Create an EC2 instance using OVA in AWS
Published in
3 min readSep 18, 2022
Prerequisites:
- Make sure that your VM meets all the VM import/export requirements.
- Create Admin
IAMuser with access key id & secret access key in AWS - First, install AWS CLI in windows.
- Download and run the AWS CLI installer using the following link.
- https://awscli.amazonaws.com/AWSCLIV2.msi
- For general use, the
aws configurethe command is the fastest way to set up your AWS CLI installation. When you enter this command, the AWS CLI prompts you for four pieces of information:
* Access key ID
* Secret Access key
* Region
- Output format
$ aws configure
AWS Access Key ID [None]: AWSEXAMPLEACCESSKEYID
AWS Secret Access Key [None]:aWsEXAMPLEsECRET/AcCESSKEY
Default region name [None]: us-west-2
Default output format [None]: jsonTo verify the above configuration use the following cmd
aws s3 ls
Create an s3 bucket and upload the OVA file
- To import the OVA file, it is necessary to first upload it to an existing bucket in Amazon S3 or create a new one specifically for this purpose. Be sure to create it in the same region where you want the new AMI to be generated and be available.
Create a trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:Externalid": "vmimport"
}
}
}Create a role-policy.json
- Create role policy.json & You have to replace <S3_BUCKET_NAME> with your bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::s3-bucket-name"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::s3-bucket-name/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}Create a containers.json
[
{
"Description": "First disk",
"Format": "ovf",
"UserBucket": {
"S3Bucket": "<S3_BUCKET_NAME>",
"S3Key": "<IMAGE_NAME>"
}
}
]Create an IAM role using trust-policy.json
- Use the following cmd to add the IAM role to your AWS account:
aws iam create-role — role-name vmimport — assume-role-policy-document “file://C:\import\trust-policy.json”
Attach the role-policy.json to IAM role
- Use the following cmd to add role policy to
vmimportrole.
aws iam put-role-policy — role-name vmimport — policy-name vmimport — policy-document “file://C:\import\role-policy.json”
Import OVA file from S3
- use the following cmd to import the OVA file as an image.
aws ec2 import-image — description “My server VM” — disk-containers “file://C:\import\containers.json”
Note: above JSON output will show an ImportTaskId. which you can use to check the status of the import task.
monitor an import image process
- use the following cmd to monitor import image task using ID
aws ec2 describe-import-image-tasks — import-task-ids import-ami-1234567890abcdef0
- This will take 15–20 minutes to complete.
- Once the status shows completed then on you will have a new AMI available in the same region where you created the S3 bucket and it will be ready to launch a new EC2 instance.
