EC2 Image Builder
EC2 Image Builder simplifies the building, testing, and deployment of Virtual Machine and container images for use on AWS or on-premises.
Keeping Virtual Machine and container images up-to-date can be time consuming, resource intensive, and error-prone. Currently, customers either manually update and snapshot VMs or have teams that build automation scripts to maintain images.
Image Builder significantly reduces the effort of keeping images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline.
Image Builder is offered at no cost, other than the cost of the underlying AWS resources used to create, store, and share the images.
Benefits
Improved IT productivity
Image Builder significantly reduces the effort of keeping Virtual Machine and container images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline. Not having to write and maintain automation code frees up resources and saves IT time.
Simpler to secure
EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. When a security patch is available, Image Builder can automatically patch your images. You can also apply AWS-provided security policies (such as strong password enforcement, full disk encryption, enable firewall, and more) or custom security policies to your images to meet applicable internal compliance criteria.
Consistent workflow to build and test both Virtual Machine and container images
EC2 Image Builder provides a one-stop shop to build, secure, and test up-to-date Virtual Machine and container images using common workflows.
Built-in validation support
EC2 Image Builder allows you to easily validate your images for functionality, compatibility, and security compliance with AWS-provided tests and your own tests before using them in production. Doing so reduces errors found in images normally caused by insufficient testing. The deployment of images into production environments can be made to depend on tests passing.
Centralized policy enforcement
EC2 Image Builder enables version control for easy revision management. It integrates with AWS Resource Access Manager, AWS Organizations, and Amazon ECR to enable sharing of automation scripts, recipes, and images across AWS accounts. Security and compliance testing also enable Information Security and IT teams to better enforce policies and compliance of images.
How it works
Image Builder provides a one-stop-shop to automate image management processes. Customers can generate an automated pipeline with an intuitive wizard in the AWS console to produce compliant Linux and Windows Server images for use on AWS and on-premises. When software updates become available, Image Builder automatically produces a new image and distributes it to stipulated AWS regions after running tests on it.
Examples of customize software installed on the image includes: 1/ Applications (build environments, business productivity tools, and databases) 2/ OS Updates 3/ Security patches.
Examples of secure image with AWS-provided and/or custom templates includes: 1/ Ensure security patches are applied, 2/ Enforce strong passwords, 3/ Turn on full disk encryption, 4/ Close all non-essential open ports, 5/ Enable software firewall, 6/ Enable logging/audit controls.
Examples of test image with AWS-provided test and/or your own test includes: 1/ Test that AMI can boot, 2/ Test that sample application can be run, 3/ Test specific patch has been applied, 5/ Test security policy.
Customers
AC3, an ANZ-based managed service provider (MSP) founded in 1999, manages over 14,000 virtual machines for more than half the New South Wales state government agencies and hundreds of commercial customers. An Amazon Web Services (AWS) customer, the MSP uses Amazon EC2 Image Builder to simplify the building, testing, and deployment of its virtual machines.
"We’ve never really looked at anything beyond Packer before, as it was the standard. But, when Image Builder came along, it felt like the natural progression. The native integration is really key! Having a managed service in AWS that owns key aspects, such as image versioning and troubleshooting errors, was a big win. Also, the rapid feature improvements make it our go-to image management service. Those two things make Image Builder a more seamless part of our image delivery pipeline.”
Greg Cockburn, Head of Cloud - AC3
Genesys, a leading customer experience orchestration provider with over 30 years of experience in the industry, uses Amazon Web Services (AWS) to power its technology. Genesys migrated from its home-grown Amazon Machine Image (AMI) pipeline on Packer to Amazon Elastic Compute Cloud (Amazon EC2) Image Builder and now produces thousands of AMIs per week via EC2 Image Builder. Genesys makes use of the immutable infrastructure design pattern so has a rigorous practice around building AMIs for its EC2 fleet quickly and reliably.
“We prefer to adopt managed services for utility purposes as much as possible, so we were happy to integrate EC2 Image Builder and minimize the undifferentiated elements of our image pipeline. The integrations that Image Builder provides natively with other AWS services and flexibility to customize it for our compliance needs make it a great fit for our platform.”
Glenn Nethercutt, Chief Architect, Genesys Cloud
Verisk Analytics, a data analytics and risk management company founded in 1971, provides data-driven insights that help businesses, people, and societies become stronger, more resilient, and more sustainable. Verisk leverages Amazon Web Services (AWS) using EC2 Image Builder to produce golden Amazon Machine Images (AMIs)—standardized and hardened AMIs containing approved security patching and endpoint protection agents.
“We have been running custom AWS Systems Manager-based pipelines to manage golden images for a few years. We evaluated EC2 Image Builder immediately after its announcement, and it made sense for us to migrate to the managed service to simplify the pipelines and leverage service functionality instead of our custom automation. Today, we generate a catalog of golden images for Windows and Linux operating systems that we distribute to over 300 accounts in multiple regions for consumption."
Eugene Kim, AVP - Cloud Architecture, Verisk Analytics
Get started building with EC2 Image Builder in the AWS Management Console.