CloudForms in AWS part 1

  • laurent 

Ever wondered what CloudForms can do for you in AWS? The next few blog posts will walk you through step by step how to upload the CloudForms image to AWS, how to assign the correct policies and roles and how to configure it correctly so it can discover your environment. Part 1 is dedicated to the import and configuration of the CloudForms image.

With the release of CloudForms 4.6 you also have the ability to scan instances in AWS. These blog series will show you how this can be achieved:

First, go to the AWS console and launch a free tier amazon AMI. We are doing this because it already has the aws cli tools installed. 

In the ec2 web console attach the admin IAM role for this instance (you can delete the instance after setup)

This will open the following window.

Assign the admin role and apply.

Your instance should be up by now. Go and ssh into it (don’t worry my private key was a one time key).

The next step will be to configure the cli for the correct region. As we assigned an IAM role you won’t need to add any credentials.

Login into the Red Hat Portal and get the Amazon VHD

The next step is to create an S3 bucket where we can upload the VHD to later be converted into an ami

Before we copy any file it’s important to understand that S3 does not have a private endpoint. Thus you would copy the vhd via the internet. If you want to speed things up you can go to your VPC and create an s3 endpoint. This will speed up the upload of the VHD to the s3 bucket.

Lets copy the cfme-ec2- to the s3 bucket. If you enabled the endpoint you should see speeds like the following:

Once completed you will see the following:

If you have never imported a VM in aws you will need to add the following VM import trust policy. Create a file named vm-import.json with the following content:  

Go ahead and create the trust policy for the role vmimport:

Next, we will need to add the role policy to allow s3 to list the buckets as well as create the snapshot, convert and register the CloudForms ami AMI. Create a file named role-policy.json

Create the role policy for vmimport

Before we can import the file we need to create one last file named container.json


Import CloudForms into your aws account.

The StatusMessage will go from pending to converting to updating, booting, preparing ami.

You can view the status by executing the following command.

When the task import is finished you will see the field ImageId“: “ami-140fc869”, in the task output.

The ami will have a cryptic name which is not very readable. So let’s change the name

Let’s go an cleanup so we don’t have to pay for aws resources we don’t need.  

You can also delete the file we uploaded to s3 to save costs

And remove the bucket as well

Go back to your aws console and click on my AMI. You should now see your new CloudForms AMI ready to launch.

Once the ami is done copying you will see the status to available. You are now ready to launch the CFME instance. For instance type choose t2.xlarge. Please follow the installation guide for the initial setup once the appliance is imported. The next post will explain how to add the AWS provider correctly and what roles and aws service will need to be enabled for a Smart state analysis to work.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.