 if you've shared it from another AWS account.

 * VMs with volumes larger than 1 TiB are not supported.


1. Install & Config the AWS CLI

2. Create an Amazon S3 bucket and folder for storing the exported images


3. Create an IAM role named vmimport            # 必須是這個名

4. Start an export image task




aws ec2 export-image --dry-run --image-id $AMI_ID --disk-image-format VMDK --s3-export-location S3Bucket=$S3BUCKET,S3Prefix=$FOLDER/


--disk-image-format (VMDK|RAW|VHD)


file: export-ami-id.format (ie. export-ami-ID.vmdk)

5. Monitor an export image task

aws ec2 describe-export-image-tasks


aws ec2 describe-export-image-tasks --export-image-task-ids export-ami-0e7e25a8efb3841c7

- ExportImageTaskId: export-ami-04503f03ad85f6f1b
  Progress: '50'
    S3Bucket: my-import-export-bucket
    S3Prefix: exports/
  Status: active
  StatusMessage: updating
  Tags: []

StatusMessage : validating -> updating -> converting (大部份時間在這) ->