When studying for an AWS certification, we often encounter questions that require in-depth knowledge of services we may not use daily. Understanding these services at a purely theoretical level can lead to confusion and mistakes during the exam. So, how can we improve our understanding and retention of these complex topics?
One of the best ways to tackle this challenge is to practice directly with AWS services, replicating question scenarios in a real environment. In this article, I will guide you through analyzing a specific question on EC2 Image Builder and AWS Resource Access Manager (RAM), breaking down each component and showing how you can set up a similar practice in your AWS account—even if you don't have access to an AWS Organization. This practical approach not only reinforces key concepts but also provides a real view of how these services function in practice, helping us turn theory into applicable knowledge.
Domain: Design for New Solutions
Question: You are assisting a team in creating multiple AMIs and Docker images through EC2 Image Builder pipelines. Other teams want to use the same EC2 Image Builder resources, including components, recipes, and images, in their image pipelines. You need to find an appropriate approach to share resources with other organizational units within the AWS Organization or specific AWS accounts. Which of the following methods is suitable?
Answer: In AWS Resource Access Manager (RAM), add the shared components, images, or recipes to shared resources and configure the principals that are permitted to access the shared resources.
Analysis, Practice, and Demonstration of the Answer
Services Involved
AWS EC2 Image Builder
This AWS service allows you to automate the creation and management of system images (such as EC2 AMIs or Docker images). You can define "pipelines" that build images according to specifications (components, recipes, tests, etc.) and update them automatically as needed.
AWS Resource Access Manager (RAM)
RAM is an AWS service that enables sharing resources across accounts within an AWS Organization without needing to duplicate them. You can use RAM to share EC2 Image Builder components, AMIs, subnets, VPCs, and more with other accounts in your organization or specific external accounts.
Related Concepts
Build Component (AWS EC2 Image Builder)
In EC2 Image Builder, Build Components are scripts or command sequences that define custom configurations and installation steps for an image. These components allow for automating the installation, configuration, and validation of software and settings in the final image you are building.
Role of Build Components
- Customization: You can use components to add specific software or make custom configurations in the image, such as installing web servers, databases, monitoring agents, or any other necessary software.
- Automation: Components automate complex configurations. Instead of configuring each instance manually after the image is created, you can have the final image already include everything needed, reducing errors and saving time.
- Modularity: Components are modular, meaning you can create a component once and reuse it across multiple recipes or pipelines. This is useful for maintaining consistent configurations across multiple images.
Examples of Common Components
Some examples of components you might find or create include:
- Installing a web server (e.g., Apache or NGINX).
- Installing and configuring monitoring agents (such as CloudWatch or Datadog).
- Adding extra security configurations or installing development tool packages.
- Operating system configuration tweaks, such as modifying network settings or kernel parameters.
Summary of Steps to Replicate the Exercise:
Objective: Create an image with EC2 Image Builder and share it with another account using RAM.
Step 1: Set Up EC2 Image Builder
- Access the EC2 Image Builder console in AWS.
-
Create a New Image Pipeline:
- Go to “Image pipelines” and select “Create Image Pipeline.”
- Assign a name to the pipeline (e.g.,
MyCustomImagePipeline
). - In “Recipe,” select or create a recipe that defines the operating system and any additional components you want in the image.
-
Define the Recipe:
- If creating a new recipe, select a base image (e.g., Amazon Linux 2).
- Add components (e.g., system updates, specific software installation).
-
Configure Tests (Optional):
- Add tests to ensure the created image meets certain requirements.
-
Define the Distribution Policy (Optional):
- Decide in which regions the image will be available.
Configure the Pipeline and Save.
Step 2: Build the Image
- Once the pipeline is configured, start a manual build to generate the first image or wait for the pipeline to execute an automatic build based on the defined schedule.
- Check the progress in “Image Pipeline” and wait for the image to be ready.
Step 3: Share the Image with AWS RAM
- Access the Resource Access Manager (RAM) console.
-
Create a New Resource Share:
- Select “Create resource share.”
- Assign a name (e.g.,
ImageShareForOtherTeams
).
-
Add Resources to the Resource Share:
- In the “Resources” section, select the resource type as “EC2 Image Builder resources.”
- Add the image, components, or recipes you want to share.
-
Configure Principals:
- In “Principals,” select specific AWS accounts or organizational units (OUs) within your AWS Organization with whom you want to share the resources.
-
Review and Create:
- Review the configuration and select “Create resource share.”
Step 4: Verify Access from Another Account
- In an account with which you shared the image, access the EC2 console.
- Go to “Shared AMIs” and confirm that the image is available for launch.
⚠️ 💰 🤑 Before continuing, be cautious of the potential costs incurred by executing these steps and remember to delete the resources after completing the exercise ⚠️ 💰 🤑 Approx. $2 USD
Step-by-Step Execution
EC2 Image Builder (Pipeline Creation):
Since the pipeline creation is for testing purposes, we will limit ourselves to filling in only the name and description.
The build will be manual since we are only testing the service.
It is possible to create images for both AMI and Docker; for simplicity, we will choose AMI.
We can choose an initial configuration (user data) for the instance; in this example, a server is created with a page and a message.
#!/bin/bash
yum update -y
yum install -y httpd git
systemctl start httpd
systemctl enable httpd
echo "<h1>Welcome to EC2 Image Builder</h1>" > /var/www/html/index.html
In build components, we can select one or more components; some are already predefined, and we can also create our own.
We can also select validation components, which are used to ensure that the build component has executed successfully.
Storage:
Pipeline created successfully:
EC2 Image Builder (Pipeline Execution):
We run the pipeline that we created previously.
This will create an instance where it will set up the configuration and execute the build components we selected.
After the image is successfully created, the instance is stopped, and the creation of the AMI begins.
After this, the instance is terminated.
Then an instance is created to test the image.
After completing the verification, the AMI image is created for use.
RAM (Resource Access Manager)
Resource Creation
Resources to share:
As a limitation of this exercise, I do not have another external account or an organization to share with, but as we can see in the image, we can share EC2 Builder resources seamlessly through RAM.
This concludes the analysis and verification of the answer to this AWS Solutions Architect Professional certification question.
References
- Question obtained from the simulator provided by Whizlabs
- What is Image Builder?
- Share Image Builder resources with AWS RAM
- Spanish Version
If you've enjoyed this article, feel free to give a 👏 and ⭐ to the repository.
🤔 Follow me on social media! ⏬
- YouTube: https://www.youtube.com/jjoc007
- Twitter: https://twitter.com/jjoc007
- GitHub: https://github.com/jjoc007
- Medium: https://jjoc007.com
- LinkedIn: https://www.linkedin.com/in/jjoc007/
Thank you!