MSP360 For IT PROs
Articles about cloud backup, cloud storage and more
BLOG MENU
Don’t Miss New Articles!
Thank you for subscribing!
Every month we deliver quality content about cloud storage, backups and security. Leave your email to get weekly and monthly digests

How to Setup VMimport Role

How to Setup VMimport Role

In this post, we provide a step-by-step instruction on how to configure Amazon VMimport Role in order to import virtual machine images from your existing environment to Amazon EC2 instances.

How to Configure VMimport Role

1. Go to Amazon Web Services, log in using your Amazon credentials and click on IAM, under Security, Identity & Compliance.

FREE WHITEPAPER
Mastering AWS IAM for Amazon S3
Learn how to effectively manage the security of your Amazon S3 account to protect your and your clients' data
New call-to-action
WP icon

2. Navigate to Roles on the left-hand sidebar and click Create Role.

3. Select the type of trusted entity. You need AWS service. Next, select the service that will use this role (EC2). Finally, select the required case (EC2).


5. Skip the next step by clicking Next: Review.

6. Enter the role's name, review the role's information and click Create Role.

7. Click on your new role to edit policies.

8. Under Permissions, click Add Inline Policy.

9. Switch to the JSON editor and insert the following policy:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::bucket"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::bucket/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

Ensure that instead of buckets you've specified the name of your S3 bucket that will contain the image. When done, review the newly created policy and click Create Policy.

10. Expand the Trust Relationships section and click on Edit Trust Relationships.11. Insert the following script in the Policy Document editor:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vmie.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "vmimport"
        }
      }
    }
  ]
}
When done, click Update Trust Policy.

 

Your VM import role is now entirely and properly configured!

MSP360 Backup icon
MSP360 Backup
  • Backup to Amazon S3, Amazon S3 Glacier and more
  • Image-based and file-level backup
  • Encryption and compression
New call-to-action