Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.Prerequisites for exporting an instance from Amazon EC2
To export a VM from Amazon EC2, first meet the following prerequisites:
-
Create an Amazon S3 bucket for storing the exported instances or choose an existing
bucket. The bucket must be in the Region where you want export your VMs.
Additionally, the bucket must belong to the AWS account where you are
performing the export operation. For more information, see the
Amazon Simple Storage Service User Guide.
-
You can't export a VM to an S3 bucket that uses the bucket owner enforced
setting for S3 Object Ownership because ACLs are disabled. For more
information, see Configuring
ACLs in the Amazon Simple Storage Service User Guide.
-
Prepare your S3 bucket by attaching an access control list (ACL) containing
the following grants. For more information, see Managing access with ACLs
in the Amazon Simple Storage Service User Guide.
- Console
-
To configure the S3 bucket
Open the Amazon S3 console at
https://eusc-de-east-1.console.amazonaws-eusc.eu/s3/.
-
Select the bucket in which to store the exported instances.
-
On the Permissions tab, change the object ownership
to Bucket owner preferred.
-
Attach the following bucket policy. For CanonicalUser, enter
the canonical account ID for the bucket Region. For Resource,
enter the name of your bucket in the bucket ARNs.
JSON
- JSON
-
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "GrantReadAclAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket",
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}
- AWS CLI
-
To configure the S3 bucket
Use the put-bucket-ownership-controls command to change the object
ownership.
aws s3api put-bucket-ownership-controls \
--bucket amzn-s3-demo-export-bucket \
--ownership-controls='{"Rules":[{"ObjectOwnership":"BucketOwnerPreferred"}]}'
Use the put-bucket-policy command to attach the bucket policy. For
CanonicalUser, enter the canonical account ID for the bucket
Region. For Resource, enter the name of your bucket in the
bucket ARNs.
aws s3api put-bucket-policy \
--bucket amzn-s3-demo-export-bucket \
--policy \
'{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantReadAcpAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket",
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}'
- PowerShell
-
To configure the S3 bucket
Use the Write-S3BucketOwnershipControl cmdlet to change the object
ownership.
Write-S3BucketOwnershipControl `
-BucketName "amzn-s3-demo-export-bucket" `
-OwnershipControls_Rule @{ObjectOwnership="BucketOwnerPreferred"}
Use the Write-S3BucketPolicy cmdlet to attach the bucket policy. For
CanonicalUser, enter the canonical account ID for the bucket
Region. For Resource, enter the name of your bucket in the
bucket ARNs.
Write-S3BucketPolicy `
-BucketName "amzn-s3-demo-export-bucket" `
-Policy `
'{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantReadAcpAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket",
"arn:aws-eusc:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}'