Unfortunately it is not possible to simply upgrade an existing CheckPoint management server in AWS. A new one must be built, with the database manually exported from the old instance and imported to the new one.
There is a CheckPoint Knowledge base article, but I found it to have several errors and also be confusing on which version of tools should be used.
Below is the process I used to go from R80.20 to R80.30
Login to the old R80.20 server. Download and extract the R80.30 tools:
cd /home/admin tar -zxvf Check_Point_R80.30_Gaia_SecurePlatform_above_R75.40_Migration_tools.tgz
Run the export job to create an archive of the database:
./migrate export --exclude-licenses /tmp/R8020Backup.tgz
Copy this .tgz file to the new R80.30 management server in /tmp
On the new management server, run the import job:
cd $FWDIR/bin/upgrade_tools ./migrate import /tmp/R8020Backup.tgz The import operation will eventually stop all Check Point services (cpstop) Do you want to continue? (y/n) [n]? y
After a few minutes, the operation will complete and you’ll be prompted to start services again.
Finish by upgrading SmartConsole to R80.30 and connect to the new R80.30 server. I’ve noticed it to be very slow, but it will eventually connect and all the old gateways and policies will be there.