EC2 Image Builder

Build and maintain secure images

Why EC2 Image Builder?

EC2 Image Builder is a fully-managed service that simplifies customization, testing, distribution, and lifecycle management of Amazon Machine Images (AMIs) and container images.

Keeping AMIs and container images up-to-date can be time consuming, resource intensive, and error-prone. In practice, customers either manually update and snapshot EC2 instances or invest in developing custom automation scripts for image maintenance.

EC2 Image Builder significantly reduces the effort of keeping images up-to-date by providing built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image and customers do not have to build their own automation pipeline.

Image Builder is offered at no cost, other than the cost of the underlying AWS resources used to create, store, and copy the images.

Benefits

Image Builder significantly reduces the effort of keeping Virtual Machine and container images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline. Not having to write and maintain automation code frees up resources and saves IT time.

EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. When a security patch is available, Image Builder can automatically patch your images. You can also apply AWS-provided security policies (such as strong password enforcement, full disk encryption, enable firewall, and more) or custom security policies to your images to meet applicable internal compliance criteria.

EC2 Image Builder allows you to easily validate your images for functionality, compatibility, and security compliance with AWS-provided tests and your own tests before using them in production. Doing so reduces errors found in images normally caused by insufficient testing. The deployment of images into production environments can be made to depend on tests passing.

EC2 Image Builder enables version control for easy revision management. It integrates with AWS Resource Access Manager, AWS Organizations, and Amazon ECR to enable sharing of automation scripts, recipes, and images across AWS accounts. Security and compliance testing also enable Information Security and IT teams to better enforce policies and compliance of images.

EC2 Image Builder allows you to subscribe to an image product from AWS Marketplace directly from the Image Builder console. You can then use the subscribed AWS Marketplace image as the base image in an Image Builder recipe. You can also easily discover, subscribe to, and incorporate third-party components listed in AWS Marketplace to create golden images that meet your organization’s needs. You can access a diverse catalog of components from verified sellers in AWS Marketplace that can be used to address monitoring, security, governance, and compliance needs.


Customers

  • AC3

    AC3, an ANZ-based managed service provider (MSP) founded in 1999, manages over 14,000 virtual machines for more than half the New South Wales state government agencies and hundreds of commercial customers. An Amazon Web Services (AWS) customer, the MSP uses Amazon EC2 Image Builder to simplify the building, testing, and deployment of its virtual machines.

    We’ve never really looked at anything beyond Packer before, as it was the standard. But, when Image Builder came along, it felt like the natural progression. The native integration is really key! Having a managed service in AWS that owns key aspects, such as image versioning and troubleshooting errors, was a big win. Also, the rapid feature improvements make it our go-to image management service. Those two things make Image Builder a more seamless part of our image delivery pipeline.

    Greg Cockburn, Head of Cloud - AC3
  • Genesys

    Genesys, a leading customer experience orchestration provider with over 30 years of experience in the industry, uses Amazon Web Services (AWS) to power its technology. Genesys migrated from its home-grown Amazon Machine Image (AMI) pipeline on Packer to Amazon Elastic Compute Cloud (Amazon EC2) Image Builder and now produces thousands of AMIs per week via EC2 Image Builder. Genesys makes use of the immutable infrastructure design pattern so has a rigorous practice around building AMIs for its EC2 fleet quickly and reliably.

    We prefer to adopt managed services for utility purposes as much as possible, so we were happy to integrate EC2 Image Builder and minimize the undifferentiated elements of our image pipeline. The integrations that Image Builder provides natively with other AWS services and flexibility to customize it for our compliance needs make it a great fit for our platform.

    Glenn Nethercutt, Chief Architect, Genesys Cloud
  • Verisk

     

    Verisk Analytics, a data analytics and risk management company founded in 1971, provides data-driven insights that help businesses, people, and societies become stronger, more resilient, and more sustainable. Verisk leverages Amazon Web Services (AWS) using EC2 Image Builder to produce golden Amazon Machine Images (AMIs)—standardized and hardened AMIs containing approved security patching and endpoint protection agents.

    We have been running custom AWS Systems Manager-based pipelines to manage golden images for a few years. We evaluated EC2 Image Builder immediately after its announcement, and it made sense for us to migrate to the managed service to simplify the pipelines and leverage service functionality instead of our custom automation. Today, we generate a catalog of golden images for Windows and Linux operating systems that we distribute to over 300 accounts in multiple regions for consumption.

    Eugene Kim, AVP - Cloud Architecture, Verisk Analytics