Importing the Amazon machine image
Step 1: Precondition
Install the AWS Command Line Interface and its dependencies on most Linux distributions with pip, a package manager for Python. Please refer to https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html for more information.
A. Use pip to install the AWS CLI.
$ pip install awscli --upgrade --user
B. Verify that the AWS CLI installed correctly.
$ aws --version
Step 2: Get IAM key
A. Navigate to https://console.aws.amazon.com/iam
B. Users -> Add user
C. Check the box Programmatic access
D. Check the box Administrators
E. After Created, download .csv file to get key
Step 3: Configuring the AWS CLI
$ aws configure
AWS Access Key ID []:xxxxxxxxxxxx (get from Step 2.)
AWS Secret Access Key []:xxxxxxxxxxxx (get from Step 2.)
Default region name []:us-west-1 (Please refer below table for your region name)
Default output format []: json
Step 4: Create S3 bucket
A. Navigate to https://s3.console.aws.amazon.com/s3
B. Create bucket
Step 5: upload image and create snapshot
A. Upload image
- unzip image.out.xenaws.zip to get bootdisk.img
- aws s3 cp bootdisk.img s3://<your bucket name>
- Check the upload success
B. To create the service role
1) Create trust-policy.json with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
2) Create a role named vmimport
If the role with name vmimport already exists, skip this step.
$ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
3) Create role-policy.json with the following policy.
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::fortiadc-bucket", // arn:aws:s3:<your S3 bucket name>
"arn:aws:s3:::fortiadc-bucket/*" // arn:aws:s3:<your S3 bucket name>
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
4) Attach the policy to the role created above
$ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
C. Create snapshot
1) Create container.json with the following content:
{
"Description": "FADC 5.1.0 image",
"Format": "raw",
"UserBucket": {
"S3Bucket": "fortiadc-bucket", // S3Bucket:<your S3 bucket name>
"S3Key": "bootdisk.img" // S3Key:<Your image name in S3 >
}
}
2) import snapshot
$ aws ec2 import-snapshot --description "<description>" --disk-container file://container.json
{
"SnapshotTaskDetail": {
"Status": "active",
"Description": "FADC",
"Format": "RAW",
"DiskImageSize": 0.0,
"UserBucket": {
"S3Bucket": "fortiadc-bucket",
"S3Key": "bootdisk.img"
},
"Progress": "3",
"StatusMessage": "pending"
},
"Description": "FADC",
"ImportTaskId": "import-snap-fh2q08gi"
}
You can check the progress using the following commands:
$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi // ImportTaskId
{
"ImportSnapshotTasks": [
{
"SnapshotTaskDetail": {
"Status": "active",
"Description": "FADC",
"Format": "RAW",
"DiskImageSize": 725500928.0,
"UserBucket": {
"S3Bucket": "fortiadc-bucket",
"S3Key": "bootdisk.img"
},
"Progress": "19",
"StatusMessage": "validated"
},
"Description": "FADC",
"ImportTaskId": "import-snap-fh2q08gi"
}
]
}
$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi
{
"ImportSnapshotTasks": [
{
"SnapshotTaskDetail": {
"Status": "completed",
"Description": "FADC",
"Format": "RAW",
"DiskImageSize": 725500928.0,
"UserBucket": {
"S3Bucket": "fortiadc-bucket",
"S3Key": "bootdisk.img"
},
"SnapshotId": "snap-00cb30ea5ce6fb97f"
},
"Description": "FADC",
"ImportTaskId": "import-snap-fh2q08gi"
}
]
}
After "Status": "completed", you can find your snapshot in the navigation pane, under Elastic Block Store
Step 6: Create Amazon Machine Image (AMI)
A. Right click on FortiADC-bootdisk and choose Create Image
2. Fill name and set Virtualization type to virtual machine (HVM) and Add a New Volume with 30GB
3. Click Create
4. Under My AMIs you can find the one you just created