How to: Import Virtual Machines Into Amazon with the Amazon EC2 API Tools

Amazon’s recent announcement regarding support for importing Windows Server 2003 VMs into EC2 (along with adding support for VHD disk images) reminded me that I have yet to give this awesome service a try. The following instructions should get you started.

Prerequisites:

First, I am assuming you already have an AWS account and are somewhat familiar with the basics of AWS. Specifically working with security groups, starting and stopping instances, creating S3 buckets, etc…

Second, you need a virtual machine created in any VMware product, or VirtualPC/Hyper-V. VM Import also supports disk images in RAW format, but I am not aware of a free virtualization product that uses this yet.

Third, you need to download the Amazon EC2 API Tools and set your environment variables. For Windows, see this guide. When you get to the portion with certificates, make sure you are using the certs from the x.509 tab of your Security Credentials page.

“set EC2_PRIVATE_KEY” is for the .pem file prefixed with “pk-”

“set EC2_CERT” is for the .pem file prefixed with “cert-”

Alternatively, you can use the Amazon EC2 VM Import Connector for VMware vCenter if you are licensed for it and like to avoid the command line if possible.

Once you environment variables are set up, launch the batch file referenced in the earlier guide if you haven’t already. Also make sure that you can run the “ec2-describe-regions” command without error. If all is good, you are finally able to start the actual import.

Import Virtual Machine Image Using the API Tools:

  1.  Make sure you have a VMDK, RAW, or VHD disk ready. Please see this page for more details on what is supported.
  2. Run the following command to prepare an Amazon Machine Image (AMI) and create a job id for the conversion:
```powershell
ec2-import-instance "<path-to-vm-image>" -t <instance type> -f <format> -a <architecture> -b <s3 bucket> -o <Access Key ID> -w <Secret Access Key>
```

<b>NOTE:</b> The Access Keys can be retrieved from the security credentials page in your EC2 account. It is the same page where you retrieved the x.509 certs. Also take note that above command only uses the bare minimum options. Please see the [API Tools Documentation](http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/index.html?ApiReference-cmd-ImportInstance.html) for more details on what you can specify.
  1. Run the following command to upload the image:
```powershell
ec2-upload-disk-image "<path-to-vm-image>" -t <Task ID> -o <Access Key ID> -w <Secret Access Key>
```

<b>NOTE:</b> The Task ID will be output after you run the command in step two. Just search through the text it kicked back and you will find it. It is prefixed with  the word &#8220;import&#8221;. API Tools documentation for this command can be found [here](http://docs.amazonwebservices.com/AWSEC2/2011-07-15/CommandLineReference/index.html?ApiReference-cmd-UploadDiskImage.html)
  1. Take a break. Step three takes a while since it has to upload the entire virtual disk. Don’t worry if the transfer fails at any point, it will resume where it left off if it gets interrupted. After the upload completes you should see the following message:
>The disk image for <Task ID> has been uploaded to Amazon S3
where it is being converted into an EC2 instance.  You may monitor the
progress of this task by running ec2-describe-conversion-tasks.  When
the task is completed, you may use ec2-delete-disk-image to remove the
image from S3.

Go ahead and run the “ec2-describe-conversion-tasks” command to check in on the progress. I left mine run overnight, so I am not sure how long it took in my test. When it completes successfully, run the following command to delete the data stored in S3.

1
ec2-delete-disk-image -o <Access Key ID> -w <Secret Access Key> -t <Task ID>

Your VM is now imported into Amazon. Login to the AWS Management Console and start you instance. You can connect to it via RDP by using the Public DNS address listed on the bottom pane of the console when you have the imported VM selected. If it fails to connect, make sure you have RDP opened up in your security group.

You will undoubtedly run into issues the first time around while you are learning all the little tricks with the API Tools, but once you do it a couple times it gets to be very easy. It will be nice to see Amazon add some of these features to their web interface, but until then this is still a very easy and straight forward process.

comments powered by Disqus