Build and maintain secure images

Why Image Builder?

EC2 Image Builder is a fully-managed service that simplifies customization, testing, distribution, and lifecycle management of Amazon Machine Images (AMIs) and container images. Keeping AMIs and container images up-to-date can be time consuming, resource intensive, and error-prone. In practice, customers either manually update and snapshot EC2 instances or invest in developing custom automation scripts for image maintenance. EC2 Image Builder significantly reduces the effort of keeping images up-to-date by providing built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image and customers do not have to build their own automation pipeline. Image Builder is offered at no cost, other than the cost of the underlying AWS resources used to create, store, and copy the images.

Benefits

Improved IT productivity

Image Builder significantly reduces the effort of keeping Virtual Machine and container images up-to-date and secure by providing a simple graphical interface, built-in automation, and AWS-provided security settings. With Image Builder, there are no manual steps for updating an image nor do you have to build your own automation pipeline. Not having to write and maintain automation code frees up resources and saves IT time.

Simpler to secure

EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. When a security patch is available, Image Builder can automatically patch your images. You can also apply AWS-provided security policies (such as strong password enforcement, full disk encryption, enable firewall, and more) or custom security policies to your images to meet applicable internal compliance criteria.

Built-in validation support

EC2 Image Builder allows you to easily validate your images for functionality, compatibility, and security compliance with AWS-provided tests and your own tests before using them in production. Doing so reduces errors found in images normally caused by insufficient testing. The deployment of images into production environments can be made to depend on tests passing.

Centralized policy enforcement

EC2 Image Builder enables version control for easy revision management. It integrates with AWS Resource Access Manager, AWS Organizations, and Amazon ECR to enable sharing of automation scripts, recipes, and images across AWS accounts. Security and compliance testing also enable Information Security and IT teams to better enforce policies and compliance of images.

Simplified software procurement and golden image build with AWS Marketplace integration

EC2 Image Builder allows you to subscribe to an image product from AWS Marketplace directly from the Image Builder console. You can then use the subscribed AWS Marketplace image as the base image in an Image Builder recipe. You can also easily discover, subscribe to, and incorporate third-party components listed in AWS Marketplace to create golden images that meet your organization’s needs. You can access a diverse catalog of components from verified sellers in AWS Marketplace that can be used to address monitoring, security, governance, and compliance needs.