Cloud Migration
Overview:
I was tasked with rehosting an OS using AWS tools. I used the VM import/export feature to import an image from its existing environment into an EC2 instance (lift and shift). The OS was exported from a hypervisor (VirtualBox), and then imported to S3 as an EC2 AMI using CLI. The necessary policies and permissions were added to my IAM user role to enable full programmatic access on S3 and EC2.
Objectives:
1. Stop the running VM in VirtualBox and then use export to OCI
2. Using the CLI, upload the OVA file to S3
3. Create an IAM role for VM Import/Export with S3, EC2, and KMS permissions
4. Import the OVA file as an Amazon EC2 AMI
5. Provision the new instance using the imported AMI!
This project was fundamental for me to understand the basics of migrating applications to the public cloud. This involved rehosting an application and utilising AWS CLI to achieve this. I had the option to use the AWS application migration service, however knowing that this is highly automated; I wanted to fully understand the migration process by creating the right compliance, configuration and security policies. The import/export feature also gives flexibility with the AMI and enables me to launch EC2 instances using my custom AMI any time.
Challenges:
- OS - Initially I tried migrating a Ubuntu OS but experienced several issues as launching the system did not always work even on its original environment using virtual box. I managed to export its file as an OVA, but wasn’t confident in its reliability due to the launch issues. I decided to switch to a Windows 10 OS which operated much more smoothly
- Incorrect file paths – I entered the wrong file path on CLI during the upload process. I realised quickly that I need to save the files to a simple path/directory to avoid getting the script wrong on CLI
- No password access on the instance – I had to reset the administrator password to my new EC2 instance that hosted the OS. I troubleshooted several times using test instances. I had to detach a root volume and attach this to a helper instance which I used to reset the password on its CMD.
Step 1: Install Windows 10 on a virtual machine using the Virtual Box hypervisor
-
Download the Windows 10 iso from the Microsoft download site and Virtual box. Run the ISO file through Virtual box
Windows 10 installed and running:
Windows 11 running windows 10 VM using Virtual box:
Step 2: Upload the OVA file to the S3 Bucket
Using the AWS console, I created a new bucket for the VM import. A list of all buckets shown in the CLI,
File upload in progress. (As shown below I struggled with entering the correct path for the ova file)
OVA file upload completed and verified,
Step 3: Attach policies to IAM user:
Using an existing IAM role, the following policies were added for enabling CLI programmatic access, AmazonS3FullAccess and AmazonEC2FullAccess
Trust relationship: Updated the trust relationship to allow EC2 services. Once enabled, EC2 can assume the role during operations like importing a VM or provisioning an instance.
EC2 role created for VM import:
Modified Trust Policy:
"Principal.Service": "vmie.amazonaws.com": Grants permissions to the VM Import/Export service. "Action": "sts:AssumeRole": Allows the service to assume the role.
Step 4: Import the OVA file as an Amazon EC2 AMI
I created a json script that provides details of the OVA file I will import and its location in the S3 bucket,
Updating the policy of the role which add the necessary permissions,
Import task in progress,
Import was successfully completed.
Step 5: Provision new instance using the imported AMI
Now I am able to launch a new EC2 instance using the imported AMI,
EC2 instance running successfully with the Custom Windows AMI,
The last stage involved launching the instance via RDP, using the public IP, administrator user and password. I had an issue with decrypting the password on the AWS console and had to reset the administrator password to connect to the VM. This was done by detaching the root volume, then attaching this volume to a helper instance so I could reset the admin password on CMD. After resetting the password I successfully connected to the instance using RDP!