Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
Don’t miss new articles!
Thank you for subscribing!

How to Setup VMimport Role

How to Setup VMimport Role

In this post, we provide a step-by-step instruction on how to configure Amazon VMimport Role in order to import virtual machine images from your existing environment to Amazon EC2 instances.

How to Configure VMimport Role

1. Go to Amazon Web Services, log in using your Amazon credentials and click on IAM, under Security, Identity & Compliance.

FREE WHITEPAPER
Mastering AWS IAM for Amazon S3
Learn how to effectively manage the security of your Amazon S3 account to protect your and your clients' data
New call-to-action
WP icon

2. Navigate to Roles on the left-hand sidebar and click Create Role.

3. Select the type of trusted entity. You need AWS service. Next, select the service that will use this role (EC2). Finally, select the required case (EC2).

4. Skip the next step by clicking Next: Review.

5. Enter the role's name, review the role's information and click Create Role.

6. Click on your new role to edit policies.

7. Under Permissions, click Add Inline Policy.

8. Switch to the JSON editor and insert the following policy:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::bucket"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::bucket/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

Ensure that instead of buckets you've specified the name of your S3 bucket that will contain the image. When done, review the newly created policy and click Create Policy.

9. Expand the Trust Relationships section and click on Edit Trust Relationships.10. Insert the following script in the Policy Document editor:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vmie.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "vmimport"
        }
      }
    }
  ]
}
When done, click Update Trust Policy.

 

Your VM import role is now entirely and properly configured!

MSP360 Backup icon
MSP360 Backup
  • Backup to Amazon S3, Amazon S3 Glacier and more
  • Image-based and file-level backup
  • Encryption and compression
New call-to-action