Migrate for Compute Engine AWS prerequisites

You must have the following prerequisites in preparation for migrating your AWS EC2 instances to GCP:

  • An AWS account and EC2 instances to migrate.
  • An AWS VPC Subnet with VPN connectivity to GCP. For detailed information, see Network access requirements on firewall, routing, and network tag considerations for your Migrate for Compute Engine deployment.
  • Migrate for Compute Engine IAM Roles and Access Policies deployed on the AWS account.

This document describes setting permissions for Migrate for Compute Engine to connect to AWS.

AWS Account - IAM roles and access policies

The Amazon IAM service enables the creation and enforcement of access policies. Migrate for Compute Engine uses AWS IAM groups and instance roles to define and enable these permissions.

At minimum, we recommend the following setup:

  • An IAM group (named VelosMgrGroup) for use by a Migrate for Compute Engine service account. This group enforces an access policy with the minimum privileges required by Migrate for Compute Engine, and allows provisioning and monitoring of cloud-side components and worker VMs. The Migrate for Compute Engine service account is used by the Velostrata Manager on GCP.
  • An IAM user account in the VelosMgrGroup IAM Group.

Recommended permissions are described in the AWS CloudFormation template zip file.

Creating the Migrate for Compute Engine IAM group

  1. Download and unzip the AWS CloudFormation template.
  2. Sign in to the AWS Console and select Cloud Formation.
  3. Click Create Stack.
  4. Click Choose File, upload the CloudFormation file, and then click Next.
  5. Enter a Name for the CloudFormation stack.
  6. Choose the VPC that contains the instances you want to migrate.
  7. From the Options page, click Next, then click Create. A group named {stack name prefix}-VelosMgrGroup is created.

Creating the AWS IAM user account for Migrate for Compute Engine

  1. In the AWS console, click your account name in the top right corner of the page and then select Security Credentials.
    Screenshot of AWS Security Credentials menu command (click to enlarge)
    Screenshot of AWS Security Credentials menu command (click to enlarge)
  2. From the left pane, select Users and then click Create New Users.
  3. For Access type, select Programmatic access.
  4. Download the user credentials (Keys). These keys will be used when creating the Migrate for Compute Engine Cloud Extension.
    Screenshot of Add User dialog box (click to enlarge)
    Screenshot of Add User dialog box (click to enlarge)
  5. Add the IAM user to the group created by the CloudFormation script.
    Screenshot of Add User dialog box (click to enlarge)
    Screenshot of Add User dialog box (click to enlarge)
本頁內容對您是否有任何幫助?請提供意見:

傳送您對下列選項的寶貴意見...

這個網頁
Migrate for Compute Engine (formerly Velostrata)