NEW - You can now accelerate your migration and modernization with AWS Transform. Read [Getting Started](https://docs.aws.amazon.com/transform/latest/userguide/getting-started.html) in the *AWS Transform User Guide*. # Import and Export a Data Inventory to Coordinate a Migration Import and export The import and export feature allows you to easily plan and coordinate your migrations. Use this feature to import and export your source servers, applications, and waves from and to a CSV file. The file can also include launch template attributes to simplify bulk configurations. + Import from a CSV file – Import your data from a local disk or an S3 bucket and create entities in your account. + Export to a CSV file – Export data from your account to a local disk or an S3 bucket and merge it into a single file that you can easily review and process offline. **Topics** + [ # Importing your data inventory ](import-main.md) + [ # Exporting your data inventory ](export-main.md) + [ # Editing your configuration ](configuration-editing.md) + [ # View export history ](export-history.md) # Importing your data inventory The **Import** feature allows you to easily import your inventory of servers, applications, and waves from a CSV file that is saved in your local disk or an S3 bucket. **Note** The import feature is not supported for IPv6. **Topics** + [ ## Define required permissions for importing ](#import-required-permissions) + [ ## Import parameters ](#import-parameters) + [ # Importing your data inventory from a local disk ](import-local-disk.md) + [ # Importing your data inventory from an S3 bucket ](import-s3.md) + [ # View import history ](import-history.md) ## Define required permissions for importing Required permissions In order to use the import feature, you will need to create a role with the following policies (or any extension of them): **Managed policies:** + [AWSApplicationMigrationFullAccess](security-iam-awsmanpol-AWSApplicationMigrationFullAccess.md) + [AWSApplicationMigrationEC2Access](security-iam-awsmanpol-AWSApplicationMigrationEC2Access.md) **Additional policies:** ``` { "Sid": "AllowS3Access", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::amzn-s3-demo-bucket" } ``` When starting an import on an Amazon S3 bucket source that is owned by another account, ensure that the role or user has access to the Amazon S3 objects. When using the API, the Amazon S3 bucket owner parameter defaults to the current user’s account ID. The following is an example of an S3 bucket policy in the target account: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "ExampleStatement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/Dave" }, "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::amzn-s3-demo-bucket" } ] } ``` ------ **Note** If the Amazon S3 objects are encrypted with SSE-KMS, ensure that the role or user initiating the import has access to decrypt using the AWS KMS key. This feature does not support SSE-C encrypted Amazon S3 objects. ## Import parameters The imported file can include multiple parameters, including: | | | | --- |--- | | Parameter | Description | | mgn:account-id | The ID of the account into which to import. This account must be managed by the calling account. Defaults to the calling account. | | mgn:app:description | The description of the application being imported. | | mgn:app:name | The name of the application being imported. | | mgn:app:tag:appkey1 | The value of the application tag key (in this example, the tag key is appkey1). | | mgn:launch:iam-instance-profile:name | The name of the instance profile associated with the launch instance. | | mgn:launch:instance-type | The EC2 instance type of the launch instance (for example, m4.large). | | mgn:launch:nic:0:network-interface-id | The ID of the network interface that appears first in the launch template ("0" refers to the first network interface, "1" would refer to the second network interface, and so on). | | mgn:launch:nic:0:private-ip:0 | The private IP that appears first in the network interface that appears first in the launch template. | | mgn:launch:nic:0:security-group-id:0 | The security group that appears first in the network interface that appears first in the launch template. | | mgn:launch:nic:0:subnet-id | The subnet ID that appears first in the network interface that appears first in the launch template. | | mgn:launch:placement:host-id | The host ID of the placement of the launch instance. | | mgn:launch:placement:operating-system-licensing | The operating system licensing approach, LI, (license Included) or BYOL (bring your own license). | | mgn:launch:placement:tenancy | This tenancy of the launch instance. | | mgn:launch:tag:instance:key1 | The value of launch instance tag "key1" (in this example, the tag key is key1). | | mgn:launch:volume:/dev/sda:type | The type of the launch instance's volume whose name is /dev/sda (in this Linux machine example, the volume's name is /dev/sda; for a Windows machine, a typical volume name would be c:0). | | mgn:region | The AWS Region to which you are importing, which must be the Region of your MGN console. If left blank, defaults to the console Region. | | mgn:server:fqdn-for-action-framework | The FQDN that the MGN connector uses to connect to the server. | | mgn:server:platform | The server's platform (Linux or Windows). | | mgn:server:tag:serverkey1 | The value of the server tag key (in this example, the tag key is serverkey1). | | mgn:server:user-provided-id | The server's user-provided ID. This parameter is used by Application Migration Service to consistently recognize the server replication, and avoid duplication when importing inventory from a CSV file. This parameter should be provided during the AWS replication agent installation by the MGN connector or other installation method. Once provided for a server this parameter cannot be modified. | | mgn:wave:description | The description of the imported wave. | | mgn:wave:name | The name of the imported wave. | | mgn:wave:tag:appkey1 | The value of the wave tag key (in this example, the tag key is appkey1). | | **mgn:launch:transfer-server-tags** | The option to transfer any user-configured custom tags from your source servers onto your test or cutover instance. | ### Additional considerations Please note the following considerations regarding the import parameters: 1. Server entries must include either the server IP address, or the FQDN. 1. If a row provides a property of a resource (e.g. mgn:wave:description is a property of a wave), then that row should also provide a parameter that identifies that resource (as explained in the following considerations). 1. If a resource's ID (mgn:server:id, mgn:app:id, or mgn:wave:id) is provided, the service will look for this resource in order to update it. If this resource is not found, the import will fail. 1. If a resource's ID is not provided, the service will look for a resource's alternative identification: + For an application: mgn:app:name + For a wave: mgn:wave:name + For a server: mgn:server:user-provided-id 1. If a resource's alternative identification exists in AWS MGN, the service will update this resource with new values (if applicable). 1. If a resource's alternative identification does not exist in AWS MGN, the service will create the resource. 1. 2 rows that refer to the same resource need not provide the same parameters for that resource, but they must not conflict. For example, if 2 rows provide the same mgn:wave:name, it is acceptable for one row to provide mgn:wave:description and for the other row to leave the value blank. However, the 2 rows must not provide conflicting values of mgn:wave:description. # Importing your data inventory from a local disk Import from a local disk To import your inventory from a local disk, take the following steps: 1. Select **Import** from the left-hand navigation menu (under **Import and export**) and you’ll be navigated to the **Import inventory** tab. 1. Select **Import from local disk**. 1. Click **Choose file** to choose the CSV file from your which you want to import the data. 1. Click **Import**. **Note** The file will also be automatically imported to an S3 bucket created by AWS MGN. It is highly recommended that you [apply Amazon S3 bucket security practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) where your CSV files are stored. # Importing your data inventory from an S3 bucket Importing from an S3 bucket To import your inventory from an S3 bucket, take the following steps: 1. Select **Import** from the left-hand navigation menu (under **Import and export**) and you’ll be navigated to the **Import inventory** tab. 1. Select **Import from S3**. 1. Click **Browse** to choose the Amazon S3 storage source from which you want to import the data. 1. Click **Import**. **Note** It is highly recommended that you [apply Amazon S3 bucket security practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) where your CSV files are stored. [Learn more about S3 permissions and policies.](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html) # View import history Import history Select the **Import history** tab to view the files imported in the last 7 days, including their status and the task’s start and end time. You can change the settings according to your preferences by clicking on the settings icon located in the right-hand corner of the screen. To see all the related task messages, click the task ID. To copy the messages, click **Copy**. # Exporting your data inventory The **Export** feature allows you to easily export your inventory of servers, applications, and waves to a CSV file that is saved in your local disk or an S3 bucket. **Note** The export feature is not supported for IPv6. ## Defining required permissions for export Required permissions In order to use the export feature, you will need to create a role with the following policies (or any extension of them): **Managed policies:** + AWSApplicationMigrationReadOnlyAccess **Additional policies:** ``` { "Sid": "AllowS3Access", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::amzn-s3-demo-bucket" }, { "Sid": "AllowMgnStartExport", "Effect": "Allow", "Action": [ "mgn:StartExport" ], "Resource": "*" } ``` When starting an export on an Amazon S3 bucket source that is owned by another account, ensure that the role or user has access to the Amazon S3 objects. When using the API, the Amazon S3 bucket owner parameter defaults to the current user’s account ID. The following is an example of an Amazon S3 bucket policy in the target account: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "ExampleStatement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/Dave" }, "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::amzn-s3-demo-bucket" } ] } ``` ------ **Note** If the Amazon S3 objects are encrypted with SSE-KMS, ensure that the role or user initiating the export has access to decrypt using the AWS KMS key. This feature does not support SSE-C encrypted Amazon S3 objects. ## Required Amazon S3 bucket permissions Amazon S3 bucket permission requirements Before you create an export job, you must create the destination S3 bucket to export to. AWS Application Migration Service doesn't create the S3 bucket for you. The S3 bucket that you specify can't be publicly accessible, and can't be configured as a [Requester Pays](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) bucket. After you create the S3 bucket, confirm that the bucket has the required permissions policy to allow AWS Application Migration Service to write the export files to it. ## Export parameters The exported file can include multiple parameters, including: | | | | --- |--- | | Parameter | Description | | **mgn:account-id** | The ID of the account being exported. | | **mgn:app:description** | The description of the application being exported. | | **mgn:app:id** | The ID of the application being exported. | | **mgn:app:name** | The name of the application being exported. | | **mgn:app:tag:appkey1** | The value of the application tag key (in this example, the tag key is appkey1). | | **mgn:launch:iam-instance-profile:name** | The name of the instance profile associated with the launch instance. | | **mgn:launch:instance-type** | The EC2 instance type of the launch instance (for example, m4.large). | | **mgn:launch:nic:0:network-interface-id** | The ID of the network interface that appears first in the launch template ("0" refers to the first network interface, "1" would refer to the second network interface, and so on). | | **mgn:launch:nic:0:private-ip:0** | The private IP that appears first in the network interface that appears first in the launch template. | | **mgn:launch:nic:0:security-group-id:0** | The security group that appears first in the network interface that appears first in the launch template. | | **mgn:launch:nic:0:subnet-id** | The subnet ID that appears first in the network interface that appears first in the launch template. | | **mgn:launch:placement:host-id** | The host ID of the placement of the launch instance. | | mgn:launch:placement:operating-system-licensing | The operating system licensing approach, LI, (license Included) or BYOL (bring your own license). | | **mgn:launch:placement:tenancy** | This tenancy of the launch instance. Expected values: default, dedicated, or host. | | **mgn:launch:tag:instance:key1** | The value of launch instance tag "key1" (in this example, the tag key is key1). | | **mgn:launch:volume:/dev/sda:type** | The type of the launch instance's volume whose name is /dev/sda (in this example, the volume's name is /dev/sda). | | **mgn:region** | The AWS Region to which you are importing, which must be the Region of your MGN console. If left blank, defaults to the console Region. | | **mgn:server:fqdn-for-action-framework** | The FQDN that the MGN connector uses to connect to the server. | | **mgn:server:id** | The server ID. | | **mgn:server:lifecycle-state** | The server's lifecycle state. | | **mgn:server:platform** | The server's platform (Linux or Windows). | | **mgn:server:replication-type** | The type of the replication (agent-based or agentless). | | **mgn:server:replication-state** | The state of the replication. | | **mgn:server:tag:serverkey1** | The value of the server tag key (in this example, the tag key is serverkey1). | | **mgn:server:user-provided-id** | The server's user-provided ID. This parameter is used by Application Migration Service to consistently recognize the server replication, and avoid duplication when importing inventory from a CSV file. This parameter should be provided during the AWS replication agent installation by the MGN connector or other installation method. Once provided for a server this parameter cannot be modified. | | **mgn:wave:description** | The description of the exported wave. | | **mgn:wave:id** | The ID of the exported wave. | | **mgn:wave:name** | The name of the exported wave. | | **mgn:wave:tag:appkey1** | The value of the wave tag key (in this example, the tag key is appkey1). | | **mgn:launch:transfer-server-tags** | The option to transfer any user-configured custom tags from your source servers onto your test or cutover instance. | **Note** If the bucket you're exporting to is encrypted with customer managed keys (KMS), that KMS key's policies must give AWS MGN permission to use it. This permission is given through the user or role that initiates the export job. If you choose to encrypt your export using a key protected by AWS Key Management Service (AWS KMS), the key must be in the same Region as the destination S3 bucket. # Exporting your data inventory to a local disk Export to a local disk To export your inventory to a local disk, take the following steps: 1. Select **Export** from the left-hand navigation menu (under** Import and export**) and you’ll be navigated to the **Export inventory** tab. 1. Select **Export to a local disk**. 1. Specify the name of the CSV file into which you want to download the data. **Note** The file will also be automatically downloaded to an S3 bucket created by AWS Application Migration Service. You must have the required permissions to perform this action. It is highly recommended that you [apply S3 bucket security practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) where your CSV files are stored. 1. Click **Export**. # Exporting your data inventory to an S3 bucket Exporting to an S3 bucket To export your inventory to an S3 bucket, take the following steps: 1. Select **Export** from the left-hand navigation menu (under** Import and export**) and you’ll be navigated to the **Export inventory** tab. 1. Select **Export to S3 bucket**. 1. Click **Browse S3** to choose the Amazon S3 storage target to which you want to export the data. 1. Specify the Amazon S3 bucket owner (the current AWS account or a different one) according to your preferences. If you select a different AWS account, you must enter the bucket owner’s account ID. **Note** You must have write privileges to export an inventory to a specific bucket. It is highly recommended that you [apply S3 bucket security practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) where your CSV files are stored. [Learn more about S3 permissions and policies.](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html) 1. Click **Export**. # Editing your configuration Configuration editing You can use the **Import and Export** feature to edit your server configuration, including bulk changes: 1. Export the data to a CSV file. 1. Edit your file. 1. Import the edited file back into the service. **Note** When editing a CSV file in Microsoft Excel be sure to save it in the **MS-DOS** CSV data format. When processing the inventory file import, values provided in the file overwrite existing values. *Cells that are empty are ignored*. This allows you, when editing the file, to include values only in the inventory columns that you want to overwrite. To delete a value replace the existing value with the string `[RESET_VALUE]` and then save and upload the file. This clears the value in the Application Migration Service resource or the Amazon EC2 launch template. Using `[RESET_VALUE]` is available for these parameters: + mgn:launch:iam-instance-profile:name + mgn:launch:nic:0:network-interface-id + mgn:launch:nic:0:private-ip:0 + mgn:launch:nic:0:security-group-id:0 + mgn:launch:nic:0:subnet-id + mgn:launch:tag:instance:key1 + mgn:launch:volume:/dev/sda:type You can also delete tag fields. To delete the tag value replace the existing value with the string `[RESET_VALUE]`. To delete both the key and the value replace the existing value with the string `[DELETE_TAG]`. **Note** Tags that are created by the service, such as `AWSApplicationMigrationServiceManaged`, can't be changed or deleted. Attempting to do so results in an error. # View export history Export history Select the **Export history** tab to view the files exported in the last 7 days, including their status, progress, and the task’s start and end time. You can change the settings according to your preferences by clicking on the settings icon located in the right-hand corner of the screen. To see all the related task messages, click the task ID. To copy the messages, click **Copy**.