Before you perform any VM conversion operations to create AWS instances, you must enable the VM Import Service role (vmimport) on the Amazon Web Services account.
Before You Begin
-
For the JSON files for various AWS data types and use cases, see IAM Policies for Protecting AWS Services with Commvault.
-
If the Amazon S3 bucket is encrypted using a custom managed key, provide access to the created vmimport role by adding the vmimport role as a key user in the AWS key policy.
Procedure
-
To create the service role, create a file named trust-policy.json.
-
Save the file anywhere on your computer and note the location of the file.
-
From the AWS command line, use the create-role command to create a role named vmimport and to give VM import and VM export operations access to the role. Specify the full path to the location of the trust-policy.json file, and add file:// before the path (for example, file://C:\trust-policy.json as shown in the following command):
aws iam create-role --role-name vmimport --assume-role-policy-document file://C:\trust-policy.json
Note
Provide the access key and secret key for the account where the vmimport role is created. Ensure that the user has permission to create the role.
If you receive an error stating that "This policy contains invalid Json," verify that the path to the JSON file is provided correctly.
-
Create a file named role-policy.json.
-
From the AWS command line, use the put-role-policy command to attach the policy to the vmimport role. Specify the full path to the location of the role-policy.json file.
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://C:\role-policy.json
Note
Provide the access key and secret key for the account where the vmimport role is created. Ensure that the user has permission to create the role.