How To Integrate EC2 Image Builder With AWS Services

EC2 means Elastic Compute Cloud. Ec2 and EC2 Image Builder are two different services given by AWS with different purposes. EC2 is used for running applications, hosting websites, processing data, and other computing operations in AWS, while EC2 Image Builder is used for creating custom Amazon Machine Images (AMIs) with specified configurations and settings for EC2 instances.

Detailed documentation of the EC2 Image Builder.

Integrating AWS services in EC2 Image Builder

These are some services available inside AWS that we can integrate while creating EC2 Image Builder:

• AWS CloudTrail: It delivers logs and audits image construction operations for governance and compliance.
• Amazon CloudWatch Logs: It monitors and analyzes build logs in real-time for troubleshooting and optimization.
• Amazon EventBridge: It enables event-driven automation of image generation procedures based on predetermined triggers.
• Amazon Inspector: It integrates security evaluations into the image generation process to ensure compliance and security.
• AWS Marketplace: It provides access to a large choice of pre-configured image solutions for base configurations.
• Amazon SNS: It sends notifications regarding image construction events, such as successes or failures, for instant communication and action.

Integrating EC2 Image Builder with Amazon Simple Notification Service (SNS)

Detailed documentation on the Amazon Simple Notification Service.

1. Setup email notifications through Amazon SNS

Step 1: Create a topic.

• Go to the Amazon SNS console.
• In the left navigation pane, choose Topics, then choose Create topic.

• Choose Standard and enter a name for the topic, such as “ImageBuilderNotifications”. Click on Create topic.

Step 2: Create a subscription for topic “ImageBuilderNotifications”.

• After successfully creating a topic you will see the Subscriptions field, Choose “Create subscription”.

• Now the Create subscription page will open. Choose the Topic ARN field.
• Choose protocol according to your needs; I chose email.
• For the endpoint, enter an email address, and you will receive notifications.

• Choose Create subscription.
• Check your email and click on Confirm subscription in the email from AWS Notifications. The sender ID is usually “no-reply@sns.amazonaws.com”.

2. Create an EC2 Image Builder

• Search for “EC2 Image Builder” in the AWS console and click on it.

• Now the EC2 Image Builder page will open, and you can click on “Create image pipeline.”

There will be a total of six steps to create an Image pipeline.

1. Step One is to Specify pipeline details.

• In general, give a unique name to the image pipeline, and then for the build schedule, I will select manual. According to your needs, select Build Schedule. Then click on Next.

2. Step Two is to Choose recipe.

• In the first field, choose Recipe Configuration options to “Create new recipe,” and then in the image type, select AMI.

• Now in the General field, give a unique name for AMI and a version in the format told by AWS.

• Now click on “Select managed images,” and for the image operating system, choose “Amazon Linux.”

• For image origin, select “Quick Start.” For the image name, choose “Amazon Linux 2 x86” and select “Use the latest available OS version.”

• In instance configuration, select the checkbox “Remove SSM agent after pipeline execution.”

• In the component field, there are two steps. In step 1, we have to “choose build components to produce the desired output AMI.” For this, we will select “aws-cli-version-2-linux” and “amazon-corretto-11-headless.” You can select according to your needs.

• Remaining things will be used as default, then click on next.

3. Step Three is the Image creation process.

• Click on Next; we will use default settings here.

4. Step Four is to define the infrastructure configuration.

• In Infrastructure configuration, we will select “Create a new infrastructure configuration.”

• Now give a unique name to the infrastructure configuration and click on “Create new IAM role.”

Create a new IAM role for EC2 Image Builder.

• On the left navigation menu of the newly opened page, you will see the “Roles” option. Click on that option. 

• Click on “Create Role,” then under Trusted Entity Type, click on “AWS Service.”

• Now under Use case, select “EC2” and click on Next.

• Now add permission to the role. Search the following permissions and select them: “EC2InstanceProfileForImageBuilder,”  “EC2InstanceProfileForImageBuilderECRContainerBuilds,”  and “AmazonSSMManagedInstanceCore.” After selecting all three permissions, click on Next.

• Now give a role name of “EC2InstanceProfileForImageBuilder” and click on Create.

• After successfully creating a role, we have to add one more permission. For that, click on Add Permissions. Then click on “Create inline policy.”

• Now select JSON and paste the following JSON script. And change the required details mentioned in the comment.

// JSON
// Replace "your-region" according to your need and give your "AWS your-account-id"

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "arn:aws:sns:your-region:your-account-id:ImageBuilderNotifications" 
        }
    ]
}

• Now click on Next, give the policy name “ImageBuilderSNSPublish,” and click on Create.

• Now our IAM role has the following four permissions:

• In the previous step, we created a new IAM role, “EC2InstanceProfileForImageBuilder.”  Select that in the IAM role field. 

• In AWS infrastructure, for instance, type “t2.micro,” and for SNS topics, select a topic that we already created, “ImageBuilderNotifications.”

5. Step Five is to define distribution settings.

• In configuration options, select “Create distribution settings using service defaults.” This will deploy our image in one region only.

6. Step Six is Review.

• Review all details and click on “Create pipeline.”

Result: Video demonstration of AMI creation

In this demonstration, we will see steps to perform after successfully creating the pipeline.

Conclusion

We successfully integrated an Amazon Simple Notification Service (SNS) with our EC2 Image Builder. We successfully created EC2 Image Builder mail on our given mail ID in JSON format with all logs.

Integrating EC2 Image Builder with AWS Services – FAQ’s

What’s the Amazon SNS?

Amazon Simple Notification Service( SNS) is a completely managed messaging service offered by AWS for transferring dispatches or cautions to multitudinous endpoints or subscribers.

What’s the EC2 Image Builder?

AWS offers EC2 Image Builder, a service that allows user to produce custom Amazon Machine Images( AMIs) with customized configurations and settings for users EC2 cases.

How do I integrate Amazon SNS and EC2 Image Builder?

You can combine Amazon SNS with EC2 Image Builder to get announcements about image product events, similar as successes or failures, allowing for immediate communication and action.

Which AWS services can be connected with EC2 Image Builder?

EC2 Image Builder supports integration with a number of AWS services, including AWS CloudTrail, Amazon CloudWatch Logs, Amazon EventBridge, Amazon Inspector, AWS Marketplace, and Amazon SNS.