AWS EC2 Image Builder

What is EC2 Image Builder?

EC2 Image Builder is a fully-managed AWS service that makes it easy to build, customize and deploy OS images (AMIs) without writing scripts. It is a really useful tool that helps us to automate the process of building and updating AMIs, reducing the manual steps and potential for errors.

How does it work?

EC2 Image Builder key features and concepts:

  1. Pipelines: A pipeline in Image Builder defines the steps required to produce an image. A pipeline is composed of a source image, an infrastructure configuration, a build and test recipe, and an output AMI.

  2. Recipes: These define the components and the tests that are applied to the source image. A recipe contains a list of components and the order in which they should be applied.

  3. Components: These are sets of instructions that modify the source image. Examples include updating software or installing new tools.

  4. Infrastructure Configuration: Specifies instance types, IAM roles, and other configurations needed during the build and test processes.

  5. Automated Testing: After building an image, you can validate it with automated tests. This ensures that the image meets your requirements before it's used.

  6. Distribution Settings: You can specify where the final AMI is distributed. This could be across multiple AWS regions or accounts.

  7. Security: EC2 Image Builder can automatically ensure your images comply with specified AWS Identity and Access Management (IAM) policies, AWS Key Management Service (KMS) keys, and Amazon S3 bucket locations.

  8. Integrations: EC2 Image Builder is integrated with AWS services like AWS Organizations, AWS Systems Manager, and AWS CloudFormation, among others.

  9. Golden Images: You can use Image Builder to maintain "golden images" — these are standard, pre-configured images that serve as a baseline for launching EC2 instances.

Benefits

  1. Improve IT productivity:

    Image Builder significantly reduces the effort of keeping images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline. Not having to write and maintain automation code frees up resources and saves IT time.

  2. Produce secure and up-to-date images:

    EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. You can also apply AWS-provided or custom security policies to your images to meet applicable internal or industry-specific compliance criteria.

  3. Simple image management for both AWS and on-premises:

    EC2 Image Builder, in conjunction with AWS VM Import/Export (VMIE), allows you to create and maintain images for Amazon EC2 (AMI) as well as on-premises Microsoft Hyper-V (VHDX), VMware vSphere (VMDK), and Open Virtualization Format (OVF) virtual machines.

  4. Built-in support for validation:

    EC2 Image Builder allows you to easily validate your images for functionality, application compatibility, and security compliance with AWS-provided tests, AWS Inspector, and your own tests before using them in production. Doing so reduces errors found in images normally caused by insufficient testing that can lead to downtime. The deployment of AMIs to AWS regions can be made to depend on tests passing.

  5. Centralized Policy Enforcement:

    EC2 Image Builder enables version control for easy revision management. It integrates with AWS Resource Access Manager and AWS Organizations to enable sharing of automation scripts, recipes, and images across AWS accounts.

  6. Integrated AWS Marketplace - new:

    You can now subscribe to an image product from AWS Marketplace directly from the Image Builder console Image products. You can then use the subscribed AWS Marketplace image as the base image in an Image Builder recipe. The integrated Subscriptions tab shows all of the AWS Marketplace images that you currently subscribe to so that you can review and manage your subscriptions in one place. We also support automated image version upgrades in Image Builder based on the upgrades in your AWS Marketplace image.

Hands-on Lab Overview

In this hands-on lab, we will practice how to create an EC2 Image Builder.

Hands-on Lab

Step 1: "Specify pipeline details"

  • Access EC2 Image Builder:

    In the navigation pane, click on Image Builder under the "Images" section.

  • Create an Image Pipeline:

    Click on "Create image pipeline". Enter a name for the pipeline and optionally, provide a description.

Step 2: "Choose the recipe:"

  • The recipe defines the components that get applied to the base images to create the desired configuration for the output image. After a recipe has been created, it cannot be modified. A new version must be created in order to change components.

  • Choose a Source Image: You can select an existing AWS-provided image or use one of your own AMIs. If required, specify an image version or use the latest one.

Step 4: Define the Infrastructure Configuration:

  • Specify the IAM role. Create an IAM role using the following policies: "AmazonSSMManagedInstanceCore" and "EC2InstanceProfileForImageBuilder" and name it "EC2ImageBuilderRole"

  • Choose an instance type that will be used to build the image.

    Configure other settings like VPC, security groups, and subnets if necessary.

Step 5: Define distribution settings:

Step 6: Run the pipeline

References

  1. EC2 Image Builder