VM Import/Export Prerequisites

Before you begin the process of exporting a VM from your virtualization environment or importing and exporting a VM from Amazon EC2, you must be aware of the operating systems and image formats that AWS supports, and understand the limitations on exporting instances and volumes.

To import or export a VM from Amazon EC2, you must also install the CLI tools:

Operating Systems

The following operating systems can be imported into and exported from Amazon EC2.

Windows (32- and 64-bit)

  • Microsoft Windows Server 2003 (Standard, Datacenter, Enterprise) with Service Pack 1 (SP1) or later
  • Microsoft Windows Server 2003 R2 (Standard, Datacenter, Enterprise)
  • Microsoft Windows Server 2008 (Standard, Datacenter, Enterprise)
  • Microsoft Windows Server 2008 R2 (Standard, Datacenter, Enterprise)
  • Microsoft Windows Server 2012 (Standard, Datacenter)
  • Microsoft Windows Server 2012 R2 (Standard, Datacenter)

    Note

    The 32-bit versions Microsoft Windows Server 2012 R2 are not supported.

  • Microsoft Windows 7 (Professional, Enterprise, Ultimate)

    Note

    VM Import currently supports importing VMs running US English versions of Microsoft Windows 7 (Professional, Enterprise, Ultimate). When importing these operating systems, you must comply with the Requirements and Limitations.

  • Microsoft Windows 8 (Professional, Enterprise)

    Note

    VM Import currently supports importing VMs running US English versions of Microsoft Windows 8 (Professional, Enterprise). When importing these operating systems, you must comply with the Requirements and Limitations.

  • Microsoft Windows 8.1 (Professional, Enterprise)

    Note

    The 32-bit versions of Microsoft Windows 8.1 are not supported.

    VM Import currently supports importing VMs running US English versions of Microsoft Windows 8.1 (Professional, Enterprise). When importing these operating systems, you must comply with the Requirements and Limitations.

Linux/Unix (64-bit)

  • Red Hat Enterprise Linux (RHEL) 5.1-5.11, 6.1-6.6, 7.0-7.1

    Note

    RHEL 6.0 is unsupported because it lacks the drivers required to run on Amazon EC2.

    VM Import supports license portability for RHEL instances. Your existing RHEL licenses are imported along with their associated RHEL instance. For more information about eligibility for Red Hat Cloud Access, see Eligibility at the Red Hat website.

  • SUSE Linux Enterprise Server 11-12
  • Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04
  • CentOS 5.1-5.11, 6.1-6.6, 7.0-7.1

    Note

    CentOS 6.0 is unsupported because it lacks the drivers required to run on Amazon EC2.

  • Debian 6.0.0-6.0.8, 7.0.0-7.8.0, 8.0.0
  • Oracle Enterprise Linux 6.1-6.6, 7.0-7.1
  • Fedora Server 19-21

Image Formats

The following formats can be imported into and exported from Amazon EC2.

Importing Image Formats into Amazon EC2

AWS supports the following image formats for importing both disks and VMs into Amazon EC2:

  • RAW format for importing disks and VMs.
  • Dynamic Virtual Hard Disk (VHD) image formats, which are compatible with Microsoft Hyper-V and Citrix Xen virtualization products. VHDX images are not currently supported.
  • Stream-optimized ESX Virtual Machine Disk (VMDK) image format, which is compatible with VMware ESX and VMware vSphere virtualization products.

    Note

    You can only import VMDK files into Amazon EC2 that were created through the OVF export process in VMware.

  • Open Virtual Appliance (OVA) image format, which supports importing images with multiple hard disks.

Exporting Image Formats from Amazon EC2

AWS supports the following image formats for exporting both volumes and instances from Amazon EC2. Make sure that you convert your output file to the format that your VM environment supports:

  • Open Virtual Appliance (OVA) image format, which is compatible with VMware vSphere versions 4 and 5.
  • Virtual Hard Disk (VHD) image format, which is compatible with Citrix Xen and Microsoft Hyper-V virtualization products.
  • Stream-optimized ESX Virtual Machine Disk (VMDK) image format, which is compatible with VMware ESX and VMware vSphere versions 4 and 5 virtualization products.

Instance Types

AWS supports importing Windows instances into most instance types. Microsoft Windows BYOL instances must be launched as a dedicated instance and therefore cannot use the t2 instance type because it doesn’t support dedicated instances.

Linux instances can be imported into the following instance types:

  • General purpose: t2.micro | t2.small | t2.medium | m3.medium | m3.large | m3.xlarge | m3.2xlarge
  • Compute optimized: c3.large | c3.xlarge | c3.2xlarge | c3.4xlarge | cc2.8xlarge
  • Memory optimized: cr1.8xlarge
  • Storage optimized: hi1.4xlarge | hs1.8xlarge | i2.xlarge | i2.2xlarge | i2.4xlarge
  • GPU: cg1.4xlarge

Volume Types and Filesystems

AWS supports importing Windows and Linux instances with the following filesystems:

Windows (32- and 64-bit)

VM Import/Export supports MBR-partitioned volumes that are formatted using the NTFS filesystem. GUID Partition Table (GPT) partitioned volumes are not supported.

Linux/Unix (64-bit)

VM Import/Export supports MBR-partitioned volumes that are formatted using ext2, ext3, ext4, Btrfs, JFS, or XFS filesystem. GUID Partition Table (GPT) partitioned volumes are not supported.

VM Import Service Role

VM Import uses a role in your AWS account to perform certain operations (e.g: downloading disk images from an Amazon S3 bucket). You must create a role with the name vmimport with the following policy and trusted entities. Create a file named trust-policy.json with the following policy:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"",
         "Effect":"Allow",
         "Principal":{
            "Service":"vmie.amazonaws.com"
         },
         "Action":"sts:AssumeRole",
         "Condition":{
            "StringEquals":{
               "sts:ExternalId":"vmimport"
            }
         }
      }
   ]
}

Use the aws iam create-role command to create a role named vmimport and give VM Import/Export access to it.

Note

The external id must be named vmimport.

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

Note

You must include file:// before the policy document name (e.g., file://trust-policy.json), or the command will return the error “A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Syntax errors in policy.”

Creating a policy for the service role

Create a file named role-policy.json with the following policy:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource":[
            "arn:aws:s3:::<disk-image-file-bucket>"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject"
         ],
         "Resource":[
            "arn:aws:s3:::<disk-image-file-bucket>/*"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource":"*"
      }
   ]
}

Replace <disk-image-file-bucket> with the appropriate Amazon S3 bucket where the disk files are stored. Run the following command to attach the policy to the role created above:

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

For more information about IAM roles, see IAM Roles (Delegation and Federation) in the IAM User Guide.

IAM Permissions

If you’re logged on as an AWS Identity and Access Management (IAM) user, you’ll need the following permissions in your IAM policy to import or export a VM:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:DeleteObject",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Resource": ["arn:aws:s3:::mys3bucket","arn:aws:s3:::mys3bucket/*"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CancelConversionTask",
        "ec2:CancelExportTask",
        "ec2:CreateImage",
        "ec2:CreateInstanceExportTask",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:DescribeConversionTasks",
        "ec2:DescribeExportTasks",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInstances",
        "ec2:DescribeTags",
        "ec2:ImportInstance",
        "ec2:ImportVolume",
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances",
        "ec2:ImportImage",
        "ec2:ImportSnapshot",
        "ec2:DescribeImportImageTasks",
        "ec2:DescribeImportSnapshotTasks",
        "ec2:CancelImportTask"
      ],
      "Resource": "*"
    }
  ]
}

For more information about IAM users and policies, see IAM Users and Groups and Managing IAM Policies in the IAM User Guide.

Requirements and Limitations

Known Limitations for Importing a VM into Amazon EC2 Using ImportImage

Importing AMIs and snapshots is subject to the following limitations:

  • You can have up to twenty import image or snapshots tasks per region in progress at the same time. To request an increase to this limit, contact AWS Support. Tasks must complete within 7 days of the start date.
  • Imported VMs create Amazon EC2 AMIs that use Hardware Virtual Machine (HVM) virtualization. Creating AMIs that use Paravirtual (PV) virtualization using VM Import is not supported. Linux PVHVM drivers are supported within imported instances.
  • Imported Red Hat Enterprise Linux (RHEL) instances must use Cloud Access (BYOL) licenses.
  • Imported Linux instances must use 64-bit images. Importing 32-bit Linux images is not supported.
  • Imported Linux instances should use default kernels for best results. VMs that use custom Linux kernels might not import successfully.
  • Typically, you import a compressed version of a disk image; the expanded disk image cannot exceed 1 TiB.
  • Make sure that you have at least 250 MB of available disk space for installing drivers and other software on any VM you want to import into an Amazon EC2 AMI running Microsoft Windows or Linux.
  • Multiple network interfaces are not currently supported. When converted and imported, your instance will have a single virtual NIC using DHCP for address assignment.
  • Internet Protocol version 6 (IPv6) IP addresses are not supported.
  • For vCenter 4.0 and vSphere 4.0 users, remove any attached CD-ROM images or ISOs from the virtual machine.
  • VMs that are created as the result of a P2V conversion are not supported by Amazon EC2 VM import. A P2V conversion occurs when a disk image is created by performing a Linux or Windows installation process on a physical machine and then importing a copy of that Linux or Windows installation into a VM.
  • Amazon VM Import does not install the single root I/O virtualization (SR-IOV) drivers except for imports of Microsoft Windows Server 2012 R2 VMs. These drivers are not required unless you plan to use enhanced networking, which provides higher performance (packets per second), lower latency, and lower jitter. To enable enhanced networking on a c3 or i2 instance type after you import your VM, see Enabling Enhanced Networking on Linux Instances in a VPC. For Microsoft Windows Server 2012 R2 VMs, SR-IOV driver are automatically installed as a part of the import process.
  • In connection with your use of your own Microsoft licenses, such as through MSDN or Windows Software Assurance Per User, to run Microsoft Software on AWS through a bring your own license (BYOL) model:
    1. Your BYOL instances will be priced at the prevailing Amazon EC2 Linux instance pricing (set out at Amazon EC2 Instance Purchasing Options), provided that you (a) run on a Dedicated Instance (For more information, see Dedicated Instances); (b) launch from VMs sourced from software binaries provided by you using VM Import/Export, which will be subject to the then-current terms and abilities of VM Import/Export; (c) designate the instances as BYOL instances (i.e., declare the appropriate platform type flag in the services); (d) run the instances within your designated AWS regions, and where AWS offers the BYOL model; and (e) activate using Microsoft keys that you provide or are used in your Key Management System.
    2. You must account for the fact that when you start an Amazon EC2 instance, it can run on any one of many servers within an Availability Zone. This means that each time you start an Amazon EC2 instance (including a stop/start), it may run on a different server within an Availability Zone. You must account for this fact in light of the limitations on license reassignment as described in the Microsoft Volume Licensing Product Use Rights (PUR)/Product Terms (PT) available at Volume Licensing for Microsoft Products and Online Services, or consult your specific use rights to determine if your rights are consistent with this usage.
    3. You must be eligible to use the BYOL program for the applicable Microsoft software under your agreement(s) with Microsoft, for example, under your MSDN user rights or under your Windows Software Assurance Per User Rights. You are solely responsible for obtaining all required licenses and for complying with all applicable Microsoft licensing requirements, including the PUR/PT. Further, you must have accepted Microsoft’s End User License Agreement (Microsoft EULA), and by using the Microsoft Software under the BYOL program, you agree to the Microsoft EULA.
    4. AWS recommends that you consult with your own legal and other advisers to understand and comply with the applicable Microsoft licensing requirements. Usage of the Services (including usage of the licenseType parameter and BYOL flag) in violation of your agreement(s) with Microsoft is not authorized or permitted.

Known Limitations for Importing a VM into Amazon EC2 Using ImportInstance

Importing instances and volumes is subject to the following limitations:

  • You can have up to five import tasks per region in progress at the same time. To request an increase to this limit, contact AWS Support. Tasks must complete within 7 days of the start date.
  • Imported instances create EC2 instances that use Hardware Virtual Machine (HVM) virtualization. Creating instances that use Paravirtual (PV) virtualization using VM Import is not supported. Linux PVHVM drivers are supported within imported instances.
  • Imported Red Hat Enterprise Linux (RHEL) instances must use Cloud Access (BYOL) licenses.
  • Imported Linux instances must use 64-bit images. Importing 32-bit Linux images is not supported.
  • Imported Linux instances should use default kernels for best results. VMs that use custom Linux kernels might not import successfully.
  • Typically, you import a compressed version of a disk image; the expanded disk image cannot exceed 1 TiB.
  • Make sure your VM only uses a single disk. Importing a VM with more than one disk is not supported. For Linux VMs, /boot and / can be located in different partitions, but they need to be on the same disk.We suggest that you import the VM with only the boot volume, and import any additional disks using the ec2-import-volume command. After the ImportInstance task is complete, use the ec2-attach-volume command to associate the additional volumes with your instance.
  • Virtual Hard Disk (VHD) images must be dynamic.
  • Make sure that you have at least 250 MB of available disk space for installing drivers and other software on any VM you want to import into an Amazon EC2 instance running Microsoft Windows or Linux.
  • Imported instances automatically have access to the Amazon EC2 instance store, which is temporary disk storage located on disks that are physically attached to the host computer. You cannot disable this during import. For more information about instance storage, see Amazon EC2 Instance Store.
  • Multiple network interfaces are not currently supported. When converted and imported, your instance will have a single virtual NIC using DHCP for address assignment.
  • Internet Protocol version 6 (IPv6) IP addresses are not supported.
  • For vCenter 4.0 and vSphere 4.0 users, remove any attached CD-ROM images or ISOs from the virtual machine.
  • Amazon VM Import does not install the single root I/O virtualization (SR-IOV) drivers on the c3 and i2 instance types, except for imports of Microsoft Windows Server 2012 R2 VMs. These drivers are not required unless you plan to use enhanced networking, which provides higher performance (packets per second), lower latency, and lower jitter. To enable enhanced networking on a c3 or i2 instance type after you import your VM, see Enabling Enhanced Networking on Linux Instances in a VPC. For Microsoft Windows Server 2012 R2 VMs, SR-IOV driver are automatically installed as a part of the import process.
  • You cannot import Microsoft Windows instances that use the bring your own license (BYOL) model. To import these instance types, see Importing a VM into Amazon EC2 Using ImportImage.

Known Limitations for Exporting a VM from Amazon EC2

Exporting instances and volumes is subject to the following limitations:

  • You can have up to five export tasks per region in progress at the same time.
  • You cannot export Amazon Elastic Block Store (Amazon EBS) data volumes.
  • You cannot export an instance or AMI that has more than one virtual disk.
  • You cannot export an instance or AMI that has more than one network interface.
  • You cannot export an instance or AMI from Amazon EC2 unless you previously imported it into Amazon EC2 from another virtualization environment.
  • You cannot export an instance or AMI from Amazon EC2 if you’ve shared it from another AWS account.