How To Setup VMimport Role

In this post, we provide a step-by-step instruction on how to configure Amazon VMimport Role in order to import virtual machine images from your existing environment to Amazon EC2 instances.

How To Configure VMimport Role

1. Go to Amazon Web Services, log in using your Amazon account (email, password) and go to Identity & Access Management.

aws_console_iam2. Navigate on Roles on the left-hand sidebar and click Create New Role button.

11

3.  Type vmimport in the "Role Name" field for the new role and hit Next Step in the lower-right corner of the screen.

214. Click Select next to the Amazon EC2 role.

select_role_new5. Click Next Step to skip this page.

46. Review your role information and hit Create Role button.

57. Click on your new role.

618. Expand the Inline Policies and hit click here link.

8

9. Specify the policy name in the Policy Document field and the following policy script:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::bucket"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::bucket/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

In the policy script, please specify the name of your bucket where you see the black frames on the screenshot below (instead of the "bucket" word). When it's done, click Apply Policy button.

11

10. Expand the Trust Relationships section and click on Edit Trust Relationships.

1211. Put the following script in the Policy Document field:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vmie.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "vmimport"
        }
      }
    }
  ]
}

13.2

Once it is done, hit Update Trust Policy button. Now you can have your vmimport role set up!

+++

Check out our products!