EC2 Image Builder

Under construction

EC2 Image Builder is a fully managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.

In this workshop, you will learn:


The following terminology and concepts are central to your understanding and use of EC2 Image Builder.


An Amazon Machine Image (AMI) is the basic unit of deployment in Amazon EC2. An AMI is a pre-configured VM image that contains the OS and preinstalled software to deploy EC2 instances. For more information, see Amazon Machine Images (AMI).

Image Pipeline

An image pipeline is the automation configuration for building secure OS images on AWS. The Image Builder image pipeline is associated with an image recipe that defines the build, validation, and test phases for an image build lifecycle. An image pipeline can be associated with an infrastructure configuration that defines where your image is built. You can define attributes, such as instance type, subnets, security groups, logging, and other infrastructure-related configurations. You can also associate your image pipeline with a distribution configuration to define how you would like to deploy your image.

Image Recipe

An Image Builder image recipe is a document that defines the source image and the components to be applied to the source image to produce the desired configuration for the output image. You can use an image recipe to duplicate builds. Image Builder image recipes can be shared, branched, and edited using the console wizard, the AWS CLI, or the API. You can use image recipes with your version control software to maintain shareable versioned image recipes.

Source Image

The source image is the selected image and OS used in your image recipe document along with the components. The source image and the component definitions combined produce the desired configuration for the output image.

Build Components

Build components are orchestration documents that define a sequence of steps for downloading, installing, and configuring software packages. They also define validation and security hardening steps. A component is defined using a YAML document format (as described in the following Document entry).

Test Components

Test components are orchestration documents that define tests to run on software packages. A component is defined using a YAML document format (see the following Document entry).


A declarative document that uses the YAML format to list the execution steps for build, validation, and test of an AMI on an instance. The document is input to a configuration management application, which runs locally on an Amazon EC2 instance to execute the document steps.