How to create an infrastructure configuration in AWS Image Builder?
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
Today we will discuss how to create an infrastructure configuration in AWS Image Builder service using AWS CLI.
What is the infrastructure configuration in AWS Image Builder?
Infrastructure configurations allow you to specify the infrastructure within which to build and test your EC2 Image Builder image.
Infrastructure settings include:
- Instance types for your build and test infrastructure. We recommend specifying more than one instance type because this allows Image Builder to launch an instance from a pool with sufficient capacity. This can reduce your transient build failures.
- An instance profile that provides your build and test instances with the permissions that are required to perform customization activities. For example, if you have a component that retrieves resources from Amazon S3, the instance profile requires permissions to access those files. The instance profile also requires a minimal set of permissions for EC2 Image Builder to successfully communicate with the instance. For more information, see Prerequisites.
- The VPC, subnet, and security groups for your pipeline’s build and test instances.
- The Amazon S3 location where Image Builder stores application logs from your build and testing. If you configure logging, the instance profile specified in your infrastructure configuration must have s3:PutObject permissions for the target bucket (arn:aws:s3:::BucketName/*).
- An Amazon EC2 key pair that allows you to log on to your instance to troubleshoot if your build fails and you set terminateInstanceOnFailure to false.
- An SNS topic to which Image Builder sends event notifications.
How to create an infrastructure configuration in AWS Image Builder?
Prerequisites:
AWS CLI installed and configured.
Step 1: Create an S3 bucket with a bucket policy.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
## Create an S3 bucket aws s3api create-bucket \ --bucket cloudaffaire-image-builder \ --create-bucket-configuration LocationConstraint=ap-south-1 ## Get S3 bucket ARN and AWS Account ID and ARN S3_BUCKET_ARN='arn:aws:s3:::cloudaffaire-image-builder' && ACCOUNT_ARN=$(aws sts get-caller-identity | jq -r .Arn) && ACCOUNT_ID=$(aws sts get-caller-identity | jq -r .Account) ## Create a s3 bucket policy definition file cat << EOF > bucket_policy_config.json { "Version": "2012-10-17", "Statement": [ { "Sid": "HelloWorldPolicy", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": ["$S3_BUCKET_ARN/*"], "Condition": { "StringEquals": { "aws:SourceAccount": "$ACCOUNT_ID", "s3:x-amz-acl": "bucket-owner-full-control" } } } ] } EOF ## Create a s3 bucket policy aws s3api put-bucket-policy \ --bucket cloudaffaire-image-builder \ --policy file://bucket_policy_config.json |
Step 2: Create a new EC2 key pair.
|
1 2 3 4 5 |
## Create a key-pair aws ec2 create-key-pair \ --key-name HelloWorldKP \ --query 'KeyMaterial' \ --output text > HelloWorldKP.pem |
Step 3: Get your default VPC, Subnet, and Security group details.
|
1 2 3 4 5 6 7 8 9 10 11 |
## Get default VPC, Subnet and SG id DEAFULT_VPC_ID=$(aws ec2 describe-vpcs \ --query 'Vpcs[?IsDefault == `true`].VpcId' \ --output text) && echo $DEAFULT_VPC_ID && SUBNET_ID=$(aws ec2 describe-subnets \ --query 'Subnets[?AvailabilityZone == `ap-south-1a`].SubnetId' \ --output text) && echo $SUBNET_ID && DEFAULT_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \ --filters "Name=vpc-id,Values=$DEAFULT_VPC_ID" \ --query 'SecurityGroups[?GroupName == `default`].GroupId' \ --output text) && echo $DEFAULT_SECURITY_GROUP_ID |
Step 4: Create an instance profile IAM role.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
## Create IAM Role trust policy configuration file cat << EOF > iam_trust_policy_config.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ## Create IAM role aws iam create-role \ --role-name HelloWorldIAMRole \ --assume-role-policy-document file://iam_trust_policy_config.json ## Attach IAM Policy to the role aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AdministratorAccess \ --role-name HelloWorldIAMRole ## Create an Instance Profile for EC2 aws iam create-instance-profile \ --instance-profile-name HelloWorldInstanceProfile ## Add IAM role to the instance profile aws iam add-role-to-instance-profile \ --role-name HelloWorldIAMRole \ --instance-profile-name HelloWorldInstanceProfile |
Step 5: Create an infrastructure configuration file.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
## Create infrastructure configuration file cat << EOF > image_infra_config.json { "name": "HelloWorldInfrastructure", "description": "Hello World App", "instanceTypes": [ "t2.micro" ], "instanceProfileName": "HelloWorldInstanceProfile", "securityGroupIds": [ "$DEFAULT_SECURITY_GROUP_ID" ], "subnetId": "$SUBNET_ID", "logging": { "s3Logs": { "s3BucketName": "cloudaffaire-image-builder", "s3KeyPrefix": "Logs" } }, "keyPair": "HelloWorldKP", "terminateInstanceOnFailure": true } EOF |
Step 6: Create an infrastructure configuration in AWS Image builder using AWS CLI.
|
1 2 3 |
## Create infrastructure configuration aws imagebuilder create-infrastructure-configuration \ --cli-input-json file://image_infra_config.json |
Step 7: Get details on an infrastructure configuration in AWS Image builder.
|
1 2 3 4 5 6 7 |
## List all infrastructure configurations aws imagebuilder list-infrastructure-configurations ## Get details on Infrastructure configuration INFRA_CONF_ARN=$(aws imagebuilder list-infrastructure-configurations | jq -r .infrastructureConfigurationSummaryList[].arn) && aws imagebuilder get-infrastructure-configuration \ --infrastructure-configuration-arn $INFRA_CONF_ARN |
You can also create, update, and view infrastructure configuration details using the AWS management console.
Step 8: Clean up.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
## Delete the S3 bucket with objects aws s3 rb \ s3://cloudaffaire-image-builder --force ## Delete EC2 key pair aws ec2 delete-key-pair \ --key-name HelloWorldKP ## Delete the infrastructure configuration aws imagebuilder delete-infrastructure-configuration \ --infrastructure-configuration-arn $INFRA_CONF_ARN ## Remove the IAM role from Instance profile |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
aws iam remove-role-from-instance-profile \ --instance-profile-name HelloWorldInstanceProfile \ --role-name HelloWorldIAMRole ## Delete the IAM instance profile aws iam delete-instance-profile \ --instance-profile-name HelloWorldInstanceProfile ## Remove IAM policy from the IAM role aws iam detach-role-policy \ --role-name HelloWorldIAMRole \ --policy-arn arn:aws:iam::aws:policy/AdministratorAccess ## Delete the IAM role aws iam delete-role \ --role-name HelloWorldIAMRole |
Hope you have enjoyed this article. To get more details in AWS Image Builder, please refer the below documentation.
https://docs.aws.amazon.com/imagebuilder/index.html