Using aws ssm with imagebuilder
TypeScriptTo use AWS Systems Manager (SSM) with AWS Image Builder, we'll weave together two AWS services: AWS Image Builder, which helps you automate the creation, management, and deployment of customized, secure, and up-to-date "golden" server images, and AWS Systems Manager, which provides visibility and control of your infrastructure on AWS.
First, we'll create a custom image using AWS Image Builder. For this, we need an Image Recipe, which defines the source image and the components to be applied to the image. Then, we set up an Infrastructure Configuration, which specifies the AWS infrastructure to be used for building and testing the image. An Image Pipeline manages the process, including the creation of images on a schedule if required.
Finally, we'll make use of the AWS SSM Parameter Store, a capability of AWS Systems Manager, to store configuration data and secrets. You can reference these parameters in your Image Builder components to dynamically inject configuration data during the build process.
Here's how you might declare these resources using Pulumi in TypeScript.
import * as aws from "@pulumi/aws"; // Create an SSM Parameter to be used with AWS Image Builder. const exampleParameter = new aws.ssm.Parameter("exampleParameter", { type: "String", value: "example value", // More properties can be set depending on the needs. }); // Define an Image Recipe for AWS Image Builder. const exampleImageRecipe = new aws.imagebuilder.ImageRecipe("exampleImageRecipe", { name: "example-image-recipe", version: "1.0.0", parentImage: "arn:aws:imagebuilder:us-west-2:aws:image/amazon-linux-2-x86/2020.12.21", components: [ // Example component ARN; you should reference the ARN for the component you need. { componentArn: "arn:aws:imagebuilder:us-west-2:aws:component/desired-component/1.0.0/1", }, ], // Additional Image Recipe settings can be configured as needed. }); // Define an Infrastructure Configuration for AWS Image Builder. const exampleInfrastructureConfiguration = new aws.imagebuilder.InfrastructureConfiguration("exampleInfrastructureConfiguration", { name: "example-infrastructure-configuration", // Using an existing instance profile or creating a new one might be required. // Replace the placeholder with the actual instance profile name. instanceProfileName: "example-instance-profile", // Additional Infrastructure Configuration settings can be configured as needed. // This may include security group IDs, subnet ID, logging, etc. }); // Define an Image Pipeline for AWS Image Builder. const exampleImagePipeline = new aws.imagebuilder.ImagePipeline("exampleImagePipeline", { name: "example-image-pipeline", imageRecipeArn: exampleImageRecipe.arn, infrastructureConfigurationArn: exampleInfrastructureConfiguration.arn, // Optionally, add a schedule to build images. schedule: { pipelineExecutionStartCondition: "EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE", scheduleExpression: "cron(0 0 * * SUN)", //This example runs every Sunday at midnight. }, // You can enable or disable tests or image scanning or set up distribution settings as needed. }); // Output the ARN of the created SSM Parameter, Image Recipe, and Image Pipeline. export const parameterArn = exampleParameter.arn; export const imageRecipeArn = exampleImageRecipe.arn; export const imagePipelineArn = exampleImagePipeline.arn;
To use this code, simply replace the placeholder values (like ARNs for parent images and components, instance profile names, etc.) with actual values that match your AWS environment and intended configuration. Once deployed, the Image Pipeline will take care of creating an AMI based on the Image Recipe, which can refer to configurations stored in SSM Parameter Store.
Remember to set up the correct IAM roles and permissions as needed for Image Builder to access SSM parameters and other AWS resources. If you're entirely new to Pulumi, ensure you have Pulumi CLI installed and AWS credentials configured in your environment before running the code.