In this blog post, we will shift gears slightly and take a look at how we can export a VMware VM to an AWS (Amazon Web Services) EC2 instance. EC2 (Elastic Cloud Compute) is a service of AWS which allows us to run virtual machines on the cloud. There are several ways this can typically be done e.g. using Amazon market place templates, custom amazon templates and using your own custom templates.
In VMware world, we typically save virtual machine templates in OVA/OVF format. Similarly, in AWS world virtual machine templates are saved as AMIs (Amazon Machine Image). In this post, we will be looking at how to create our own AMIs from on-premise VM templates/VMs. One use case of this would be the uniform integration of On-premise and Cloud infrastructure.
Amazon Windows Instances can have two types of licenses:
Buy licenses from Amazon
Bring your own licenses (BYOL)
For using your own licenses, you must ensure you are in compliance with the AWS-Microsoft Licensing terms. Please read the licensing terms in this link before proceeding: Microsoft Licensing (amazon.com)
We need to set IAM roles and privileges to your AWS account to allow 'VMImport' function. This can be done using windows command prompt, with AWS CLI installed on your windows PC. Once the IAM roles and privileges are assigned, we will convert Vmware OVA stored in S3 bucket to AWS AMI using a Powershell script. In-order to use the powershell script, you must also install the AWS-CLI powershell tools to your windows PC as well.
Let us get started with the procedure:
1 - Login to your vcenter server. Right click on your standard Windows Image VM and select export as OVF, wait for the export process to complete.
2 - Use the following PowerShell script to convert the OVF into an OVA file. This step is required for conversion of the VM image into AMI. Ensure OVF tool is installed in your windows PC.
#
#Convert OVF to OVA
#
$ovffile= "<complete path to your exported ovf file>"
$ovafile= "<complete file path to where you want to create the ova file>"
$ovftool= "C:\Program Files\VMware\VMware OVF Tool"
cd $ovftool
$command= ".\ovftool.exe '$ovffile' '$ovafile'"
Invoke-Expression -Command $command
cd $PSScriptRoot3- Open your favorite text editor and enter the following text there. Save the file as "trust-policy.json"
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}4- Login to your AWS console using root account. Ensure you have a IAM user with following rules assigned:
- AmazonEC2FullAccess
- AmazonS3FullAccess
- IAMFullAccess
We will be using this 'IAM user' and referring to it as 'IAM User' in all the remaining steps of this post.
5- Open a command prompt in administrator mode, enter the IAM user credentials, used in the previous step, as default AWS CLI credentials. Use the link "Configuration and credential file settings - AWS Command Line Interface (amazon.com)" for more details on how this is done. Then enter the following command in your command prompt console:
aws iam create-role --role-name vmimport --assume-role-policy-document "<Complete path to trst-policy.json created in step 3>"
6- Now open a new text editor window and type in the below. Save the file as "role-policy.json"
{
"Version":"2012-10-17",
"Statement":[
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::virmystova2amibucket",
"arn:aws:s3:::virmystova2amibucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::virmystova2amibucket",
"arn:aws:s3:::virmystova2amibucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource": "*"
}
]
}7- In you command prompt console, type in the below command
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "<Complete path to trst-policy.json created in step 6>"8- Now, upload the OVA file created in step 2, to your S3 bucket. Wait for the upload to complete:
9- Now open PowerShell ISE in administrator mode and type in the following PowerShell script
#Set IAM user credentials
$accessKeyID="<Access Key ID of IAM user in step 4>"
$SecretAccessKey= "<Secret access key of IAM user in step 4>"
#Set AWS credentials and upload local files to S3 bucket
Set-AWSCredential -AccessKey $accessKeyID -SecretKey $SecretAccessKey -StoreAs default
#Set D1sk C0ntainer P@rameter$
$container = New-Object Amazon.EC2.Model.ImageDiskContainer
$container.Format="OVA"
$container.UserBucket = New-Object Amazon.EC2.Model.UserBucket
$container.UserBucket.S3Bucket = "<Your S3 Bucket>"
$container.UserBucket.S3Key = "Your Ova file name"
#EC2 Import from OVA
Import-EC2Image -Description "WinSRV2022" -DiskContainer $container -Region ap-south-1 10- Run the PowerShell script and note down the "ImportTaskId " from the console output. This can be used to track the OVA to AMI conversion process progress.
11- In your command prompt console, type in the following command to track the progress of the OVA to AMI conversion process. Wait till you see status as "completed":
aws ec2 describe-import-image-tasks --import-task-ids <ImportTaskId>12- Now go to EC2 console page and click on "AMIs" on the left hand pane. You should be able to see the recently created AMI:
13- Click on the "AMI" and click on "Launch"
14- In the Launch EC2 instance wizard, select appropriate settings as per your use case.
15- Once launch is completed, wait for Instance state to turn to running:
16- Click on the "connect" soft button and then click on "Rdp Client". Click on the soft button "Download remote desktop file".
17 - The RDP file will be downloaded to your PC. Double click the file and access the On-premise VM now transferred to AWS EC2 instance!!
And thus we have Windows Instance running on cloud from on premise VM image!!