EC2 Image Builder Features

Page Topics

General

General

EC2 Image Builder significantly reduces the effort required to create and maintain golden images without writing and maintaining automation. Customers create an automated pipeline using an intuitive wizard in the AWS console. When software updates become available, Image Builder automatically produces a new image without requiring users to manually initiate image builds.

EC2 Image Builder allows you to easily validate the functionality and security of your images before using them in production with AWS-provided tests and your own tests. Image Builder also reduces errors found in images normally caused by insufficient testing. AWS provided tests can be used to readily validate functionality including: if images boot, if requisite drivers are installed, and if images are hardened to CIS standards.

EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. You can also apply AWS-provided security settings to further secure your images to meet internal security criteria. For example, you can produce images that conform to the Security Technical Implementation Guide (STIG) standard using AWS-provided templates. Additional AWS-provided security settings include: ensure security patches are applied, enforce strong passwords, turn on full disk encryption, close all non-essential open ports, enable software firewall, and enable logging/audit controls.

EC2 Image Builder integrates with AWS Resource Access Manager and AWS Organizations to enable sharing of AMIs across AWS accounts using existing mechanisms. Image Builder can modify AMI launch permissions to control which AWS accounts besides the owner are allowed to launch EC2 instances with the AMI.

EC2 Image Builder provides consistent mechanisms to build, test, and distribute up-to-date Virtual Machine and container images. Additionally, in conjunction with AWS VM Import/Export (VMIE), allows you to create and maintain images for Amazon EC2 (AMI) as well as on-premises Microsoft Hyper-V (VHDX), VMware vSphere (VMDK), and Open Virtualization Format (OVF) virtual machines.