Top / Amazon Web Service / AWS Amazon EC2 / Snapshot Import

AWS Amazon EC2 Snapshot Import

This page shows how to write Terraform for Amazon EC2 Snapshot Import and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ebs_snapshot_import (Terraform)

The Snapshot Import in Amazon EC2 can be configured in Terraform with the resource name aws_ebs_snapshot_import. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • client_data - (Optional) The client-specific data. Detailed below.
  • description - (Optional) The description string for the import snapshot task.
  • disk_container - (Required) Information about the disk container. Detailed below.
  • encrypted - (Optional) Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.
  • kms_key_id - (Optional) An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.
  • role_name - (Optional) The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role. Default: vmimport
  • tags - (Optional) A map of tags to assign to the snapshot.

client_data Configuration Block

  • comment - (Optional) A user-defined comment about the disk upload.
  • upload_start - (Optional) The time that the disk upload starts.
  • upload_end - (Optional) The time that the disk upload ends.
  • upload_size - (Optional) The size of the uploaded disk image, in GiB.

disk_container Configuration Block

  • description - (Optional) The description of the disk image being imported.
  • format - (Required) The format of the disk image being imported. One of VHD or VMDK.
  • url - (Optional) The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of url or user_bucket must be set.
  • user_bucket - (Optional) The Amazon S3 bucket for the disk image. One of url or user_bucket must be set. Detailed below.

user_bucket Configuration Block

  • s3_bucket - The name of the Amazon S3 bucket where the disk image is located.
  • s3_key - The file name of the disk image.

Timeouts

aws_ebs_snapshot_import provides the following Timeouts configuration options:

  • create - (Default 60 minutes) Used for importing the EBS snapshot
  • delete - (Default 10 minutes) Used for deleting the EBS snapshot

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the EBS Snapshot.
  • id - The snapshot ID (e.g., snap-59fcb34e).
  • owner_id - The AWS account ID of the EBS snapshot owner.
  • owner_alias - Value from an Amazon-maintained list (amazon, aws-marketplace, microsoft) of snapshot owners.
  • volume_size - The size of the drive in GiBs.
  • data_encryption_key_id - The data encryption key identifier for the snapshot.
  • tags - A map of tags for the snapshot.

>> from Terraform Registry

Explanation in Terraform Registry

Imports a disk image from S3 as a Snapshot.

>> from Terraform Registry

Tips: Best Practices for The Other AWS Amazon EC2 Resources

In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_default_vpc

Ensure to avoid using default VPC

It is better to define the own VPC and use it.

risk-label

aws_network_acl_rule

Ensure your network ACL rule blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

risk-label

aws_ebs_volume

Ensure to use a customer-managed key for EBS volume encryption

It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).

risk-label

aws_instance

Ensure to avoid storing AWS access keys in user data

It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.

risk-label

aws_security_group

Ensure your security group blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

Review your AWS Amazon EC2 settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

CloudFormation Example

CloudFormation code does not have the related resource.

The Other Related AWS Amazon EC2 Resources

Frequently asked questions

What is AWS Amazon EC2 Snapshot Import?

AWS Amazon EC2 Snapshot Import is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents