AWS Amazon EC2 Snapshot Import

This page shows how to write Terraform for Amazon EC2 Snapshot Import and write them securely.

aws_ebs_snapshot_import (Terraform)

The Snapshot Import in Amazon EC2 can be configured in Terraform with the resource name aws_ebs_snapshot_import. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • client_data - (Optional) The client-specific data. Detailed below.
  • description - (Optional) The description string for the import snapshot task.
  • disk_container - (Required) Information about the disk container. Detailed below.
  • encrypted - (Optional) Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.
  • kms_key_id - (Optional) An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.
  • role_name - (Optional) The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See Default: vmimport
  • tags - (Optional) A map of tags to assign to the snapshot.

client_data Configuration Block

  • comment - (Optional) A user-defined comment about the disk upload.
  • upload_start - (Optional) The time that the disk upload starts.
  • upload_end - (Optional) The time that the disk upload ends.
  • upload_size - (Optional) The size of the uploaded disk image, in GiB.

disk_container Configuration Block

  • description - (Optional) The description of the disk image being imported.
  • format - (Required) The format of the disk image being imported. One of VHD or VMDK.
  • url - (Optional) The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of url or user_bucket must be set.
  • user_bucket - (Optional) The Amazon S3 bucket for the disk image. One of url or user_bucket must be set. Detailed below.

user_bucket Configuration Block

  • s3_bucket - The name of the Amazon S3 bucket where the disk image is located.
  • s3_key - The file name of the disk image.


aws_ebs_snapshot_import provides the following Timeouts configuration options:

  • create - (Default 60 minutes) Used for importing the EBS snapshot
  • delete - (Default 10 minutes) Used for deleting the EBS snapshot

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the EBS Snapshot.
  • id - The snapshot ID (e.g., snap-59fcb34e).
  • owner_id - The AWS account ID of the EBS snapshot owner.
  • owner_alias - Value from an Amazon-maintained list (amazon, aws-marketplace, microsoft) of snapshot owners.
  • volume_size - The size of the drive in GiBs.
  • data_encryption_key_id - The data encryption key identifier for the snapshot.
  • tags - A map of tags for the snapshot.

Explanation in Terraform Registry

Imports a disk image from S3 as a Snapshot.

Tips: Best Practices for The Other AWS Amazon EC2 Resources

In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure to avoid using default VPC

It is better to define the own VPC and use it.



Ensure your network ACL rule blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.



Ensure to use a customer-managed key for EBS volume encryption

It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).



Ensure to avoid storing AWS access keys in user data

It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.



Ensure your security group blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

Review your AWS Amazon EC2 settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS Amazon EC2 Snapshot Import?

AWS Amazon EC2 Snapshot Import is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.