Manual VM Import to AWS - Windows

Introduction

I have been getting asked more and more how to manually import on-premise virtual machines into AWS, without using other services such as CloudEndure or AWS Migration Services. Some may want a quick and dirty way to get the source to the destination without spinning up any extra appliances, going through Change Control, or just getting to the end goal faster compared to the extra layers offered by other services.

VM Import/Export enables you to import virtual machine images from your existing virtualization environment (VMware, Hyper-V, etc.) to Amazon EC2. This enables you to migrate applications and workloads to Amazon EC2, copy your VM image to Amazon EC2, or create a repository of VM images for backup and disaster recovery.

Prerequisites for VMware Image

Before exporting your VM, complete these preparation steps on the source machine:

1. Remove VMware Tools - Uninstall if present (AWS will install its own drivers)
2. Disable AV/IDS - Temporarily disable antivirus or intrusion detection applications
3. Disconnect CD-ROM - Remove any mounted CD/DVD drives
4. Enable DHCP - Configure the network adapter to obtain IP automatically
5. Enable RDP - Enable Remote Desktop and modify OS firewall rules to allow RDP (port 3389)
6. Install .NET Framework 4.5+ - Required for AWS drivers and tools

AWS CLI Installation

Install AWS CLI on your management machine (not the VM you want to import).

Silent Install

1. Open PowerShell as Administrator
2. Run the installer:

msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi /q

Confirm Installation

1. Open a new PowerShell window
2. Verify the version:

aws --version

AWS CLI Configuration

Configure your AWS credentials on the management machine:

1. Run the configure command:

aws configure

2. Enter your credentials when prompted:
   • AWS Access Key ID
   • AWS Secret Access Key
   • Default region (e.g., us-east-1)
   • Default output format (e.g., json)

Verify your configuration:

# View general config
cat ~/.aws/config

# View credentials (contains your keys)
cat ~/.aws/credentials

Create S3 Bucket

You need an S3 bucket to store the VMDK/VHD file. Bucket names must be globally unique across all of AWS.

1. Create the bucket:

aws s3 mb s3://your-unique-bucket-name/import

2. Upload your VM file:

aws s3 cp "C:\path\to\your\vm.vmdk" s3://your-unique-bucket-name/import/

Create IAM Roles and Policies

The VM Import service needs specific IAM permissions. Create three JSON files on your management machine:

1. containers.json

Specifies the location of your VMDK file in S3:

[{
   "Description": "My VM Import",
   "Format": "vmdk",
   "UserBucket": {
       "S3Bucket": "your-unique-bucket-name",
       "S3Key": "import/your-vm-file.vmdk"
   }
}]

2. trust-policy.json

Allows the VM Import service to assume the role:

{
  "Version": "2012-10-17",
  "Statement": [
     {
        "Effect": "Allow",
        "Principal": { "Service": "vmie.amazonaws.com" },
        "Action": "sts:AssumeRole",
        "Condition": {
           "StringEquals":{
              "sts:Externalid": "vmimport"
           }
        }
     }
  ]
}

3. role-policy.json

Grants permissions to access your S3 bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:PutObject",
                "s3:GetBucketAcl"
            ],
            "Resource": [
                "arn:aws:s3:::your-unique-bucket-name",
                "arn:aws:s3:::your-unique-bucket-name/*"
            ]
        }
    ]
}

Create the IAM Role

Navigate to the directory containing your JSON files and run:

1. Create the role:

aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json

2. Attach the policy:

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json

Import the VM

Now run the import command:

aws ec2 import-image --description "My Imported VM" --license-type BYOL --disk-containers file://containers.json

This returns a task ID. Check the progress with:

aws ec2 describe-import-image-tasks --import-task-ids import-ami-0123456789abcdef0

Launch Your AMI

Once the import completes:

1. Log into the AWS Console
2. Navigate to EC2 → AMIs (under Images)
3. Find your imported AMI - It will have the description you specified
4. Click Launch Instance
5. Configure as needed - Select instance type, VPC, subnet, security groups, etc.

Troubleshooting

Common issues and their solutions:

• "ClientError: No valid partitions" - The VMDK file may be corrupt or the wrong format. Ensure you exported as a single VMDK file (not split). Try re-exporting from your hypervisor.
• "ClientError: Unsupported OS" - Check that your OS is in the supported OS list. Older Windows versions (Server 2003, XP) are not supported.
• Instance launches but no network - You likely forgot to enable DHCP before export. You'll need to re-export with DHCP enabled, or use EC2 Serial Console to fix.
• "Access Denied" during import - Verify the vmimport role exists and has the correct trust policy. The S3 bucket ARN in role-policy.json must match exactly.
• Import stuck at "converting" - Large VMs can take several hours. Check CloudTrail for any errors. If stuck for more than 6 hours, cancel and retry.
• Can't RDP after launch - Verify the security group allows inbound RDP (port 3389) from your IP. Also confirm RDP was enabled on the source VM before export.

Conclusion

While AWS offers more sophisticated migration tools like Application Migration Service and CloudEndure, sometimes you just need to get a VM into AWS quickly without the extra infrastructure. VM Import/Export gives you that direct path - export, upload, import, launch. It's not fancy, but it gets the job done.