쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

Exporting your data inventory

포커스 모드

이 페이지에서

Exporting your data inventory - Application Migration Service
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

The Export feature allows you to easily export your inventory of servers, applications, and waves to a CSV file that is saved in your local disk or an S3 bucket.

Defining required permissions for export

In order to use the export feature, you will need to create a role with the following policies (or any extension of them):

Managed policies:

  • AWSApplicationMigrationReadOnlyAccess

Additional policies:

{ "Sid": "AllowS3Access", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::your-bucket/*" }, { "Sid": "AllowMgnStartExport", "Effect": "Allow", "Action": [ "mgn:StartExport" ], "Resource": "*" }

When starting an export on an Amazon S3 bucket source that is owned by another account, ensure that the role or user has access to the Amazon S3 objects. When using the API, the Amazon S3 bucket owner parameter defaults to the current user’s account ID.

The following is an example of an Amazon S3 bucket policy in the target account:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ExampleStatement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/Dave" }, "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::awsexamplebucket1/*" } ] }
Note

If the Amazon S3 objects are encrypted with SSE-KMS, ensure that the role or user initiating the export has access to decrypt using the AWS KMS key. This feature does not support SSE-C encrypted Amazon S3 objects.

Required Amazon S3 bucket permissions

Before you create an export job, you must create the destination S3 bucket to export to. AWS Application Migration Service doesn't create the S3 bucket for you. The S3 bucket that you specify can't be publicly accessible, and can't be configured as a Requester Pays bucket. After you create the S3 bucket, confirm that the bucket has the required permissions policy to allow AWS Application Migration Service to write the export files to it.

Export parameters

The exported file can include multiple parameters, including:

  • mgn:account-id – The ID of the account being exported.

  • mgn:app:description – The description of the application being exported.

  • mgn:app:id – The ID of the application being exported.

  • mgn:app:name – The name of the application being exported.

  • mgn:app:tag:appkey1 – The value of the application tag key (in this example, the tag key is appkey1).

  • mgn:launch:iam-instance-profile:name – The name of the instance profile associated with the launch instance.

  • mgn:launch:instance-type – The EC2 instance type of the launch instance (for example, m4.large).

  • mgn:launch:nic:0:network-interface-id – The ID of the network interface that appears first in the launch template ("0" refers to the first network interface, "1" would refer to the second network interface, and so on).

  • mgn:launch:nic:0:private-ip:0 – The private IP that appears first in the network interface that appears first in the launch template.

  • mgn:launch:nic:0:security-group-id:0 – The security group that appears first in the network interface that appears first in the launch template.

  • mgn:launch:nic:0:subnet-id – The subnet ID that appears first in the network interface that appears first in the launch template.

  • mgn:launch:placement:host-id – The host ID of the placement of the launch instance.

  • mgn:launch:placement:tenancy – This tenancy of the launch instance. Expected values: default, dedicated, or host.

  • mgn:launch:tag:instance:key1 – The value of launch instance tag "key1" (in this example, the tag key is key1).

  • mgn:launch:volume:/dev/sda:type – The type of the launch instance's volume whose name is /dev/sda (in this example, the volume's name is /dev/sda).

  • mgn:region – The AWS Region from which you are exporting.

  • mgn:server:fqdn-for-action-framework – The FQDN that the MGN connector uses to connect to the server.

  • mgn:server:id – The server ID.

  • mgn:server:lifecycle-state – The server’s lifecycle state.

  • mgn:server:platform – The server’s platform (Linux or Windows).

  • mgn:server:replication-type – The type of the replication (agent-based or agentless).

  • mgn:server:replication-state – The state of the replication.

  • mgn:server:tag:serverkey1 – The value of the server tag key (in this example, the tag key is serverkey1).

  • mgn:server:user-provided-id – The server's user-provided ID. The MGN connector uses this parameter when installing the AWS replication agent on the server.

  • mgn:wave:description – The description of the exported wave.

  • mgn:wave:id – The ID of the exported wave.

  • mgn:wave:name – The name of the exported wave.

  • mgn:wave:tag:appkey1 – The value of the wave tag key (in this example, the tag key is appkey1).

Note

If the bucket you're exporting to is encrypted with customer managed keys (KMS), that KMS key's policies must give AWS MGN permission to use it. This permission is given through the user or role that initiates the export job.

If you choose to encrypt your export using a key protected by AWS Key Management Service (AWS KMS), the key must be in the same Region as the destination S3 bucket.

프라이버시사이트 이용 약관쿠키 기본 설정
© 2025, Amazon Web Services, Inc. 또는 계열사. All rights reserved.