Skip to main content
Skip table of contents

Import Cloud Image on AWS



Purpose

This document describes how to import a HIAB image on AWS environment.

Introduction

The HIAB is available as downloadable image files, ready to be set up in a AWS cloud environment. They are available for Amazon Web Services environments. Following the guide enables you to download the image and set it up on you AWS environment.

Prerequisites


Download HIAB Image from OUTSCAN

To download the HIAB image, go to Downloads on Portal and click on the AWS image . 

HIAB Cloud Virtual Image

To start testing the HIAB in your environment you need a minimum of 40 GB to handle targets, findings, logs and reports. When going fully into production we do however recommend 60 GB. During it's life time the disc size may need to be extended as workload increases, and it is recommended to start monitoring disk space from the beginning to avoid future problems.

Also, a minimum of 350 MB of free space are required when updating the HIAB.


Upload HIAB Image to AWS S3

  1. Create a non public S3 bucket.

    S3 Buckets


  2. Upload the HIAB image file on AWS.

    Upload HIAB Image File on AWS


    Download


    Overview


Import HIAB Image from AWS S3

Follow the below procedure to import the image from AWS S3.

Create a service role

  1. Create a file named trust-policy.json on your computer. Add the following policy to the file:

    XML
    {
       "Version": "2012-10-17",
       "Statement": [
          {
             "Effect": "Allow",
             "Action": "sts:AssumeRole",
             "Principal": { "Service": "vmie.amazonaws.com" },
             "Condition": {
                "StringEquals":{
                   "sts:Externalid": "vmimport"
                }
             }
          }
       ]
    }
  2. Use the create-role command to create a role named vmimport and grant VM Import/Export access to it. Ensure that you specify the full path to the location of the trust-policy.json file that you created in the previous step.

    BASH
    aws iam create-role --role-name vmimport --assume-role-policy-document "file://C:\import\trust-policy.json"
  3. Create a file named role-policy.json with the following policy, where disk-image-file-bucket is the bucket for disk images and export-bucket is the bucket for exported images:

    BASH
    {
       "Version":"2012-10-17",
       "Statement":[
          {
             "Effect": "Allow",
             "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket" 
             ],
             "Resource": [
                "arn:aws:s3:::<HIAB_OVA_DESTINATION_BUCKET>",
                "arn:aws:s3:::<HIAB_OVA_DESTINATION_BUCKET>/*"
             ]
          },
          {
             "Effect": "Allow",
             "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetBucketAcl"
             ],
             "Resource": [
                "arn:aws:s3:::export-bucket",
                "arn:aws:s3:::export-bucket/*"
             ]
          },
          {
             "Effect": "Allow",
             "Action": [
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
             ],
             "Resource": "*"
          }
       ]
    }
  4. Use the put-role-policy command to attach the policy to the role created above. Ensure that you specify the full path to the location of the role-policy.json file.

    BASH
    aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file://C:\import\role-policy.json"
  5. Add policy to import VM to the service role.

    BASH
    C:\Users\Test>aws --profile Test_new iam create-role --role-name vmimport --assume-role-policy-document "file://C:\Outpost24\Q&A\AWS Import-VM\trust-policy.json"
    {
        "Role": {
            "Path": "/",
            "RoleName": "vmimport",
            "RoleId": "[ROLE ID OUTPUT]",
            "Arn": "arn:aws:iam::[AWS ACCOUNT ID]:role/vmimport",
            "CreateDate": "2019-10-25T14:00:47Z",
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "vmie.amazonaws.com"
                        },
                        "Action": "sts:AssumeRole",
                        "Condition": {
                            "StringEquals": {
                                "sts:Externalid": "vmimport"
                            }
                        }
                    }
                ]
            }
        }
    }
  6. Add S3 access policy to service role.

    XML
    {
       "Version":"2012-10-17",
       "Statement":[
          {
             "Effect":"Allow",
             "Action":[
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket" 
             ],
             "Resource":[
                "arn:aws:s3:::<HIAB_OVA_DESTINATION_BUCKET>",
                "arn:aws:s3:::<HIAB_OVA_DESTINATION_BUCKET>/*"
             ]
          },
          {
             "Effect":"Allow",
             "Action":[
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*"
             ],
             "Resource":"*"
          }
       ]
    }

    C:\Users\Test>aws --profile Test_new iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document "file://C:\Outpost24\Q&A\AWS Import-VM\role-policy.json"

  7. Import the HIAB image from the S3 bucket by giving the following command.

    C:\Users\Test>aws ec2 import-image --disk-containers Format=ova,UserBucket="{S3Bucket=<HIAB_OVA_DESTINATION_BUCKET>,S3Key=image/<Outpost24-HIAB-x86_64-xxxxxxxxxx>}"


    or by create JSON file to import the Image.

    XML
    [
    	{
    		"Description": "HIAB",
    		"Format": "ova",
    		"UserBucket": {
    			"S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
    			"S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
    		}
    	}
    ]
    BASH
    C:\Users\Test>aws --profile Test_new ec2 import-image --description "<Outpost24-HIAB-x86_64-xxxxxxxxxx>" --disk-containers "file://C:\Outpost24\Q&A\AWS Import-VM\hiab-aws-container.json"
    {
        "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
        "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
        "Progress": "2",
        "SnapshotDetails": [
            {
                "DiskImageSize": 0.0,
                "Format": "OVA",
                "UserBucket": {
                    "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                    "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                }
            }
        ],
        "Status": "active",
        "StatusMessage": "pending"
    }
  8. Check the status.

    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "Progress": "28",
                "SnapshotDetails": [
                    {
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "Status": "active",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "active",
                "StatusMessage": "converting"
            }
        ]
    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Architecture": "x86_64",
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "LicenseType": "BYOL",
                "Platform": "Linux",
                "Progress": "52",
                "SnapshotDetails": [
                    {
                        "DeviceName": "/dev/sda1",
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "Status": "completed",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "active",
                "StatusMessage": "preparing to boot"
            }
        ]
    }
    
    
    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Architecture": "x86_64",
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "LicenseType": "BYOL",
                "Platform": "Linux",
                "Progress": "58",
                "SnapshotDetails": [
                    {
                        "DeviceName": "/dev/sda1",
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "Status": "completed",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "active",
                "StatusMessage": "booting"
            }
        ]
    }
    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Architecture": "x86_64",
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "LicenseType": "BYOL",
                "Platform": "Linux",
                "Progress": "69",
                "SnapshotDetails": [
                    {
                        "DeviceName": "/dev/sda1",
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "Status": "completed",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "active",
                "StatusMessage": "booted"
            }
        ]
    }
    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Architecture": "x86_64",
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "LicenseType": "BYOL",
                "Platform": "Linux",
                "Progress": "76",
                "SnapshotDetails": [
                    {
                        "DeviceName": "/dev/sda1",
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "Status": "completed",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "active",
                "StatusMessage": "preparing ami"
            }
        ]
    }


    Create Snapshot


    BASH
    C:\Users\Test>aws --profile Test_new ec2 describe-import-image-tasks --import-task-ids [import-ami-xxxxxxxxxxx]
    {
        "ImportImageTasks": [
            {
                "Architecture": "x86_64",
                "Description": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>",
                "ImageId": "[ami-xxxxxxxxxxxxxxx]",
                "ImportTaskId": "[import-ami-xxxxxxxxxxx]",
                "LicenseType": "BYOL",
                "Platform": "Linux",
                "SnapshotDetails": [
                    {
                        "DeviceName": "/dev/sda1",
                        "DiskImageSize": 2378187264.0,
                        "Format": "VMDK",
                        "SnapshotId": "[snap-xxxxxxxxxxxxx]",
                        "Status": "completed",
                        "UserBucket": {
                            "S3Bucket": "<HIAB_OVA_DESTINATION_BUCKET>",
                            "S3Key": "<Outpost24-HIAB-x86_64-xxxxxxxxxx>"
                        }
                    }
                ],
                "Status": "completed"
            }
        ]
    }


    AWS console after importing the image.

    Launch


Launch the Image

Click on Launch Instance to start using the newly created Image. 

Launch Instance


Enroll the Server

Provide the necessary information and enroll the server.

Enroll the Server





Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.