AWS Migration – Migrate a VM to AWS Cloud – VM Import/Export Method

Intro:

Hello There !!! Hope you all are doing well & Safe…..

Starting from this blog I have decided to post as many posts related to AWS migration. These will be completely in the LAB environment & for reference only to get some idea of how migrations happen, DO NOT copy the same in your production environment.

In this blog, we will migrate a VM hosted in the VMWare workstation to the AWS cloud. This is very simple, however, I assume you are aware of AWS services like IAM, S3, EC2, AMI & AWS CLI.

OK, Let’s do it

Pre-requisite:

Things you need to get this done;

  1. A VM image. (here we have used vmdk file)
  2. An S3 bucket where we will upload the image
  3. An IAM role called ‘vmimport’
  4. An IAM policy, need to attach the IAM role
  5. AWS CLI, which needs to be installed on your machine. Follow this

Note: AWS supports certain OS only which can be found here

Export the Image:

I assume you have installed a VMware workstation and done the installation and configuration of a windows server OS ( Here I am using OS version 2012 R2 Core ).

Set the username and password, check the login and keep it safe, this will be used post migration.

Now in the Vmware workstation console, select the VM, go to File then click Export to OVF option…

Note: AWS mentioned some of the supported other formats as well which can be found here

Save all the exported files in a folder

Create a S3 bucket & Copy the vmdk file:

Bucket creation can be done using GUI console and AWS cli. Here I used AWS cli to create the bucket. Command as below ( I have configured aws cli to make US-EAST-1 as default region)

aws s3 mb s3://vm-import-store

Bucket Name is: vm-import-store

Now copy the vmdk file to S3 bucket using follwoing aws cli command (replace your vmdk file location)

aws s3 cp D:\Work\OS\WebApp-Ovf\Windows-Web-App-disk2.vmdk s3://vm-import-store

Create an IAM role called ‘vmimport’:

To enable VM import/export to access your S3 bucket and register your VM image as AMI, we need to create a IAM role and attach a policy. Also need to update Trust Relationships of the role.

First create a policy using JSON code.

Note: Replace jrp-mig-store with your bucket name.

Policy name i have given: vm-jagat-policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::jrp-mig-store",
                "arn:aws:s3:::jrp-mig-store/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetBucketAcl"
            ],
            "Resource": [
                "arn:aws:s3:::jrp-mig-store",
                "arn:aws:s3:::jrp-mig-store/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

Create the Role

Now go to IAM console, create a role and name it vmimport (other naming convention will not work)

Use the following (EC2) and proceed

After the role is created edit the Trust Relationship, and paste the following JSON code

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "vmie.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:Externalid": "vmimport"
        }
      }
    }
  ]
}

Now Role is available in IAM console as below

Convert VM to AMI:

Now we we have the vmdk file in s3 bucket, lets convert it to AMI using following command in AWS cli

Note: Replace vmdk file, user bucket and S3key as per your environment

aws ec2 import-image --disk-containers Format=vmdk,UserBucket="{S3Bucket=vm-import-store,S3Key=2012-disk1.vmdk}"

The next screen will be as follow

To check the status, use following command by putting the ImportTaskId as pointed above.

aws ec2 describe-import-image-tasks --import-task-ids import-ami-0c83aa3cee11fbacc

After the AMI is created you will see following message

Launch the EC2 Instance:

Now go to EC2 console—AMI console, you will find the private AMI image is available.

Now use this and Launch a EC2 by enabling public IP. After successful Launch you will be able to take RDP and use it as before.

Note: As you are using your own image it will not accept the AWS keypair to login rather the original username/password when you were using it in on-prem. When you try to decrypt the password of instance you will get a message something like below.

After a successful RDP session, you will see something shown below. ( Here I have used windows sever core 2012 R2 to have a as small as vmdk file 😊 )

That’s it !! we will see a application server migration in next blog. Till then bye bye..

Thanks for reading, please share if you liked it!!