Loading...

Amazon Web Services User Permissions for VM Conversion

You can assign Amazon user permissions by creating a policy as described in Overview of IAM Policies. You can download the amazon_permission_conversion.json file and use it on the AWS command line to apply all of the permissions listed in this topic. For more information about Amazon permissions, see Amazon Elastic Compute Cloud API Reference or Amazon Simple Storage Service API Reference.

Prior to any conversion operations, you must enable the VM Import Service role (vmimport) on the Amazon Web Services account. For more information, see VM Import Service Role.

For non-admin users, you must set the following permissions in the Amazon Web Services (AWS) user policy to enable virtual machines to be converted to Amazon instances:

  • For Elastic Compute Cloud (EC2) operations, the following permissions are required:
    • ec2:AttachVolume - To attach volumes to instances.
    • ec2:CancelImportTask - To cancel an import task.
    • ec2:CreateTags - To define tags on instances.
    • ec2:CreateVolume - To create an EBS volume that can be attached to an instance.
    • ec2:DeleteNetworkInterface - To delete a network interface.
    • ec2:DeleteSnapshot - To delete a snapshot.
    • ec2:DeleteTags - To delete tags from resources.
    • ec2:DeregisterImage - To deregister an AMI.
    • ec2:DescribeAvailabilityZones - To get information about availability zones.
    • ec2:DescribeImages - To get information about images.
    • ec2:DescribeImportImageTasks - To get information about a virtual machine being imported.
    • ec2:DescribeImportSnapshotTasks - To get information about import snapshot tasks.
    • ec2:DescribeInstances - To get information about instances.
    • ec2:DescibeInstanceStatus - To get status information for one or more instances.
    • ec2:DescribeKeyPairs - To get information about the key pairs for the AWS account.
    • ec2:DescribePlacementGroups - To get information about placement groups.
    • ec2:DescribeRegions - To get information about available regions.
    • ec2:DescribeSecurityGroups - To get information about security groups for the AWS account.
    • ec2:DescribeTags - To get information about tags defined on instances.
    • ec2:DescribeVolumes - To get information about EBS volumes.
    • ec2:DetachNetworkInterface - To detach a network interface.
    • ec2:getConsoleOutput - To get console information for instances and enable actions such as powering up or shutting down an instance.
    • ec2:ImportImage - To import disk images or EBS snapshots into an AMI.
    • ec2:ImportSnapshot - To import a disk into an EBS snapshot.
    • ec2:ModifyNetworkInterface - To modify a network interface.
    • ec2:ModifyNetworkInterfaceAttribute - To modify a network interface attribute.
    • ec2:RunInstances - To launch instances.
    • ec2:StartInstances - To start instances.
    • ec2:StopInstances - To stop an Amazon EBS-backed instance.
    • ec2:TerminateInstances - To replace an instance if user selects overwrite option during conversion.
  • For conversion to Virtual Private Cloud (VPC), the following permissions are required in addition to those for EC2 operations:
    • ec2:AttachNetworkInterface - To attach a network interface to an instance.
    • ec2:DescribeAccountAttributes - To get information about attributes of the AWS account.
    • ec2:DescribeNetworkInterfaces - To get information about network interfaces.
    • ec2:DescribeSubnets - To get information about subnets.
    • ec2:DescribeVpcs - To get information about VPCs.
  • For Simple Storage Service (S3) operations, the following permissions are required:
    • s3:CreateBucket - To create an S3 bucket.
    • s3:DeleteObject - To delete an S3 object.
    • s3:GetBucketLocation - To get region information for buckets.
    • s3:GetObject - To get the current version of an object.
    • s3:ListAllMyBuckets - To populate the list of buckets for a destination instance.
    • s3:ListBucket - To get information about items in buckets.
    • s3:PutObject - To add objects to buckets.