Streamline AMI Creation with Amazon EC2 Image Builder

Overview

In the world of cloud computing, the ability to efficiently create, manage, and distribute custom machine images is crucial for ensuring a streamlined and secure deployment process. Amazon EC2 Image Builder Pipelines offers a powerful solution that simplifies image creation, allowing developers and DevOps teams to automate and customize their machine image pipelines. In this blog, we will explore what Amazon EC2 Image Builder Pipelines are, their benefits, and several real-world use cases where they can significantly impact.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

Amazon EC2 Image Builder Pipelines is a service provided by Amazon Web Services (AWS) that enables the automated creation, management, and distribution of customized Amazon Machine Images (AMIs) and container images. It streamlines the image creation process by allowing you to define a series of pipeline stages and automate image creation workflows.

Benefits of Using Amazon EC2 Image Builder Pipelines

Automation: Automate the image creation process, reducing manual intervention and potential errors.
Customization: Easily configure and customize your images with specific software, packages, configurations, and updates.
Consistency: Ensure consistency across all images, reducing variations and potential security vulnerabilities.
Compliance: Implement compliance standards and security best practices through automated image creation and validation.
Efficiency: Streamline the distribution of images across multiple regions and accounts.
Versioning: Maintain a history of image versions and track changes over time.

Use Cases for Amazon EC2 Image Builder Pipelines

Custom Application Images: Developers can use Amazon EC2 Image Builder Pipelines to create custom images tailored to their application’s requirements. This ensures that each image includes the necessary software dependencies, configurations, and updates to run the application efficiently. This use case is particularly beneficial for microservices architectures or applications with complex dependencies.
Compliance and Security Updates: For organizations that need to maintain compliance and security standards, Amazon EC2 Image Builder Pipelines can automate applying updates, patches, and security configurations to images. This ensures all images adhere to the latest security protocols, reducing potential vulnerabilities.
Multi-Region Image Distribution: With Amazon EC2 Image Builder Pipelines, you can create a pipeline that automates image distribution across multiple AWS regions. This is particularly useful for ensuring consistent images across different regions, enabling faster deployment and reducing the management overhead of maintaining images separately for each region.

Steps to Set Up an AWS EC2 Image Builder Pipeline with a Web Server Component

AWS CloudFormation Template Overview: The AWS CloudFormation template below sets up an Amazon EC2 Image Builder pipeline with a web server component. This example defines the necessary resources and configurations for creating a custom machine image.
AWS CloudFormation Code:

AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template for Amazon EC2 Image Builder pipeline with a web server component
Parameters:
  PipelineName:
    Type: String
    Description: Name for the AWS EC2 Image Builder pipeline
 
Resources:
  ImageBuilderRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${PipelineName}-Role"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: imagebuilder.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
        - arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder
        - arn:aws:iam::aws:policy/AmazonSSMFullAccess
 
        # Add any additional managed policies as needed for your use case
  ImageBuilderInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: '/'
      Roles:
        - !Ref ImageBuilderRole
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for the web server
      VpcId: vpc-0012b5ef519298d9d # Replace with your VPC ID
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0 # Allowing HTTP access from anywhere (Modify as needed)
 
  WebServerComponent:
    Type: AWS::ImageBuilder::Component
    Properties:
      Name: !Sub "${PipelineName}-WebServerComponent"
      Description: Component to install and configure Apache web server
      Version: '1.0.0'
      ChangeDescription: Initial version
      Platform: Linux
      Data: |
        {
          "schemaVersion": "1.0",
          "phases": [
            {
              "name": "build",
              "steps": [
                {
                  "name": "InstallApache",
                  "action": "ExecuteBash",
                  "inputs": {
                    "commands": [
                      "yum install -y httpd"
                    ]
                  }
                },
                {
                  "name": "StartApache",
                  "action": "ExecuteBash",
                  "inputs": {
                    "commands": [
                      "systemctl start httpd",
                      "systemctl enable httpd"
                    ]
                  }
                }
              ]
            }
          ]
        }

  ImageRecipe:
    Type: AWS::ImageBuilder::ImageRecipe
    Properties:
      Name: !Sub "${PipelineName}-ImageRecipe"
      Description: Image recipe for customizing the AMI
      Version: '1.0.0'
      Components:
        - ComponentArn: !Ref WebServerComponent
      ParentImage: <image-id> # The provided AMI ID

  InfrastructureConfiguration:
    Type: AWS::ImageBuilder::InfrastructureConfiguration
    Properties:
      Name: !Sub "${PipelineName}-InfrastructureConfig"
      InstanceProfileName: !Ref ImageBuilderInstanceProfile
      InstanceTypes:
        - t2.micro # Change this to the desired instance type
      SecurityGroupIds:
        - !Ref WebServerSecurityGroup # Referencing the new security group here
      SubnetId: <subnet-id> # Replace with your desired subnet ID
      KeyPair: <your-key>
 
  DistributionConfiguration:
    Type: AWS::ImageBuilder::DistributionConfiguration
    Properties:
      Name: !Sub "${PipelineName}-DistributionConfig"
      Description: Distribution configuration for the custom AMI
      Distributions:
        - Region: ap-south-1
          AmiDistributionConfiguration:
            Name: !Sub "${PipelineName}-AMI-Distribution-{{ imagebuilder:buildDate }}" #!Sub "${PipelineName}-AMI-Distribution"
            Description: Custom AMI distribution
            AmiTags:
              Name: !Ref PipelineName
 
  ImageBuilderPipeline:
    Type: AWS::ImageBuilder::ImagePipeline
    Properties:
      Name: !Ref PipelineName
      Description: Image Builder pipeline for creating custom AMIs
      ImageRecipeArn: !Ref ImageRecipe
      InfrastructureConfigurationArn: !Ref InfrastructureConfiguration
      DistributionConfigurationArn: !Ref DistributionConfiguration
      EnhancedImageMetadataEnabled: true
      Status: ENABLED
---

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

AWSTemplateFormatVersion: '2010-09-09'

Description: AWS CloudFormation template for Amazon EC2 Image Builder pipeline with a web server component

Parameters:

PipelineName:

Type: String

Description: Name for the AWS EC2 Image Builder pipeline

Resources:

ImageBuilderRole:

Type: AWS::IAM::Role

Properties:

RoleName: !Sub "${PipelineName}-Role"

AssumeRolePolicyDocument:

Version: '2012-10-17'

Statement:

- Effect: Allow

Principal:

Service: imagebuilder.amazonaws.com

Action: sts:AssumeRole

ManagedPolicyArns:

- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

- arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder

- arn:aws:iam::aws:policy/AmazonSSMFullAccess

# Add any additional managed policies as needed for your use case

ImageBuilderInstanceProfile:

Type: AWS::IAM::InstanceProfile

Properties:

Path: '/'

Roles:

- !Ref ImageBuilderRole

WebServerSecurityGroup:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: Security group for the web server

VpcId: vpc-0012b5ef519298d9d # Replace with your VPC ID

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: 80

ToPort: 80

CidrIp: 0.0.0.0/0 # Allowing HTTP access from anywhere (Modify as needed)

WebServerComponent:

Type: AWS::ImageBuilder::Component

Properties:

Name: !Sub "${PipelineName}-WebServerComponent"

Description: Component to install and configure Apache web server

Version: '1.0.0'

ChangeDescription: Initial version

Platform: Linux

Data: |

{

"schemaVersion": "1.0",

"phases": [

{

"name": "build",

"steps": [

{

"name": "InstallApache",

"action": "ExecuteBash",

"inputs": {

"commands": [

"yum install -y httpd"

]

}

{

"name": "StartApache",

"action": "ExecuteBash",

"inputs": {

"commands": [

"systemctl start httpd",

"systemctl enable httpd"

]

}

]

}

]

}

ImageRecipe:

Type: AWS::ImageBuilder::ImageRecipe

Properties:

Name: !Sub "${PipelineName}-ImageRecipe"

Description: Image recipe for customizing the AMI

Version: '1.0.0'

Components:

- ComponentArn: !Ref WebServerComponent

ParentImage: <image-id> # The provided AMI ID

InfrastructureConfiguration:

Type: AWS::ImageBuilder::InfrastructureConfiguration

Properties:

Name: !Sub "${PipelineName}-InfrastructureConfig"

InstanceProfileName: !Ref ImageBuilderInstanceProfile

InstanceTypes:

- t2.micro # Change this to the desired instance type

SecurityGroupIds:

- !Ref WebServerSecurityGroup # Referencing the new security group here

SubnetId: <subnet-id> # Replace with your desired subnet ID

KeyPair: <your-key>

DistributionConfiguration:

Type: AWS::ImageBuilder::DistributionConfiguration

Properties:

Name: !Sub "${PipelineName}-DistributionConfig"

Description: Distribution configuration for the custom AMI

Distributions:

- Region: ap-south-1

AmiDistributionConfiguration:

Name: !Sub "${PipelineName}-AMI-Distribution-{{ imagebuilder:buildDate }}" #!Sub "${PipelineName}-AMI-Distribution"

Description: Custom AMI distribution

AmiTags:

Name: !Ref PipelineName

ImageBuilderPipeline:

Type: AWS::ImageBuilder::ImagePipeline

Properties:

Name: !Ref PipelineName

Description: Image Builder pipeline for creating custom AMIs

ImageRecipeArn: !Ref ImageRecipe

InfrastructureConfigurationArn: !Ref InfrastructureConfiguration

DistributionConfigurationArn: !Ref DistributionConfiguration

EnhancedImageMetadataEnabled: true

Status: ENABLED

---

Step 1: Prepare Your Template

Create a new YAML file named yaml or any preferred name.
Inside the YAML file, define your AWS CloudFormation stack’s resources, such as Amazon EC2 instances, Amazon S3 buckets, AWS IAM roles, etc. This is the infrastructure you want to create.
Save the YAML file in a directory.

Step 2: Install and Configure AWS CLI

Install the AWS CLI on your local machine if you haven’t already. You can find installation instructions in the AWS CLI User Guide.
Configure the AWS CLI with your AWS credentials using the aws configure

Step 3: Run the Command

Open your terminal and execute the following command:

aws cloudformation create-stack --stack-name <stack-name> --template-body file://path/to/template.yaml --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM

1	aws cloudformation create-stack --stack-name <stack-name> --template-body file://path/to/template.yaml --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM

Replace <stack-name> with your desired stack name and path/to/template.yaml with the actual path to your YAML template file.

Step 4: Monitor Stack Creation

The AWS CLI will return a response containing the stack creation request information. You can monitor the progress of stack creation by either checking the AWS CloudFormation console or using the AWS CLI.
Once the stack creation is complete, you’ll receive a “StackId” as part of the response.

Step 5: Clean Up (Optional)

If you want to delete the stack later, you can use the following command:

aws cloudformation delete-stack --stack-name <stack-name>

1	aws cloudformation delete-stack --stack-name <stack-name>

Replace <stack-name> with the name of the stack you created.

Best Practices for Implementing Amazon EC2 Image Builder Pipelines

Clearly define pipeline stages and build recipes to ensure consistency and reproducibility.
Regularly update base images to include the latest security patches and updates.
Implement automated tests to validate the integrity of created images.
Use versioning to track changes and maintain a history of image configurations.

Conclusion

Amazon EC2 Image Builder Pipelines offer a robust solution for automating and customizing the image creation and management process. By leveraging automation, customization, and consistency, organizations can enhance their deployment processes, improve security and compliance, and streamline image distribution across multiple regions. As cloud computing continues to evolve, Amazon EC2 Image Builder Pipelines provide a valuable tool for DevOps teams and developers seeking to optimize their image management workflows.

Drop a query if you have any questions regarding Amazon EC2 Image Builder Pipelines and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, AWS EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.

FAQs

1. What is the purpose of an Amazon EC2 Image Builder pipeline?

ANS: – An Amazon EC2 Image Builder pipeline is a streamlined process for creating customized images for various platforms. It automates the image creation process by defining steps and configurations, allowing users to create consistent and reproducible images easily.

2. What advantages does an Amazon EC2 Image Builder pipeline offer?

ANS: – Using an Amazon EC2 Image Builder pipeline brings several benefits, such as improved efficiency in image creation, reduced human error, simplified deployment, and the ability to scale image production. It also allows consistent updates and ensures images are built from the latest configurations.

WRITTEN BY Vineet Negi

Vineet Negi is a Research Associate at CloudThat. He is part of the Kubernetes vertical and has worked on DevOps and many other Cloud Computing technologies. He is an enthusiastic individual who is passionate about exploring all the latest technologies from a learning perspective.