Image builder
AWS Blu Age Image Builder
Overview
This documentation describes how to use the "AWS Transform Mainframe" Developer IDE image builder recipe CloudFormation template with an existing EC2 Image Builder pipeline. The template creates a recipe that builds a Windows Server 2022 AMI with AWS Blu Age development tools and utilities.
Prerequisites
Before using this template, ensure you have:
1. S3 bucket:
- A S3 bucket containing all required installation files referenced in the components. ==The default bucket path is==:
s3://<my-bucket>/sde-ide-components ; - Installation files should be located with the prefix sde-ide-components. A prefix is a way to organize data like a directory.
2. Network configuration:
- VPC subnet with internet access for downloading software (from build instance). ==Recommended==: private subnet with NAT Gateway;
- Security groups allowing outbound HTTPS traffic (from build instance).
3. IAM Permissions:
- Permissions to create CloudFormation stacks;
- Permissions to create EC2 Image Builder resources;
- S3
create/put/readaccess to the software bucket.
Recommended software
Components in this recipe reference the following software, which must be stored in your S3 bucket. They may include:
| Software Name | Versions | Format | Source |
| Amazon CLI v2 | latest | - | Image Builder managed comp. |
| Amazon Corretto 17 (X64) | latest | - | Image Builder managed comp. |
| Amazon CloudWatch Agent | latest | - | Image Builder managed comp. |
| PuTTY | latest | - | Image Builder managed comp. |
| BluageSdeDevBrowsersComponent | |||
| Chrome | latest | - | Google (scripted) |
| Firefox | latest | - | Mozilla (scripted) |
| BluageSdeDevToolsComponent | |||
| 7-Zip (.exe) | latest | exe (64-bit Windows x64) | S3 bucket |
| HxD (.zip) | latest | zip | S3 bucket |
| Notepad++ (.exe) | latest | exe (x64 installer) | S3 bucket |
| WinMerge (.exe) | latest | exe (x64 installer) | S3 bucket |
| WinSCP (.exe) | latest | exe (Windows) | S3 bucket |
| BluageSdeDevComponent | |||
| Apache Ant (.zip) | 1.10.x | zip (binary zip archive) | S3 bucket |
| Apache Maven (.zip) | 3.9.x | zip (binary zip archive) | S3 bucket |
| Apache Tomcat (.exe) | 10.xx | exe (32-bit/64-bit Windows Service inst.) | S3 bucket |
| Git (.exe) | latest | exe (standalone installer - Windows/x64) | S3 bucket |
| NodeJS (.msi) | 22.x | msi (Windows installer) | S3 bucket |
| pgAdmin 4 (.exe) | latest | exe (Windows) | S3 bucket |
| Python 3 (.exe) | 3.x | exe (Windows installer) | S3 bucket |
| Spring Tools for Eclipse 4 (.zip) | 4.32.x | zip (Windows x86_64) | S3 bucket |
| Visual Studio Code (.exe) | latest | exe (Windows system installer) | S3 bucket |
| Kiro (.exe) | latest | exe (Windows) | S3 bucket |
| BluageWslComponent | |||
| Microsoft.VCLibs.x64.14.00.Desktop.appx | 14 | appx (Windows APPX) | S3 bucket |
| Ubuntu2204-221101.AppxBundle | 22.04 | AppxBundle (Windows APPX) | S3 bucket |
Network requirements
The build instance needs access to:
- Download software from S3;
- Download software from vendor websites (internet). ==Recommended==: use a private subnet with a NAT Gateway and appropriate security groups.
Create your S3 bucket for software components
This S3 bucket will contain all required installation files referenced in the components.
- Enable encryption:
- On the "Default encryption panel" click "edit", then select "Server-side encryption with Amazon S3 managed keys (SSE-S3)" in encryption type.
- Enable versioning:
- On the "Bucket Versioning panel" click "edit", then select "Enable" in the bucket versioning.
- Upload required software to the S3 bucket with prefix sde-ide-components.
- Respect filenames and S3 prefix as hardcoded in YAML component. Example:
<my-bucket>/sde-ide-components/apache-tomcat-10.exeSee the documentation.
- Respect filenames and S3 prefix as hardcoded in YAML component. Example:
CloudFormation Template
A CloudFormation template for creating the required EC2 Image Builder resources (components, recipe).
The YAML file is included as an attachment in the PDF. To access the attachments panel, open the PDF in Adobe Acrobat. Go to View > Show/hide > Side panels > Attachments. The attachments panel will appear, displaying all embedded files. Double-click the yaml file in the list to open or save it.
Note about AWS managed Components
This section lists the AWS-managed components used in the Image Builder recipe. These components are maintained by AWS and provide standardized, up-to-date installations of common tools and services.
- AWS CLI version 2 (latest version);
- Amazon Corretto 17 (latest version);
- Amazon CloudWatch Agent (latest version);
- PuTTY (latest version).
These managed components are automatically updated by AWS, ensuring that the latest versions and security patches are always included in AMI builds.
Deployment instructions
Step 1: Deploy the CloudFormation recipe template
Go to the AWS Management Console:
- Navigate to CloudFormation;
- Click on "Create stack" > "With new resources (standard)";
- Upload the CloudFormation template YAML file (.yml or .yaml extension);
- Follow the wizard to create the stack.
- Specify stack details: type a stack name, select components to install (true or false) and the S3 bucket name; – ==Update software filenames to match with what you have uploaded in your S3 bucket==;
- Click on "Next" button;
- Keep default settings and click on "Next" then "Submit" button to finalize.
Once deployed, note the "ImageRecipeArn" from the "Stack Outputs" tab.
Step 2: Integrate with existing Image Builder Pipeline
Option 1: AWS Management Console
- Navigate to "EC2 Image Builder" in the AWS Console;
- Select your existing pipeline;
- Choose "Actions" > "Edit pipeline";
- In the "Recipe" section, select "Existing recipe";
- Enter the ARN from step 1;
- Review and save the pipeline configuration.
Option 2: AWS CLI
Update your existing pipeline with the new recipe:
aws imagebuilder update-image-pipeline \
--image-pipeline-arn <your-pipeline-arn> \
--image-recipe-arn <recipe-arn-from-outputs>
How to create an Image Builder Pipeline? See the User Guide: Create an image pipeline with output AMI from the Image Builder console wizard.
By using this image recipe, you will create an AMI with the following name: AWS-Transform-SDE-Developer-ami.
Security considerations
- S3 bucket access: limit access to the S3 bucket containing installation files;
- IAM Roles: Use least-privilege permissions for the Image Builder service role;
- VPC Security: implement proper security groups and network ACLs.
Troubleshooting
Common issues and solutions:
- Component failures:
- Check S3 bucket permissions;
- Verify file paths (prefix) and names match those in the components;
- Review instance logs in CloudWatch.
- Network issues:
- Ensure the subnet has internet access via NAT Gateway;
- Check security groups allow outbound HTTPS traffic.
- Resource limitations:
- The recipe requires an instance with 50 GB storage;
- Ensure your account has sufficient limits.
Customization
To customize the recipe:
- Modify the S3 bucket paths in the component parameters;
- Adjust software versions or add additional components;
- Change the base Windows Server version if needed;
Modify storage configuration in the "BlockDeviceMappings" section.
Support
- AWS Image Builder Documentation;
- EC2 Image Builder resource type reference;
- For issues with this template, please contact the AWS Blu Age team.