How Ryanair governs their image distribution using EC2 Image Builder
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Buzz, Lauda, Malta Air, and Ryanair. Before the COVID-19 pandemic, it carried 149 million guests on more than 2,500 daily flights from more than 80 bases. The Ryanair Group connects over 225 destinations in 37 countries on a fleet of 450 aircraft—and there are 210 Boeing 737s on order. By offering lower fares, the Ryanair Group expects to grow traffic to 200 million per annum over the next five years. Ryanair’s team of more than 16,000 highly skilled aviation professionals helps make it number one in Europe for on-time performance. It also has an industry-leading 35-year safety record. Ryanair is Europe’s greenest cleanest airline group. Customers who switch to fly Ryanair can reduce their CO₂ emissions by up to 50% compared to the other Big 4 European major airlines.
In this blog post, we will talk about how the Devops team at Ryanair Labs, led by Diego Infiesta, worked to fully automate distribution of golden AMIs using EC2 Image Builder, AWS Graviton2 processors, and Amazon EBS gp3 volumes. The automated process saved Ryanair money and time during the COVID-19 pandemic.
Ryanair used Packer to build their golden images for Amazon EC2 and Amazon ECS. The process was triggered by Jenkins running in AWS. This process required hands-on work for maintenance, patching, and security. The EC2 images were built on demand, not automatically. After they were built, the new images had to be shared with consumers across the business manually by writing emails to notify developers. Developers then had to update their deployments to point to a new image. Operationally, this took the DevOps team at Ryanair more than 30 hours per month.
Switching to EC2 Image Builder
EC2 Image Builder simplifies the building, testing, and deployment of virtual machine and container images for use on AWS or in an on-premises environment. With Image Builder, there are no manual steps for updating an image and you don’t have to build your own automation pipeline. Image Builder is free. You pay only for the underlying AWS resources used to create, store, and share the images.
Ryanair uses Amazon Linux 2 as a base image. Highly custom components are part of their recipe. This allows them to regularly build, harden, and test new golden images and then share them across the organization.
At the time they made the switch, Ryanair built images using x86 architecture with the Amazon EBS gp2 volume type. During the build of the image builder pipeline, the DevOps team at Ryanair saw how easy it was to centrally change aspects of the build. To add performance and save more money, the team made a new pipeline for Graviton2 processor types and gp3 volumes.
“In under 15 minutes, we could build a working pipeline to publish Graviton2- based images to our development teams to save us money. In under 5 minutes, we switched a parameter in the pipeline, which meant we leveraged the new gp3 type volumes rather than gp2.”
– Diego Infiesta
Figure 1: Pipeline steps
- A new image build is regularly triggered.
- The pipeline is built for both x86 and ARM processor types.
- Using the latest version of Amazon Linux 2, customizations are built on top based on custom configurations stored in an S3 bucket. The configurations are for build components in the recipe stage.
- Several build components are added to the base image for extended customization.
- A Systems Manager runbook executes a command against the newly built image and the output is logged to Amazon CloudWatch Logs.
- Ryanair’s automated tests are executed against the new image. The output reports are stored in Amazon S3.
- The newly built, customized, and tested image is distributed to all accounts. The DevOps team is notified through SNS topic.
- For the new AMI to be consumed, Lambda updates Systems Manager Parameter Store to point to the current golden AMI. This allows developers to point at this parameter and deploy apps to the new AMI.
Hands-off: The pipeline distributes of the newly built AMIs across the organization. There is no longer any need for manual sharing through email. Diego’s team no longer needs to spend time maintaining Jenkins instances. They can focus on moving fast on their image builds and reducing costs for the business.
“We saved more than 30 hours per month by switching to EC2 Image Builder.”
– Diego Infiesta
Developers no longer need to manually update their deployments. Now they point at the parameter that was updated during the image build and always get the latest approved image.
Use cutting-edge technology: Using EC2 Image Builder allows the operations team to quickly re-use the pipeline and adapt it for infrastructure changes. Ryanair started off building images for x86 processor architectures and in 15 minutes, they were able to publish golden AMIs for Graviton2 processors. Like the Graviton2 story, Ryanair was able to change a parameter in their pipeline so instances use gp3 volume types rather than gp2. This switch saves them money.
Developer experience: After a new version of a golden AMI is published, AWS Lambda puts the new image ID into Systems Manager Parameter Store. When developers are deploying their application, they reference this parameter to ensure they are always using the latest approved golden image, whether it be in ECS or EC2.
Cost savings: Ryanair has been able to save money by replacing the EC2 instances that were hosting Jenkins to EC2 Image Builder, which is free. They also saved money by switching compute workloads to Graviton2 and storage types to gp3. Of course, they also saved engineering hours, too.
In this blog post, we explained how the operations team at Ryanair Labs spotted a use case for EC2 Image Builder to free up their time, build golden images more often and save the business money. To learn more about EC2 Image Builder visit the documentation; Image Builder uses AWS Systems Manager Automation to orchestrate image build actions.