Title: Importing OpenBSD Raw Image to Create AMI - Service Role and Permissions Issue

Question

I am trying to import an OpenBSD raw image (gzipped) from an S3 bucket to create an Amazon Machine Image (AMI) in AWS. I have followed the steps to create a VM import service role named "vmimport" and granted the necessary permissions. However, when I run the aws ec2 import-snapshot command using AWS CLI, I am encountering the following error:

An error occurred (InvalidParameter) when calling the ImportSnapshot operation: The service role vmimport provided does not exist or does not have sufficient permissions

I have double-checked the "vmimport" role, S3 bucket permissions, and the JSON input to the aws ec2 import-snapshot command, but I still cannot resolve the issue. I have also tried running the command as both the root user and an IAM user ("adming") with the necessary permissions.

Can you please help me identify the cause of the error and suggest a solution to successfully import the OpenBSD raw image and create an AMI?

Thank you!

Accepted Answer

This can occur when the VM Import Service role is missing or has insufficient privileges as described in the following document.  
https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-troubleshooting.html#import-image-errors

Verify that the trusted entities are as follows.  
```
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}
```

Also check that the service role has the necessary permissions set as follows.  
```
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
         ],
         "Resource": [
            "S3 ARN"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "s3:GetObject"
         ],
         "Resource": [
            "S3 ARN/*"
         ]
      },
      {
         "Effect": "Allow",
         "Action":[
            "ec2:ModifySnapshotAttribute",
            "ec2:CopySnapshot",
            "ec2:RegisterImage",
            "ec2:Describe*"
         ],
         "Resource": "*"
      }
   ]
}
```

Title: Importing OpenBSD Raw Image to Create AMI - Service Role and Permissions Issue

関連するコンテンツ