Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Title: Importing OpenBSD Raw Image to Create AMI - Service Role and Permissions Issue

0

I am trying to import an OpenBSD raw image (gzipped) from an S3 bucket to create an Amazon Machine Image (AMI) in AWS. I have followed the steps to create a VM import service role named "vmimport" and granted the necessary permissions. However, when I run the aws ec2 import-snapshot command using AWS CLI, I am encountering the following error:

An error occurred (InvalidParameter) when calling the ImportSnapshot operation: The service role vmimport provided does not exist or does not have sufficient permissions

I have double-checked the "vmimport" role, S3 bucket permissions, and the JSON input to the aws ec2 import-snapshot command, but I still cannot resolve the issue. I have also tried running the command as both the root user and an IAM user ("adming") with the necessary permissions.

Can you please help me identify the cause of the error and suggest a solution to successfully import the OpenBSD raw image and create an AMI?

Thank you!

Argomenti
Migrazione e modernizzazioneSicurezza, identità e conformitàGestione e amministrazione
Tag
Migrazione e modernizzazioneSicurezza, identità e conformitàGestione identità e accesso AWSInterfaccia a riga di comando AWSPolitiche IAM
Lingua
English
rePost-User-2968909
posta un anno fa439 visualizzazioni
1 Risposta
1
Risposta accettata

This can occur when the VM Import Service role is missing or has insufficient privileges as described in the following document.
https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-troubleshooting.html#import-image-errors

Verify that the trusted entities are as follows.

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}

Also check that the service role has the necessary permissions set as follows.

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "S3 ARN"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "S3 ARN/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
}
profile picture
ESPERTO
Riku_Kobayashi
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente