Posted On: Dec 17, 2020

Customers of EC2 Image Builder can now build and test container images compliant with the Open Container Initiative (OCI) specification. As a result, EC2 Image Builder can be used to automate the building of both – Virtual Machine and container images with similar workflows.

Building up-to-date container images is a key function needed to run containerized infrastructure. Although existing tools enable the building of individual container images, customers need to run it every time either manually or with homegrown automation to produce new images with the latest software updates, manually test functionality, and validate security posture of images with their compliance teams. These steps can take up to several days with multiple back-and-forths between teams, even for security vulnerabilities that need immediate action. EC2 Image Builder had already addressed this challenge for VM images, and now unlocks similar benefits for container images.

Customers can generate an automated pipeline that produces secure and up-to-date Windows and Linux container images. Similar to Image Builder’s workflows to build VM images, when software updates become available, Image Builder automatically produces new up-to-date container images and publishes them to specified Amazon Elastic Container Registry (ECR) repositories after running stipulated tests. Customers can also readily use an inventory of tests and hardening primitives to get started quickly. Additionally, organizations can capture InfoSec policies as vetted templates that can be consistently applied to every new image built.

Customers can get started from the EC2 Image Builder console, CLI, API, Cloud Formation, or CDK to create an automated container image build pipeline. More details can be found in EC2 Image Builder documentation. You can also learn about upcoming EC2 Image Builder features on the public roadmap.