Fortinet black logo

Importing the Amazon machine image

Copy Link
Copy Doc ID d70417e9-ee00-11ed-8e6d-fa163e15d75b:763303
Download PDF

Importing the Amazon machine image

Step 1: Precondition

Install the AWS Command Line Interface and its dependencies on most Linux distributions with pip, a package manager for Python. Please refer to https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html for more information.

A. Use pip to install the AWS CLI.

$ pip install awscli --upgrade --user

B. Verify that the AWS CLI installed correctly.

$ aws --version

Step 2: Get IAM key

A. Navigate to https://console.aws.amazon.com/iam
B. Users -> Add user

C. Check the box Programmatic access

D. Check the box Administrators

E. After Created, download .csv file to get key

Step 3: Configuring the AWS CLI

$ aws configure

AWS Access Key ID []:xxxxxxxxxxxx (get from Step 2.)

AWS Secret Access Key []:xxxxxxxxxxxx (get from Step 2.)

Default region name []:us-west-1 (Please refer below table for your region name)

Default output format []: json

Step 4: Create S3 bucket

A. Navigate to https://s3.console.aws.amazon.com/s3
B. Create bucket

Step 5: upload image and create snapshot

A. Upload image
  • unzip image.out.xenaws.zip to get bootdisk.img
  • aws s3 cp bootdisk.img s3://<your bucket name>
  • Check the upload success

B. To create the service role

1) Create trust-policy.json with the following policy:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": { "Service": "vmie.amazonaws.com" },

"Action": "sts:AssumeRole",

"Condition": {

"StringEquals":{

"sts:Externalid": "vmimport"

}

}

}

]

}

2) Create a role named vmimport

If the role with name vmimport already exists, skip this step.

$ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

3) Create role-policy.json with the following policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::<your S3 bucket name>"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::<your S3 bucket name>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

4) Attach the policy to the role created above

$ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

C. Create snapshot

1) Create container.json with the following content:

{

"Description": "FADC 5.1.0 image",

"Format": "raw",

"UserBucket": {

"S3Bucket": "fortiadc-bucket", // S3Bucket:<your S3 bucket name>

"S3Key": "bootdisk.img" // S3Key:<Your image name in S3 >

}

}

2) import snapshot

$ aws ec2 import-snapshot --description "<description>" --disk-container file://container.json

{

"SnapshotTaskDetail": {

"Status": "active",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 0.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"Progress": "3",

"StatusMessage": "pending"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

You can check the progress using the following commands:

$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi // ImportTaskId

{

"ImportSnapshotTasks": [

{

"SnapshotTaskDetail": {

"Status": "active",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 725500928.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"Progress": "19",

"StatusMessage": "validated"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

]

}

$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi

{

"ImportSnapshotTasks": [

{

"SnapshotTaskDetail": {

"Status": "completed",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 725500928.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"SnapshotId": "snap-00cb30ea5ce6fb97f"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

]

}

After "Status": "completed", you can find your snapshot in the navigation pane, under Elastic Block Store

Step 6: Create Amazon Machine Image (AMI)

A. Right click on FortiADC-bootdisk and choose Create Image

2. Fill name and set Virtualization type to virtual machine (HVM) and Add a New Volume with 30GB

3. Click Create

4. Under My AMIs you can find the one you just created

Importing the Amazon machine image

Step 1: Precondition

Install the AWS Command Line Interface and its dependencies on most Linux distributions with pip, a package manager for Python. Please refer to https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-linux.html for more information.

A. Use pip to install the AWS CLI.

$ pip install awscli --upgrade --user

B. Verify that the AWS CLI installed correctly.

$ aws --version

Step 2: Get IAM key

A. Navigate to https://console.aws.amazon.com/iam
B. Users -> Add user

C. Check the box Programmatic access

D. Check the box Administrators

E. After Created, download .csv file to get key

Step 3: Configuring the AWS CLI

$ aws configure

AWS Access Key ID []:xxxxxxxxxxxx (get from Step 2.)

AWS Secret Access Key []:xxxxxxxxxxxx (get from Step 2.)

Default region name []:us-west-1 (Please refer below table for your region name)

Default output format []: json

Step 4: Create S3 bucket

A. Navigate to https://s3.console.aws.amazon.com/s3
B. Create bucket

Step 5: upload image and create snapshot

A. Upload image
  • unzip image.out.xenaws.zip to get bootdisk.img
  • aws s3 cp bootdisk.img s3://<your bucket name>
  • Check the upload success

B. To create the service role

1) Create trust-policy.json with the following policy:

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Principal": { "Service": "vmie.amazonaws.com" },

"Action": "sts:AssumeRole",

"Condition": {

"StringEquals":{

"sts:Externalid": "vmimport"

}

}

}

]

}

2) Create a role named vmimport

If the role with name vmimport already exists, skip this step.

$ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

3) Create role-policy.json with the following policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::<your S3 bucket name>"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::<your S3 bucket name>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

4) Attach the policy to the role created above

$ aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

C. Create snapshot

1) Create container.json with the following content:

{

"Description": "FADC 5.1.0 image",

"Format": "raw",

"UserBucket": {

"S3Bucket": "fortiadc-bucket", // S3Bucket:<your S3 bucket name>

"S3Key": "bootdisk.img" // S3Key:<Your image name in S3 >

}

}

2) import snapshot

$ aws ec2 import-snapshot --description "<description>" --disk-container file://container.json

{

"SnapshotTaskDetail": {

"Status": "active",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 0.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"Progress": "3",

"StatusMessage": "pending"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

You can check the progress using the following commands:

$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi // ImportTaskId

{

"ImportSnapshotTasks": [

{

"SnapshotTaskDetail": {

"Status": "active",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 725500928.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"Progress": "19",

"StatusMessage": "validated"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

]

}

$ aws ec2 describe-import-snapshot-tasks --import-task-ids import-snap-fh2q08gi

{

"ImportSnapshotTasks": [

{

"SnapshotTaskDetail": {

"Status": "completed",

"Description": "FADC",

"Format": "RAW",

"DiskImageSize": 725500928.0,

"UserBucket": {

"S3Bucket": "fortiadc-bucket",

"S3Key": "bootdisk.img"

},

"SnapshotId": "snap-00cb30ea5ce6fb97f"

},

"Description": "FADC",

"ImportTaskId": "import-snap-fh2q08gi"

}

]

}

After "Status": "completed", you can find your snapshot in the navigation pane, under Elastic Block Store

Step 6: Create Amazon Machine Image (AMI)

A. Right click on FortiADC-bootdisk and choose Create Image

2. Fill name and set Virtualization type to virtual machine (HVM) and Add a New Volume with 30GB

3. Click Create

4. Under My AMIs you can find the one you just created