In this blog post I am going to look at exporting a virtual machine from Virtual Box and then importing it into AWS for use as an EC2 instance.
Note: During my initial test I used a version of Ubuntu not yet supported by AWS EC2 (well, a version of the Linux Kernel not currently supported) and got an error at the end of the import process. By that point I had already taken the screen shots referring to Ubuntu 20.4. To avoid this mistake make sure your virtual machine is using an operating system supported by AWS (see Operating Systems on this page).
AWS Requirements
An AWS account is needed if you want to follow along with this blog post, and some adjustments will be needed in the account.
- Creating a role called “vmimport“
- Creating a role policy called “role-policy” and attaching it to the vmimport role
I will go through these settings during the blog post and explain what they are doing / why they are needed.
Access to the AWS Command Line Interface (CLI) is advised, although you could possibly use the AWS web console if you wanted to.
You will need an S3 bucket and later an EC2 instance.
AWS Costings
As this is being done in the AWS cloud you may be worried about costings (I know I am as my budget for projects is tight). Directly from AWS’s own help pages:
“With Amazon Web Services, you pay only for what you use. There is no additional fee to use VM Import/Export. You pay the standard fees for the S3 buckets and EBS volumes used during the import and export processes, and for the EC2 instances that you run.”
So that leaves:
- S3 storage and data transfer costs. AWS has a page breaking down those costings at: https://aws.amazon.com/s3/pricing/
- EC2 costs, which AWS has a page for the on demand pricing at: https://aws.amazon.com/ec2/pricing/on-demand/
With all that out of the way, back to the blog post.
Exporting A Virtual Image
I currently use Virtual Box to create and run virtual machines in. Other software, such as VMWare is available. To export a virtual image via Virtual Box:
- Select the virtual machine you want to export
- Select the “Machine” option in the menu
- Select the “Export to OCI…” option from the “Machine” menu.
AWS supports importing images using the OVA format, which is part of the Open Virtualisation Format and Virtual Box allows exporting in this format.
Pressing “Continue” and “Export” will export the virtual machine into an OVA file.
AWS – Creating The VMImport Role
Create a json file called trust-policy.json, and a json file called role-policy.json.
trust-policy.json contains:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
role-policy.json contains:
{
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::S3-BUCKET-NAME-WHERE-STORED-IMAGE-IS",
"arn:aws:s3:::S3-BUCKET-NAME-WHERE-STORED-IMAGE-IS/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::S3-BUCKET-TO-EXPORT-IMAGE-TO",
"arn:aws:s3:::S3-BUCKET-TO-EXPORT-IMAGE-TO/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
Replace “S3-BUCKET-NAME-WHERE-STORED-IMAGE-IS” and “S3-BUCKET-TO-EXPORT-IMAGE-TO” with your S3 bucket names.
Using the AWS CLI run the following command:
aws iam create-role --role-name vmimport --assume-role-policy-document "file://trust-policy.json"
If you are not in the same directory as the json file then make sure to include the full file path and not just the filename. This command creates the “vmimport” role and assigns it the options in the trust-policy.json file, i.e. telling AWS that it is an assume role.
Then use the command:
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file://role-policy.json"
Again if you are not in the same directory as the json file then make sure to include the full file path and not just the filename. The role-policy gives vimport options to read an S3 bucket (the import bucket), options to save to an S3 bucket (the export bucket) and permissions to interact with EC2 instances. If you are not exporting EC2 instances (this blog is about importing into EC2, not exporting from EC2) then you will not need the export settings.
Upload The OVA
Using your preferred method, upload the OVA to the S3 bucket listed as “S3-BUCKET-NAME-WHERE-STORED-IMAGE-IS” in the role-policy.json. The OVA I uploaded was around 3GB in size and due to my broadband speed took some time to upload.
Import The OVA
Create a JSON file called containers.json and enter the following information:
[
{
"Description": "My Server OVA",
"Format": "ova",
"UserBucket": {
"S3Bucket": "geektechstuff-ec2",
"S3Key": "geektechstuff-test-ubuntu.ova"
}
}]
Replacing the S3Bucket value with the name of your S3 Bucket and the S3Key value with the name of your OVA file.
Then run the command:
aws ec2 import-image --description "My server VM" --disk-containers "file://containers.json"
After a few moments the the AWS CLI should return some text to indicate that the import is active.
Viewing Status Of Import
The status of the import can be viewed using the command:
aws ec2 describe-import-image-tasks --import-task-ids import-ami-reference_code
The statuses include:
active — The import task is in progress.
deleting — The import task is being canceled.
deleted — The import task is canceled.
updating — Import status is updating.
validating — The imported image is being validated.
validated — The imported image was validated.
converting — The imported image is being converted into an AMI.
completed — The import task is completed and the AMI is ready to use.
Cancelling Import
The import can be cancelled using the command:
aws ec2 cancel-import-task --import-task-id import-ami-reference_code
Further Reading
https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html
GeekTechStuff 
You must be logged in to post a comment.