How To Setup VMimport Role

In this post, we provide a step-by-step instruction on how to configure Amazon VMimport Role in order to import virtual machine images from your existing environment to Amazon EC2 instances.

How To Configure VMimport Role

1. Go to Amazon Web Services, log in using your Amazon credentials and click on IAM, under Security, Identity & Compliance.

2. Navigate to Roles on the left-hand sidebar and click Create Role.

3. Select the type of trusted entity. You need AWS service. Next, select the service that will use this role (EC2). Finally, select the required case (EC2).


5. Skip the next step by clicking Next: Review.

6. Enter the role's name, review the role's information and click Create Role.

7. Click on your new role to edit policies.

8. Under Permissions, click Add Inline Policy.

9. Switch to the JSON editor and insert the following policy:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::bucket"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::bucket/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

Ensure that instead of buckets you've specified the name of your S3 bucket that will contain the image. When done, review the newly created policy and click Create Policy.

10. Expand the Trust Relationships section and click on Edit Trust Relationships.11. Insert the following script in the Policy Document editor:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vmie.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "vmimport"
        }
      }
    }
  ]
}
When done, click Update Trust Policy.

Your vmimport role is now entirely and properly configured!

Check out our products!