Remembering When….
There are some days when I reminisce with great fondness about my previous experiences as a VMware consultant and admin. I remember being blown away by that first vMotion, thinking there was no way vMotion was going to work as advertised. I also enjoyed watching customers experience the same fascination when they saw their first vMotion and opened their first console from the vSphere client. One of my favorite recollections from the good ole days is an instance where I had a new VMware client open a server console to start installing Windows Updates. When the updates were rolling, I closed the console and I thought the guy went borderline ballistic as he believed that I had just powered off the machine! With great animation, he asked, “Why did you do that?!?! Didn’t you see what the server was doing?!?! Now I’m going to have to start all over again you idiot!” With a little smirk, I simply suggested that he reopen the server console and much to his surprise, the server was still installing updates and he had that look on his face….you know the one. Remember Neo’s when he watched Morpheus jump across the buildings in ‘The Matrix’? Just like that scene, when this customer realized he was not going to have to repeat all of his work, he looked over at me and simply said “Whoa” and from that day on, he was a true believer.
AWS EC2 Image Builder
If you’re wondering how the first paragraph connects with AWS EC2 Image Builder, all I can say is that as I’ve been working with EC2 Image Builder and how to most easily explain its purpose to you, I’ve been thinking about another facet of VMware that helped me tremendously, and that’s VM Templates and Customization Specifications. If you are new to AWS, or new to the EC2 Image Builder service but have experience with VMware, bring to mind the benefits of using VM templates and customization specifications when creating VMs and you have a decent (though not perfect) baseline from which to understand EC2 Image Builder.
A textbook definition of EC2 Image Builder may be that its a fully managed AWS service that eases the administrative burden associated with the ongoing management of EC2 Amazon Machine Images (AMIs) and Container Images. Perhaps a better and simpler explanation is EC2 Image Builder allows AWS customers to create Image Pipelines to automate the creation, customization, and testing of up-to-date EC2 AMIs and/or Docker Images.
With VMware, I would deploy a new server by coupling a VM template with a Customization Specification…VM Template + Customization Specification = new, customized VM. Periodically I would convert the VM template to a VM to install OS or application updates, reboot about 8 times, test it out to make sure the updates didn’t cause failures in a service or application, and convert back to a template.
EC2 Image Builder allows us to streamline and automate these image management tasks through the use of an Image Builder Pipeline.
The Image Pipeline – The magic behind EC2 Image Builder
The EC2 Image Builder Pipeline is used to define the processes required to create, customize, test, and publish EC2 and/or Docker Images. Once these processes are defined, the pipeline can be configured to automatically create new images according to the pipeline’s build schedule thus ensuring an organization would always have an updated and tested EC2 or Docker image ready and available for use.
Creating an image pipeline will prompt one to complete the following steps:
- Specify the Pipeline Details
- Enter a Pipeline name, Description, and set the Build schedule (when the pipeline will run). There are (3) schedule options: the schedule builder, a CRON expression, or manual.
- Choose/Create Recipe
- The recipe defines the image type (AMI or Docker), the base image (Windows/Linux) and the “build” and “test” components (orchestration documents that define a sequence of steps) to be executed.
- The build components define what you want to install. AWS includes several build components for you. For example, on Windows images you can install the AWS CLI for Windows, or Chocolatey, or the Microsoft .NET Runtime among others. At the time of this post, AWS provides 26 build components for Windows images. One can, and often need must, create customized build components to deploy packages specific to an organization or use case. Build components can also used to deploy OS security baselines.
- The recipe is also where the test components can be defined. As with the build components, AWS provides some built-in test components but one can create their own. Use tests to validate the functionality and security of a given image.
- The storage volumes, the size, type, encryption key, etc. are also defined within the recipe.
- Important Note: Once a recipe is created, it is versioned and cannot be modified. You can however, create a second image recipe OR create a new version of the existing recipe
- Infrastructure Configuration
- The following are the Infrastructure Configuration settings defined in the pipeline:
- The IAM Role to assign to the test instance
- The SNS topic used for notifications, for example, that the pipeline has successfully created a new image
- The VPC/Subnet/Security Group to use for the test instance
- What to do in the event that a test instance fails
- Select an S3 bucket in which to store the build logs
- Infrastructure Tags to assign to instances deployed using the resulting AMI
- The following are the Infrastructure Configuration settings defined in the pipeline:
- Distribution Settings
- Completed images can be copied to other regions or AWS accounts and those regions/accounts are specified within the distribution settings
Your Homework
As must as I would like to include a bunch of screenshots to step you through the process, I’m going to recommend that you step through the EC2 Image Builder Workshop as a way to get some hands-on experience. You will need an AWS account and if you follow the steps, it’ll cost you about a $1. The workshop uses a c5.large instance type but I personally used a t3.medium and it worked fine. I just didn’t want to leave a c5.large instance out there by mistake. Select an instance type you are comfortable with. This workshop does include clean up instructions so be mindful of those.
For extra credit, you can read the blog post below to see how Ryanair uses EC2 Image Builder: