Exporting your data inventory
The Export feature allows you to easily export your inventory of servers, applications, and waves to a CSV file that is saved in your local disk or an S3 bucket.
Topics
Exporting your data inventory to a local disk
To export your inventory to a local disk, take the following steps:
-
Select Export from the left-hand navigation menu (under Import and export) and you’ll be navigated to the Export inventory tab.
-
Select Export to a local disk.
-
Specify the name of the CSV file into which you want to download the data.
Note
-
The file will also be automatically downloaded to an S3 bucket created by AWS Application Migration Service.
-
You must have the required permissions to perform this action.
-
It is highly recommended that you apply S3 bucket security practices where your CSV files are stored.
-
-
Click Export.
Exporting your data inventory to an S3 bucket
To export your inventory to an S3 bucket, take the following steps:
-
Select Export from the left-hand navigation menu (under Import and export) and you’ll be navigated to the Export inventory tab.
-
Select Export to S3 bucket.
-
Click Browse S3 to choose the Amazon S3 storage target to which you want to export the data.
-
Specify the Amazon S3 bucket owner (the current AWS account or a different one) according to your preferences. If you select a different AWS account, you must enter the bucket owner’s account ID.
Note
-
You must have write privileges to export an inventory to a specific bucket.
-
It is highly recommended that you apply S3 bucket security practices where your CSV files are stored. Learn more about S3 permissions and policies.
-
-
Click Export.
Export history
Select the Export history tab to view the files exported in the last 7 days, including their status, progress, and the task’s start and end time.
You can change the settings according to your preferences by clicking on the settings icon located in the right-hand corner of the screen.
To see all the related task messages, click the task ID. To copy the messages, click Copy.
Required permissions
In order to use the export feature, you will need to create a role with the following policies (or any extension of them):
Managed policies:
-
AWSApplicationMigrationReadOnlyAccess
Additional policies:
{ "Sid": "AllowS3Access", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::your-bucket/*" }, { "Sid": "AllowMgnStartExport", "Effect": "Allow", "Action": [ "mgn:StartExport" ], "Resource": "*" }
When starting an export on an Amazon S3 bucket source that is owned by another account, ensure that the role or user has access to the Amazon S3 objects. When using the API, the Amazon S3 bucket owner parameter defaults to the current user’s account ID.
The following is an example of an Amazon S3 bucket policy in the target account:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ExampleStatement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/Dave" }, "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::awsexamplebucket1/*" } ] }
Note
If the Amazon S3 objects are encrypted with SSE-KMS, ensure that the role or user initiating the export has access to decrypt using the AWS KMS key. This feature does not support SSE-C encrypted Amazon S3 objects.
Amazon S3 bucket permission requirements
Before you create an export job, you must create the destination S3 bucket to export to. AWS Application Migration Service doesn't create the S3 bucket for you. The S3 bucket that you specify can't be publicly accessible, and can't be configured as a Requester Pays bucket. After you create the S3 bucket, confirm that the bucket has the required permissions policy to allow AWS Application Migration Service to write the export files to it.
Export parameters
The exported file can include multiple parameters, including:
-
mgn:account-id – The ID of the account being exported.
-
mgn:app:description – The description of the application being exported.
-
mgn:app:id – The ID of the application being exported.
-
mgn:app:name – The name of the application being exported.
-
mgn:app:tag:appkey1 – The value of the application tag key (in this example, the tag key is appkey1).
-
mgn:launch:iam-instance-profile:name – The name of the instance profile associated with the launch instance.
-
mgn:launch:instance-type – The EC2 instance type of the launch instance (for example, m4.large).
-
mgn:launch:nic:0:network-interface-id – The ID of the network interface that appears first in the launch template ("0" refers to the first network interface, "1" would refer to the second network interface, and so on).
-
mgn:launch:nic:0:private-ip:0 – The private IP that appears first in the network interface that appears first in the launch template.
-
mgn:launch:nic:0:security-group-id:0 – The security group that appears first in the network interface that appears first in the launch template.
-
mgn:launch:nic:0:subnet-id – The subnet ID that appears first in the network interface that appears first in the launch template.
-
mgn:launch:placement:host-id – The host ID of the placement of the launch instance.
-
mgn:launch:placement:tenancy – This tenancy of the launch instance. Expected values: default, dedicated, or host.
-
mgn:launch:tag:instance:key1 – The value of launch instance tag "key1" (in this example, the tag key is key1).
-
mgn:launch:volume:/dev/sda:type – The type of the launch instance's volume whose name is /dev/sda (in this example, the volume's name is /dev/sda).
-
mgn:region – The AWS Region from which you are exporting.
-
mgn:server:fqdn-for-action-framework – The FQDN that the MGN connector uses to connect to the server.
-
mgn:server:id – The server ID.
-
mgn:server:lifecycle-state – The server’s lifecycle state.
-
mgn:server:platform – The server’s platform (Linux or Windows).
-
mgn:server:replication-type – The type of the replication (agent-based or agentless).
-
mgn:server:replication-state – The state of the replication.
-
mgn:server:tag:serverkey1 – The value of the server tag key (in this example, the tag key is serverkey1).
-
mgn:server:user-provided-id – The server's user-provided ID. The MGN connector uses this parameter when installing the AWS replication agent on the server.
-
mgn:wave:description – The description of the exported wave.
-
mgn:wave:id – The ID of the exported wave.
-
mgn:wave:name – The name of the exported wave.
-
mgn:wave:tag:appkey1 – The value of the wave tag key (in this example, the tag key is appkey1).
Note
If the bucket you're exporting to is encrypted with customer managed keys (KMS), that KMS key's policies must give AWS MGN permission to use it. This permission is given through the user or role that initiates the export job.
If you choose to encrypt your export using a key protected by AWS Key Management Service (AWS KMS), the key must be in the same Region as the destination S3 bucket.