Export AMI ke file VM

Mengekspor Amazon Machine Image (AMI) ke file VM berguna saat Anda ingin menerapkan instance baru ke lingkungan virtualisasi yang ada di lokal. Misalnya seperti menggunakan vmware, hyperv, xen. dan kvm

Hasil image akan disimpan ke Amazon S3 sehingga Anda perlu membuat dulu bucket dan setting permission bucket

Buat bucket

aws s3 mb s3://mybucket

Selanjutya setting permission dengan cara membuat file policy.json dan edit seperti berikut.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}

Update policy

aws s3api put-bucket-policy --bucket mybucket --policy file://policy.json

Export image

Service role

Buat file bernama trust-policy.json dan edit seperti berikut

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

Gunakan perintah create-role untuk membuat role bernama `vmimport

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

Buat file bernama role-policy.json lalu edit dengan menyesuaikan nama bucket

{
    "Version":"2012-10-17",
    "Statement":[
       {
          "Effect": "Allow",
          "Action": [
             "s3:GetBucketLocation",
             "s3:GetObject",
             "s3:ListBucket"
          ],
          "Resource": [
             "arn:aws:s3:::mybucket",
             "arn:aws:s3:::mybucket/*"
          ]
       },
       {
          "Effect": "Allow",
          "Action": [
             "s3:GetBucketLocation",
             "s3:GetObject",
             "s3:ListBucket",
             "s3:PutObject",
             "s3:GetBucketAcl"
          ],
          "Resource": [
             "arn:aws:s3:::mybucket",
             "arn:aws:s3:::mybucket/*"
          ]
       },
       {
          "Effect": "Allow",
          "Action": [
             "ec2:ModifySnapshotAttribute",
             "ec2:CopySnapshot",
             "ec2:RegisterImage",
             "ec2:Describe*"
          ],
          "Resource": "*"
       }
    ]
 }

Gunakan perintah put-role-policy untuk attach policy pada role yang dibuat sebelumya

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Start an export image task

aws ec2 export-image --image-id ami-id --disk-image-format VMDK --s3-export-location S3Bucket=mybucket,S3Prefix=exports/

disk image format dapat berupa VMDK, RAW, dan VHD

Monitor an export image task

aws ec2 describe-export-image-tasks --export-image-task-ids export-ami-1234567890abcdef0

Output

{
  "ExportImageTasks": [
      {
          "ExportImageTaskId": "export-ami-1234567890abcdef0"
          "Progress": "21",
          "S3ExportLocation": {
              "S3Bucket": "mybucket",
              "S3Prefix": "exports/"
          },
          "Status": "active",
          "StatusMessage": "updating"
      }
  ]
}

Cancel an export image task

aws ec2 cancel-export-task --export-task-id export-ami-1234567890abcdef0