Migration to AWS

Amazon Web Services Pre-requisites

Generating the Required AWS Credentials

To generate the required AWS credentials to use with the IBM Live Migration Service, create one AWS Identity and Access Management (IAM) user and assign the proper permission policy to the user. Obtain an Access key ID and a Secret access key, which are the credentials to enter into the IBM Live Migration Service console.

For more detailed explanations and instructions on the creation of IAM users, please refer to the AWS documentation.

The instructions below describe the necessary steps for creating an IAM user with the required policy. These steps include the following:

Creating a Policy for IBM Live Migration Service

The AWS policy required to provide access to the user console is based on a pre-defined policy. This policy contains the necessary permissions for using AWS as Target infrastructure.

  1. Sign in to AWS Console with AWS account.

    AWS login page

    NoteIf you do not have an AWS account, create an account by clicking on the “Create a new AWS account” button.

  2. In the AWS Console, click on Services and then navigate to Security, Identity & Compliance > IAM.

    Services_IAM screen

  3. On the Welcome to Identity and Access Management page, select the Policies option from the left-hand navigational menu.

    Policies screen

  4. On the Policies page, click the Create policy button.

    Policies_create policy tab

  5. On the Create policy page, click the JSON tab.

    JSON tab

  6. Copy the policy code.

    {
"Version": "2012-10-17",
"Statement": [
 {
   "Effect": "Allow",
   "Action": [
     "ec2:*",
     "elasticloadbalancing:*",
     "cloudwatch:*",
     "autoscaling:*",
     "iam:GetUser",
     "iam:PassRole",
     "iam:ListInstanceProfiles",
     "kms:ListKeys",
     "mgh:*",
     "s3:*"
   ],
   "Resource": "*"
 }
]
}

  7. Paste the copied code into the JSON field. Paste the code over any text that currently exists in the field.

    JSON_reviewing code tab

  8. Click on the Review policy at the bottom right of the page.

    Review policy button

  9. On the Review policy page, enter a name for the new AWS IBM Live Migration Service policy in the Name field. Enter an optional description in the Description field.

    Name and description fields

  10. Click Create policy button at the bottom right of the page.

    Create policy button

  11. The page will redirect back to the main Policies page and displays a confirmation stating "your new policy has been created" on the top of the page.

    Displaying created sample policy

The next step is to create a new user, and then attach the policy you created to this user. During this procedure, you will be provided with an Access key ID and a Secret access key, which are the credentials to enter into IBM Live Migration Service User Console.

Creating a New IAM User and Generating AWS Credentials

After creating an AWS policy which is based on IBM Live Migration Service pre-defined policy, create a new IAM user and attach the new policy to this user. Provide the user with a Programmatic access type to enable the use of the new policy. At the end of this procedure, you will be provided with an Access key ID and Secret access key. It is important to save these values in an accessible and secured location, since they are required for running IBM Live Migration Service.

  1. Navigate to Users on the left-hand navigational menu.

    IAM_user tab

  2. Click on Add user.

    Add user button

  3. On the Add user page, set the following:

    • User name - add a username for the new user.

    • Access type - check the Programmatic access option.

      User name and access type field

  4. Click Next: Permissions at the bottom right of the page.

    Next: Permission tab

  5. On the Set permissions for… page, select the Attach existing policies directly option.

    Attach existing policies directly option

    NoteIf you already created a group or a user with the required IBM Live Migration Service permissions, you can use one of the other two options.

  6. Locate the policy created in the previous Create a Policy for IBM Live Migration Service section. Search for the policy can either be in the Search box or locate it manually by scrolling through the policy list.

    Search field

  7. Once the policy is located, check the box next to it.

    Selecting the policies

  8. Click the Next: Review button at the bottom right of the page.

    Next: Review button

  9. On the Review page, verify if the correct User name, AWS access type (Programmatic access), and Managed policy are selected.

    Review policy screen

  10. Click the Create User button at the bottom right of the page.

    Create user button

  11. A confirmation page will display. This page provides Access key ID and Secret access key which is needed to enter in the IBM Live Migration Service User Console.

    Success message

  12. Click Show under Secret access key to see your key.

    Show option

  13. Click Download.csv button.

    Download.csv button

    Note You need the Access key ID and Secret access key to run your IBM Live Migration Service. You can save these keys in a separate file for easy access by clicking the Download.csv button. Make sure to save these values in an accessible and secure location.

  14. Save your Access key ID and Secret access key. Then, to finish the procedure, click the Close button at the bottom right of the page.

    Close button

  15. You will be returned to the Users page, and the details of the new user you created will be shown.

    Users page displaying the added user

The process of generating the required AWS credentials is complete. The next step is to enter your Access key ID and Secret access key in the IBM Live Migration Service User Console.

Working with AWS Credentials

Using Your AWS Credentials
After generating the required AWS credentials, enter the credentials into the IBM Live Migration Service User Console.

  1. Sign in to the IBM Live Migration Service User Console.

  2. From the Projects dropdown menu, select the project to which the AWS credentials should be assigned to.

    aws drop down menu

  3. Click Setup & Info in the main navigational menu to the left. From the Setup & Info, click the AWS CREDENTIALS tab.

    aws credentials

    The AWS CREDENTIALS page allows for setting up the replication Staging Area on AWS and manage and monitor resources on your AWS Target infrastructure.

  4. Enter the relevant credentials obtained from the Generating the Required AWS Credentials section into the corresponding fields:

    • AWS Access Key ID

    • AWS Secret Access Key

      aws secret access key

      NoteReminder- Your AWS Access Key ID and AWS Secret Access Key can be found within the Download.csv file that was downloaded after setting up your AWS credentials in the earlier section.

  5. After AWS credentials is entered, click Save at the bottom right of the page.

    save button

    Your AWS credentials are now saved in your IBM Live Migration Service Project.

    NoteIf the AWS credentials you entered do not exist or is invalid in any way, or if the IAM policy you created and attached to the user does not contain the required permissions, you will get the following error message:

    aws error message

In this event, you can attempt the following troubleshooting steps: