Manual VM Import to AWS - Linux
Import RHEL VMs to AWS using VM Import/Export. Key differences from Windows: install NVMe/Xen drivers with dracut before export, use --license-type BYOL (Red Hat Cloud Access required), and connect via SSH instead of RDP. Supports RHEL 7, 8, 9, and 10. RHEL 5-6 deprecated February 2026.
Introduction
This guide covers the RHEL-specific steps for manually importing Red Hat Enterprise Linux virtual machines into AWS using VM Import/Export. It complements the general Windows VM Import guide with Linux-specific preparation, driver installation, and licensing requirements.
VM Import/Export enables you to import RHEL images from VMware, Hyper-V, or other hypervisors directly to Amazon EC2, preserving your existing configurations and applications.
Supported RHEL Versions
AWS VM Import/Export currently supports the following Red Hat Enterprise Linux versions:
| RHEL Version | Kernel | Status |
|---|---|---|
| RHEL 10 | 6.12.0 | Supported |
| RHEL 9.0-9.6 | 5.14.0 | Supported |
| RHEL 8.0-8.9 | 4.18.0 | Supported |
| RHEL 7 | 3.10.0 | Supported |
| RHEL 5-6 | Various | Deprecated Feb 1, 2026 |
Starting February 1, 2026, AWS VM Import/Export will deprecate support for RHEL 5 and RHEL 6. Plan your migration to RHEL 7+ before this date.
Prerequisites for RHEL Import
Before exporting your RHEL VM, complete these preparation steps on the source machine:
- Red Hat Cloud Access - RHEL imports require BYOL (Bring Your Own License). Register with Red Hat Cloud Access before importing.
- Enable SSH - Ensure SSH is enabled for remote access (port 22)
- Enable DHCP - Configure the network adapter to obtain IP automatically
- Install AWS Drivers - Add NVMe and Xen drivers to initramfs (critical step)
- Remove Hardware-Specific Configs - Clear MAC addresses and persistent network rules
Unlike Windows imports which can use AWS licensing, RHEL imports must use BYOL via Red Hat Cloud Access. Contact Red Hat to verify your Cloud Access eligibility before importing.
Step 1: Enable SSH and DHCP
Configure remote access and dynamic IP addressing:
Enable SSH
# Enable and start SSH service
sudo systemctl enable sshd
sudo systemctl start sshd
# Verify SSH is running
sudo systemctl status sshdConfigure DHCP
# Configure network interface for DHCP using NetworkManager
sudo nmcli con mod "System eth0" ipv4.method auto
sudo nmcli con up "System eth0"
# Verify DHCP is enabled
cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Should show: BOOTPROTO=dhcpForgetting to enable DHCP is the most common cause of "instance launches but I can't connect" issues. AWS assigns IP addresses via DHCP - static IPs from your on-premises environment won't work.
Step 2: Install AWS Drivers (Critical)
This is the most important RHEL-specific step. You must add NVMe and Xen drivers to the initramfs before export, or your instance will fail to boot on AWS.
For x86_64 (AMD64/Intel 64) VMs
# Add NVMe and Xen drivers to initramfs
sudo dracut -f --add-drivers "nvme xen-netfront xen-blkfront"
# Verify drivers are included
lsinitrd | grep -E "nvme|xen"For ARM64 (aarch64) VMs
# Add NVMe driver for ARM instances
sudo dracut -f --add-drivers "nvme"Alternative: Persistent Configuration
Create a dracut configuration file for automatic inclusion:
# Create AWS drivers config file
echo 'add_drivers+=" nvme xen-netfront xen-blkfront "' | sudo tee /etc/dracut.conf.d/aws.conf
# Rebuild initramfs with new config
sudo dracut -f
# Verify the drivers are in initramfs
lsinitrd | grep -E "nvme|xen"Missing these drivers causes "dracut timeout" errors and boot failures on AWS. This is the most common cause of failed RHEL imports.
Step 3: Clean Up Hardware-Specific Configs
Remove configurations that are specific to your on-premises hardware:
# Remove persistent network rules (if present)
sudo rm -f /etc/udev/rules.d/70-persistent-net.rules
# Remove MAC address from network config
sudo sed -i '/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-*
# Remove UUID from network config (optional)
sudo sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-*
# Remove cloud-init if installed (can cause conflicts)
sudo yum remove cloud-init -y
# Update system packages (recommended)
sudo yum update -y
# Power off the VM
sudo poweroffStep 4: Export VM Image
Export your VM from your hypervisor in one of these supported formats:
- VMDK - VMware (stream-optimized recommended)
- VHD/VHDX - Microsoft Hyper-V
- OVA - Open Virtual Appliance (supports multiple disks)
- RAW - Raw disk image
For VMware, export as a single VMDK file (not split). Use vmware-vdiskmanager or export directly from vSphere as a stream-optimized VMDK.
Step 5: Upload to S3
Create an S3 bucket and upload your RHEL image:
# Create S3 bucket for import
aws s3 mb s3://your-bucket-name/import
# Upload your RHEL image
aws s3 cp /path/to/rhel-vm.vmdk s3://your-bucket-name/import/
# Verify upload completed
aws s3 ls s3://your-bucket-name/import/Large VMDK files can take hours to upload. Consider using aws s3 cp with the --expected-size flag for files over 50GB, or use AWS DataSync for very large transfers.
Step 6: Create IAM Roles and Policies
The VM Import service needs specific IAM permissions. Create these JSON files on your management machine:
1. containers.json
Specifies the location of your VMDK file in S3:
[{
"Description": "RHEL 9 Server Import",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "your-bucket-name",
"S3Key": "import/rhel-vm.vmdk"
}
}]2. trust-policy.json
Allows the VM Import service to assume the role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:Externalid": "vmimport"
}
}
}
]
}3. role-policy.json
Grants permissions to access your S3 bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}
]
}Create the IAM Role
Navigate to the directory containing your JSON files and run:
- Create the role:
aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json- Attach the policy:
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.jsonStep 7: Import the RHEL VM
Now run the import command with BYOL licensing:
aws ec2 import-image \
--description "RHEL 9 Server" \
--license-type BYOL \
--disk-containers file://containers.jsonThis returns a task ID. Check the progress with:
aws ec2 describe-import-image-tasks --import-task-ids import-ami-0123456789abcdef0The import process can take 30 minutes to several hours depending on the size of your VM. The status will progress through: pending → converting → booting → completed.
Step 8: Launch Your AMI
Once the import completes:
- Log into the AWS Console
- Navigate to EC2 → AMIs (under Images)
- Find your imported AMI - It will have the description you specified
- Click Launch Instance
- Configure as needed - Select instance type, VPC, subnet, security groups, etc.
- Ensure Security Group allows SSH - Port 22 from your IP
Step 9: Post-Import Configuration
After launching your instance, complete these final steps:
Connect via SSH
# Connect using your key pair
ssh -i your-key.pem ec2-user@<public-ip>
# Or if you use a different username
ssh -i your-key.pem root@<public-ip>Register with Red Hat Subscription Manager
# Register your RHEL instance
sudo subscription-manager register --username=your-username --password=your-password
# Attach subscription automatically
sudo subscription-manager attach --auto
# Verify registration
sudo subscription-manager statusTroubleshooting
Common issues and their solutions:
- "Dracut timeout" during boot - Missing NVMe/Xen drivers. Re-export after running
dracut -f --add-drivers "nvme xen-netfront xen-blkfront" - Instance launches but no network - Static IP configured or DHCP not enabled. Re-export with DHCP enabled on the primary network interface.
- "ClientError: Unsupported OS" - Check that your RHEL version is in the supported OS list. RHEL 5-6 deprecated February 2026.
- "Access Denied" during import - Verify the
vmimportrole exists and has the correct trust policy. The S3 bucket ARN inrole-policy.jsonmust match exactly. - Import stuck at "converting" - Large VMs can take several hours. Check CloudTrail for any errors. If stuck for more than 6 hours, cancel and retry.
- Can't SSH after launch - Verify the security group allows inbound SSH (port 22) from your IP. Also confirm SSH was enabled on the source VM before export.
- Instance fails status checks - Missing ENA driver for Nitro instances. Install ENA driver before export or use non-Nitro instance types.
- License type error - RHEL requires
--license-type BYOL. Ensure you have Red Hat Cloud Access configured.
Key Differences from Windows Import
| Aspect | Windows | RHEL |
|---|---|---|
| Drivers | .NET Framework 4.5+ | dracut with nvme/xen drivers |
| Licensing | AWS or BYOL | BYOL only (Red Hat Cloud Access) |
| Remote Access | RDP (port 3389) | SSH (port 22) |
| Tools to Remove | VMware Tools | cloud-init (optional) |
| Network Config | DHCP via GUI | DHCP via nmcli/ifcfg files |
Conclusion
Importing RHEL VMs to AWS follows the same general process as Windows imports, with a few critical differences: driver installation via dracut instead of .NET, mandatory BYOL licensing through Red Hat Cloud Access, and SSH access instead of RDP. The most important step is ensuring the NVMe and Xen drivers are included in initramfs before export - missing this step is the primary cause of failed RHEL imports.
For more complex migrations or if you need ongoing replication, consider AWS Application Migration Service or CloudEndure. But for quick, one-time imports, VM Import/Export gets the job done.