Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Prerequisites for exporting an instance from Amazon EC2
To export a VM from Amazon EC2, first meet the following prerequisites:
-
Create an Amazon S3 bucket for storing the exported instances or choose an existing
bucket. The bucket must be in the Region where you want export your VMs.
Additionally, the bucket must belong to the Amazon Web Services account where you are
performing the export operation. For more information, see the
Amazon Simple Storage Service User Guide.
-
You can't export a VM to an S3 bucket that uses the bucket owner enforced
setting for S3 Object Ownership because ACLs are disabled. For more
information, see Configuring
ACLs in the Amazon Simple Storage Service User Guide.
-
Prepare your S3 bucket by attaching an access control list (ACL) containing
the following grants. For more information, see Managing access with ACLs
in the Amazon Simple Storage Service User Guide.
-
For each Grantee, provide the following permissions:
-
READ_ACP (In the Amazon S3 console, Bucket
ACL should have the Read
permission)
-
WRITE (In the Amazon S3 console,
Objects should have the
Write permission)
-
For Grantee, provide the following canonical account ID:
834bafd86b15b6ca71074df0fd1f93d234b9d5e848a2cb31f880c149003ce36f
- Console
-
To configure the S3 bucket
Open the Amazon S3 console at
https://console.amazonaws.cn/s3/.
-
Select the bucket in which to store the exported instances.
-
On the Permissions tab, change the object ownership
to Bucket owner preferred.
-
Attach the following bucket policy. For CanonicalUser, enter
the canonical account ID for the bucket Region. For Resource,
enter the name of your bucket in the bucket ARNs.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantReadAclAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket",
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}
- Amazon CLI
-
To configure the S3 bucket
Use the put-bucket-ownership-controls command to change the object
ownership.
aws s3api put-bucket-ownership-controls \
--bucket amzn-s3-demo-export-bucket \
--ownership-controls='{"Rules":[{"ObjectOwnership":"BucketOwnerPreferred"}]}'
Use the put-bucket-policy command to attach the bucket policy. For
CanonicalUser, enter the canonical account ID for the bucket
Region. For Resource, enter the name of your bucket in the
bucket ARNs.
aws s3api put-bucket-policy \
--bucket amzn-s3-demo-export-bucket \
--policy \
'{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantReadAcpAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket",
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}'
- PowerShell
-
To configure the S3 bucket
Use the Write-S3BucketOwnershipControl cmdlet to change the object
ownership.
Write-S3BucketOwnershipControl `
-BucketName "amzn-s3-demo-export-bucket" `
-OwnershipControls_Rule @{ObjectOwnership="BucketOwnerPreferred"}
Use the Write-S3BucketPolicy cmdlet to attach the bucket policy. For
CanonicalUser, enter the canonical account ID for the bucket
Region. For Resource, enter the name of your bucket in the
bucket ARNs.
Write-S3BucketPolicy `
-BucketName "amzn-s3-demo-export-bucket" `
-Policy `
'{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantReadAcpAndWrite",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "c4d8eabf8db69dbe46bfe0e517100c554f01200b104d59cd408e777ba442a322"
},
"Action": [
"s3:GetBucketAcl",
"s3:PutObject"
],
"Resource": [
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket",
"arn:aws-cn:s3:::amzn-s3-demo-export-bucket/*"
]
}
]
}'