This guide walks you through the process of converting a Virtual Hard Disk (VHD) file into an Amazon Machine Image (AMI) and launching EC2 instances, all through the AWS Management Console.
If you would like to learn about how to use the WSBU Client GUI to restore a Physical Drive's VHD to S3, you can follow the steps in our Restore Disk Image to AWS S3 documentation.
Before you begin, make sure you have:
- The AWS region selected where you want to create your resources
- Access to the AWS Management Console with appropriate permissions (including `ec2:ImportSnapshot` and `s3:GetObject`)
Create an IAM User & Programatic S3 Keys
Create User
Log in to the AWS console click on Services, then click on Identity Access Management (IAM) and click "Add User"
Use a name that’s easy to recognize to avoid accidental deletion later. For example, "s3_backup_user" is a simple and descriptive choice since this user will only be needed for created programatic access limited to S3.
Set Permissions
Click "Attach policies directly", then type "s3Full" in the filter input, enable "AmazonS3FullAccess". Click Next.
Review and Create
Should have Username you specified & Permissions Summary: "AmazonS3FullAccess". then click Create user.
Create Programatic Access Keys
the Access Key ID and & Secret Access Key will be entered in the Disk Image Wizard Form for uploading and downloading the disk image to your specified bucket in S3.
Download and store Keys
Create the vmimport
Role
Step 1: Open the IAM Console
- Open the AWS Management Console and navigate to the IAM service.
- Click on Roles in the left-hand menu.
Step 2: Start Creating the Role
- Click on Create Role to start the wizard.
- Under Trusted Entity Type, select AWS Service.
- In the Use Case drop-down, select EC2 (even though we're using the VM Import/Export service, EC2 is the relevant service).
Step 3: Skip Permissions Policies (for Now)
- On the Add Permissions page, do not attach any policies yet.
- Instead, just click Next at this stage.
Step 4: Set the Trust Relationship
-
After the role is created, you’ll need to edit the Trust Relationships of the role to explicitly allow the VM Import/Export service to assume this role:
-
In the IAM Roles list, find the role you just created and click its name.
-
Go to the Trust relationships tab and click Edit trust relationship.
-
Replace the existing JSON with the following:
-
-
Click Update Trust Policy to save the changes.
Step 5: Attach the Required Permissions
-
Go back to the role’s Permissions tab and click Add permissions → Attach policies.
-
Attach the following inline policy (or create a custom one as shown below):
-
Click Create inline policy to open the policy editor.
-
In the JSON tab, paste the following policy, replacing
YOUR_BUCKET_NAME
with the name of your S3 bucket:
-
JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::YOUR_BUCKET_NAME",
"arn:aws:s3:::YOUR_BUCKET_NAME/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:ImportImage",
"ec2:CancelImportTask",
"ec2:DescribeImportImageTasks",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:ModifyImageAttribute",
"ec2:CopyImage",
"ec2:DeregisterImage"
],
"Resource": "*"
}
]
}
-
Click Review policy, give it a name like
vmimport-policy
, and save it.
Import the VHD as a Snapshot
Step 1: Open AWS CloudShell
- Log in to the AWS Management Console.
- Launch AWS CloudShell from the top navigation bar.
Step 2: Start the Import Snapshot Task
Run the following command to start the snapshot import task:
- Replace
your-bucket-name
with the name of your S3 bucket. - Replace
your-file.vhd
with the key (path) to your VHD file in the bucket.
Step 3: Monitor the Import Task
Use this command to check the status of the import task:
- Look for the
"SnapshotTaskDetail"
section in the output. - The status field will show progress (
active
) or completion (completed
).
Step 4: Verify the Snapshot
Once the import is complete:
- In the AWS Management Console EC2 dashboard, navigate to the Elastic Block Store section on the left side, then select Snapshots.
- Find the snapshot by its description or snapshot ID.
Create an AMI from the Snapshot
1. Once your snapshot status shows "Completed":
- Select your imported snapshot from the list
- Click the "Actions" dropdown
- Select "Create Image"
2. In the "Create Image" dialog:
- Enter a meaningful name for your AMI (e.g., `Production-Web-Server-v1`)
- Provide a detailed description for later reference
- Choose an architecture (x86_64 or ARM64; match the source system)
- Select the proper virtualization type (typically "Hardware-assisted virtualization")
- Verify the Root Device Name (usually `/dev/xvda` or `/dev/sda1`)
- Adjust any volume settings if needed
- Click "Create Image"
Launch an EC2 Instance from Your AMI
1. Once your AMI status shows "Available":
- Select your AMI from the list
- Click the "Launch instance from AMI" button
2. In the instance launch wizard:
- Enter a name for your instance
- Choose an instance type that matches your needs
- Select or create a key pair for secure access (If needed, create a new key pair.)
3. Under "Network settings":
- Choose your VPC (or default VPC if none configured)
- Select a subnet
- Configure security groups (e.g., allow SSH or RDP access)
4. Adjust storage settings if needed, review all configurations, and click "Launch instance."
5. Verify the instance is running successfully:
- Navigate to the EC2 dashboard and check the instance state ("running").