The way to use AWS is not limited to AMI provided by Amazon (or 3rd party/community), but is possible to instantiate an EC2 workload starting from your own image, and converting to AMI.

The steps to create your custom AMI starting from VMware runs through these macro steps:

  • create VM template (ova)
  • create S3 bucket and upload the template
  • convert with awscli

OVA creation and upload in S3

This is the easiest part of this how-to that I don’t want to explain is how to export the Virtual Machine ova from the vInfrastructure or Workstation/Fusion… anyway IMHO the best method to manage VM template is using ova; starting from ovf and vmdk files, you could simply converting these files to ovf using ovftool (, and executing the following command:

1ovftool <vm_image>.ovf <vm_image>.ova

Create an S3 bucket and upload the ova template via web, keeping in mind the name of the bucket and the name of the ova.

AMI conversion

“Version”: “2012-10-17”,
“Statement”: [
“Effect”: “Allow”,
“Principal”: { “Service”: “” },
“Action”: “sts:AssumeRole”,
“Condition”: {
“sts:Externalid”: “vmimport”

Prepare the policy document trust-policy.json:

Then, create the role:

1aws iam create-role –role-name vmimport –assume-role-policy-document file://trust-policy.json

…and repare the role policy document named role-policy.json

“arn:aws:s3:::mohanawss3/” ] }, { “Effect”:”Allow”, “Action”:[ “ec2:ModifySnapshotAttribute”, “ec2:CopySnapshot”, “ec2:RegisterImage”, “ec2:Describe

After role, create the role policy:

1aws iam put-role-policy –role-name vmimport –policy-name vmimport –policy-document file://role-policy.json

Finally we could proceed with the real conversion, uploading the ova file into S3 bucket and creating the “container” description file.

The container.json will look like this:

“Description”: “mycentos OVA”,
“Format”: “ova”,
“UserBucket”: {
“S3Bucket”: “mohanawss3”,
“S3Key”: “awsmohan.ova”

Then execute the command:

1aws ec2 import-image –description “Mohanaws” –license-type BYOL –disk-containers file://containers.json

The process is asynchronous and to see what is the state of this task, simply issuing the following command using “import-ami-xxxxxx” as task id:

1aws ec2 describe-import-image-tasks –import-task-ids import-ami-xxxx

Following the official documentation ( ) the states are:

  • active — The import task is in progress.
  • deleting — The import task is being canceled.
  • deleted — The import task is canceled.
  • updating — Import status is updating.
  • validating — The imported image is being validated.
  • converting — The imported image is being converted into an AMI.
  • completed — The import task is completed and the AMI is ready to use.

When the conversion is completed, you could start the first EC2 instance to see if all is gone well.

Leave a comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image


Protected by WP Anti Spam

Hit Counter provided by dental implants orange county