In today's dynamic cloud computing landscape, managing and deploying secure, compliant, and up-to-date images across your AWS infrastructure is critical for maintaining operational efficiency, enhancing security, and ensuring regulatory compliance.
Before the introduction of EC2 Image Builder, building and managing AMIs was a complex and time-consuming process, often requiring manual intervention and scripting. This traditional approach was prone to errors, inconsistencies, and security vulnerabilities, making it challenging to maintain a consistent and secure image environment.
Then comes EC2 Image Builder, a fully managed service from AWS, that simplifies the image-building process by providing a centralized platform for creating, customizing, testing, and deploying customized AMIs. Whether you’re building bootstrapped images to aid in faster deployment etc. and need a solution to build repeatable and secure AMIs, for this type of use cases Image Builder was built for.
Here in this blog, we will learn to create an EC2 image builder using an image pipeline, and later we will also validate the pipeline by launching an EC2 instance, and then verify the web application deployed via Image which is used to create the EC2 Instance.
Introduction to EC2 Image Builder
An image pipeline in AWS EC2 Image Builder is a sequence of steps that define how an AMI is created, customized, tested, and deployed. It provides a structured and repeatable approach to building and managing AMIs, ensuring consistency, quality, and security across your AWS deployments.
EC2 Image Builder helps in creating pipelines for Linux or Windows Server images for use with Amazon EC2 and on-premises. The pipeline takes care of all stages such as image creation, maintenance, validation, sharing, and deployment.
Image Builder is offered at no cost, other than the cost of the underlying AWS resources used to create, store, and share the images.
Steps involved in EC2 Image Builder workflow
Build a Component:
The process of building a component is part of the overall image creation process.
Components represent a configuration document that defines a package install, a test script, or some other form of configuration action.
EC2 Image Builder allows you to define and create custom components, which are reusable configuration elements.
Create a Recipe:
A recipe is a set of instructions for building an image. It includes a list of components and their configurations.
Recipes are used to define the steps involved in building an image, including the order in which components are executed.
Recipes can be versioned and shared across accounts.
Build an Image Pipeline:
An image pipeline defines the workflow for creating, testing, and distributing images.
These pipelines define the process from the source image to the final, fully-configured image.
You can specify components and recipes for each phase.
Launch EC2 Instance using EC2 Image Builder AMI:
The ultimate goal of EC2 Image Builder is to produce an AMI that can be used to launch EC2 instances.
To summarize, EC2 Image Builder involves building components, creating recipes, defining image pipelines, and ultimately using the generated AMI to launch EC2 instances with the desired configurations. This workflow streamlines the process of creating and managing custom images in AWS.
AWS EC2 Image Builder Detailed Demo Implementation
Let's start the EC2 Image Builder Process to create the configurable AMI.
Create an IAM Role.
Create an SNS Topic and then Subscribe to it.
Create an S3 Bucket and upload the Ec2amibuilder.sh script.
In this implementation, we’ll be using Ubuntu to build a simple web server. The script will install the Apache web server (Apache2) first, then start it, and at last, enable the service and configure the index.html file with the following message, "Hello, Welcome to EC2 Image Builder Demo". If the image pipeline is deployed successfully, then after creating the Instance from this AMI, and hitting the public DNS or public IP of the instance, we get the above text in the web browser. we will store this script in an S3 bucket as an Ec2amibuilder.sh, and this will be pulled to the instance from the bucket at runtime.
# Install apache start and enable the service sudo apt install -y apache2 && sudo systemctl start apache2 && sudo systemctl enable apache2 # Configure index.html echo '<!doctype html><html><body><h1>Hello, Welcome to EC2 Image Builder Demo </h1></body></html>' | sudo tee /var/www/html/index.html
Create a Build Component for EC2 Image Builder
The component creation process is majorly classified into 3 sections -
Component type - we are selecting the default option which is Build.
Component details - we need to select the OS to use, and version, and provide a name, description, and version number.
Definition document - This is the place where we can write our component or use the AWS provided example, but here we are creating a component with a build phase consisting of 3 steps - DownloadScript, RunScript, and InstanceCleanup.
In the below document, we have one build phase which contains 3 steps.
In the first step (DownloadScript), we are going to download our script from S3 to the /tmp directory on the instance and this has max attempts of 3 before the pipeline fails.
In the second step (RunScript), we are running 2 commands, the first command (chmod) will make the script executable while the second runs the script and this has max attempts of 3 before the pipeline fails.
In the third step (Instance cleanup), as we don’t want to keep bootstrapped images, we can have clean AMIs on launch and we are using respective commands for that.
Please find the definition document for creating components in YAML format below.
name: EC2ImageBuilder-ApacheWebServer description: 'This Image Builder component will install Apache web-server and configure the index.html on top of it' schemaVersion: 1.0 phases: - name: build steps: - name: DownloadScript action: S3Download onFailure: Abort maxAttempts: 3 inputs: - source: s3://imagepipelinebuilderscript/Ec2amibuilder.sh destination: /tmp/Ec2amibuilder.sh - name: RunScript action: ExecuteBash onFailure: Abort maxAttempts: 3 inputs: commands: - 'chmod +x {{ build.DownloadScript.inputs[0].destination }}' - 'bash {{ build.DownloadScript.inputs[0].destination }}' - name: InstanceCleanUp action: ExecuteBash onFailure: Abort maxAttempts: 3 inputs: commands: - 'rm {{ build.DownloadScript.inputs[0].destination }}'
Creating a Recipe
The recipe creation process includes 4 major sections -
Recipe details - Provide the name and description of the Recipe.
Choose a Base image - First, select the managed images, and then select OS (ubuntu 22), Image origin, Image Name, etc.
Working directory - directory for use during build and test workflows.
Components - choose the component created in the previous step.
Creating an Image Pipeline
Image pipeline creation involves 5 steps -
Specify Image pipeline details -
Choose existing Recipe -
Define Infrastructure configuration -
Review all the steps -
Image Pipeline is created successfully -
After, creating the pipeline, we need to run the pipeline and wait for some time to finish the execution while it deploys AMI in the EC2 Image Builder section and under the EC2 Console in the Images section.
These are the logs of the Image Pipeline while the pipeline is in execution.
As we have configured the SNS topic, we will get every update regarding the EC2 Image builder workflow like Recipe configurations, Infrastructure configurations, etc. as seen below.
We can see the AMI under both sections - the EC2 Image Builder section and the Images section under the EC2 console.
Now, we need to create the EC2 Instance and hit the public IP into the web browser to check the deployed HTML content which is configured via EC2 Image Builder. Here while creating the instance, we are not doing any kind of configuration on the Instance using user data, etc. We are just creating the Instance from the AMI which we get as a result of the EC2 Image Builder Pipeline execution.
After hitting the http:<public-ip>, we can see deployed content as seen below.
Reference Links:
About EC2 Image Builder -https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html
Getting started to AWS EC2 Image Builder AMI - https://docs.aws.amazon.com/imagebuilder/latest/userguide/start-build-image-pipeline.html
Conclusion
In conclusion, EC2 Image Builder emerges as a powerful and versatile tool, simplifying the process of creating and maintaining customized AMIs. By providing a seamless and automated pipeline for image management, EC2 Image Builder empowers developers and system administrators to streamline workflows, enhance security, and optimize resource utilization.
At last, we have implemented a demo use case to create the customized AMI, where we have created the build component, created the recipe, and then created and ran the Image Builder Pipeline which creates the AMI in the images console under EC2 dashboard and later we can use that custom AMI to create the Instance.
Thank you so much for reading my blog! 😊 I hope you found it helpful and informative. If you did, please 👍 give it a like and 💌 subscribe to my newsletter for more of this type of content. 💌
I'm always looking for ways to improve my blog, so please feel free to leave me a comment or suggestion. 💬
Thanks again for your support!
Connect with me -
LinkedIn - https://www.linkedin.com/in/rachitmishra1997/
Twitter - https://twitter.com/racs1997
#aws #awscommunity #cloudcomputing #cloud