I’m using an Amazon Linux paravirtual (PV) Amazon Machine Image (AMI) on Amazon Elastic Cloud Compute (EC2). How can I migrate to an Amazon Linux hardware virtual machine (HVM) AMI?

We strongly encourage you to migrate to HVM instances to gain improved security, new features, and performance benefits. For more information on PV and HVM AMIs, see Linux AMI Virtualization Types.

Regarding security, operating system protections are insufficient to address PV instance process-to-process concerns from CVE-2017-5754, as described in AWS Security Bulletin AWS-2018-013. While PV instances are protected by AWS hypervisors from any instance-to-instance concerns, we strongly encourage PV instance users concerned with process isolation (such as processing untrusted data, running untrusted code, or hosting untrusted users) to migrate to HVM instance types for longer-term security benefits.

To migrate data from a PV instance to an HVM instance, use one of the following procedures:

  • (Strongly recommended) Copy data and move applications from the PV instance to a new HVM instance.
  • Convert the PV instance into an HVM instance.

(Strongly recommended) Copy data and move applications from the PV instance to a new HVM instance

1.    Launch a new instance from an HVM AMI.

2.    Copy data from the PV instance to the new HVM instance in one of the following ways:

  • Run Linux utilities such as rsync, scp, or drbd to securely copy data between the instances.
  • Copy the PV instance data to an EBS volume and detach the volume. Then, attach the volume to the new HVM instance.

3.    Install and configure your applications on the HVM AMI.

Convert the PV instance into an HVM instance

If copying data from the PV instance to a new HVM instance doesn’t suit your needs, you can convert a PV instance into an HVM instance by following these steps:

Note: These are general guidance steps. Be sure to modify the steps as needed for your configurations.

1.    Stop the PV instance.
Note: We recommend that you perform this step on a test PV instance. To create the test instance, first create an image of your PV instance. Then, launch a new PV instance from the image.

2.    Create a snapshot of the PV instance’s root volume.

3.    Restore the PV instance's root volume snapshot as a new EBS volume. The volume must be restored in the same Availability Zone as the PV instance.

4.    Launch a new instance from an Amazon Linux HVM AMI. The instance must be launched in the same Availability Zone as the PV instance.

5.    Choose the EBS volume restored from the PV instance's root snapshot. Then, attach the volume to the new HVM instance as /dev/xvdf.

6.    Create a new, blank EBS volume that is the same size as the volume restored from the PV instance's root snapshot. Attach the new, blank EBS volume to the HVM instance as /dev/xvdg.
Note: After this step, your new HVM instance will have three volumes.

7.    Connect to your new HVM instance using SSH.
Note: You must have root-user privileges to proceed with the next steps.

8.    Run this command to display your volumes:

# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdf 202:80 0 8G 0 disk
xvdg 202:96 0 8G 0 disk

Note: xvda is the HVM instance’s root volume. xvdf is the volume restored from the PV instance’s root snapshot. xvdg is the new, blank volume.

9.    Run these commands to create a new partition on xvdg (the new volume).

# parted /dev/xvdg --script 'mklabel msdos mkpart primary 1M -1s print quit'
# partprobe /dev/xvdg
# udevadm settle

Note: These commands will create xvdg1.

10.   Run the following command to check the size of xvdf (the PV root volume) and to minimize the size of the original file system. To speed up the process, don’t copy free disk space in the next step.

# e2fsck -f /dev/xvdf ; resize2fs -M /dev/xvdf

11.   Run these commands to copy xvdf (the PV root volume) to xvdg1 (the new volume):  

# dd if=/dev/xvdf of=/dev/xvdg1 bs=$(blockdev --getbsz /dev/xvdf) conv=sparse count=$(dumpe2fs /dev/xvdf | grep "Block count:" | cut -d : -f2 | tr -d "\\ ")

12.   Run this command to resize xvdg1 (the new volume) to its maximum size:

# e2fsck -f /dev/xvdg1 && resize2fs /dev/xvdg1

13.   Run this command to prepare xvdg1 (the new volume) for conversion into the HVM instance’s root volume:

# mount /dev/xvdg1 /mnt/ && mount -o bind /dev/ /mnt/dev && mount -o bind /sys /mnt/sys && mount -o bind /proc /mnt/proc

14.   Run this command to convert xvdg1 (the new volume) into the HVM instance’s root volume:

# chroot /mnt/

15.   Run these commands to reinstall grub on the new root volume:

# yum reinstall grub -y
# rm -f /boot/grub/*stage* /boot/grub/device.map
# grub-install /dev/xvdg

16.   The "grub-install" command returns the following message. This message is expected—disregard and continue with the next step.

Probing devices to guess BIOS drives. This may take a long time.
Unknown partition table signature
/dev/xvdg does not have any corresponding BIOS drive.

17.   Run these commands to update the grub configuration:

# cat <<EOF | grub --batch
device (hd0) /dev/xvdg
root (hd0,0)
setup (hd0)
EOF
# sed -i 's/root\ (hd0)/root (hd0,0)/g' /etc/grub.conf
# sed -i 's/root\ (hd0)/root (hd0,0)/g' /boot/grub/menu.lst
# sed -i 's/console=hvc0/console=ttyS0/g' /etc/grub.conf
# sed -i 's/console=hvc0/console=ttyS0/g' /boot/grub/menu.lst

18.   Run this command to exit the “chroot” function:

# exit

19.   Run this command to shut down the instance:

# halt

20.   Detach the three volumes you previously attached to the HVM instance.

21.   Choose the volume you previously attached as /dev/xvdg (the new volume). Reattach this volume as /dev/xvda to the HVM instance.

22.   Start the HVM instance.

The new HVM instance is an exact copy of the source PV instance. After you confirm that the HVM instance works as expected, you can terminate the source PV instance. You can also remove the two temporary volumes: the HVM instance’s original root volume and the volume restored from the PV instance's root snapshot.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2018-02-19