Get started with AWS EC2 Image Builder

Maxat AkbanovMaxat Akbanov
7 min read

Table of contents

EC2 Image Builder is a fully managed AWS service that helps you create, customize, and distribute Amazon Machine Images (AMIs) for your EC2 instances. It automates the process of building and maintaining secure and up-to-date AMIs, reducing the operational overhead and improving consistency across your EC2 fleet.

Here's how EC2 Image Builder works and its key components:

  1. Components:

    a. Image Recipe: It defines the configuration and steps required to build an AMI. It includes a base AMI, a set of components, and a collection of customizations.

    b. Components: These are modular units that perform specific actions during the image build process, such as installing packages, running scripts, or configuring settings.

    c. Infrastructure Configuration: It specifies the resources required for the image build process, such as EC2 instance type, network settings, and IAM role.

    d. Distribution Configuration: It defines the output format of the resulting AMI, such as Amazon S3, Amazon EBS, or EC2 launch template.

  2. Image Building Process:

    a. Create an Image Recipe: Define an image recipe that includes the desired base AMI, a set of components, and any customizations you want to apply.

    b. Customize the Image: Add components to the recipe to perform tasks like installing software, configuring settings, or running scripts.

    c. Define Infrastructure Configuration: Specify the resources needed for building the image, such as EC2 instance type, network settings, and IAM role.

    d. Create a Distribution Configuration: Define how the resulting AMI should be distributed, such as storing it in an S3 bucket or sharing it with other AWS accounts.

    e. Start the Image Build: Initiate the image build process, and EC2 Image Builder automatically provisions the required resources, executes the defined steps, and creates a new AMI.

    f. Validate and Test: EC2 Image Builder can run automated tests on the newly created AMI to ensure it meets your requirements.

    g. Distribute the AMI: Once the build and tests are successful, EC2 Image Builder can distribute the AMI to the specified targets, such as an AWS account, region, or AWS Marketplace.

  3. Integration and Automation: EC2 Image Builder integrates with other AWS services like AWS Systems Manager, AWS Identity and Access Management (IAM), and AWS CloudFormation. You can automate the image build process using AWS CLI, SDKs, or AWS CloudFormation templates.

EC2 Image Builder simplifies and streamlines the process of creating and maintaining AMIs, reducing manual effort and ensuring consistency across your EC2 instances.

Create an image pipeline using the EC2 Image Builder console wizard

This tutorial walks you through creating an automated pipeline to build and maintain a customized EC2 Image Builder image using the Create image pipeline console wizard. To help you move through the steps efficiently, default settings are used when they are available, and optional sections are skipped.

Step 1: Specify pipeline details

  1. Open the EC2 Image Builder console at https://console.aws.amazon.com/imagebuilder/.

  2. To begin creating your pipeline, choose Create image pipeline.

  3. In the General section, enter your Pipeline name (required).

    Tip:

    Enhanced metadata collection is turned on by default. To ensure compatibility between components and base images, keep it turned on.

  4. In the Build schedule section, you can keep the defaults for the Schedule options. Note that the Time zone shown for the default schedule is Universal Coordinated Time (UTC). For more information about UTC time, and to find the offset for your time zone, see Time Zone Abbreviations – Worldwide List.

  5. Choose Next to proceed to the next step.

Step 2: Choose recipe

  1. Image Builder defaults to Use existing recipe in the Recipe section. For your first time through, choose the Create new recipe option.

  2. In the Image type section, choose the Amazon Machine Image (AMI) option to create an image pipeline that will produce and distribute an AMI.

  3. In the General section, enter the following required boxes:

    • Name – your recipe name

    • Version – your recipe version (use the format <major>.<minor>.<patch>, where major, minor, and patch are integer values). New recipes generally start with 1.0.0.

  4. In the Source image section, keep the default values for Select image, Image Operating System (OS), and Image origin. This results in a list of Amazon Linux 2 AMIs, managed by Amazon, for you to choose from for your base image.

    1. From the Image name dropdown, choose an image.

    2. Keep the default for Auto-versioning options (Use latest available OS version).

      Note:

      This setting ensures that your pipeline uses semantic versioning for the base image, to detect dependency updates for automatically scheduled jobs. To learn more about semantic versioning for Image Builder resources, see Semantic versioning.

  1. In the Instance configuration section, keep the default values for the Systems Manager agent. This results in Image Builder keeping the Systems Manager agent after the build and tests are complete, to include the Systems Manager agent in your new image.

    Keep User data blank for this tutorial. You can use this area at other times to provide commands, or a command script to run when you launch your build instance. However, it replaces any commands that Image Builder might have added to ensure that Systems Manager is installed. When you do use it, make sure that the Systems Manager agent is preinstalled on your base image, or that you include the install in your user data.

In the Components section, you must choose at least one build component.

In the Build components – Amazon Linux panel, you can browse through the components listed on the page. Use the pagination control in the upper right corner to navigate through additional components that are available for your base image OS. You can also search for specific components, or create your own build component using the Component manager.

For this tutorial, choose a component that updates Linux with the latest security updates, as follows:

  1. Filter the results by entering the word update in the search bar that's located at the top of the panel.

  2. Select the check box for the update-linux build component.

  3. Scroll down, and in the upper right corner of the Selected components list, choose Expand all .

  4. Keep the default for Versioning options (Use latest available component version).

Step 3: Define infrastructure configuration - optional

Image Builder launches EC2 instances in your account to customize images and run validation tests. The Infrastructure configuration settings specify infrastructure details for the instances that will run in your AWS account during the build process.

In the Infrastructure configuration section, the Configuration options default to Create infrastructure configuration using service defaults. This creates an IAM role and associated instance profile for the EC2 build and test instances that are used to configure your image. For more information about infrastructure configuration settings, see CreateInfrastructureConfiguration in the EC2 Image Builder API Reference.

For this tutorial, we are using the default settings.

Step 4: Define distribution settings - optional

Distribution configurations include the output AMI name, specific Region settings for encryption, launch permissions, and AWS accounts, organizations, and organizational units (OUs) that can launch the output AMI, and license configurations.

In the Distribution settings section, the Configuration options default to Create distribution settings using service defaults. This option will distribute the output AMI to the current Region. For more information about configuring your distribution settings, see Manage EC2 Image Builder distribution settings.

For this tutorial, we are using the default settings.

Step 5: Review

The Review section displays all of the settings you have configured. To edit information in any given section, choose the Edit button located in the top right corner of the step section. For example, if you want to change your pipeline name, choose the Edit button in the top right corner of the Step 1: Pipeline details section.

  1. When you have reviewed your settings, choose Create pipeline to create your pipeline.

  2. You can see success or failure messages at the top of the page, as your resources are created for distribution settings, infrastructure configuration, your new recipe, and the pipeline. To see details for a resource, including the resource identifier, choose View details.

  3. After you have viewed the details for a resource, you can view details about other resources by choosing the resource type from the navigation pane. For example, to see details for your new pipeline, choose Image pipelines from the navigation pane. If your build was successful, your new pipeline is displayed in the Image pipelines list.

References:

  1. Create an image pipeline using the EC2 Image Builder console wizard

  2. Automate Image Creation in AWS with EC2 Image Builder

1
Subscribe to my newsletter

Read articles from Maxat Akbanov directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSec2DevopsGolden Image

Written by

Maxat Akbanov
Maxat Akbanov

Hey, I'm a postgraduate in Cyber Security with practical experience in Software Engineering and DevOps Operations. The top player on TryHackMe platform, multilingual speaker (Kazakh, Russian, English, Spanish, and Turkish), curios person, bookworm, geek, sports lover, and just a good guy to speak with!